On Tue, Jul 21, 2009 at 09:07:25PM +0800, Herbert Xu wrote: > On Tue, Jul 21, 2009 at 02:25:09PM +0200, Steffen Klassert wrote: > > I just noticed that your shash version of hmac keeps the paded keys > > on the transform. I assumed the hashing to be reentrant, so I > > removed the locks arround the hash functions here. > > The padded keys are in the transform because they never change > unless you call setkey. The assumption has always been that > you should use one tfm per key. > I found the problem. It's the digest state that is saved on the transform right behind the opad in hmac_finup() and hmac_final(). The digest state is of course not constant and must be saved on the request. That's why I needed the locks in authenc to get pcrypt to work. I have a patch which moves the digest state to the request, based on the cryptodev-2.6 tree. However, as soon as your recent import/export patches are in the cryptodev-2.6 tree we could probaply change hmac to do prehashing of the keys what would fix the problem too. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
