lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 18 Dec 2006 16:13:57 +0300
From:	Evgeniy Polyakov <johnpol@....mipt.ru>
To:	Andreas Jellinghaus <aj@...hirelabs.com>
Cc:	linux-crypto@...r.kernel.org, netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [ANN] Acrypto asynchronous crypto layer 2.6.19 release.

On Mon, Dec 18, 2006 at 02:00:26PM +0100, Andreas Jellinghaus (aj@...hirelabs.com) wrote:
> Evgeniy Polyakov wrote:
> >Actually I do not recall what is 'size retrictions' - if you talk about
> >possibility to use software crypto provider, which supports one cipher
> >in a time, then yes, but it is intended to be used with hardware though.
> >Otherwise I do not recall any problems pointed to me.
> 
> sorry, "size restriction" was the wrong term. acrypto only supports
> "sync provider only supports AES-128 in CBC mode, so if you try
> different ciphers, there can be some problems."

You can change it in async_provider in compilation time or I can create
module version. There is an item in related todo list to use crypto
contexts, they were created exactly for such kind of things (actually
for hardware devices which do not support realtime key changes).

> and I'm using dm-crypto with aes-cbc-essiv:sha256 and your acrypto patch
> breaks this setup - not only acrypto doesn't provide crypto capability 
> for my setup, but with this patch it is not offered by the old mechanism
> either, so my system has no way to decrypt the root partition. note:
> that was with the 2.6.18 patch, no idea if it is different now.
> 
> so while the patch adds new features, it also removes some features -
> not sure if always (via patch) or via compile option or via module
> load. also I'm not sure if acrypto can be disabled via kernel command
> line to get the old behaviour (including aes-cbc-essiv:sha256 support
> for dm-crypt).
> 
> would be nice to track those issues, so people testing your patch
> are aware of the situation.

I will change acrypto software crypto provider, but right now, yes,
software crypto only supports one mode.

> Regards, Andreas

-- 
	Evgeniy Polyakov
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