On Fri, May 30, 2008 at 06:58:30PM -0500, Kim Phillips wrote: > > + /* get random IV */ > + get_random_bytes(req->giv, crypto_aead_ivsize(authenc)); Sorry but this is unworkable given our current RNG infrastructure. Draining 16 bytes for every packet is going to make /dev/random unuseable (if it wasn't already :). Perhaps just use eseqiv (it should be pretty cheap sinec it just tacks on an extra block to the encryption) for now until we have a PRNG? We'll need to extend eseqiv to support AEAD first though. Perhaps change it so that it can be called as a library by AEAD algorithms? Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
