Re: [PATCH v2] crypto: authenc - convert to ahash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jul 21, 2009 at 09:07:25PM +0800, Herbert Xu wrote:
> On Tue, Jul 21, 2009 at 02:25:09PM +0200, Steffen Klassert wrote:
> > I just noticed that your shash version of hmac keeps the paded keys
> > on the transform. I assumed the hashing to be reentrant, so I
> > removed the locks arround the hash functions here.
> 
> The padded keys are in the transform because they never change
> unless you call setkey.  The assumption has always been that
> you should use one tfm per key.
> 

I found the problem. It's the digest state that is saved on the
transform right behind the opad in hmac_finup() and hmac_final().
The digest state is of course not constant and must be saved on the
request. That's why I needed the locks in authenc to get pcrypt to
work. I have a patch which moves the digest state to the request,
based on the cryptodev-2.6 tree.
However, as soon as your recent import/export patches are in the
cryptodev-2.6 tree we could probaply change hmac to do prehashing of the
keys what would fix the problem too.
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux