1. 26 7月, 2019 3 次提交
    • C
      crypto: crypto4xx - block ciphers should only accept complete blocks · 13805a5d
      Christian Lamparter 提交于
      commit 0f7a81374060828280fcfdfbaa162cb559017f9f upstream.
      
      The hardware automatically zero pads incomplete block ciphers
      blocks without raising any errors. This is a screw-up. This
      was noticed by CONFIG_CRYPTO_MANAGER_EXTRA_TESTS tests that
      sent a incomplete blocks and expect them to fail.
      
      This fixes:
      cbc-aes-ppc4xx encryption unexpectedly succeeded on test vector
      "random: len=2409 klen=32"; expected_error=-22, cfg="random:
      may_sleep use_digest src_divs=[96.90%@+2295, 2.34%@+4066,
      0.32%@alignmask+12, 0.34%@+4087, 0.9%@alignmask+1787, 0.1%@+3767]
      iv_offset=6"
      
      ecb-aes-ppc4xx encryption unexpectedly succeeded on test vector
      "random: len=1011 klen=32"; expected_error=-22, cfg="random:
      may_sleep use_digest src_divs=[100.0%@alignmask+20]
      dst_divs=[3.12%@+3001, 96.88%@+4070]"
      
      Cc: Eric Biggers <ebiggers@kernel.org>
      Cc: stable@vger.kernel.org [4.19, 5.0 and 5.1]
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      13805a5d
    • C
      crypto: crypto4xx - fix blocksize for cfb and ofb · 17e63172
      Christian Lamparter 提交于
      commit 70c4997f34b6c6888b3ac157adec49e01d0df2d5 upstream.
      
      While the hardware consider them to be blockciphers, the
      reference implementation defines them as streamciphers.
      
      Do the right thing and set the blocksize to 1. This
      was found by CONFIG_CRYPTO_MANAGER_EXTRA_TESTS.
      
      This fixes the following issues:
      skcipher: blocksize for ofb-aes-ppc4xx (16) doesn't match generic impl (1)
      skcipher: blocksize for cfb-aes-ppc4xx (16) doesn't match generic impl (1)
      
      Cc: Eric Biggers <ebiggers@kernel.org>
      Cc: stable@vger.kernel.org
      Fixes: f2a13e7c ("crypto: crypto4xx - enable AES RFC3686, ECB, CFB and OFB offloads")
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      17e63172
    • C
      crypto: crypto4xx - fix AES CTR blocksize value · 4598094d
      Christian Lamparter 提交于
      commit bfa2ba7d9e6b20aca82b99e6842fe18842ae3a0f upstream.
      
      This patch fixes a issue with crypto4xx's ctr(aes) that was
      discovered by libcapi's kcapi-enc-test.sh test.
      
      The some of the ctr(aes) encryptions test were failing on the
      non-power-of-two test:
      
      kcapi-enc - Error: encryption failed with error 0
      kcapi-enc - Error: decryption failed with error 0
      [FAILED: 32-bit - 5.1.0-rc1+] 15 bytes: STDIN / STDOUT enc test (128 bits):
      original file (1d100e..cc96184c) and generated file (e3b0c442..1b7852b855)
      [FAILED: 32-bit - 5.1.0-rc1+] 15 bytes: STDIN / STDOUT enc test (128 bits)
      (openssl generated CT): original file (e3b0..5) and generated file (3..8e)
      [PASSED: 32-bit - 5.1.0-rc1+] 15 bytes: STDIN / STDOUT enc test (128 bits)
      (openssl generated PT)
      [FAILED: 32-bit - 5.1.0-rc1+] 15 bytes: STDIN / STDOUT enc test (password):
      original file (1d1..84c) and generated file (e3b..852b855)
      
      But the 16, 32, 512, 65536 tests always worked.
      
      Thankfully, this isn't a hidden hardware problem like previously,
      instead this turned out to be a copy and paste issue.
      
      With this patch, all the tests are passing with and
      kcapi-enc-test.sh gives crypto4xx's a clean bill of health:
       "Number of failures: 0" :).
      
