diff -urp linux-2.4.33/crypto/cipher.c linux/crypto/cipher.c --- linux-2.4.33/crypto/cipher.c Sun Aug 8 03:26:04 2004 +++ linux/crypto/cipher.c Tue Aug 22 09:53:35 2006 @@ -147,6 +147,15 @@ static int ecb_encrypt(struct crypto_tfm ecb_process, 1, NULL); } +static int ecb_encrypt_iv(struct crypto_tfm *tfm, + struct scatterlist *dst, + struct scatterlist *src, + unsigned int nbytes, u8 *iv) +{ + ecb_encrypt(tfm, dst, src, nbytes); + return -ENOSYS; +} + static int ecb_decrypt(struct crypto_tfm *tfm, struct scatterlist *dst, struct scatterlist *src, @@ -157,6 +166,15 @@ static int ecb_decrypt(struct crypto_tfm ecb_process, 1, NULL); } +static int ecb_decrypt_iv(struct crypto_tfm *tfm, + struct scatterlist *dst, + struct scatterlist *src, + unsigned int nbytes, u8 *iv) +{ + ecb_decrypt(tfm, dst, src, nbytes); + return -ENOSYS; +} + static int cbc_encrypt(struct crypto_tfm *tfm, struct scatterlist *dst, struct scatterlist *src, @@ -197,11 +215,20 @@ static int cbc_decrypt_iv(struct crypto_ cbc_process, 0, iv); } +/* + * nocrypt*() zeroize the destination buffer to make sure we don't leak + * uninitialized memory contents if the caller ignores the return value. + * This is bad since the data in the source buffer is unused and may be + * lost, but an infoleak would be even worse. The performance cost of + * memset() is irrelevant since a well-behaved caller would not bump into + * the error repeatedly. + */ static int nocrypt(struct crypto_tfm *tfm, struct scatterlist *dst, struct scatterlist *src, unsigned int nbytes) { + memset(dst, 0, nbytes); return -ENOSYS; } @@ -210,6 +237,7 @@ static int nocrypt_iv(struct crypto_tfm struct scatterlist *src, unsigned int nbytes, u8 *iv) { + memset(dst, 0, nbytes); return -ENOSYS; } @@ -235,6 +263,11 @@ int crypto_init_cipher_ops(struct crypto case CRYPTO_TFM_MODE_ECB: ops->cit_encrypt = ecb_encrypt; ops->cit_decrypt = ecb_decrypt; +/* These should have been nocrypt_iv, but patch-cryptoloop-jari-2.4.22.0 + * (and its other revisions) directly calls the *_iv() functions even in + * ECB mode and ignores their return value. */ + ops->cit_encrypt_iv = ecb_encrypt_iv; + ops->cit_decrypt_iv = ecb_decrypt_iv; break; case CRYPTO_TFM_MODE_CBC: