Re: problems with kerneli patch?

[Alexander S A Kjeldaas <Alexander.Kjeldaas@fast.no>]

On Mon, Mar 26, 2001 at 01:58:39PM +0000, Marc Mutz wrote:
> Robert Varga wrote:
> > 
> <snip>
> > Could somebody summarize the known problems and wether they are being worked
> > on? If not, I could take a look at them.
> <snip> 
> 
> Do you mean conceptional or implementation-dependent?
> 
> For the first, a starting point would be - of course - Applied
> Cryptography by B. Schneier. There is quite an extensive references
> section there, but the book is now more than six years old.
> 
> For the second, here's a list of bug/inconvenients for the linux
> loopback device crypto and the cryptoapi, as far as i know and recall
> them:
> 
> - 2G limit in the loopback device
>   (2.2+2.4, axboe maybe has a patch for 2.4?)
> - deadlocks in the loopback device
>   (2.4, axboe has a patch)
> - blowfish (and other ciphers) have endian-issues (2.2+2.4)
>   This is mostly because
>   a. no-one has really defined what the ciphers should
>      return and accept (cryptoapi)
>   b. the authors of ciphers often did not pay attention
>      themselves
>   c. no-one has tested the ciphers (due to a.)
> - blowfish (and others) have a problem with demand-module
>   loading (2.2.18.4pre+2.4)
> 
> For the third point: Alex, Gisle, should we define the input and output
> of *_{en,de}crypt functions to expect/provide an octet stream? 

Yes we should and we do - at least in the 2.4 patch.  The interface is
right but some implementations are still wrong.

astor

Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/