| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 11 Dec 2016 17:44:13 +0100
From: Willy Tarreau <w@....eu>
To: "Jason A. Donenfeld" <Jason@...c4.com>
Cc: linux-mips@...ux-mips.org, Netdev <netdev@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
Dan Lüdtke <mail@...rl.com>,
Måns Rullgård <mans@...sr.com>,
Hannes Frederic Sowa <hannes@...essinduktion.org>,
WireGuard mailing list <wireguard@...ts.zx2c4.com>,
Greg KH <gregkh@...uxfoundation.org>,
Felix Fietkau <nbd@....name>, Jiri Benc <jbenc@...hat.com>,
David Miller <davem@...emloft.net>
Subject: Re: Misalignment, MIPS, and ip_hdr(skb)->version
On Sun, Dec 11, 2016 at 03:50:31PM +0100, Jason A. Donenfeld wrote:
> 3. Add 3 bytes of padding, set to zero, to the encrypted section just
> before the IP header, marked for future use.
> Pros: satisfies IETF mantras, can use those extra bits in the future
> for interesting protocol extensions for authenticated peers.
> Cons: lowers MTU, marginally more difficult to implement but still
> probably just one or two lines of code.
>
> Of these, I'm leaning toward (3).
Or 4) add one byte to the cleartext header for future use (mostly flags
maybe) and 2 bytes of padding to the encrypted header. This way you get
the following benefits :
1) your encrypted text is at least 16-bit aligned, maybe it matters
in your checksum computations on during decryption
2) your MTU remains even, this is better for both ends
3) you're free to add some bits either to the encrypted or the clear
parts.
Just a suggestion :-)
Willy
Powered by blists - more mailing lists