      Cc: stable@vger.kernel.org
      Fixes: 98e87e3d ("crypto: crypto4xx - add aes-ctr support")
      Fixes: f2a13e7c ("crypto: crypto4xx - enable AES RFC3686, ECB, CFB and OFB offloads")
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      4598094d
  2. 22 5月, 2019 1 次提交
    • C
      crypto: crypto4xx - fix cfb and ofb "overran dst buffer" issues · 7a32ad34
      Christian Lamparter 提交于
      commit 7e92e1717e3eaf6b322c252947c696b3059f05be upstream.
      
      Currently, crypto4xx CFB and OFB AES ciphers are
      failing testmgr's test vectors.
      
      |cfb-aes-ppc4xx encryption overran dst buffer on test vector 3, cfg="in-place"
      |ofb-aes-ppc4xx encryption overran dst buffer on test vector 1, cfg="in-place"
      
      This is because of a very subtile "bug" in the hardware that
      gets indirectly mentioned in 18.1.3.5 Encryption/Decryption
      of the hardware spec:
      
      the OFB and CFB modes for AES are listed there as operation
      modes for >>> "Block ciphers" <<<. Which kind of makes sense,
      but we would like them to be considered as stream ciphers just
      like the CTR mode.
      
      To workaround this issue and stop the hardware from causing
      "overran dst buffer" on crypttexts that are not a multiple
      of 16 (AES_BLOCK_SIZE), we force the driver to use the scatter
      buffers as the go-between.
      
      As a bonus this patch also kills redundant pd_uinfo->num_gd
      and pd_uinfo->num_sd setters since the value has already been
      set before.
      
      Cc: stable@vger.kernel.org
      Fixes: f2a13e7c ("crypto: crypto4xx - enable AES RFC3686, ECB, CFB and OFB offloads")
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      7a32ad34
  3. 09 7月, 2018 1 次提交
  4. 13 6月, 2018 1 次提交
    • K
      treewide: kzalloc() -> kcalloc() · 6396bb22
      Kees Cook 提交于
      The kzalloc() function has a 2-factor argument form, kcalloc(). This
      patch replaces cases of:
      
              kzalloc(a * b, gfp)
      
      with:
              kcalloc(a * b, gfp)
      
      as well as handling cases of:
      
              kzalloc(a * b * c, gfp)
      
      with:
      
              kzalloc(array3_size(a, b, c), gfp)
      
      as it's slightly less ugly than:
      
              kzalloc_array(array_size(a, b), c, gfp)
      
      This does, however, attempt to ignore constant size factors like:
      
              kzalloc(4 * 1024, gfp)
      
      though any constants defined via macros get caught up in the conversion.
      
      Any factors with a sizeof() of "unsigned char", "char", and "u8" were
      dropped, since they're redundant.
      
      The Coccinelle script used for this was:
      
      // Fix redundant parens around sizeof().
      @@
      type TYPE;
      expression THING, E;
      @@
      
      (
        kzalloc(
      -	(sizeof(TYPE)) * E
      +	sizeof(TYPE) * E
        , ...)
      |
        kzalloc(
      -	(sizeof(THING)) * E
      +	sizeof(THING) * E
        , ...)
      )
      
      // Drop single-byte sizes and redundant parens.
      @@
      expression COUNT;
      typedef u8;
      typedef __u8;
      @@
      
      (
        kzalloc(
      -	sizeof(u8) * (COUNT)
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(__u8) * (COUNT)
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(char) * (COUNT)
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(unsigned char) * (COUNT)
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(u8) * COUNT
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(__u8) * COUNT
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(char) * COUNT
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(unsigned char) * COUNT
      +	COUNT
        , ...)
      )
      
      // 2-factor product with sizeof(type/expression) and identifier or constant.
      @@
      type TYPE;
      expression THING;
      identifier COUNT_ID;
      constant COUNT_CONST;
      @@
      
      (
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * (COUNT_ID)
      +	COUNT_ID, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * COUNT_ID
      +	COUNT_ID, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * (COUNT_CONST)
      +	COUNT_CONST, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * COUNT_CONST
      +	COUNT_CONST, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * (COUNT_ID)
      +	COUNT_ID, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * COUNT_ID
      +	COUNT_ID, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * (COUNT_CONST)
      +	COUNT_CONST, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * COUNT_CONST
      +	COUNT_CONST, sizeof(THING)
        , ...)
      )
      
      // 2-factor product, only identifiers.
      @@
      identifier SIZE, COUNT;
      @@
      
      - kzalloc
      + kcalloc
        (
      -	SIZE * COUNT
      +	COUNT, SIZE
        , ...)
      
      // 3-factor product with 1 sizeof(type) or sizeof(expression), with
      // redundant parens removed.
      @@
      expression THING;
      identifier STRIDE, COUNT;
      type TYPE;
      @@
      
      (
        kzalloc(
      -	sizeof(TYPE) * (COUNT) * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE) * (COUNT) * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE) * COUNT * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE) * COUNT * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kzalloc(
      -	sizeof(THING) * (COUNT) * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kzalloc(
      -	sizeof(THING) * (COUNT) * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kzalloc(
      -	sizeof(THING) * COUNT * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kzalloc(
      -	sizeof(THING) * COUNT * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      )
      
      // 3-factor product with 2 sizeof(variable), with redundant parens removed.
      @@
      expression THING1, THING2;
      identifier COUNT;
      type TYPE1, TYPE2;
      @@
      
      (
        kzalloc(
      -	sizeof(TYPE1) * sizeof(TYPE2) * COUNT
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
        , ...)
      |
        kzalloc(
      -	sizeof(THING1) * sizeof(THING2) * COUNT
      +	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
        , ...)
      |
        kzalloc(
      -	sizeof(THING1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * COUNT
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
        , ...)
      )
      
      // 3-factor product, only identifiers, with redundant parens removed.
      @@
      identifier STRIDE, SIZE, COUNT;
      @@
      
      (
        kzalloc(
      -	(COUNT) * STRIDE * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	COUNT * (STRIDE) * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	COUNT * STRIDE * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	(COUNT) * (STRIDE) * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	COUNT * (STRIDE) * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	(COUNT) * STRIDE * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	(COUNT) * (STRIDE) * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	COUNT * STRIDE * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      )
      
      // Any remaining multi-factor products, first at least 3-factor products,
      // when they're not all constants...
      @@
      expression E1, E2, E3;
      constant C1, C2, C3;
      @@
      
      (
        kzalloc(C1 * C2 * C3, ...)
      |
        kzalloc(
      -	(E1) * E2 * E3
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kzalloc(
      -	(E1) * (E2) * E3
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kzalloc(
      -	(E1) * (E2) * (E3)
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kzalloc(
      -	E1 * E2 * E3
      +	array3_size(E1, E2, E3)
        , ...)
      )
      
      // And then all remaining 2 factors products when they're not all constants,
      // keeping sizeof() as the second factor argument.
      @@
      expression THING, E1, E2;
      type TYPE;
      constant C1, C2, C3;
      @@
      
      (
        kzalloc(sizeof(THING) * C2, ...)
      |
        kzalloc(sizeof(TYPE) * C2, ...)
      |
        kzalloc(C1 * C2 * C3, ...)
      |
        kzalloc(C1 * C2, ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * (E2)
      +	E2, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * E2
      +	E2, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * (E2)
      +	E2, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * E2
      +	E2, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	(E1) * E2
      +	E1, E2
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	(E1) * (E2)
      +	E1, E2
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	E1 * E2
      +	E1, E2
        , ...)
      )
      Signed-off-by: NKees Cook <keescook@chromium.org>
      6396bb22
  5. 28 4月, 2018 5 次提交
  6. 12 1月, 2018 1 次提交
  7. 05 1月, 2018 5 次提交
  8. 12 10月, 2017 10 次提交
    • C
      crypto: crypto4xx - add aes-gcm support · 59231368
      Christian Lamparter 提交于
      This patch adds aes-gcm support to crypto4xx.
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      59231368
    • C
      crypto: crypto4xx - add aes-ccm support · 65ea8b67
      Christian Lamparter 提交于
      This patch adds aes-ccm support.
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      65ea8b67
    • C
      crypto: crypto4xx - prepare for AEAD support · a0aae821
      Christian Lamparter 提交于
      This patch enhances existing interfaces and
      functions to support AEAD ciphers in the next
      patches.
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      a0aae821
    • C
      crypto: crypto4xx - simplify sa and state context acquisition · 2f77690d
      Christian Lamparter 提交于
      Thanks to the big overhaul of crypto4xx_build_pd(), the request-local
      sa_in, sa_out and state_record allocation can be simplified.
      
      There's no need to setup any dma coherent memory anymore and
      much of the support code can be removed.
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      2f77690d
    • C
      crypto: crypto4xx - fix stalls under heavy load · 4b5b7999
      Christian Lamparter 提交于
      If the crypto4xx device is continuously loaded by dm-crypt
      and ipsec work, it will start to work intermittent after a
      few (between 20-30) seconds, hurting throughput and latency.
      
      This patch contains various stability improvements in order
      to fix this issue. So far, the hardware has survived more
      than a day without suffering any stalls under the continuous
      load.
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      4b5b7999
    • C
      crypto: crypto4xx - fix various warnings · 64e1062b
      Christian Lamparter 提交于
      crypto4xx_core.c:179:6: warning: symbol 'crypto4xx_free_state_record'
      	was not declared. Should it be static?
      crypto4xx_core.c:331:5: warning: symbol 'crypto4xx_get_n_gd'
      	was not declared. Should it be static?
      crypto4xx_core.c:652:6: warning: symbol 'crypto4xx_return_pd'
      	was not declared. Should it be static?
      
      crypto4xx_return_pd() is not used by anything. Therefore it is removed.
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      64e1062b
    • C
      crypto: crypto4xx - overhaul crypto4xx_build_pd() · cd4dcd6d
      Christian Lamparter 提交于
      This patch overhauls and fixes code related to crypto4xx_build_pd()
      
       * crypto4xx_build_pd() did not handle chained source scatterlist.
         This is fixed by replacing the buggy indexed-access of &src[idx]
         with sg_next() in the gather array setup loop.
      
       * The redundant is_hash, direction, save_iv and pd_ctl members
         in the crypto4xx_ctx struct have been removed.
          - is_hash can be derived from the crypto_async_request parameter.
          - direction is already part of the security association's
            bf.dir bitfield.
          - save_iv is unused.
          - pd_ctl always had the host_ready bit enabled anyway.
            (the hash_final case is rather pointless, since the ahash
             code has been deactivated).
      
       * make crypto4xx_build_pd()'s caller responsible for converting
         the IV to the LE32 format.
      
       * change crypto4xx_ahash_update() and crypto4xx_ahash_digest() to
         initialize a temporary destination scatterlist. This allows the
         removal of an ugly cast of req->result (which is a pointer to an
         u8-array) to a scatterlist pointer.
      
       * change crypto4xx_build_pd() return type to int. After all
         it returns -EINPROGRESS/-EBUSY.
      
       * fix crypto4xx_build_pd() thread-unsafe sa handling.
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      cd4dcd6d
    • C
      crypto: crypto4xx - use the correct LE32 format for IV and key defs · 4865b122
      Christian Lamparter 提交于
      The hardware expects that the keys, IVs (and inner/outer hashes)
      are in the le32 format.
      
      This patch changes all hardware interface declarations to use
      the correct LE32 data format for each field.
      
      In order to pass __CHECK_ENDIAN__ checks, crypto4xx_memcpy_le
      has to be honest about the endianness of its parameters.
      The function was split and moved to the common crypto4xx_core.h
      header. This allows the compiler to generate better code if the
      sizes/len is a constant (various *_IV_LEN).
      
      Please note that the hardware isn't consistent with the endiannes
      of the save_digest field in the state record struct though.
      The hashes produced by GHASH and CBC (for CCM) will be in LE32.
      Whereas md5 and sha{1/,256,...} do not need any conversion.
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      4865b122
    • C
      crypto: crypto4xx - add backlog queue support · 8ef8d195
      Christian Lamparter 提交于
      Previously, If the crypto4xx driver used all available
      security contexts, it would simply refuse new requests
      with -EAGAIN. CRYPTO_TFM_REQ_MAY_BACKLOG was ignored.
      
