On Wed, 2002-01-09 at 10:36, KANDA Mitsuru / 神田 充 wrote:
> I updated cryptoapi 2.4.3 to int-patch-2.4.17.0 .
> I found the iv[] member in struct cipher_context{} was commented out
> and "u32 iv[]" arg was added in some functions(encrypt(),decript()...).
> Why did you move iv[] from cipher_context{} to functions?
that was done by me;
the problem was, that having the IV associated with the context would
require to use a kernel lock on the shared IV value in the cipher
context;
otherwise if the en/decryption function were called more than once (and
you modify the IV value beforehand) you'd end up with ugly race
conditions (which were observed with the loop filter function, which
would use one context per loop device; using locks in order to serialize
I/O encryption didn't seem a good idea...)
...passing the IV as parameter effectively solves this problem...
hope my explaination makes some sense...
if you have any suggestions/comments please don't hesitate to share them
with us...
regards,
--
Herbert Valerio Riedel / Phone: (EUROPE) +43-1-58801-18840
Email: hvr@hvrlab.org / Finger hvr@gnu.org for GnuPG Public Key
GnuPG Key Fingerprint: 7BB9 2D6C D485 CE64 4748 5F65 4981 E064 883F
4142
Attachment:
pgp00001.pgp
Description: PGP signature
