Herbert Valerio Riedel wrote:
> On Mon, 9 Jul 2001, Jari Ruusu wrote:
> > patch-int-2.4.6.bz2 available from HVR's web site is still the same time
> > bomb waiting to explode as patch-int-2.4.3.1.bz2.
> >
> > Have you actually audited that code?
> >
> > I have audited some of it. Conclusion: BROKEN
>
> ...do you mind sharing your thoughts with us? :-)
> but please, don't tell me again, to give up on the crypto API... ;-)
>
> since I'm quite determined to fix all problems, it would be usefull to
> have a definite list of them...
>
> btw, the non-reentrant part has been almost fixed... but it's not
> released yet.
>
> if you are refering to the IV overflow, that's going to be addressed as
> well rsn...
>
> as to the patch-int vs cryptoapi, the patch-int-2.4.6.bz2 actually nothing
> more than a patch-int-2.4.3.1 applied against a 2.4.6...
>
> so they are both the same...
Just like I said, same time bomb.
Known problems, at this time:
1) IV has be 512 byte based, each 512 byte chunk must be independent
2) non-re-entrant ciphers
3) Follow this thread, there is a patch:
http://marc.theaimsgroup.com/?l=linux-kernel&m=99314207620322&w=2
All of the above problems are fixed in loop-AES.
Regards,
Jari Ruusu <jari.ruusu@xxxxxxxxxx>
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
