From patchwork Tue Aug 6 08:02:33 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 11078391 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2F30A14DB for ; Tue, 6 Aug 2019 08:02:55 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1FA64288A9 for ; Tue, 6 Aug 2019 08:02:55 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 134C82891B; Tue, 6 Aug 2019 08:02:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.7 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id AB8AF288A9 for ; Tue, 6 Aug 2019 08:02:54 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9CC7562676; Tue, 6 Aug 2019 08:02:52 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7031E5D9C8; Tue, 6 Aug 2019 08:02:52 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2015EE203; Tue, 6 Aug 2019 08:02:50 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x7682mkU018918 for ; Tue, 6 Aug 2019 04:02:48 -0400 Received: by smtp.corp.redhat.com (Postfix) id B97D660F80; Tue, 6 Aug 2019 08:02:48 +0000 (UTC) Delivered-To: dm-devel@redhat.com Received: from mx1.redhat.com (ext-mx11.extmail.prod.ext.phx2.redhat.com [10.5.110.40]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B3F4260CC0 for ; Tue, 6 Aug 2019 08:02:45 +0000 (UTC) Received: from mail-wr1-f68.google.com (mail-wr1-f68.google.com [209.85.221.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0575E307C826 for ; Tue, 6 Aug 2019 08:02:45 +0000 (UTC) Received: by mail-wr1-f68.google.com with SMTP id c2so83657085wrm.8 for ; Tue, 06 Aug 2019 01:02:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=9eCxiU7trAIwWtoYhqWEWGHnQv1gzwh/Q9h6ScO5S58=; b=uGsaTM/M2gCO96HNT2CT+L0/NsYOQP5WwmmlN+ya7tI16k5RMO2HwcYWh6H6R3oYHm rAzdwy+lnPGdSNHSO1FV3Crk5TwyEYOTLawosrkK1bSB0Ypn33n9eBbZXhy9wY6QNR3S amR1DiMRY2rT94FVuPH5ZMNe0BS2+l9qybrY3769M6HE/Fi2yk/NyDTlLcmW4DDJfDRm 8/3szwCVQVOO/b231zSJdRgRtJQTLJ/3KKLUxisOaBJpzZOBhiIZxOBqyS+o68pY/jBw KfuEtggPHIGXBSjQq6RTjYiXzRgy4LhaB1z90bfk5rsi782P9hTmgRJ/c8Be1kI77Sfj hwNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=9eCxiU7trAIwWtoYhqWEWGHnQv1gzwh/Q9h6ScO5S58=; b=IW2yUtlh3D92zRnENwur9xnzy5S93j0PbVg6nz+5SYyAXCEjx2U+bF0Z/69JbFdnWJ uOJsPZL69EbMjaoCARcYjvATaxY5YSGCSR35ThdqCe4N8m89nZDBIwgBFMhLR2Gbtrgw J6vF2kbgJNXre1ludMstZNkQPXr37uUWMKncXw8jQYpx8sBWVn31vIoss1UZ67NtnIcw eacTl6glRVHf0LlaIjMg5UeGd2SO4xsTFFiUFZSKsd4/13/pUEcg8HWGlPvuOtmNN3Sd LfG59wcvx2E7c6fRuhOSxy1xfKDAUZUByO6gJMXX1tPu43x5PID5XT7qccIkz9qIzEwy utKg== X-Gm-Message-State: APjAAAWEOpmTB/26Vp67aAFFFpUfmIZSBslFOiA9AXBWKxVmbpkIuPXF QeQfsoBeuNUCiqFpqeLfX+UEtQ== X-Google-Smtp-Source: APXvYqx3eVQe//5zmmtHda+AHpMkDhzZCnwtpz2EpeHXLmtnqf3YRw+KKwvbS6VL0M/WsBChtG66rg== X-Received: by 2002:a5d:4e02:: with SMTP id p2mr3054604wrt.182.1565078563578; Tue, 06 Aug 2019 01:02:43 -0700 (PDT) Received: from localhost.localdomain ([2a02:587:a407:da00:582f:8334:9cd9:7241]) by smtp.gmail.com with ESMTPSA id g12sm123785475wrv.9.2019.08.06.01.02.