      in case of dm-crypt.c's crypt_convert() function this was
      causing the following errors to manifest, if the system was
      pushed hard enough:
      
      | EXT4-fs warning (dm-1): ext4_end_bio:314: I/O error -5 writing to ino ..
      | EXT4-fs warning (dm-1): ext4_end_bio:314: I/O error -5 writing to ino ..
      | EXT4-fs warning (dm-1): ext4_end_bio:314: I/O error -5 writing to ino ..
      | JBD2: Detected IO errors while flushing file data on dm-1-8
      | Aborting journal on device dm-1-8.
      | EXT4-fs error : ext4_journal_check_start:56: Detected aborted journal
      | EXT4-fs (dm-1): Remounting filesystem read-only
      | EXT4-fs : ext4_writepages: jbd2_start: 2048 pages, inode 498...; err -30
      
      (This did cause corruptions due to failed writes)
      
      To fix this mess, the crypto4xx driver needs to notifiy the
      user to slow down. This can be achieved by returning -EBUSY
      on requests, once the crypto hardware was falling behind.
      
      Note: -EBUSY has two different meanings. Setting the flag
      CRYPTO_TFM_REQ_MAY_BACKLOG implies that the request was
      successfully queued, by the crypto driver. To achieve this
      requirement, the implementation introduces a threshold check and
      adds logic to the completion routines in much the same way as
      AMD's Cryptographic Coprocessor (CCP) driver do.
      
      Note2: Tests showed that dm-crypt starved ipsec traffic.
      Under load, ipsec links dropped to 0 Kbits/s. This is because
      dm-crypt's callback would instantly queue the next request.
      In order to not starve ipsec, the driver reserves a small
      portion of the available crypto contexts for this purpose.
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      8ef8d195
    • C
      crypto: crypto4xx - fix off-by-one AES-OFB · e9b8e4e1
      Christian Lamparter 提交于
      I used aes-cbc as a template for ofb. But sadly I forgot
      to update set_key method to crypto4xx_setkey_aes_ofb().
      
      this was caught by the testmgr:
      alg: skcipher: Test 1 failed (invalid result) on encr. for ofb-aes-ppc4xx
      00000000: 76 49 ab ac 81 19 b2 46 ce e9 8e 9b 12 e9 19 7d
      00000010: 50 86 cb 9b 50 72 19 ee 95 db 11 3a 91 76 78 b2
      00000020: 73 be d6 b8 e3 c1 74 3b 71 16 e6 9e 22 22 95 16
      00000030: 3f f1 ca a1 68 1f ac 09 12 0e ca 30 75 86 e1 a7
      
      With the correct set_key method, the aes-ofb cipher passes the test.
      
      name         : ofb(aes)
      driver       : ofb-aes-ppc4xx
      module       : crypto4xx
      priority     : 300
      refcnt       : 1
      selftest     : passed
      internal     : no
      type         : ablkcipher
      async        : yes
      blocksize    : 16
      min keysize  : 16
      max keysize  : 32
      ivsize       : 16
      geniv        : <default>
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      e9b8e4e1
  9. 22 9月, 2017 9 次提交
  10. 20 6月, 2017 1 次提交
  11. 24 4月, 2017 1 次提交
  12. 21 10月, 2016 1 次提交
    • C
      crypto: crypto4xx - Fix size used in dma_free_coherent() · 4c36941a
      Christophe Jaillet 提交于
      The size used in 'dma_free_coherent()' looks un-initialized here.
      ctx->sa_len is set a few lines below and is apparently not set by the
      caller.
      So use 'size' as in the corresponding 'dma_alloc_coherent()' a few lines
      above.
      
      This has been spotted with coccinelle, using the following script:
      ////////////////////
      @r@
      expression x0, x1, y0, y1, z0, z1, t0, t1, ret;
      @@
      
      *   ret = dma_alloc_coherent(x0, y0, z0, t0);
          ...
      *   dma_free_coherent(x1, y1, ret, t1);
      
      @script:python@
      y0 << r.y0;
      y1 << r.y1;
      
      @@
      if y1.find(y0) == -1:
       print "WARNING: sizes look different:  '%s'   vs   '%s'" % (y0, y1)
      ////////////////////
      Signed-off-by: NChristophe JAILLET <christophe.jaillet@wanadoo.fr>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      4c36941a
  13. 20 4月, 2016 1 次提交