ecb_process, 1, NULL);
}
+static int ecb_encrypt_iv(struct crypto_tfm *tfm,
+ struct scatterlist *dst,
+ struct scatterlist *src,
+ unsigned int nbytes, u8 *iv)
+{
+ ecb_encrypt(tfm, dst, src, nbytes);
+ return -ENOSYS;
+}
+
static int ecb_decrypt(struct crypto_tfm *tfm,
struct scatterlist *dst,
struct scatterlist *src,
ecb_process, 1, NULL);
}
+static int ecb_decrypt_iv(struct crypto_tfm *tfm,
+ struct scatterlist *dst,
+ struct scatterlist *src,
+ unsigned int nbytes, u8 *iv)
+{
+ ecb_decrypt(tfm, dst, src, nbytes);
+ return -ENOSYS;
+}
+
static int cbc_encrypt(struct crypto_tfm *tfm,
struct scatterlist *dst,
struct scatterlist *src,
cbc_process, 0, iv);
}
+/*
+ * nocrypt*() zeroize the destination buffer to make sure we don't leak
+ * uninitialized memory contents if the caller ignores the return value.
+ * This is bad since the data in the source buffer is unused and may be
+ * lost, but an infoleak would be even worse. The performance cost of
+ * memset() is irrelevant since a well-behaved caller would not bump into
+ * the error repeatedly.
+ */
static int nocrypt(struct crypto_tfm *tfm,
struct scatterlist *dst,
struct scatterlist *src,
unsigned int nbytes)
{
+ memset(dst, 0, nbytes);
return -ENOSYS;
}
struct scatterlist *src,
unsigned int nbytes, u8 *iv)
{
+ memset(dst, 0, nbytes);
return -ENOSYS;
}
case CRYPTO_TFM_MODE_ECB:
ops->cit_encrypt = ecb_encrypt;
ops->cit_decrypt = ecb_decrypt;
+/* These should have been nocrypt_iv, but patch-cryptoloop-jari-2.4.22.0
+ * (and its other revisions) directly calls the *_iv() functions even in
+ * ECB mode and ignores their return value. */
+ ops->cit_encrypt_iv = ecb_encrypt_iv;
+ ops->cit_decrypt_iv = ecb_decrypt_iv;
break;
case CRYPTO_TFM_MODE_CBC: