6 Jan
2019
6 Jan
'19
10:38 a.m.
On Fri, Jan 4, 2019 at 6:20 AM Eric Biggers ebiggers@kernel.org wrote:
From: Eric Biggers ebiggers@google.com
Fix multiple bugs in the OFB implementation:
- It stored the per-request state 'cnt' in the tfm context, which can be used by multiple threads concurrently (e.g. via AF_ALG).
- It didn't support messages not a multiple of the block cipher size, despite being a stream cipher.
- It didn't set cra_blocksize to 1 to indicate it is a stream cipher.
To fix these, set the 'chunksize' property to the cipher block size to guarantee that when walking through the scatterlist, a partial block can only occur at the end. Then change the implementation to XOR a block at a time at first, then XOR the partial block at the end if needed. This is the same way CTR and CFB are implemented. As a bonus, this also improves performance in most cases over the current approach.
Well, it certainly looks like my implementation had a lot of room for improvement :-) Thank you for doing this, Eric
Reviewed-by: Gilad Ben-Yossef gilad@benyossef.com
Gilad
--
Gilad Ben-Yossef
Chief Coffee Drinker
values of β will give rise to dom!