diff options
author | Kim Phillips <kim.phillips@freescale.com> | 2008-09-14 22:41:19 +0200 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2008-09-14 22:41:19 +0200 |
commit | ba95487df97f9c45cfdae2a47de56235e7a13dc5 (patch) | |
tree | e8581dd7fb9951f3baf0cb6d687a5bd65644df6d /drivers/crypto/talitos.c | |
parent | Merge master.kernel.org:/home/rmk/linux-2.6-arm (diff) | |
download | linux-ba95487df97f9c45cfdae2a47de56235e7a13dc5.tar.xz linux-ba95487df97f9c45cfdae2a47de56235e7a13dc5.zip |
crypto: talitos - Avoid consecutive packets going out with same IV
The SEC's h/w IV out implementation DMAs the trailing encrypted payload
block of the last encryption to ctx->iv. Since the last encryption may
still be pending completion, we can sufficiently prevent successive
packets from being transmitted with the same IV by xoring with sequence
number.
Also initialize alg_list earlier to prevent oopsing on a failed probe.
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Lee Nipper <lee.nipper@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to '')
-rw-r--r-- | drivers/crypto/talitos.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c index ee827a7f7c6a..b6ad3ac5916e 100644 --- a/drivers/crypto/talitos.c +++ b/drivers/crypto/talitos.c @@ -1157,6 +1157,8 @@ static int aead_authenc_givencrypt( edesc->desc.hdr = ctx->desc_hdr_template | DESC_HDR_MODE0_ENCRYPT; memcpy(req->giv, ctx->iv, crypto_aead_ivsize(authenc)); + /* avoid consecutive packets going out with same IV */ + *(__be64 *)req->giv ^= cpu_to_be64(req->seq); return ipsec_esp(edesc, areq, req->giv, req->seq, ipsec_esp_encrypt_done); @@ -1449,6 +1451,8 @@ static int talitos_probe(struct of_device *ofdev, priv->ofdev = ofdev; + INIT_LIST_HEAD(&priv->alg_list); + tasklet_init(&priv->done_task, talitos_done, (unsigned long)dev); tasklet_init(&priv->error_task, talitos_error, (unsigned long)dev); @@ -1575,8 +1579,6 @@ static int talitos_probe(struct of_device *ofdev, } /* register crypto algorithms the device supports */ - INIT_LIST_HEAD(&priv->alg_list); - for (i = 0; i < ARRAY_SIZE(driver_algs); i++) { if (hw_supports(dev, driver_algs[i].desc_hdr_template)) { struct talitos_crypto_alg *t_alg; |