Re: [PATCH] crypto: Make CRYPTO_CBC select CRYPTO_ECHAINIV

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 01/08/2016 10:48 AM, Herbert Xu wrote:
> On Mon, Jan 04, 2016 at 09:43:53PM +0100, Thomas Egerer wrote:
>> Similar to CTR mode selecting CRYPTO_SEQIV, CBC mode requires echainiv
>> and has to select CRYPTO_ECHAINIV in order to work properly. This solves
>> the issues caused by a misconfiguration as described in [1].
>>
>> [1] https://lists.strongswan.org/pipermail/users/2015-December/009074.html
>>
>> Signed-off-by: Thomas Egerer <hakke_007@xxxxxx>
> 
> Please patch net/ipvX/Kconfig instead as ECHAINIV is only used
> by IPsec.
This does not seem right to me. By depending on CRYPTO_CBC in a particular
Kconfig, I would expect the 'default algorithm for CBC' to be transitively
selected with it. It's what CRYPTO_CTR does. There are a couple of places
that use select CRYPTO_CBC but not CRYPTO_ECHAINIV  (ext4, wusbcore, md
to mention a few). Wouldn't these end up unusable too, if CBC-mode doesn't
activate echainiv?

Cheers,
Thomas

> Thanks,
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux