On Thu, Nov 22, 2007 at 04:48:43PM +0800, Herbert Xu (herbert@xxxxxxxxxxxxxxxxxxx) wrote:
> +static int chainiv_givcrypt(struct ablkcipher_request *req)
> +{
> + struct crypto_ablkcipher *geniv = crypto_ablkcipher_reqtfm(req);
> + struct chainiv_ctx *ctx = crypto_ablkcipher_ctx(geniv);
> + struct ablkcipher_request *subreq = ablkcipher_request_ctx(req);
> + unsigned int ivsize;
> + int err;
> +
> + ablkcipher_request_set_tfm(subreq, ctx->cipher);
> + ablkcipher_request_set_callback(subreq, req->base.flags &
> + ~CRYPTO_TFM_REQ_MAY_SLEEP,
> + req->base.complete, req->base.data);
> + ablkcipher_request_set_crypt(subreq, req->src, req->dst, req->nbytes,
> + req->info);
> +
> + spin_lock_bh(&ctx->lock);
Crypto hardware can access iv in interrupt context and thus this can get
wrong data.
> + ivsize = crypto_ablkcipher_ivsize(geniv);
> +
> + memcpy(req->giv, ctx->iv, ivsize);
> + memcpy(req->info, ctx->iv, ivsize);
> +
> + err = crypto_ablkcipher_encrypt(subreq);
> + if (err)
> + goto unlock;
Are you sure that crypto operation has to be limited to be performed
with turned off bottom halves? I believe this is a huge limitation for
those ablkcipher devices which are not async actually...
--
Evgeniy Polyakov
-
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
