Revert "crypto: talitos - add IPsec ESN support"

This reverts commit e763eb699be723fb41af818118068c6b3afdaf8d. Current IPsec ESN implementation for authencesn(cbc(aes), hmac(sha)) (separate encryption and integrity algorithms) does not conform to RFC4303. ICV is generated by hashing the sequence SPI, SeqNum-High, SeqNum-Low, IV, Payload instead of SPI, SeqNum-Low, IV, Payload, SeqNum-High. Cc: <stable@vger.kernel.org> # 3.8, 3.7 Reported-by: Chaoxing Lin <Chaoxing.Lin@ultra-3eti.com> Signed-off-by: Horia Geanta <horia.geanta@freescale.com> Reviewed-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Revert "crypto: talitos - add IPsec ESN support"
This reverts commit e763eb699be723fb41af818118068c6b3afdaf8d. Current IPsec ESN implementation for authencesn(cbc(aes), hmac(sha)) (separate encryption and integrity algorithms) does not conform to RFC4303. ICV is generated by hashing the sequence SPI, SeqNum-High, SeqNum-Low, IV, Payload instead of SPI, SeqNum-Low, IV, Payload, SeqNum-High. Cc: <stable@vger.kernel.org> # 3.8, 3.7 Reported-by: Chaoxing Lin <Chaoxing.Lin@ultra-3eti.com> Signed-off-by: Horia Geanta <horia.geanta@freescale.com> Reviewed-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Horia Geanta · Herbert Xu
1 parent 32dc43e40a
Showing 1 changed file with 2 additions and 28 deletions Side-by-side Diff
drivers/crypto/talitos.c
@@ -38,7 +38,6 @@
 #include <linux/spinlock.h>
 #include <linux/rtnetlink.h>
 #include <linux/slab.h>
-#include <linux/string.h>
  
 #include <crypto/algapi.h>
 #include <crypto/aes.h>
@@ -1974,11 +1973,7 @@
 };
  
 static struct talitos_alg_template driver_algs[] = {
-	/*
-	 * AEAD algorithms. These use a single-pass ipsec_esp descriptor.
-	 * authencesn(*,*) is also registered, although not present
-	 * explicitly here.
-	 */
+	/* AEAD algorithms.  These use a single-pass ipsec_esp descriptor */
 	{	.type = CRYPTO_ALG_TYPE_AEAD,
 		.alg.crypto = {
 			.cra_name = "authenc(hmac(sha1),cbc(aes))",
  
@@ -2820,9 +2815,7 @@
 		if (hw_supports(dev, driver_algs[i].desc_hdr_template)) {
 			struct talitos_crypto_alg *t_alg;
 			char *name = NULL;
-			bool authenc = false;
  
-authencesn:
 			t_alg = talitos_alg_alloc(dev, &driver_algs[i]);
 			if (IS_ERR(t_alg)) {
 				err = PTR_ERR(t_alg);
@@ -2837,8 +2830,6 @@
 				err = crypto_register_alg(
 						&t_alg->algt.alg.crypto);
 				name = t_alg->algt.alg.crypto.cra_driver_name;
-				authenc = authenc ? !authenc :
-					  !(bool)memcmp(name, "authenc", 7);
 				break;
 			case CRYPTO_ALG_TYPE_AHASH:
 				err = crypto_register_ahash(
  
@@ -2851,25 +2842,8 @@
 				dev_err(dev, "%s alg registration failed\n",
 					name);
 				kfree(t_alg);
-			} else {
+			} else
 				list_add_tail(&t_alg->entry, &priv->alg_list);
-				if (authenc) {
-					struct crypto_alg *alg =
-						&driver_algs[i].alg.crypto;
-
-					name = alg->cra_name;
-					memmove(name + 10, name + 7,
-						strlen(name) - 7);
-					memcpy(name + 7, "esn", 3);
-
-					name = alg->cra_driver_name;
-					memmove(name + 10, name + 7,
-						strlen(name) - 7);
-					memcpy(name + 7, "esn", 3);
-
-					goto authencesn;
-				}
-			}
 		}
 	}
 	if (!list_empty(&priv->alg_list))
...	...	@@ -38,7 +38,6 @@
38	38	#include <linux/spinlock.h>
39	39	#include <linux/rtnetlink.h>
40	40	#include <linux/slab.h>
41		-#include <linux/string.h>
42	41
43	42	#include <crypto/algapi.h>
44	43	#include <crypto/aes.h>
...	...	@@ -1974,11 +1973,7 @@
1974	1973	};
1975	1974
1976	1975	static struct talitos_alg_template driver_algs[] = {
1977		- /*
1978		- * AEAD algorithms. These use a single-pass ipsec_esp descriptor.
1979		- * authencesn(,) is also registered, although not present
1980		- * explicitly here.
1981		- */
	1976	+ /* AEAD algorithms. These use a single-pass ipsec_esp descriptor */
1982	1977	{ .type = CRYPTO_ALG_TYPE_AEAD,
1983	1978	.alg.crypto = {
1984	1979	.cra_name = "authenc(hmac(sha1),cbc(aes))",
1985	1980
...	...	@@ -2820,9 +2815,7 @@
2820	2815	if (hw_supports(dev, driver_algs[i].desc_hdr_template)) {
2821	2816	struct talitos_crypto_alg *t_alg;
2822	2817	char *name = NULL;
2823		- bool authenc = false;
2824	2818
2825		-authencesn:
2826	2819	t_alg = talitos_alg_alloc(dev, &driver_algs[i]);
2827	2820	if (IS_ERR(t_alg)) {
2828	2821	err = PTR_ERR(t_alg);
...	...	@@ -2837,8 +2830,6 @@
2837	2830	err = crypto_register_alg(
2838	2831	&t_alg->algt.alg.crypto);
2839	2832	name = t_alg->algt.alg.crypto.cra_driver_name;
2840		- authenc = authenc ? !authenc :
2841		- !(bool)memcmp(name, "authenc", 7);
2842	2833	break;
2843	2834	case CRYPTO_ALG_TYPE_AHASH:
2844	2835	err = crypto_register_ahash(
2845	2836
...	...	@@ -2851,25 +2842,8 @@
2851	2842	dev_err(dev, "%s alg registration failed\n",
2852	2843	name);
2853	2844	kfree(t_alg);
2854		- } else {
	2845	+ } else
2855	2846	list_add_tail(&t_alg->entry, &priv->alg_list);
2856		- if (authenc) {
2857		- struct crypto_alg *alg =
2858		- &driver_algs[i].alg.crypto;
2859		-
2860		- name = alg->cra_name;
2861		- memmove(name + 10, name + 7,
2862		- strlen(name) - 7);
2863		- memcpy(name + 7, "esn", 3);
2864		-
2865		- name = alg->cra_driver_name;
2866		- memmove(name + 10, name + 7,
2867		- strlen(name) - 7);
2868		- memcpy(name + 7, "esn", 3);
2869		-
2870		- goto authencesn;
2871		- }
2872		- }
2873	2847	}
2874	2848	}
2875	2849	if (!list_empty(&priv->alg_list))