diff options
author | Eric Biggers <ebiggers@google.com> | 2019-01-03 20:16:12 -0800 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2019-01-11 14:16:57 +0800 |
commit | 563344438270aa0743c7b9bc0b55618dd21f8be7 (patch) | |
tree | e22f68c5d8606d108fed00b087edc4aa6d8d8885 /crypto/tea.c | |
parent | 25ab3ef805058c211736157d5a978284296d7df5 (diff) | |
download | linux-crypto-563344438270aa0743c7b9bc0b55618dd21f8be7.tar.gz linux-crypto-563344438270aa0743c7b9bc0b55618dd21f8be7.zip |
crypto: ofb - fix handling partial blocks and make thread-safe
Fix multiple bugs in the OFB implementation:
1. It stored the per-request state 'cnt' in the tfm context, which can be
used by multiple threads concurrently (e.g. via AF_ALG).
2. It didn't support messages not a multiple of the block cipher size,
despite being a stream cipher.
3. It didn't set cra_blocksize to 1 to indicate it is a stream cipher.
To fix these, set the 'chunksize' property to the cipher block size to
guarantee that when walking through the scatterlist, a partial block can
only occur at the end. Then change the implementation to XOR a block at
a time at first, then XOR the partial block at the end if needed. This
is the same way CTR and CFB are implemented. As a bonus, this also
improves performance in most cases over the current approach.
Fixes: 6ca6d5d18294 ("crypto: ofb - add output feedback mode")
Cc: <stable@vger.kernel.org> # v4.20+
Cc: Gilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Gilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/tea.c')
0 files changed, 0 insertions, 0 deletions