On Tue, Sep 30, 2008 at 09:41:04AM -0700, Russ Dill wrote: > > I'm just not sure how to best fit that into an API. In the case of > number of bytes being greater than the underlying block size, > everything works "normally". But in the case of the number of bytes > being less than or equal to the block size, the IV sent to the remote > end needs to be modified. I see. I think the easiest way right now is to use the givencrypt interface. The only time you can modify the IV is when you are able to send the IV to the other side, in which case givencrypt should be a reasonable interface. If the user calls you through encrypt then you just fail any requests <= block_size. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
