Patchwork [0/3] Replace ocf-linux with cryptodev-linux

login
register
mail settings
Submitter Kang Kai
Date March 26, 2014, 10:15 a.m.
Message ID <cover.1395825881.git.kai.kang@windriver.com>
Download mbox
Permalink /patch/69247/
State New
Headers show

Pull-request

git://git.yoctoproject.org/poky-contrib kangkai/ocf-linux

Comments

Kang Kai - March 26, 2014, 10:15 a.m.
Replace ocf-linux with cryptodev-linux because linux-yocto use cryptodev-linux to implement /dev/crypto.

Build for qemux86 and qemuarm. Test on qemux86.

Test steps:
1 set CONFIG_CRYPTODEV for linux-yocto by menuconfig
  Cryptographic API  ---> cryptodev module support

2 bitbake core-image-sato
3 test openssl on target:
3.1 load kernel module cryptodev first
root@qemux86:~# modprobe cryptodev

3.2 test openssl
root@qemux86:~# echo "test" > test.txt

root@qemux86:~# openssl aes-128-cbc -salt -engine cryptodev -in test.txt -out test.txt.aes
engine "cryptodev" set.
enter aes-128-cbc encryption password:
Verifying - enter aes-128-cbc encryption password:

root@qemux86:~# openssl aes-128-cbc -d -salt -engine cryptodev -in test.txt.aes -out test.txt.out
engine "cryptodev" set.
enter aes-128-cbc decryption password:		<-- input wrong password here
bad decrypt
3078080188:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:539:

root@qemux86:~# openssl aes-128-cbc -d -salt -engine cryptodev -in test.txt.aes -out test.txt.out
engine "cryptodev" set.
enter aes-128-cbc decryption password:

root@qemux86:~# ls -l
-rw-r--r--    1 root     root             5 Mar 26 10:07 test.txt
-rw-r--r--    1 root     root            32 Mar 26 10:08 test.txt.aes
-rw-r--r--    1 root     root             5 Mar 26 10:09 test.txt.out
root@qemux86:~# cat test.txt.aes
Salted__?0?c5'A?vU???`root@qemux86:~# 
root@qemux86:~# cat test.txt.out
test
root@qemux86:~# 


The following changes since commit 39846ddbce87d26eb68870914bf86a8ce5e86e5c:

  bitbake: data_smart: Fix caching issue for double remove references (2014-03-25 22:28:42 +0000)

are available in the git repository at:

  git://git.yoctoproject.org/poky-contrib kangkai/ocf-linux
  http://git.yoctoproject.org/cgit.cgi//log/?h=kangkai/ocf-linux

Kai Kang (3):
  cryptodev-linux: add recipe
  openssl: replace dependency ocf-linux with cryptodev-linux
  ocf-linux: remove recipe

 .../openssl/cryptodev-linux_1.6.bb                 | 22 ++++++++++++++++++++
 meta/recipes-connectivity/openssl/ocf-linux.inc    | 24 ----------------------
 .../openssl/ocf-linux_20120127.bb                  |  6 ------
 .../recipes-connectivity/openssl/openssl_1.0.1e.bb |  2 +-
 4 files changed, 23 insertions(+), 31 deletions(-)
 create mode 100644 meta/recipes-connectivity/openssl/cryptodev-linux_1.6.bb
 delete mode 100644 meta/recipes-connectivity/openssl/ocf-linux.inc
 delete mode 100644 meta/recipes-connectivity/openssl/ocf-linux_20120127.bb
Otavio Salvador - March 26, 2014, 2:42 p.m.
Hello Kai,

On Wed, Mar 26, 2014 at 7:15 AM, Kai Kang <kai.kang@windriver.com> wrote:
> Replace ocf-linux with cryptodev-linux because linux-yocto use cryptodev-linux to implement /dev/crypto.

Thanks for handling it; I was going to address same issue this week so
we could have it upstreamed and drop the Freescale bbappends for it.
This indeed makes my life easier :-) So thank you :-)
Kang Kai - March 28, 2014, 3:03 a.m.
On 2014?03?26? 22:42, Otavio Salvador wrote:
> Hello Kai,
>
> On Wed, Mar 26, 2014 at 7:15 AM, Kai Kang <kai.kang@windriver.com> wrote:
>> Replace ocf-linux with cryptodev-linux because linux-yocto use cryptodev-linux to implement /dev/crypto.
> Thanks for handling it; I was going to address same issue this week so
> we could have it upstreamed and drop the Freescale bbappends for it.
> This indeed makes my life easier :-) So thank you :-)
>

Hi Otavio,

It is my pleasure if it could help. :)
Richard Purdie - March 28, 2014, 9:50 a.m.
On Wed, 2014-03-26 at 18:15 +0800, Kai Kang wrote:
> Replace ocf-linux with cryptodev-linux because linux-yocto use cryptodev-linux to implement /dev/crypto.
> 
> Build for qemux86 and qemuarm. Test on qemux86.

