summaryrefslogtreecommitdiff
path: root/arch/arm64/crypto/Makefile
diff options
context:
space:
mode:
authorArd Biesheuvel <ard.biesheuvel@linaro.org>2017-02-02 14:38:56 +0300
committerHerbert Xu <herbert@gondor.apana.org.au>2017-02-03 13:16:21 +0300
commit1a20b96612656b3ff2d6967c3111bec0e21904a8 (patch)
tree02e48e1a60206f1c28ef3ca3950fd04518901669 /arch/arm64/crypto/Makefile
parent88a3f582bea9e1da0346ea412950bbbdc3125cc1 (diff)
downloadlinux-1a20b96612656b3ff2d6967c3111bec0e21904a8.tar.xz
crypto: arm/aes - don't use IV buffer to return final keystream block
The ARM bit sliced AES core code uses the IV buffer to pass the final keystream block back to the glue code if the input is not a multiple of the block size, so that the asm code does not have to deal with anything except 16 byte blocks. This is done under the assumption that the outgoing IV is meaningless anyway in this case, given that chaining is no longer possible under these circumstances. However, as it turns out, the CCM driver does expect the IV to retain a value that is equal to the original IV except for the counter value, and even interprets byte zero as a length indicator, which may result in memory corruption if the IV is overwritten with something else. So use a separate buffer to return the final keystream block. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'arch/arm64/crypto/Makefile')
0 files changed, 0 insertions, 0 deletions