crypto: skcipher - Use eseqiv even on UP machines (f3d53ed0) · Commits · 戴 / test

Previously we would use eseqiv on all async ciphers in all cases, and sync ciphers if we have more than one CPU. This meant that chainiv is only used in the case of sync ciphers on a UP machine. As chainiv may aid attackers by making the IV predictable, even though this risk itself is small, the above usage pattern causes it to further leak information about the host. This patch addresses these issues by using eseqiv even if we're on a UP machine. Signed-off-by:

Herbert Xu <herbert@gondor.apana.org.au> Acked-by:

Steffen Klassert <steffen.klassert@secunet.com> Acked-by:

David S. Miller <davem@davemloft.net>

crypto/ablkcipher.c

+1 −20

Original line number	Diff line number	Diff line
		@@ -16,9 +16,7 @@
		#include <crypto/internal/skcipher.h>
		#include <linux/cpumask.h>
		#include <linux/err.h>
		#include <linux/init.h>
		#include <linux/kernel.h>
		#include <linux/module.h>
		#include <linux/rtnetlink.h>
		#include <linux/sched.h>
		#include <linux/slab.h>
		@@ -30,8 +28,6 @@

		#include "internal.h"

		static const char *skcipher_default_geniv __read_mostly;

		struct ablkcipher_buffer {
		struct list_head entry;
		struct scatter_walk dst;
		@@ -527,8 +523,7 @@ const char crypto_default_geniv(const struct crypto_alg alg)
		alg->cra_blocksize)
		return "chainiv";

		return alg->cra_flags & CRYPTO_ALG_ASYNC ?
		"eseqiv" : skcipher_default_geniv;
		return "eseqiv";
		}

		static int crypto_givcipher_default(struct crypto_alg *alg, u32 type, u32 mask)
		@@ -709,17 +704,3 @@ err:
		return ERR_PTR(err);
		}
		EXPORT_SYMBOL_GPL(crypto_alloc_ablkcipher);

		static int __init skcipher_module_init(void)
		{
		skcipher_default_geniv = num_possible_cpus() > 1 ?
		"eseqiv" : "chainiv";
		return 0;
		}

		static void skcipher_module_exit(void)
		{
		}

		module_init(skcipher_module_init);
		module_exit(skcipher_module_exit);

Admin message