* Paul Mackerras | 2007-08-29 09:03:35 [+1000]: >Sebastian Siewior writes: > >> CBC has one limitiation: The IV is written back in the notification >> callback. That means that it is not available for crypto requests that >> depend on the previous IV (as well as crypto requests >16 KiB). Herbert Xu >> pointer out, that this is currently not the case. For instance: >> - IPsec brings its own IV on with every packet. A packet is usually <= >> 1500 bytes. Jumbo frames should not exceed 16 KiB. >> - EcryptFS changes the IV on page bassis (every enc/dec request is >> PAGE_SIZE long). > >The page size could be 64kB. Yes, I am aware of this. That's why I mentioned it here. The only way way how I could fix it is by caching the IV the same/similar way I do it for the key. I had no time to implement this so far and it should not break IPsec or EcryptFS if you don't force it :) >Paul. Sebastian - To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