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 06 Aug 2019 01:02:42 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Date: Tue, 6 Aug 2019 11:02:33 +0300 Message-Id: <20190806080234.27998-2-ard.biesheuvel@linaro.org> In-Reply-To: <20190806080234.27998-1-ard.biesheuvel@linaro.org> References: <20190806080234.27998-1-ard.biesheuvel@linaro.org> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Tue, 06 Aug 2019 08:02:45 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Tue, 06 Aug 2019 08:02:45 +0000 (UTC) for IP:'209.85.221.68' DOMAIN:'mail-wr1-f68.google.com' HELO:'mail-wr1-f68.google.com' FROM:'ard.biesheuvel@linaro.org' RCPT:'' X-RedHat-Spam-Score: -0.101 (DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS) 209.85.221.68 mail-wr1-f68.google.com 209.85.221.68 mail-wr1-f68.google.com X-Scanned-By: MIMEDefang 2.84 on 10.5.110.40 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: dm-devel@redhat.com Cc: herbert@gondor.apana.org.au, snitzer@redhat.com, Ard Biesheuvel , ebiggers@kernel.org, dm-devel@redhat.com, gmazyland@gmail.com, agk@redhat.com Subject: [dm-devel] [RFC PATCH 1/2] md/dm-crypt - restrict EBOIV to cbc(aes) X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: dm-devel-bounces@redhat.com Errors-To: dm-devel-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Tue, 06 Aug 2019 08:02:53 +0000 (UTC) X-Virus-Scanned: ClamAV using ClamSMTP Support for the EBOIV IV mode was introduced this cycle, and is explicitly intended for interoperability with BitLocker, which only uses it combined with AES in CBC mode. Using EBOIV in combination with any other skcipher or aead mode is not recommended, and so there is no need to support this. However, the way the EBOIV support is currently integrated permits it to be combined with other skcipher or aead modes, and once the cat is out of the bag, we will need to support it indefinitely. So let's restrict EBOIV to cbc(aes), and reject attempts to instantiate it with other modes. Signed-off-by: Ard Biesheuvel --- drivers/md/dm-crypt.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index d5216bcc4649..a5e8d5bc1581 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -861,6 +861,13 @@ static int crypt_iv_eboiv_ctr(struct crypt_config *cc, struct dm_target *ti, struct iv_eboiv_private *eboiv = &cc->iv_gen_private.eboiv; struct crypto_cipher *tfm; + if (test_bit(CRYPT_MODE_INTEGRITY_AEAD, &cc->cipher_flags) || + strcmp("cbc(aes)", + crypto_tfm_alg_name(crypto_skcipher_tfm(any_tfm(cc))))) { + ti->error = "Unsupported encryption mode for EBOIV"; + return -EINVAL; + } + tfm = crypto_alloc_cipher(cc->cipher, 0, 0); if (IS_ERR(tfm)) { ti->error = "Error allocating crypto tfm for EBOIV"; From patchwork Tue Aug 6 08:02:34 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 11078395 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 28DC114DB for ; Tue, 6 Aug 2019 08:03:30 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 19355286BE for ; Tue, 6 Aug 2019 08:03:30 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0D538288A9; Tue, 6 Aug 2019 08:03:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.7 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 9D1DB286BE for ; Tue, 6 Aug 2019 08:03:29 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B94763002DC6; Tue, 6 Aug 2019 08:03:28 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 998975D713; Tue, 6 Aug 2019 08:03:28 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 658CA46F4A; Tue, 6 Aug 2019 08:03:28 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x7682nZl018923 for ; Tue, 6 Aug 2019 04:02:49 -0400 Received: by smtp.corp.redhat.com (Postfix) id 1EBD319C7F; Tue, 6 Aug 2019 08:02:49 +0000 (UTC) Delivered-To: dm-devel@redhat.com Received: from mx1.redhat.com (ext-mx12.extmail.prod.ext.phx2.redhat.com [10.5.110.41]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 17E3CF6C5 for ; Tue, 6 Aug 2019 08:02:48 +0000 (UTC) Received: from mail-wr1-f68.google.com (mail-wr1-f68.google.com [209.85.221.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 18E193091785 for ; Tue, 6 Aug 2019 08:02:48 +0000 (UTC) Received: by mail-wr1-f68.google.com with SMTP id n4so86961221wrs.3 for ; Tue, 06 Aug 2019 01:02:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Qm6JmV3kYksXWkeHC8pJWnKVfNR1ILujwNkPpqX8u58=; b=KO+jyoMY9ilq+waDLre4wpNqq5bKuzook/vdC1KlJZH8sM8Xr0/2PXSLIkBEXb88+G /FNvoKUgUdmlI2Dkh9Ppgs/BFXyxmZBEjb5ySCKUc9nqoUIAPKtwR/xdPXPnaY5/LqHZ +RWkYDUar7b5P3zL+bZxI2YOdjZggxbk0T6Q7AYB85IPrZo+/JCl9xvNy/uc598h9tyO 4v1/GeZMfKP3rZyAuNuIODNX4HPPuHkyp2TpFmGXCaAi9y6wqmqs9EHEP/Odu4slwf8P p1I24ENa85XU5QBYPWtQhQWo/FitJ3sz8EQriWOkImaQpKRM16C/XczKEjk7G6DbMUJu pvAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Qm6JmV3kYksXWkeHC8pJWnKVfNR1ILujwNkPpqX8u58=; b=haaZizuRauWcuwVKOWa6coqLIxnafRIcSr4wOSQnCdEqh3VX44upYxYMcRqSdgZhOt yNHBHnxtg3PTU+m7KtKmzabrIDnSLeCTqr6GXrqlz0EmsnOze+BdBrOuViBLuwMKY434 wDHa3WcrH0j/FOH3B8208+tP725ynnSiGYn3MIWN72kt510c9Ya8lExshXQQh4BYXMHG NJyItEkgB1zIrit5Pf6JeRRWUU3boJuRhBxq+ymSr97Y1T0iV6PTKYgv5nunoAkEf/2x sEv98Vd1gbjh7EnnZxlPn/UJUEhHjNIkqEhN76V0LR5Ro9k9AR7bRIM9Kej/z7AN/y6N UoEA== X-Gm-Message-State: APjAAAVok85jeJ/E72sw91dyQL46PFhAnhhv8pCuHnNXDI/QqR6Q5zVc HGHngrlnKu6oqiF0GcRCxC5XNA== X-Google-Smtp-Source: APXvYqxvem5JSqcJp5XyUjQpuY8Cpg9l/gyW5f2rVkfXFaOHymWoTrTuKPXcaq6FvQ7q9I+mBD5nKQ== X-Received: by 2002:a5d:5507:: with SMTP id b7mr3023744wrv.35.1565078566677; Tue, 06 Aug 2019 01:02:46 -0700 (PDT) Received: from localhost.localdomain ([2a02:587:a407:da00:582f:8334:9cd9:7241]) by smtp.gmail.com with ESMTPSA id g12sm123785475wrv.9.2019.08.06.01.02.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 06 Aug 2019 01:02:46 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Date: Tue, 6 Aug 2019 11:02:34 +0300 Message-Id: <20190806080234.27998-3-ard.biesheuvel@linaro.org> In-Reply-To: <20190806080234.27998-1-ard.biesheuvel@linaro.org> References: <20190806080234.27998-1-ard.biesheuvel@linaro.org> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Tue, 06 Aug 2019 08:02:48 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Tue, 06 Aug 2019 08:02:48 +0000 (UTC) for IP:'209.85.221.68' DOMAIN:'mail-wr1-f68.google.com' HELO:'mail-wr1-f68.google.com' FROM:'ard.biesheuvel@linaro.org' RCPT:'' X-RedHat-Spam-Score: -0.101 (DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS) 209.85.221.68 mail-wr1-f68.google.com 209.85.221.68 mail-wr1-f68.google.com X-Scanned-By: MIMEDefang 2.84 on 10.5.110.41 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: dm-devel@redhat.com Cc: herbert@gondor.apana.org.au, snitzer@redhat.com, Ard Biesheuvel , ebiggers@kernel.org, dm-devel@redhat.com, gmazyland@gmail.com, agk@redhat.com Subject: [dm-devel] [RFC PATCH 2/2] md/dm-crypt - switch to AES library for EBOIV X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: dm-devel-bounces@redhat.com Errors-To: dm-devel-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]); Tue, 06 Aug 2019 08:03:29 +0000 (UTC) X-Virus-Scanned: ClamAV using ClamSMTP The EBOIV IV mode reuses