From 76fc60a2e3c6aa6e98cd3a5cb81a1855c637b274 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Sat, 23 Feb 2008 11:12:06 +0800 Subject: [CRYPTO] skcipher: Move chainiv/seqiv into crypto_blkcipher module For compatibility with dm-crypt initramfs setups it is useful to merge chainiv/seqiv into the crypto_blkcipher module. Since they're required by most algorithms anyway this is an acceptable trade-off. Signed-off-by: Herbert Xu --- crypto/Makefile | 4 ++-- crypto/ablkcipher.c | 3 --- crypto/blkcipher.c | 29 +++++++++++++++++++++++++++++ crypto/chainiv.c | 12 ++++-------- crypto/eseqiv.c | 12 ++++-------- 5 files changed, 39 insertions(+), 21 deletions(-) (limited to 'crypto') diff --git a/crypto/Makefile b/crypto/Makefile index 48c75837995..7cf36253a75 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -12,9 +12,9 @@ obj-$(CONFIG_CRYPTO_AEAD) += aead.o crypto_blkcipher-objs := ablkcipher.o crypto_blkcipher-objs += blkcipher.o +crypto_blkcipher-objs += chainiv.o +crypto_blkcipher-objs += eseqiv.o obj-$(CONFIG_CRYPTO_BLKCIPHER) += crypto_blkcipher.o -obj-$(CONFIG_CRYPTO_BLKCIPHER) += chainiv.o -obj-$(CONFIG_CRYPTO_BLKCIPHER) += eseqiv.o obj-$(CONFIG_CRYPTO_SEQIV) += seqiv.o crypto_hash-objs := hash.o diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c index 3bcb099b4a8..94140b3756f 100644 --- a/crypto/ablkcipher.c +++ b/crypto/ablkcipher.c @@ -341,6 +341,3 @@ err: return ERR_PTR(err); } EXPORT_SYMBOL_GPL(crypto_alloc_ablkcipher); - -MODULE_LICENSE("GPL"); -MODULE_DESCRIPTION("Asynchronous block chaining cipher type"); diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c index 4a7e65c4df4..185f955fb0d 100644 --- a/crypto/blkcipher.c +++ b/crypto/blkcipher.c @@ -696,5 +696,34 @@ void skcipher_geniv_exit(struct crypto_tfm *tfm) } EXPORT_SYMBOL_GPL(skcipher_geniv_exit); +static int __init blkcipher_module_init(void) +{ + int err; + + err = chainiv_module_init(); + if (err) + goto out; + + err = eseqiv_module_init(); + if (err) + goto eseqiv_err; + +out: + return err; + +eseqiv_err: + chainiv_module_exit(); + goto out; +} + +static void __exit blkcipher_module_exit(void) +{ + eseqiv_module_exit(); + chainiv_module_exit(); +} + +module_init(blkcipher_module_init); +module_exit(blkcipher_module_exit); + MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("Generic block chaining cipher type"); diff --git a/crypto/chainiv.c b/crypto/chainiv.c index d17fa0454dc..0a7cac6e908 100644 --- a/crypto/chainiv.c +++ b/crypto/chainiv.c @@ -314,18 +314,14 @@ static struct crypto_template chainiv_tmpl = { .module = THIS_MODULE, }; -static int __init chainiv_module_init(void) +int __init chainiv_module_init(void) { return crypto_register_template(&chainiv_tmpl); } +EXPORT_SYMBOL_GPL(chainiv_module_init); -static void __exit chainiv_module_exit(void) +void __exit chainiv_module_exit(void) { crypto_unregister_template(&chainiv_tmpl); } - -module_init(chainiv_module_init); -module_exit(chainiv_module_exit); - -MODULE_LICENSE("GPL"); -MODULE_DESCRIPTION("Chain IV