'Re: bug list int.2.4.x ?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-crypto
Subject:    Re: bug list int.2.4.x ?
From:       Jari Ruusu <jari.ruusu () pp ! inet ! fi>
Date:       2001-07-21 13:10:10
[Download RAW message or body]

holtland Last Name wrote:
> where can i find a list of most incompatible bugs between
> int.2.2.x and int.2.4.x ?

Known problems with international crypto patch:

1)  IV is block size based. When block size changes -> IV changes and shit
    hits the fan. This block size insanity is a real time bomb.
    - Study kernel sources how block sizes are used in filesystems and
      elsewhere. Grep kernel sources for set_blocksize().
    - Study kernel sources how IV is computed in loop.c

    When mounting a file system (ext2 for example), a superblock must be
    read from disk. Superblock contains the block size of the file system.
    To read the superblock without corrupting any data, following items are
    needed:

    a)  Encrypted data on the disk... Yep, got that.
    b)  Encryption key... Yep, got that too.
    c)  Sector offset of superblock, needed for IV calculation... Yep.
    d)  Blocksize, needed for IV calculation... Blocksize? Hello?

2)  International crypto patch ciphers are non-re-entrant. Non-re-entrant
    code in re-entrant code path -> data corruption.
    - Study kernel sources how IV is passed to ciphers. Start by reading
      source of transfer_cryptoapi()

3)  General bloat that does not belong in the kernel.

4)  Kernel patch approach targets only small subset of kernels in use. With
    international crypto patch, you have to select your kernel to match the
    patch. With completely modular solution like loop-AES, you select your
    kernel, and crypto adapts to your choice. This reason alone is enough to
    justify existence of loop-AES.

5)  Bad scheduling latency. Code should release control of CPU if operating
    system schedules a higher priority process to run.

6)  If ciphers are built as modules, cipher module locking is broken. This
    bug does not exist is ciphers are linked to kernel.

Take a look at loop-AES. It is a superior replacement for international
crypto patch, and you can download it from here:

    http://loop-aes.sourceforge.net/loop-AES-v1.3c.tar.bz2

Loop-AES does not suffer from any of the bugs mentioned above, and works
with 2.4, 2.2 and 2.0 kernels.

Regards,
Jari Ruusu <jari.ruusu@pp.inet.fi>

Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic