nmav at gnutls.org
Thu Dec 3 16:17:15 CET 2009
On Thu, Dec 3, 2009 at 3:59 PM, Simon Josefsson <simon at josefsson.org> wrote:
> Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
>> The cryptodev for linux module is at:
>> (note that it may not install the crypto/cryptodev.h correctly, thus you might
>> need to copy it by yourself).
> Thanks! My debian kernel doesn't have /dev/crytpo, so I'll think I'll
> defer testing this for a while...
I think you will wait for long then :) This is an OpenBSD and FreeBSD
interface, I don't know when and if will ever be added to linux
(except for the external patch mentioned above).
>> I will but I need more time to finish this. I might change more stuff.
>> ABI compatibility on the crypto.h is not really an issue- the new code
>> can know whether the old abi is used an return an error.
> ABI compatibility is always an issue, we cannot remove any existing
> interfaces unless we bump the ABI version (and that will cause a
> significant amount of pain for packagers so let's not). So please add
> compatibility hooks for everything that was removed.
The ABI is part of the API in register functions of crypto.h. It is
different than the other parts of gnutls since you explicitly specify
the ABI version in the calls. Thus ABI is not breaking with my changes
and the compat.c file.
> Maybe the cryptodev stuff should be developed on a branch until your new
> crypto.h ABI has stabilized, if you are thinking of changing more
> things? I was thinking of making a GnuTLS 2.10.x release with official
> stable support for TLS 1.2 soon, and the 2.9.x branch was relatively
> stable before these changes.
Maybe I should have elaborated on the changes that have occurred. Those are:
1. crypto API cleanup
The cleanup merged the MAC and HASH interfaces to a single one to
avoid code duplication and to allow future use of crypto acceleration
The cryptodev change uses kernel drivers for symmetric crypto
algorithms and is not enabled by default.
Both of the changes are currently stable.
(unrelated but I don't think there should be a release without the fix
> compat.c:35: error: no previous prototype for 'gnutls_crypto_single_mac_register2' [-Wmissing-prototypes]
> compat.c:40: error: no previous prototype for 'gnutls_crypto_mac_register2' [-Wmissing-prototypes]
That is because you used -Wmissing-prototypes. Those are compatibility
functions to keep the ABI. I'll add prototypes later.
More information about the Gnutls-devel