On Sun, Mar 02, 2008 at 11:09:10AM +0000, Sebastian Siewior wrote:
> The XTS blockmode uses a copy of the IV which is saved on the stack
> and may or may not be properly aligned. If it is not, it will break
> hardware cipher like the geode or padlock.
> This patch moves the copy of IV to the private structre which has the
> same aligment as the underlying cipher.
>
> Tested-by: Stefan Hellermann <stefan@xxxxxxxxxxxxxx>
> Signed-off-by: Sebastian Siewior <sebastian@xxxxxxxxxxxxx>
Sorry but this patch isn't right.
> +struct sinfo {
> + be128 t;
> + struct crypto_tfm *tfm;
> + void (*fn)(struct crypto_tfm *, u8 *, const u8 *);
> +};
> +
> struct priv {
> + /* s.t being the first member in this struct enforces proper alignment
> + * required by the underlying cipher without explicit knowing the it.
> + */
> + struct sinfo s;
tfm objects should be reentrant so you can't store any per-op
info in the context structure.
> - tw(crypto_cipher_tfm(ctx->tweak), (void *)&s.t, w->iv);
> + tw(crypto_cipher_tfm(ctx->tweak), (void *)&s->t, w->iv);
However, the real question is why do we need this at all? The
tw argument should be using the proper entry points that do
copying for you if necessary.
OK, I see that the issue is that we're using cia_encrypt instead
of cit_encrypt_one. So if we just change that then it should work
correctly.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
