Eric Biggers <ebiggers@xxxxxxxxxx> wrote: > From: Eric Biggers <ebiggers@xxxxxxxxxx> > > Rewrite the skcipher API example, changing it to encrypt a buffer with > AES-256-XTS. This addresses various problems with the previous example: > > - It requests a specific driver "cbc-aes-aesni", which is unusual. > Normally users ask for "cbc(aes)", not a specific driver. > > - It encrypts only a single AES block. For the reader, that doesn't > clearly distinguish the "skcipher" API from the "cipher" API. > > - Showing how to encrypt something with bare CBC is arguably a poor > choice of example, as it doesn't follow modern crypto trends. Now, > usually authenticated encryption is recommended, in which case the > user would use the AEAD API, not skcipher. Disk encryption is still a > legitimate use for skcipher, but for that usually XTS is recommended. > > - Many other bugs and poor coding practices, such as not setting > CRYPTO_TFM_REQ_MAY_SLEEP, unnecessarily allocating a heap buffer for > the IV, unnecessary NULL checks, using a pointless wrapper struct, and > forgetting to set an error code in one case. > > Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> > --- > Documentation/crypto/api-samples.rst | 176 ++++++++++++--------------- > 1 file changed, 77 insertions(+), 99 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt