[PATCH cryptodev] crypto: lib/chacha20poly1305 - allow users to specify 96bit nonce

Jason A. Donenfeld Jason at zx2c4.com
Tue Nov 17 08:35:31 UTC 2020


On Tue, Nov 17, 2020 at 9:32 AM Ard Biesheuvel <ardb at kernel.org> wrote:
> If you are going back to the drawing board with in-kernel acceleration
> for OpenVPN

As far as I can tell, they're mostly after compatibility with their
existing userspace stuff. Otherwise, if they were going back to the
drawing board, they could just make openvpn userspace set up xfrm or
wg tunnels to achieve basically the same design. And actually, the
xfrm approach kind of makes a lot of sense for what they're doing; it
was designed for that type of split-daemon tunneling design.



More information about the Linux-security-module-archive mailing list