首頁 探索 說明
登入
GfA
/
linux_kernel
5
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
瀏覽代碼

Revert "crypto: talitos - add IPsec ESN support"

This reverts commit e763eb699be723fb41af818118068c6b3afdaf8d.

Current IPsec ESN implementation for authencesn(cbc(aes), hmac(sha))
(separate encryption and integrity algorithms) does not conform
to RFC4303.

ICV is generated by hashing the sequence
SPI, SeqNum-High, SeqNum-Low, IV, Payload
instead of
SPI, SeqNum-Low, IV, Payload, SeqNum-High.

Cc: <stable@vger.kernel.org> # 3.8, 3.7
Reported-by: Chaoxing Lin <Chaoxing.Lin@ultra-3eti.com>
Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Reviewed-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Horia Geanta 12 年之前
父節點
32dc43e40a
當前提交
991155bacb
共有 1 個文件被更改,包括 2 次插入28 次删除
分割檢視 顯示文件統計
  1. 2 28
      drivers/crypto/talitos.c

+ 2 - 28
drivers/crypto/talitos.c
查看文件 

@@ -38,7 +38,6 @@
 
 #include <linux/spinlock.h>
 
 #include <linux/rtnetlink.h>
 
 #include <linux/slab.h>
 
-#include <linux/string.h>
 
 
 #include <crypto/algapi.h>
 
 #include <crypto/aes.h>
 
@@ -1974,11 +1973,7 @@ struct talitos_alg_template {
 
 };
 
 
 static struct talitos_alg_template driver_algs[] = {
 
-	/*
 
-	 * AEAD algorithms. These use a single-pass ipsec_esp descriptor.
 
-	 * authencesn(*,*) is also registered, although not present
 
-	 * explicitly here.
 
-	 */
 
+	/* AEAD algorithms.  These use a single-pass ipsec_esp descriptor */
 
 	{	.type = CRYPTO_ALG_TYPE_AEAD,
 
 		.alg.crypto = {
 
 			.cra_name = "authenc(hmac(sha1),cbc(aes))",
 
@@ -2820,9 +2815,7 @@ static int talitos_probe(struct platform_device *ofdev)
 
 		if (hw_supports(dev, driver_algs[i].desc_hdr_template)) {
 
 			struct talitos_crypto_alg *t_alg;
 
 			char *name = NULL;
 
-			bool authenc = false;
 
 
-authencesn:
 
 			t_alg = talitos_alg_alloc(dev, &driver_algs[i]);
 
 			if (IS_ERR(t_alg)) {
 
 				err = PTR_ERR(t_alg);
 
@@ -2837,8 +2830,6 @@ static int talitos_probe(struct platform_device *ofdev)
 
 				err = crypto_register_alg(
 
 						&t_alg->algt.alg.crypto);
 
 				name = t_alg->algt.alg.crypto.cra_driver_name;
 
-				authenc = authenc ? !authenc :
 
-					  !(bool)memcmp(name, "authenc", 7);
 
 				break;
 
 			case CRYPTO_ALG_TYPE_AHASH:
 
 				err = crypto_register_ahash(
 
@@ -2851,25 +2842,8 @@ static int talitos_probe(struct platform_device *ofdev)
 
 				dev_err(dev, "%s alg registration failed\n",
 
 					name);
 
 				kfree(t_alg);
 
-			} else {
 
+			} else
 
 				list_add_tail(&t_alg->entry, &priv->alg_list);
 
-				if (authenc) {
 
-					struct crypto_alg *alg =
 
-						&driver_algs[i].alg.crypto;
 
-
 
-					name = alg->cra_name;
 
-					memmove(name + 10, name + 7,
 
-						strlen(name) - 7);
 
-					memcpy(name + 7, "esn", 3);
 
-
 
-					name = alg->cra_driver_name;
 
-					memmove(name + 10, name + 7,
 
-						strlen(name) - 7);
 
-					memcpy(name + 7, "esn", 3);
 
-
 
-					goto authencesn;
 
-				}
 
-			}
 
 		}
 
 	}
 
 	if (!list_empty(&priv->alg_list))