Advertisement
Front, Kernel, Security, Distributions, Development. See your byline here on LWN.net.
| |||||||||||
LinusWatch: Crypto API and IPSec merged
Linus has yet to post a message to linux-kernel since his return, but he
continues to merge patches at a high rate. The latest code to go in
includes a new, reworked API for the performance of cryptographic functions
within the kernel; implementations of DES (and triple DES), MD4, MD5, and
SHA have been included. This is the first time that serious cryptographic
code has been part of the mainline kernel. The first use of this API is to
support the new IPSec implementation, which has also just been merged.
See this document (from Linus's BitKeeper tree) for details on how the new crypto API works. (Log in to post comments)
What does this mean to us end users? Posted Oct 29, 2002 22:18 UTC (Tue) by jzhao (guest, #2865) [Link] Something more than just encrypted file system without loop device? Can anybody knowledgeable give us a hint here?
What does this mean to us end users? Posted Oct 30, 2002 16:02 UTC (Wed) by jamesm (guest, #2273) [Link] This is a general purpose API, initially designed to support IPsec. Possible uses are for existing projects which need crypto (CIFS, freeswan, cipe, the /dev/random driver) and file/filesystem encryption.Herbert Valerio Riedel is working on porting the existing cryptoloop code to the new API, for example.
LinusWatch: Crypto API and IPSec merged Posted Oct 30, 2002 2:45 UTC (Wed) by hisdad (subscriber, #5375) [Link] The problem has been that because of cypto export issues, ipsec was not in the kernel. Instead an external project, freeswan, produced a large patch to add this capability. Then there is another patch to support X509 certs, as used in Win2K.Freeswan as a patch is pretty horrifying. By bringing this into the kernel we get a clean implementation of a very good VPN system. Ipsec is also required to fully support IPV6. This is the key issue. My opinion,
LinusWatch: Crypto API and IPSec merged Posted Oct 30, 2002 11:13 UTC (Wed) by ahu (guest, #4298) [Link] Parts of IPSEC are in but as we speak, there is not enough of it to function. I expect more patches to follow.
LinusWatch: Crypto API and IPSec merged Posted Oct 30, 2002 14:43 UTC (Wed) by AntiFreeze (guest, #7248) [Link] Actually, Linus has posted a great comment to linux-kernel since his return:From: Linus Torvalds (torvalds@transmeta.com) There was, for a while, bogus 2.5.45 tar-balls etc created from a BK tree I've removed the offending files, and hopefully nobody even had time to Linus "booger-head" Torvalds
LinusWatch: Crypto API and IPSec merged Posted Oct 30, 2002 17:20 UTC (Wed) by cpeterso (subscriber, #305) [Link] These new Crypto APIs are cool, especially if they support hardware-accelerated encryption. But will these APIs be available from userspace? Or are they only for use within the kernel (like IPSec and encrypted filesystems)?
LinusWatch: Crypto API and IPSec merged Posted Oct 30, 2002 19:53 UTC (Wed) by pj (subscriber, #4506) [Link] If there's not a userland interface to them, it'd surely be simple to make one... what kind of API should it have, though?
Userland API to Kernel Crypto Posted Oct 31, 2002 2:18 UTC (Thu) by DarrenMoffat (guest, #7292) [Link] The two main "Crypto APIs" in user land are PKCS#11 and OpenSSL.Using PKCS#11 will make it available to NSS and thus Mozilla and all things based on it. PKCS#11: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-11
|
|||||||||||