| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200605050910.GS2667@sol.localdomain>
Date: Thu, 4 Jun 2020 22:09:10 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: Herbert Xu <herbert@...dor.apana.org.au>
Cc: netdev@...r.kernel.org, linux-crypto@...r.kernel.org,
Corentin Labbe <clabbe@...libre.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Steffen Klassert <steffen.klassert@...unet.com>
Subject: Re: [PATCH net] esp: select CRYPTO_SEQIV
On Fri, Jun 05, 2020 at 10:29:56AM +1000, Herbert Xu wrote:
> On Fri, Jun 05, 2020 at 10:28:58AM +1000, Herbert Xu wrote:
> >
> > Hmm, the selection list doesn't include CTR so just adding SEQIV
> > per se makes no sense. I'm not certain that we really want to
> > include every algorithm under the sun. Steffen, what do you think?
>
> Or how about
>
> select CRYPTO_SEQIV if CRYPTO_CTR
>
> That would make more sense.
>
> Cheers,
There's also a case where "seqiv" is used without counter mode:
net/xfrm/xfrm_algo.c:
{
.name = "rfc7539esp(chacha20,poly1305)",
.uinfo = {
.aead = {
.geniv = "seqiv",
.icv_truncbits = 128,
}
},
.pfkey_supported = 0,
},
FWIW, we make CONFIG_FS_ENCRYPTION select only the algorithms that we consider
the "default", and any "non-default" algorithms need to be explicitly enabled.
Is something similar going on here with INET_ESP and INET_ESP6? Should "seqiv"
be considered a "default" for IPsec?
- Eric
Powered by blists - more mailing lists