Re: [PATCH/proposal] dm-crypt: add digest-based iv generation mode

[Matt Mackall]

On Fri, Feb 27, 2004 at 09:13:33PM +0100, Christophe Saout wrote:
> > I'd like to keep it to the minimal three new external functions until
> > we have a case that really demonstrates a need for the other stuff.
> > Let's keep it simple, get it merged, and go from there. The API I
> > posted will work for the three other users I'm aware of, if it works
> > for dm-crypt let's go with it.
> 
> I've added methods for copying the tfm context because it will fail very
> badly for everything that has a pointer in the private context.
> Use-after-free and these things. Ugly.

I certainly understand the issues of deep vs shallow copy. What I'm
saying is we should try to avoid needing deep copies in the first
place. They invite lots of complexity and for something as
straightforward as a cipher or digest should not be necessary.
 
> > I also want to hold off on adding ->copy until we find an algorithm
> > that can't be cleanly fixed not to need it.
> 
> Hmm. It should be there, but could return -EOPNOTSUPP. Copying a
> compress tfm doesn't make much sense. We need a way to detect things
> that are bad in a generic way, everything else is hacky.

Some way of preventing copies of some TFMs is called for, agreed.

-- 
Matt Mackall : http://www.selenic.com : Linux development and consulting
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/