From 77ba115c478d442024964b217f9f12192018cc77 Mon Sep 17 00:00:00 2001 From: Steffen Klassert Date: Tue, 2 Mar 2010 21:59:54 +0800 Subject: crypto: authenc - Use correct ahash complete functions We accidentally assigned the ahash update complete function to the wrong function pointer in crypto_authenc_verify. This patch fixes this. Signed-off-by: Steffen Klassert Signed-off-by: Herbert Xu --- crypto/authenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'crypto/authenc.c') diff --git a/crypto/authenc.c b/crypto/authenc.c index 18870906ea06..6287cfd4d7a0 100644 --- a/crypto/authenc.c +++ b/crypto/authenc.c @@ -454,7 +454,7 @@ static int crypto_authenc_verify(struct aead_request *req, unsigned int authsize; areq_ctx->complete = authenc_verify_ahash_done; - areq_ctx->complete = authenc_verify_ahash_update_done; + areq_ctx->update_complete = authenc_verify_ahash_update_done; ohash = authenc_ahash_fn(req, CRYPTO_TFM_REQ_MAY_SLEEP); if (IS_ERR(ohash)) -- cgit v1.2.3 From 50beceba7fdf5f10a04d8a053e62d40b742099ad Mon Sep 17 00:00:00 2001 From: Steffen Klassert Date: Wed, 3 Mar 2010 22:41:08 +0800 Subject: crypto: authenc - Move saved IV in front of the ablkcipher request In crypto_authenc_encrypt() we save the IV behind the ablkcipher request. To save space on the request, we overwrite the ablkcipher request with a ahash request after encryption. So the IV may be overwritten by the ahash request. This patch fixes this by placing the IV in front of the ablkcipher/ahash request. Signed-off-by: Steffen Klassert Signed-off-by: Herbert Xu --- crypto/authenc.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) (limited to 'crypto/authenc.c') diff --git a/crypto/authenc.c b/crypto/authenc.c index 6287cfd4d7a0..2bb7348d8d55 100644 --- a/crypto/authenc.c +++ b/crypto/authenc.c @@ -386,11 +386,13 @@ static int crypto_authenc_encrypt(struct aead_request *req) { struct crypto_aead *authenc = crypto_aead_reqtfm(req); struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); - struct ablkcipher_request *abreq = aead_request_ctx(req); + struct authenc_request_ctx *areq_ctx = aead_request_ctx(req); struct crypto_ablkcipher *enc = ctx->enc; struct scatterlist *dst = req->dst; unsigned int cryptlen = req->cryptlen; - u8 *iv = (u8 *)(abreq + 1) + crypto_ablkcipher_reqsize(enc); + struct ablkcipher_request *abreq = (void *)(areq_ctx->tail + + ctx->reqoff); + u8 *iv = (u8 *)abreq - crypto_ablkcipher_ivsize(enc); int err; ablkcipher_request_set_tfm(abreq, enc); @@ -546,10 +548,6 @@ static int crypto_authenc_init_tfm(struct crypto_tfm *tfm) if (IS_ERR(auth)) return PTR_ERR(auth); - ctx->reqoff = ALIGN(2 * crypto_ahash_digestsize(auth) + - crypto_ahash_alignmask(auth), - crypto_ahash_alignmask(auth) + 1); - enc = crypto_spawn_skcipher(&ictx->enc); err = PTR_ERR(enc); if (IS_ERR(enc)) @@ -558,13 +556,18 @@ static int crypto_authenc_init_tfm(struct crypto_tfm *tfm) ctx->auth = auth; ctx->enc = enc; - tfm->crt_aead.reqsize = max_t(unsigned int, - crypto_ahash_reqsize(auth) + ctx->reqoff + - sizeof(struct authenc_request_ctx) + + ctx->reqoff = ALIGN(2 * crypto_ahash_digestsize(auth) + + crypto_ahash_alignmask(auth), + crypto_ahash_alignmask(auth) + 1) + + crypto_ablkcipher_ivsize(enc); + + tfm->crt_aead.reqsize = sizeof(struct authenc_request_ctx) + + ctx->reqoff + + max_t(unsigned int, + crypto_ahash_reqsize(auth) + sizeof(struct ahash_request), sizeof(struct skcipher_givcrypt_request) + - crypto_ablkcipher_reqsize(enc) + - crypto_ablkcipher_ivsize(enc)); + crypto_ablkcipher_reqsize(enc)); return 0; -- cgit v1.2.3 From 180ce7e81030e1ef763d58f97f9ab840ff57d848 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Mon, 26 Apr 2010 09:14:05 +0800 Subject: crypto: authenc - Add EINPROGRESS check When Steffen originally wrote the authenc async hash patch, he correctly had EINPROGRESS checks in place so that we did not invoke the original completion handler with it. Unfortuantely I told him to remove it before the patch was applied. As only MAY_BACKLOG request completion handlers are required to handle EINPROGRESS completions, those checks are really needed. This patch restores them. Reported-by: Sebastian Andrzej Siewior Signed-off-by: Herbert Xu --- crypto/authenc.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'crypto/authenc.c') diff --git a/crypto/authenc.c b/crypto/authenc.c index 2bb7348d8d55..05eb32e0d949 100644 --- a/crypto/authenc.c +++ b/crypto/authenc.c @@ -46,6 +46,12 @@ struct authenc_request_ctx { char tail[]; }; +static void authenc_request_complete(struct aead_request *req, int err) +{ + if (err != -EINPROGRESS) + aead_request_complete(req, err); +} + static int crypto_authenc_setkey(struct crypto_aead *authenc, const u8 *key, unsigned int keylen) { @@ -142,7 +148,7 @@ static void authenc_geniv_ahash_update_done(struct crypto_async_request *areq, crypto_aead_authsize(authenc), 1); out: - aead_request_complete(req, err); + authenc_request_complete(req, err); } static void authenc_geniv_ahash_done(struct crypto_async_request *areq, int err) @@ -208,7 +214,7 @@ static void authenc_verify_ahash_update_done(struct crypto_async_request *areq, err = crypto_ablkcipher_decrypt(abreq); out: - aead_request_complete(req, err); + authenc_request_complete(req, err); } static void authenc_verify_ahash_done(struct crypto_async_request *areq, @@ -245,7 +251,7 @@ static void authenc_verify_ahash_done(struct crypto_async_request *areq, err = crypto_ablkcipher_decrypt(abreq); out: - aead_request_complete(req, err); + authenc_request_complete(req, err); } static u8 *crypto_authenc_ahash_fb(struct aead_request *req, unsigned int flags) @@ -379,7 +385,7 @@ static void crypto_authenc_encrypt_done(struct crypto_async_request *req, err = crypto_authenc_genicv(areq, iv, 0); } - aead_request_complete(areq, err); + authenc_request_complete(areq, err); } static int crypto_authenc_encrypt(struct aead_request *req) @@ -420,7 +426,7 @@ static void crypto_authenc_givencrypt_done(struct crypto_async_request *req, err = crypto_authenc_genicv(areq, greq->giv, 0); } - aead_request_complete(areq, err); + authenc_request_complete(areq, err); } static int crypto_authenc_givencrypt(struct aead_givcrypt_request *req) -- cgit v1.2.3