Generator"); +EXPORT_SYMBOL_GPL(chainiv_module_exit); diff --git a/crypto/eseqiv.c b/crypto/eseqiv.c index eb90d27ae11..6f2cd063b6f 100644 --- a/crypto/eseqiv.c +++ b/crypto/eseqiv.c @@ -247,18 +247,14 @@ static struct crypto_template eseqiv_tmpl = { .module = THIS_MODULE, }; -static int __init eseqiv_module_init(void) +int __init eseqiv_module_init(void) { return crypto_register_template(&eseqiv_tmpl); } +EXPORT_SYMBOL_GPL(eseqiv_module_init); -static void __exit eseqiv_module_exit(void) +void __exit eseqiv_module_exit(void) { crypto_unregister_template(&eseqiv_tmpl); } - -module_init(eseqiv_module_init); -module_exit(eseqiv_module_exit); - -MODULE_LICENSE("GPL"); -MODULE_DESCRIPTION("Encrypted Sequence Number IV Generator"); +EXPORT_SYMBOL_GPL(eseqiv_module_exit); -- cgit v1.2.3 From 3e16bfbaf3195b4725bc87d6a1ef11bf7716e83d Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Sat, 23 Feb 2008 11:13:00 +0800 Subject: [CRYPTO] authenc: Add missing Kconfig dependency on BLKCIPHER The authenc algorithm requires BLKCIPHER to be present. Signed-off-by: Herbert Xu --- crypto/Kconfig | 1 + 1 file changed, 1 insertion(+) (limited to 'crypto') diff --git a/crypto/Kconfig b/crypto/Kconfig index 898acc5c196..69f1be6816f 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -575,6 +575,7 @@ config CRYPTO_TEST config CRYPTO_AUTHENC tristate "Authenc support" select CRYPTO_AEAD + select CRYPTO_BLKCIPHER select CRYPTO_MANAGER select CRYPTO_HASH help -- cgit v1.2.3 From bc97f19dc8be1f181f33b4368542c72498f3562a Mon Sep 17 00:00:00 2001 From: Adrian Bunk Date: Wed, 5 Mar 2008 19:05:54 +0800 Subject: [CRYPTO] digest: Include internal.h for prototypes Every file should include the headers containing the externs for its global code (in this case for struct crypto_{init,exit}_digest_ops()). Signed-off-by: Adrian Bunk Signed-off-by: Herbert Xu --- crypto/digest.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'crypto') diff --git a/crypto/digest.c b/crypto/digest.c index 6fd43bddd54..b526cc348b7 100644 --- a/crypto/digest.c +++ b/crypto/digest.c @@ -21,6 +21,8 @@ #include #include +#include "internal.h" + static int init(struct hash_desc *desc) { struct crypto_tfm *tfm = crypto_hash_tfm(desc->tfm); -- cgit v1.2.3 From 6212f2c7f70c591efb0d9f3d50ad29112392fee2 Mon Sep 17 00:00:00 2001 From: Sebastian Siewior Date: Thu, 6 Mar 2008 18:56:19 +0800 Subject: [CRYPTO] xts: Use proper alignment The XTS blockmode uses a copy of the IV which is saved on the stack and may or may not be properly aligned. If it is not, it will break hardware cipher like the geode or padlock. This patch encrypts the IV in place so we don't have to worry about alignment. Signed-off-by: Sebastian Siewior Tested-by: Stefan Hellermann Signed-off-by: Herbert Xu --- crypto/xts.