crypto: talitos - Avoid consecutive packets going out with same IV
The SEC's h/w IV out implementation DMAs the trailing encrypted payload block of the last encryption to ctx->iv. Since the last encryption may still be pending completion, we can sufficiently prevent successive packets from being transmitted with the same IV by xoring with sequence number. Also initialize alg_list earlier to prevent oopsing on a failed probe. Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Lee Nipper <lee.nipper@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
parent
6bfb09a100
commit
ba95487df9
@ -1157,6 +1157,8 @@ static int aead_authenc_givencrypt(
|
||||
edesc->desc.hdr = ctx->desc_hdr_template | DESC_HDR_MODE0_ENCRYPT;
|
||||
|
||||
memcpy(req->giv, ctx->iv, crypto_aead_ivsize(authenc));
|
||||
/* avoid consecutive packets going out with same IV */
|
||||
*(__be64 *)req->giv ^= cpu_to_be64(req->seq);
|
||||
|
||||
return ipsec_esp(edesc, areq, req->giv, req->seq,
|
||||
ipsec_esp_encrypt_done);
|
||||
@ -1449,6 +1451,8 @@ static int talitos_probe(struct of_device *ofdev,
|
||||
|
||||
priv->ofdev = ofdev;
|
||||
|
||||
INIT_LIST_HEAD(&priv->alg_list);
|
||||
|
||||
tasklet_init(&priv->done_task, talitos_done, (unsigned long)dev);
|
||||
tasklet_init(&priv->error_task, talitos_error, (unsigned long)dev);
|
||||
|
||||
@ -1575,8 +1579,6 @@ static int talitos_probe(struct of_device *ofdev,
|
||||
}
|
||||
|
||||
/* register crypto algorithms the device supports */
|
||||
INIT_LIST_HEAD(&priv->alg_list);
|
||||
|
||||
for (i = 0; i < ARRAY_SIZE(driver_algs); i++) {
|
||||
if (hw_supports(dev, driver_algs[i].desc_hdr_template)) {
|
||||
struct talitos_crypto_alg *t_alg;
|
||||
|
Loading…
Reference in New Issue
Block a user