20 Aug, 2009

1 commit

  • The alignment calculation of xcbc_tfm_ctx uses alg->cra_alignmask
    and not alg->cra_alignmask + 1 as it should. This led to frequent
    crashes during the selftest of xcbc(aes-asm) on x86_64
    machines. This patch fixes this. Also we use the alignmask
    of xcbc and not the alignmask of the underlying algorithm
    for the alignmnent calculation in xcbc_create now.

    Signed-off-by: Steffen Klassert
    Signed-off-by: Herbert Xu

    Steffen Klassert
     

22 Jul, 2009

2 commits


15 Jul, 2009

1 commit


14 Jul, 2009

1 commit


02 Apr, 2008

1 commit

  • The kernel crashes when ipsec passes a udp packet of about 14XX bytes
    of data to aes-xcbc-mac.

    It seems the first xxxx bytes of the data are in first sg entry,
    and remaining xx bytes are in next sg entry. But we don't
    check next sg entry to see if we need to go look the page up.

    I noticed in hmac.c, we do a scatterwalk_sg_next(), to do this check
    and possible lookup, thus xcbc.c needs to use this routine too.

    A 15-hour run of an ipsec stress test sending streams of tcp and
    udp packets of various sizes, using this patch and
    aes-xcbc-mac completed successfully, so hopefully this fixes the
    problem.

    Signed-off-by: Joy Latten
    Signed-off-by: Herbert Xu

    Joy Latten
     

06 Mar, 2008

1 commit

  • When using aes-xcbc-mac for authentication in IPsec,
    the kernel crashes. It seems this algorithm doesn't
    account for the space IPsec may make in scatterlist for authtag.
    Thus when crypto_xcbc_digest_update2() gets called,
    nbytes may be less than sg[i].length.
    Since nbytes is an unsigned number, it wraps
    at the end of the loop allowing us to go back
    into loop and causing crash in memcpy.

    I used update function in digest.c to model this fix.
    Please let me know if it looks ok.

    Signed-off-by: Joy Latten
    Signed-off-by: Herbert Xu

    Joy Latten
     

08 Feb, 2008

1 commit


11 Jan, 2008

3 commits


23 Oct, 2007

1 commit


02 May, 2007

1 commit

  • This patch passes the type/mask along when constructing instances of
    templates. This is in preparation for templates that may support
    multiple types of instances depending on what is requested. For example,
    the planned software async crypto driver will use this construct.

    For the moment this allows us to check whether the instance constructed
    is of the correct type and avoid returning success if the type does not
    match.

    Signed-off-by: Herbert Xu

    Herbert Xu
     

07 Feb, 2007

3 commits


07 Dec, 2006

2 commits

  • On Tue, Nov 14, 2006 at 01:41:25AM -0800, Andrew Morton wrote:
    >...
    > Changes since 2.6.19-rc5-mm2:
    >...
    > git-cryptodev.patch
    >...
    > git trees
    >...

    This patch makes some needlessly global code static.

    Signed-off-by: Adrian Bunk
    Signed-off-by: Herbert Xu

    Adrian Bunk
     
  • This is core code of XCBC.

    XCBC is an algorithm that forms a MAC algorithm out of a cipher algorithm.
    For example, AES-XCBC-MAC is a MAC algorithm based on the AES cipher
    algorithm.

    Signed-off-by: Kazunori MIYAZAWA
    Signed-off-by: Herbert Xu

    Kazunori MIYAZAWA