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'crypto') diff --git a/crypto/xts.c b/crypto/xts.c index 8eb08bfaf7c..d87b0f3102c 100644 --- a/crypto/xts.c +++ b/crypto/xts.c @@ -77,16 +77,16 @@ static int setkey(struct crypto_tfm *parent, const u8 *key, } struct sinfo { - be128 t; + be128 *t; struct crypto_tfm *tfm; void (*fn)(struct crypto_tfm *, u8 *, const u8 *); }; static inline void xts_round(struct sinfo *s, void *dst, const void *src) { - be128_xor(dst, &s->t, src); /* PP <- T xor P */ + be128_xor(dst, s->t, src); /* PP <- T xor P */ s->fn(s->tfm, dst, dst); /* CC <- E(Key1,PP) */ - be128_xor(dst, dst, &s->t); /* C <- T xor CC */ + be128_xor(dst, dst, s->t); /* C <- T xor CC */ } static int crypt(struct blkcipher_desc *d, @@ -101,7 +101,6 @@ static int crypt(struct blkcipher_desc *d, .tfm = crypto_cipher_tfm(ctx->child), .fn = fn }; - be128 *iv; u8 *wsrc; u8 *wdst; @@ -109,20 +108,20 @@ static int crypt(struct blkcipher_desc *d, if (!w->nbytes) return err; + s.t = (be128 *)w->iv; avail = w->nbytes; wsrc = w->src.virt.addr; wdst = w->dst.virt.addr; /* calculate first value of T */ - iv = (be128 *)w->iv; - tw(crypto_cipher_tfm(ctx->tweak), (void *)&s.t, w->iv); + tw(crypto_cipher_tfm(ctx->tweak), w->iv, w->iv); goto first; for (;;) { do { - gf128mul_x_ble(&s.t, &s.t); + gf128mul_x_ble(s.t, s.t); first: xts_round(&s, wdst, wsrc); -- cgit v1.2.3 From 2f40a178e70030c4712fe63807c883f34c3645eb Mon Sep 17 00:00:00 2001 From: Joy Latten Date: Thu, 6 Mar 2008 19:28:44 +0800 Subject: [CRYPTO] xcbc: Fix crash with IPsec When using aes-xcbc-mac for authentication in IPsec, the kernel crashes. It seems this algorithm doesn't account for the space IPsec may make in scatterlist for authtag. Thus when crypto_xcbc_digest_update2() gets called, nbytes may be less than sg[i].length. Since nbytes is an unsigned number, it wraps at the end of the loop allowing us to go back into loop and causing crash in memcpy. I used update function in digest.c to model this fix. Please let me know if it looks ok. Signed-off-by: Joy Latten Signed-off-by: Herbert Xu --- crypto/xcbc.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'crypto') diff --git a/crypto/xcbc.c b/crypto/xcbc.c index 86727403e5a..2feb0f239c3 100644 --- a/crypto/xcbc.c +++ b/crypto/xcbc.c @@ -124,6 +124,11 @@ static int crypto_xcbc_digest_update2(struct hash_desc *pdesc, unsigned int offset = sg[i].offset; unsigned int slen = sg[i].length; + if (unlikely(slen > nbytes)) + slen = nbytes; + + nbytes -= slen; + while (slen > 0) { unsigned int len = min(slen, ((unsigned int)(PAGE_SIZE)) - offset); char *p = crypto_kmap(pg, 0) + offset; @@ -177,7 +182,6 @@ static int crypto_xcbc_digest_update2(struct hash_desc *pdesc, offset = 0; pg++; } - nbytes-=sg[i].length; i++; } while (nbytes>0); -- cgit v1.2.3 From f13ba2f7d3a877967477ec8f64e1dae7a967c7e2 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Sat, 8 Mar 2008 20:29:43 +0800 Subject: [CRYPTO] skcipher: Fix section mismatches The previous patch to move chainiv and eseqiv into blkcipher created a section mismatch for the chainiv exit function which was also called from __init. This patch removes the __exit marking on it. Signed-off-by: Herbert Xu --- crypto/chainiv.c | 4 +--- crypto/eseqiv.c | 2 -- 2 files