Subject: Re: crypto(4) and IVs
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Thor Lancelot Simon <>
List: tech-crypto
Date: 05/29/2005 15:11:08
On Sun, May 29, 2005 at 02:32:23PM -0400, der Mouse wrote:
> If you mean src/crypto/dist/openssl/crypto/engine/hw_cryptodev.c (one
> of only two places in the entire source tree which open /dev/crypto,
> the other being src/crypto/dist/openssl/crypto/evp/openbsd_hw.c), it
> does go under the hood.  (Line numbers are from the version sup fetched
> for me 2005-03-26 11:17 UTC; I don't see an RCS ID line in it.)

Well, you have commit access -- add an RCS ID. :-)

> It appears to assume that any cryptosystem with an IV is doing
> CBC-style feedback.  This will break when someone gets around to adding
> the counter modes (see draft-ietf-secsh-newmodes-03.txt), unless their
> state is represented somewhere other than the IV storage....

I don't have access to any hardware that does any counter mode (I'm not
even sure if there is any, yet).  If you do, I agree that you're probably
going to have to do some interface and client code bashing to make it
work right.

More documentation for all this stuff would be very, very good.