the same AES encryption key that is used for encrypting the data, and uses it to perform a single block encryption of the byte offset to produce the IV. Since table-based AES is known to be susceptible to known-plaintext attacks on the key, and given that the same key is used to encrypt the byte offset (which is known to an attacker), we should be careful not to permit arbitrary instantiations where the allocated AES cipher is provided by aes-generic or other table-based drivers that are known to be time variant and thus susceptible to this kind of attack. Instead, let's switch to the new AES library, which has a D-cache footprint that is only 1/32th of the generic AES driver, and which contains some mitigations to reduce the timing variance even further. Signed-off-by: Ard Biesheuvel --- drivers/md/dm-crypt.c | 33 ++++++-------------- 1 file changed, 9 insertions(+), 24 deletions(-) diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index a5e8d5bc1581..4650ab4b9415 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -27,6 +27,7 @@ #include #include #include +#include #include #include #include @@ -121,7 +122,7 @@ struct iv_tcw_private { }; struct iv_eboiv_private { - struct crypto_cipher *tfm; + struct crypto_aes_ctx aes_ctx; }; /* @@ -851,16 +852,12 @@ static void crypt_iv_eboiv_dtr(struct crypt_config *cc) { struct iv_eboiv_private *eboiv = &cc->iv_gen_private.eboiv; - crypto_free_cipher(eboiv->tfm); - eboiv->tfm = NULL; + memset(eboiv, 0, sizeof(*eboiv)); } static int crypt_iv_eboiv_ctr(struct crypt_config *cc, struct dm_target *ti, const char *opts) { - struct iv_eboiv_private *eboiv = &cc->iv_gen_private.eboiv; - struct crypto_cipher *tfm; - if (test_bit(CRYPT_MODE_INTEGRITY_AEAD, &cc->cipher_flags) || strcmp("cbc(aes)", crypto_tfm_alg_name(crypto_skcipher_tfm(any_tfm(cc))))) { @@ -868,20 +865,6 @@ static int crypt_iv_eboiv_ctr(struct crypt_config *cc, struct dm_target *ti, return -EINVAL; } - tfm = crypto_alloc_cipher(cc->cipher, 0, 0); - if (IS_ERR(tfm)) { - ti->error = "Error allocating crypto tfm for EBOIV"; - return PTR_ERR(tfm); - } - - if (crypto_cipher_blocksize(tfm) != cc->iv_size) { - ti->error = "Block size of EBOIV cipher does " - "not match IV size of block cipher"; - crypto_free_cipher(tfm); - return -EINVAL; - } - - eboiv->tfm = tfm; return 0; } @@ -890,7 +873,7 @@ static int crypt_iv_eboiv_init(struct crypt_config *cc) struct iv_eboiv_private *eboiv = &cc->iv_gen_private.eboiv; int err; - err = crypto_cipher_setkey(eboiv->tfm, cc->key, cc->key_size); + err = aes_expandkey(&eboiv->aes_ctx, cc->key, cc->key_size); if (err) return err; @@ -899,8 +882,10 @@ static int crypt_iv_eboiv_init(struct crypt_config *cc) static int crypt_iv_eboiv_wipe(struct crypt_config *cc) { - /* Called after cc->key is set to random key in crypt_wipe() */ - return crypt_iv_eboiv_init(cc); + struct iv_eboiv_private *eboiv = &cc->iv_gen_private.eboiv; + + memset(eboiv, 0, sizeof(*eboiv)); + return 0; } static int crypt_iv_eboiv_gen(struct crypt_config *cc, u8 *iv, @@ -910,7 +895,7 @@ static int crypt_iv_eboiv_gen(struct crypt_config *cc, u8 *iv, memset(iv, 0, cc->iv_size); *(__le64 *)iv = cpu_to_le64(dmreq->iv_sector * cc->sector_size); - crypto_cipher_encrypt_one(eboiv->tfm, iv, iv); + aes_encrypt(&eboiv->aes_ctx, iv, iv); return 0; }