changed, 1 insertion(+), 5 deletions(-) (limited to 'crypto') diff --git a/crypto/chainiv.c b/crypto/chainiv.c index 0a7cac6e908..6da3f577e4d 100644 --- a/crypto/chainiv.c +++ b/crypto/chainiv.c @@ -318,10 +318,8 @@ int __init chainiv_module_init(void) { return crypto_register_template(&chainiv_tmpl); } -EXPORT_SYMBOL_GPL(chainiv_module_init); -void __exit chainiv_module_exit(void) +void chainiv_module_exit(void) { crypto_unregister_template(&chainiv_tmpl); } -EXPORT_SYMBOL_GPL(chainiv_module_exit); diff --git a/crypto/eseqiv.c b/crypto/eseqiv.c index 6f2cd063b6f..b14f14e314b 100644 --- a/crypto/eseqiv.c +++ b/crypto/eseqiv.c @@ -251,10 +251,8 @@ int __init eseqiv_module_init(void) { return crypto_register_template(&eseqiv_tmpl); } -EXPORT_SYMBOL_GPL(eseqiv_module_init); void __exit eseqiv_module_exit(void) { crypto_unregister_template(&eseqiv_tmpl); } -EXPORT_SYMBOL_GPL(eseqiv_module_exit); -- cgit v1.2.3 From 3280ab3e8815d60cea483d49b21261972e2785d6 Mon Sep 17 00:00:00 2001 From: Dan Williams Date: Thu, 13 Mar 2008 17:45:28 -0700 Subject: async_tx: checkpatch says s/__FUNCTION__/__func__/g Signed-off-by: Dan Williams --- crypto/async_tx/async_memcpy.c | 6 +++--- crypto/async_tx/async_memset.c | 6 +++--- crypto/async_tx/async_tx.c | 6 +++--- crypto/async_tx/async_xor.c | 12 ++++++------ 4 files changed, 15 insertions(+), 15 deletions(-) (limited to 'crypto') diff --git a/crypto/async_tx/async_memcpy.c b/crypto/async_tx/async_memcpy.c index 0f6282207b3..84caa4efc0d 100644 --- a/crypto/async_tx/async_memcpy.c +++ b/crypto/async_tx/async_memcpy.c @@ -66,11 +66,11 @@ async_memcpy(struct page *dest, struct page *src, unsigned int dest_offset, } if (tx) { - pr_debug("%s: (async) len: %zu\n", __FUNCTION__, len); + pr_debug("%s: (async) len: %zu\n", __func__, len); async_tx_submit(chan, tx, flags, depend_tx, cb_fn, cb_param); } else { void *dest_buf, *src_buf; - pr_debug("%s: (sync) len: %zu\n", __FUNCTION__, len); + pr_debug("%s: (sync) len: %zu\n", __func__, len); /* wait for any prerequisite operations */ if (depend_tx) { @@ -80,7 +80,7 @@ async_memcpy(struct page *dest, struct page *src, unsigned int dest_offset, BUG_ON(depend_tx->ack); if (dma_wait_for_async_tx(depend_tx) == DMA_ERROR) panic("%s: DMA_ERROR waiting for depend_tx\n", - __FUNCTION__); + __func__); } dest_buf = kmap_atomic(dest, KM_USER0) + dest_offset; diff --git a/crypto/async_tx/async_memset.c b/crypto/async_tx/async_memset.c index 09c0e83664b..f5ff3906b03 100644 --- a/crypto/async_tx/async_memset.c +++ b/crypto/async_tx/async_memset.c @@ -63,11 +63,11 @@ async_memset(struct page *dest, int val, unsigned int offset, } if (tx) { - pr_debug("%s: (async) len: %zu\n", __FUNCTION__, len); + pr_debug("%s: (async) len: %zu\n", __func__, len); async_tx_submit(chan, tx, flags, depend_tx, cb_fn, cb_param); } else { /* run the memset synchronously */ void *dest_buf; - pr_debug("%s: (sync) len: %zu\n", __FUNCTION__, len); + pr_debug("%s: (sync) len: %zu\n", __func__, len); dest_buf = (void *) (((char *) page_address(dest)) + offset); @@ -79,7 +79,7 @@ async_memset(struct page *dest, int val, unsigned int offset, BUG_ON(depend_tx->ack); if (dma_wait_for_async_tx(depend_tx) == DMA_ERROR) panic("%s: DMA_ERROR waiting for depend_tx\n", - __FUNCTION__); + __func__); } memset(dest_buf, val, len); diff --git a/crypto/async_tx/async_tx.c b/crypto/async_tx/async_tx.c index 562882189de..2be3bae8993 100644 --- a/crypto/async_tx/async_tx.c +++ b/crypto/async_tx/async_tx.c @@ -472,11 +472,11 @@ async_trigger_callback(enum async_tx_flags flags, tx = NULL; if (tx) { - pr_debug("%s: (async)\n", __FUNCTION__); + pr_debug("%s: (async)\n", __func__); async_tx_submit(chan, tx, flags, depend_tx, cb_fn, cb_param); } else { - pr_debug("%s: (sync)\n", __FUNCTION__); + pr_debug("%s: (sync)\n", __func__); /* wait for any prerequisite operations */ if (depend_tx) { @@ -486,7 +486,7 @@ async_trigger_callback(enum async_tx_flags flags, BUG_ON(depend_tx->ack); if (dma_wait_for_async_tx(depend_tx) == DMA_ERROR) panic("%s: DMA_ERROR waiting for depend_tx\n", - __FUNCTION__); + __func__); } async_tx_sync_epilog(flags, depend_tx, cb_fn, cb_param); diff --git a/crypto/async_tx/async_xor.c b/crypto/async_tx/async_xor.c index 2259a4ff15c..7a9db353f19 100644 --- a/crypto/async_tx/async_xor.c +++ b/crypto/async_tx/async_xor.c @@ -47,7 +47,7 @@ do_async_xor(struct dma_device *device, int i; unsigned long dma_prep_flags = cb_fn ? DMA_PREP_INTERRUPT : 0; - pr_debug("%s: len: %zu\n", __FUNCTION__, len); + pr_debug("%s: len: %zu\n", __func__, len); dma_dest = dma_map_page(device->dev, dest, offset, len, DMA_FROM_DEVICE); @@ -86,7 +86,7 @@ do_sync_xor(struct page *dest, struct page **src_list, unsigned int offset, void *_dest; int i; - pr_debug("%s: len: %zu\n", __FUNCTION__, len); + pr_debug("%s: len: %zu\n", __func__, len); /* reuse the 'src_list' array to convert to buffer pointers */ for (i = 0; i < src_cnt; i++) @@ -196,7 +196,7 @@ async_xor(struct page *dest, struct page **src_list, unsigned int offset, DMA_ERROR) panic("%s: DMA_ERROR waiting for " "depend_tx\n", - __FUNCTION__); + __func__); } do_sync_xor(dest, &src_list[src_off], offset, @@ -276,7 +276,7 @@ async_xor_zero_sum(struct page *dest, struct page **src_list, unsigned long dma_prep_flags = cb_fn ? DMA_PREP_INTERRUPT : 0; int i; - pr_debug("%s: (async) len: %zu\n", __FUNCTION__, len); + pr_debug("%s: (async) len: %zu\n", __func__, len); for (i = 0; i < src_cnt; i++) dma_src[i] = dma_map_page(device->dev, src_list[i], @@ -299,7 +299,7 @@ async_xor_zero_sum(struct page *dest, struct page **src_list, } else { unsigned long xor_flags = flags; - pr_debug("%s: (sync) len: %zu\n", __FUNCTION__, len); + pr_debug("%s: (sync) len: %zu\n", __func__, len); xor_flags |= ASYNC_TX_XOR_DROP_DST; xor_flags &= ~ASYNC_TX_ACK; @@ -310,7 +310,7 @@ async_xor_zero_sum(struct page *dest, struct page **src_list, if (tx) { if (dma_wait_for_async_tx(tx) == DMA_ERROR) panic("%s: DMA_ERROR waiting for tx\n", - __FUNCTION__); + __func__); async_tx_ack(tx); } -- cgit v1.2.3