linux-stable.git/crypto, branch linux-2.6.24.y Linux kernel stable tree CRYPTO xcbc: Fix crash when ipsec uses xcbc-mac with big data chunk 2008-04-19T01:53:22+00:00 Joy Latten latten@austin.ibm.com 2008-04-04T12:05:02+00:00 c116e98be7180bdac3aea5c0a428718e14785315 upstream commit: 1edcf2e1ee2babb011cfca80ad9d202e9c491669 The kernel crashes when ipsec passes a udp packet of about 14XX bytes of data to aes-xcbc-mac. It seems the first xxxx bytes of the data are in first sg entry, and remaining xx bytes are in next sg entry. But we don't check next sg entry to see if we need to go look the page up. I noticed in hmac.c, we do a scatterwalk_sg_next(), to do this check and possible lookup, thus xcbc.c needs to use this routine too. A 15-hour run of an ipsec stress test sending streams of tcp and udp packets of various sizes, using this patch and aes-xcbc-mac completed successfully, so hopefully this fixes the problem. Signed-off-by: Joy Latten <latten@austin.ibm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> [chrisw@sous-sol.org: backport to 2.6.24.4] Signed-off-by: Chris Wright <chrisw@sous-sol.org> 
upstream commit: 1edcf2e1ee2babb011cfca80ad9d202e9c491669

The kernel crashes when ipsec passes a udp packet of about 14XX bytes
of data to aes-xcbc-mac.

It seems the first xxxx bytes of the data are in first sg entry,
and remaining xx bytes are in next sg entry. But we don't
check next sg entry to see if we need to go look the page up.

I noticed in hmac.c, we do a scatterwalk_sg_next(), to do this check
and possible lookup, thus xcbc.c needs to use this routine too.

A 15-hour run of an ipsec stress test sending streams of tcp and
udp packets of various sizes,  using this patch and
aes-xcbc-mac completed successfully, so hopefully this fixes the
problem.

Signed-off-by: Joy Latten <latten@austin.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
[chrisw@sous-sol.org: backport to 2.6.24.4]
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
async_tx: avoid the async xor_zero_sum path when src_cnt > device->max_xor 2008-03-24T18:48:26+00:00 Dan Williams dan.j.williams@intel.com 2008-03-19T04:40:04+00:00 5d51c29a9ccf12c169c13d155a22b5e683280604 commit: 8d8002f642886ae256a3c5d70fe8aff4faf3631a If the channel cannot perform the operation in one call to ->device_prep_dma_zero_sum, then fallback to the xor+page_is_zero path. This only affects users with arrays larger than 16 devices on iop13xx or 32 devices on iop3xx. Cc: <stable@kernel.org> Cc: Neil Brown <neilb@suse.de> Signed-off-by: Dan Williams <dan.j.williams@intel.com> [chrisw@sous-sol.org: backport to 2.6.24.3] Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
commit: 8d8002f642886ae256a3c5d70fe8aff4faf3631a

If the channel cannot perform the operation in one call to
->device_prep_dma_zero_sum, then fallback to the xor+page_is_zero path.
This only affects users with arrays larger than 16 devices on iop13xx or
32 devices on iop3xx.

Cc: <stable@kernel.org>
Cc: Neil Brown <neilb@suse.de>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
[chrisw@sous-sol.org: backport to 2.6.24.3]
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
CRYPTO xts: Use proper alignment 2008-03-24T18:47:13+00:00 Sebastian Siewior sebastian@breakpoint.cc 2008-03-12T04:18:36+00:00 7c0f76561fdc0a24ebfae4ee4112d62473eb3bdc [ Upstream commit: 6212f2c7f70c591efb0d9f3d50ad29112392fee2 ] The XTS blockmode uses a copy of the IV which is saved on the stack and may or may not be properly aligned. If it is not, it will break hardware cipher like the geode or padlock. This patch encrypts the IV in place so we don't have to worry about alignment. Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc> Tested-by: Stefan Hellermann <stefan@the2masters.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
[ Upstream commit: 6212f2c7f70c591efb0d9f3d50ad29112392fee2 ]

The XTS blockmode uses a copy of the IV which is saved on the stack
and may or may not be properly aligned. If it is not, it will break
hardware cipher like the geode or padlock.
This patch encrypts the IV in place so we don't have to worry about
alignment.

Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc>
Tested-by: Stefan Hellermann <stefan@the2masters.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
CRYPTO xcbc: Fix crash with IPsec 2008-03-24T18:47:12+00:00 Joy Latten latten@austin.ibm.com 2008-03-12T04:17:45+00:00 0c7ac6f8e603b7e33c7ee268c30f2de59111951c [ Upstream commit: 2f40a178e70030c4712fe63807c883f34c3645eb ] When using aes-xcbc-mac for authentication in IPsec, the kernel crashes. It seems this algorithm doesn't account for the space IPsec may make in scatterlist for authtag. Thus when crypto_xcbc_digest_update2() gets called, nbytes may be less than sg[i].length. Since nbytes is an unsigned number, it wraps at the end of the loop allowing us to go back into loop and causing crash in memcpy. I used update function in digest.c to model this fix. Please let me know if it looks ok. Signed-off-by: Joy Latten <latten@austin.ibm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
[ Upstream commit: 2f40a178e70030c4712fe63807c883f34c3645eb ]

When using aes-xcbc-mac for authentication in IPsec,
the kernel crashes. It seems this algorithm doesn't
account for the space IPsec may make in scatterlist for authtag.
Thus when crypto_xcbc_digest_update2() gets called,
nbytes may be less than sg[i].length.
Since nbytes is an unsigned number, it wraps
at the end of the loop allowing us to go back
into loop and causing crash in memcpy.

I used update function in digest.c to model this fix.
Please let me know if it looks ok.

Signed-off-by: Joy Latten <latten@austin.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
fcrypt endianness misannotations 2007-12-05T17:25:20+00:00 Al Viro viro@ftp.linux.org.uk 2007-12-05T08:38:56+00:00 3c50b3683a8efbf3b4b314209d86aed1a0c44d5b Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[CRYPTO] api: Fix potential race in crypto_remove_spawn 2007-11-23T11:32:09+00:00 Herbert Xu herbert@gondor.apana.org.au 2007-11-17T14:09:38+00:00 38cb2419f544ad413c7f7aa8c17fd7377610cdd8 As it is crypto_remove_spawn may try to unregister an instance which is yet to be registered. This patch fixes this by checking whether the instance has been registered before attempting to remove it. It also removes a bogus cra_destroy check in crypto_register_instance as 1) it's outside the mutex; 2) we have a check in __crypto_register_alg already. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
As it is crypto_remove_spawn may try to unregister an instance which is
yet to be registered.  This patch fixes this by checking whether the
instance has been registered before attempting to remove it.

It also removes a bogus cra_destroy check in crypto_register_instance as
1) it's outside the mutex;
2) we have a check in __crypto_register_alg already.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
[CRYPTO] authenc: Move initialisations up to shut up gcc 2007-11-23T11:32:09+00:00 Herbert Xu herbert@gondor.apana.org.au 2007-10-11T08:45:17+00:00 f347c4facfee3d11eb9cd1c070ab471a8fb7401e It seems that newer versions of gcc have regressed in their abilities to analyse initialisations. This patch moves the initialisations up to avoid the warnings. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
It seems that newer versions of gcc have regressed in their abilities to
analyse initialisations.  This patch moves the initialisations up to avoid
the warnings.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
cleanup asm/scatterlist.h includes 2007-11-02T07:47:06+00:00 Adrian Bunk bunk@kernel.org 2007-10-30T09:35:04+00:00 87ae9afdcada236d0a1b38ce2c465a65916961dc Not architecture specific code should not #include <asm/scatterlist.h>. This patch therefore either replaces them with #include <linux/scatterlist.h> or simply removes them if they were unused. Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: Jens Axboe <jens.axboe@oracle.com> 
Not architecture specific code should not #include <asm/scatterlist.h>.

This patch therefore either replaces them with
#include <linux/scatterlist.h> or simply removes them if they were
unused.

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
[CRYPTO] tcrypt: Move sg_init_table out of timing loops 2007-10-27T07:51:21+00:00 Herbert Xu herbert@gondor.apana.org.au 2007-10-27T07:51:21+00:00 a5a613a4291a8107008e4c40108a385cda71b08d This patch moves the sg_init_table out of the timing loops for hash algorithms so that it doesn't impact on the speed test results. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> 
This patch moves the sg_init_table out of the timing loops for hash
algorithms so that it doesn't impact on the speed test results.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
[CRYPTO]: Initialize TCRYPT on-stack scatterlist objects correctly. 2007-10-26T07:38:10+00:00 David S. Miller davem@sunset.davemloft.net 2007-10-26T07:38:10+00:00 b733588559fc13547a59ccf81651c775b8f2719c Use sg_init_one() and sg_init_table() as needed. Signed-off-by: David S. Miller <davem@davemloft.net> 
Use sg_init_one() and sg_init_table() as needed.

Signed-off-by: David S. Miller <davem@davemloft.net>