diff options
| author | Leonidas S. Barbosa <leosilva@linux.vnet.ibm.com> | 2014-10-28 13:45:49 -0400 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2014-11-06 10:15:01 -0500 |
| commit | 01a5aa08ef383bf3d39f280df6417d50d6d9a269 (patch) | |
| tree | 94f97ac8aeb113787a0205fede4b4c3a7f4b64a1 | |
| parent | 9247f0b05572da01721b105558a25d3a413ca0a1 (diff) | |
crypto: nx - Moving limit and bound logic in CTR and fix IV vector
The previous limits were estimated locally in a single step
basead on bound values, however it was not correct since
when given certain scatterlist the function nx_build_sg_lists
was consuming more sg entries than allocated causing a
memory corruption and crashes.
- This patch removes the old logic and replaces it into nx_sg_build_lists
in order to build a correct nx_sg list using the correct sg_max limit
and bounds.
IV vector was not set correctly to zero causing ctr crash in tcrypt tests.
- Fixed setting IV vector bits to zero.
Signed-off-by: Leonidas S. Barbosa <leosilva@linux.vnet.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| -rw-r--r-- | drivers/crypto/nx/nx-aes-ctr.c | 13 |
1 files changed, 3 insertions, 10 deletions
diff --git a/drivers/crypto/nx/nx-aes-ctr.c b/drivers/crypto/nx/nx-aes-ctr.c index a37d009dc75c..2617cd4d54dd 100644 --- a/drivers/crypto/nx/nx-aes-ctr.c +++ b/drivers/crypto/nx/nx-aes-ctr.c | |||
| @@ -90,22 +90,14 @@ static int ctr_aes_nx_crypt(struct blkcipher_desc *desc, | |||
| 90 | struct nx_csbcpb *csbcpb = nx_ctx->csbcpb; | 90 | struct nx_csbcpb *csbcpb = nx_ctx->csbcpb; |
| 91 | unsigned long irq_flags; | 91 | unsigned long irq_flags; |
| 92 | unsigned int processed = 0, to_process; | 92 | unsigned int processed = 0, to_process; |
| 93 | u32 max_sg_len; | ||
| 94 | int rc; | 93 | int rc; |
| 95 | 94 | ||
| 96 | spin_lock_irqsave(&nx_ctx->lock, irq_flags); | 95 | spin_lock_irqsave(&nx_ctx->lock, irq_flags); |
| 97 | 96 | ||
| 98 | max_sg_len = min_t(u32, nx_driver.of.max_sg_len/sizeof(struct nx_sg), | ||
| 99 | nx_ctx->ap->sglen); | ||
| 100 | |||
| 101 | do { | 97 | do { |
| 102 | to_process = min_t(u64, nbytes - processed, | 98 | to_process = nbytes - processed; |
| 103 | nx_ctx->ap->databytelen); | ||
| 104 | to_process = min_t(u64, to_process, | ||
| 105 | NX_PAGE_SIZE * (max_sg_len - 1)); | ||
| 106 | to_process = to_process & ~(AES_BLOCK_SIZE - 1); | ||
| 107 | 99 | ||
| 108 | rc = nx_build_sg_lists(nx_ctx, desc, dst, src, to_process, | 100 | rc = nx_build_sg_lists(nx_ctx, desc, dst, src, &to_process, |
| 109 | processed, csbcpb->cpb.aes_ctr.iv); | 101 | processed, csbcpb->cpb.aes_ctr.iv); |
| 110 | if (rc) | 102 | if (rc) |
| 111 | goto out; | 103 | goto out; |
| @@ -143,6 +135,7 @@ static int ctr3686_aes_nx_crypt(struct blkcipher_desc *desc, | |||
| 143 | 135 | ||
| 144 | memcpy(iv + CTR_RFC3686_NONCE_SIZE, | 136 | memcpy(iv + CTR_RFC3686_NONCE_SIZE, |
| 145 | desc->info, CTR_RFC3686_IV_SIZE); | 137 | desc->info, CTR_RFC3686_IV_SIZE); |
| 138 | iv[12] = iv[13] = iv[14] = 0; | ||
| 146 | iv[15] = 1; | 139 | iv[15] = 1; |
| 147 | 140 | ||
| 148 | desc->info = nx_ctx->priv.ctr.iv; | 141 | desc->info = nx_ctx->priv.ctr.iv; |