This did break the build:

http://git.yoctoproject.org/cgit.cgi/poky/commit/?id=8c3eb5ee4582b6f6d489549290937657f37fc19e

however I've fixed it.

Cheers,

Richard
Denys Dmytriyenko - March 28, 2014, 5:13 p.m.
On Wed, Mar 26, 2014 at 11:42:39AM -0300, Otavio Salvador wrote:
> Hello Kai,
> 
> On Wed, Mar 26, 2014 at 7:15 AM, Kai Kang <kai.kang@windriver.com> wrote:
> > Replace ocf-linux with cryptodev-linux because linux-yocto use cryptodev-linux to implement /dev/crypto.
> 
> Thanks for handling it; I was going to address same issue this week so
> we could have it upstreamed and drop the Freescale bbappends for it.

So, we also have a recipe of cryptodev for TI builds. But it's not just a 
header file and we need the actual module to be built and packaged...

I'm rather surprised it was merged so quickly w/o further discussion... :(
Bruce Ashfield - March 28, 2014, 5:18 p.m.
On Fri, Mar 28, 2014 at 1:13 PM, Denys Dmytriyenko <denis@denix.org> wrote:
> On Wed, Mar 26, 2014 at 11:42:39AM -0300, Otavio Salvador wrote:
>> Hello Kai,
>>
>> On Wed, Mar 26, 2014 at 7:15 AM, Kai Kang <kai.kang@windriver.com> wrote:
>> > Replace ocf-linux with cryptodev-linux because linux-yocto use cryptodev-linux to implement /dev/crypto.
>>
>> Thanks for handling it; I was going to address same issue this week so
>> we could have it upstreamed and drop the Freescale bbappends for it.
>
> So, we also have a recipe of cryptodev for TI builds. But it's not just a
> header file and we need the actual module to be built and packaged...

As long as something out of tree can co-exist with in-tree implementations,
I don't see a problem with an incremental update that builds the module
as well.

Bruce

>
> I'm rather surprised it was merged so quickly w/o further discussion... :(
>
> --
> Denys
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
Richard Purdie - March 28, 2014, 5:22 p.m.
On Fri, 2014-03-28 at 13:13 -0400, Denys Dmytriyenko wrote:
> On Wed, Mar 26, 2014 at 11:42:39AM -0300, Otavio Salvador wrote:
> > Hello Kai,
> > 
> > On Wed, Mar 26, 2014 at 7:15 AM, Kai Kang <kai.kang@windriver.com> wrote:
> > > Replace ocf-linux with cryptodev-linux because linux-yocto use cryptodev-linux to implement /dev/crypto.
> > 
> > Thanks for handling it; I was going to address same issue this week so
> > we could have it upstreamed and drop the Freescale bbappends for it.
> 
> So, we also have a recipe of cryptodev for TI builds. But it's not just a 
> header file and we need the actual module to be built and packaged...
> 
> I'm rather surprised it was merged so quickly w/o further discussion... :(

From my perspective, the ocf version looked dead and I had several
people saying this was the right thing to do with nobody saying
otherwise, both here on list and in some conversations I had with
people. With the release approaching, it was kind of late to do it
equally, it did appear to be the right thing to switch to so I got on
and tested and then merged it.

I don't consider things "set in stone", I think we can build upon this
incrementally.

Cheers,

Richard
Denys Dmytriyenko - March 28, 2014, 5:34 p.m.
On Fri, Mar 28, 2014 at 01:18:32PM -0400, Bruce Ashfield wrote:
> On Fri, Mar 28, 2014 at 1:13 PM, Denys Dmytriyenko <denis@denix.org> wrote:
> > On Wed, Mar 26, 2014 at 11:42:39AM -0300, Otavio Salvador wrote:
> >> Hello Kai,
> >>
> >> On Wed, Mar 26, 2014 at 7:15 AM, Kai Kang <kai.kang@windriver.com> wrote:
> >> > Replace ocf-linux with cryptodev-linux because linux-yocto use cryptodev-linux to implement /dev/crypto.
> >>
> >> Thanks for handling it; I was going to address same issue this week so
> >> we could have it upstreamed and drop the Freescale bbappends for it.
> >
> > So, we also have a recipe of cryptodev for TI builds. But it's not just a
> > header file and we need the actual module to be built and packaged...
> 
> As long as something out of tree can co-exist with in-tree implementations,
> I don't see a problem with an incremental update that builds the module
> as well.

