1. 11 Feb, 2017 1 commit
    • Ard Biesheuvel's avatar
      crypto: algapi - make crypto_xor() and crypto_inc() alignment agnostic · db91af0f
      Ard Biesheuvel authored
      Instead of unconditionally forcing 4 byte alignment for all generic
      chaining modes that rely on crypto_xor() or crypto_inc() (which may
      result in unnecessary copying of data when the underlying hardware
      can perform unaligned accesses efficiently), make those functions
      deal with unaligned input explicitly, but only if the Kconfig symbol
      HAVE_EFFICIENT_UNALIGNED_ACCESS is set. This will allow us to drop
      the alignmasks from the CBC, CMAC, CTR, CTS, PCBC and SEQIV drivers.
      
      For crypto_inc(), this simply involves making the 4-byte stride
      conditional on HAVE_EFFICIENT_UNALIGNED_ACCESS being set, given that
      it typically operates on 16 byte buffers.
      
      For crypto_xor(), an algorithm is implemented that simply runs through
      the input using the largest strides possible if unaligned accesses are
      allowed. If they are not, an optimal sequence of memory accesses is
      emitted that takes the relative alignment of the input buffers into
      account, e.g., if the relative misalignment of dst and src is 4 bytes,
      the entire xor operation will be completed using 4 byte loads and stores
      (modulo unaligned bits at the start and end). Note that all expressions
      involving misalign are simply eliminated by the compiler when
      HAVE_EFFICIENT_UNALIGNED_ACCESS is defined.
      Signed-off-by: 's avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: 's avatarHerbert Xu <herbert@gondor.apana.org.au>
      db91af0f
  2. 21 Oct, 2016 2 commits
  3. 26 Nov, 2014 1 commit
  4. 25 Apr, 2013 1 commit
  5. 31 Oct, 2011 1 commit
  6. 20 Aug, 2009 1 commit
  7. 22 Jul, 2009 2 commits
  8. 15 Jul, 2009 1 commit
  9. 14 Jul, 2009 1 commit
  10. 02 Apr, 2008 1 commit
    • Joy Latten's avatar
      [CRYPTO] xcbc: Fix crash when ipsec uses xcbc-mac with big data chunk · 1edcf2e1
      Joy Latten authored
      The kernel crashes when ipsec passes a udp packet of about 14XX bytes
      of data to aes-xcbc-mac.
      
      It seems the first xxxx bytes of the data are in first sg entry,
      and remaining xx bytes are in next sg entry. But we don't 
      check next sg entry to see if we need to go look the page up.
      
      I noticed in hmac.c, we do a scatterwalk_sg_next(), to do this check
      and possible lookup, thus xcbc.c needs to use this routine too.
      
      A 15-hour run of an ipsec stress test sending streams of tcp and
      udp packets of various sizes,  using this patch and 
      aes-xcbc-mac completed successfully, so hopefully this fixes the
      problem.
      Signed-off-by: 's avatarJoy Latten <latten@austin.ibm.com>
      Signed-off-by: 's avatarHerbert Xu <herbert@gondor.apana.org.au>
      1edcf2e1
  11. 06 Mar, 2008 1 commit
    • Joy Latten's avatar
      [CRYPTO] xcbc: Fix crash with IPsec · 2f40a178
      Joy Latten authored
      When using aes-xcbc-mac for authentication in IPsec, 
      the kernel crashes. It seems this algorithm doesn't 
      account for the space IPsec may make in scatterlist for authtag.
      Thus when crypto_xcbc_digest_update2() gets called,
      nbytes may be less than sg[i].length. 
      Since nbytes is an unsigned number, it wraps
      at the end of the loop allowing us to go back 
      into loop and causing crash in memcpy.
      
      I used update function in digest.c to model this fix.
      Please let me know if it looks ok.
      Signed-off-by: 's avatarJoy Latten <latten@austin.ibm.com>
      Signed-off-by: 's avatarHerbert Xu <herbert@gondor.apana.org.au>
      2f40a178
  12. 07 Feb, 2008 1 commit
  13. 10 Jan, 2008 3 commits
  14. 22 Oct, 2007 1 commit
  15. 02 May, 2007 1 commit
    • Herbert Xu's avatar
      [CRYPTO] templates: Pass type/mask when creating instances · ebc610e5
      Herbert Xu authored
      This patch passes the type/mask along when constructing instances of
      templates.  This is in preparation for templates that may support
      multiple types of instances depending on what is requested.  For example,
      the planned software async crypto driver will use this construct.
      
      For the moment this allows us to check whether the instance constructed
      is of the correct type and avoid returning success if the type does not
      match.
      Signed-off-by: 's avatarHerbert Xu <herbert@gondor.apana.org.au>
      ebc610e5
  16. 06 Feb, 2007 3 commits
  17. 07 Dec, 2006 2 commits