Thanks. So, I already have cryptodev-tests as a separate recipe that builds 
some tests from the same source, as main cryptodev. I guess I can look into 
separating module part into cryptodev-module recipe, which can be optional for 
kernels like linux-yocto that have it already patched in. Will that work?
Denys Dmytriyenko - March 28, 2014, 5:37 p.m.
On Fri, Mar 28, 2014 at 05:22:14PM +0000, Richard Purdie wrote:
> On Fri, 2014-03-28 at 13:13 -0400, Denys Dmytriyenko wrote:
> > On Wed, Mar 26, 2014 at 11:42:39AM -0300, Otavio Salvador wrote:
> > > Hello Kai,
> > > 
> > > On Wed, Mar 26, 2014 at 7:15 AM, Kai Kang <kai.kang@windriver.com> wrote:
> > > > Replace ocf-linux with cryptodev-linux because linux-yocto use cryptodev-linux to implement /dev/crypto.
> > > 
> > > Thanks for handling it; I was going to address same issue this week so
> > > we could have it upstreamed and drop the Freescale bbappends for it.
> > 
> > So, we also have a recipe of cryptodev for TI builds. But it's not just a 
> > header file and we need the actual module to be built and packaged...
> > 
> > I'm rather surprised it was merged so quickly w/o further discussion... :(
> 
> From my perspective, the ocf version looked dead and I had several
> people saying this was the right thing to do with nobody saying
> otherwise, both here on list and in some conversations I had with
> people. With the release approaching, it was kind of late to do it
> equally, it did appear to be the right thing to switch to so I got on
> and tested and then merged it.
> 
> I don't consider things "set in stone", I think we can build upon this
> incrementally.

Thanks. I'll try to work an incremental solution, then, so it works for us and 
doesn't break other use cases - please see my reply to Bruce.
Bruce Ashfield - March 28, 2014, 5:42 p.m.
On Fri, Mar 28, 2014 at 1:34 PM, Denys Dmytriyenko <denis@denix.org> wrote:
> On Fri, Mar 28, 2014 at 01:18:32PM -0400, Bruce Ashfield wrote:
>> On Fri, Mar 28, 2014 at 1:13 PM, Denys Dmytriyenko <denis@denix.org> wrote:
>> > On Wed, Mar 26, 2014 at 11:42:39AM -0300, Otavio Salvador wrote:
>> >> Hello Kai,
>> >>
>> >> On Wed, Mar 26, 2014 at 7:15 AM, Kai Kang <kai.kang@windriver.com> wrote:
>> >> > Replace ocf-linux with cryptodev-linux because linux-yocto use cryptodev-linux to implement /dev/crypto.
>> >>
>> >> Thanks for handling it; I was going to address same issue this week so
>> >> we could have it upstreamed and drop the Freescale bbappends for it.
>> >
>> > So, we also have a recipe of cryptodev for TI builds. But it's not just a
>> > header file and we need the actual module to be built and packaged...
>>
>> As long as something out of tree can co-exist with in-tree implementations,
>> I don't see a problem with an incremental update that builds the module
>> as well.
>
> Thanks. So, I already have cryptodev-tests as a separate recipe that builds
> some tests from the same source, as main cryptodev. I guess I can look into
> separating module part into cryptodev-module recipe, which can be optional for
> kernels like linux-yocto that have it already patched in. Will that work?

Absolutely. It's the same dance we do with lttng-modules, so we are on solid
ground.

Bruce

>
> --
> Denys
Kang Kai - March 31, 2014, 3:02 a.m.
On 2014?03?28? 17:50, Richard Purdie wrote:
> On Wed, 2014-03-26 at 18:15 +0800, Kai Kang wrote:
>> Replace ocf-linux with cryptodev-linux because linux-yocto use cryptodev-linux to implement /dev/crypto.
>>
>> Build for qemux86 and qemuarm. Test on qemux86.
> This did break the build:
>
> http://git.yoctoproject.org/cgit.cgi/poky/commit/?id=8c3eb5ee4582b6f6d489549290937657f37fc19e
>
> however I've fixed it.

Thanks, RP.

-- Kai

>
> Cheers,
>
> Richard
>
>
>