diff options
| author | Eneas U de Queiroz <cotequeiroz@gmail.com> | 2019-12-20 10:52:17 -0300 |
|---|---|---|
| committer | Christian Lamparter <chunkeey@gmail.com> | 2020-02-28 22:46:09 +0100 |
| commit | 13b8404b1eaaa51027cae42c8152b9123d92a425 (patch) | |
| tree | a3193bb01ead9a0d3ea281b619161da6e86ea1ce /target/linux/ipq40xx/patches-5.4/047-crypto-qce-use-cryptlen-when-adding-extra-sgl.patch | |
| parent | ee4a0afdcdf0c11528d685efd64fb8f4b4efcbb1 (diff) | |
| download | upstream-13b8404b1eaaa51027cae42c8152b9123d92a425.tar.gz upstream-13b8404b1eaaa51027cae42c8152b9123d92a425.tar.bz2 upstream-13b8404b1eaaa51027cae42c8152b9123d92a425.zip | |
ipq40xx: qce - add fixes for AES ciphers
This backports commits from master that fix AES ciphers when using the
qce driver:
- A couple of simple fixes for CTR and XTS modes used with AES:
* 041-crypto-qce-fix-ctr-aes-qce-block-chunk-sizes.patch
* 042-crypto-qce-fix-xts-aes-qce-key-sizes.patch
- A fix for a bug that affected cases when there were more entries in
the input sg list than necessary to actually encrypt, resulting in
failure in gcm, where the authentication tag is present after the
encryption data:
* 043-crypto-qce-save-a-sg-table-slot-for-result-buf.patch
- A fix to update the IV buffer passed to the driver from the kernel:
* 044-crypto-qce-update-the-skcipher-IV.patch
- A patch that reduces memory footprint and driver initialization by
only initializing the fallback mechanism where it is actually used:
* 046-crypto-qce-initialize-fallback-only-for-AES.patch
- Three patches that make gcm and xts modes work with the qce driver,
and improve performance with small blocks:
* 047-crypto-qce-use-cryptlen-when-adding-extra-sgl.patch
* 048-crypto-qce-use-AES-fallback-for-small-requests.patch
* 049-crypto-qce-handle-AES-XTS-cases-that-qce-fails.patch
- A patch that allows the hashes/ciphers to be built individually.
* 051-crypto-qce-allow-building-only-hashes-ciphers.patch
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
[renumbered patches, added patches from dropped commit, refreshed, 5.4]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Diffstat (limited to 'target/linux/ipq40xx/patches-5.4/047-crypto-qce-use-cryptlen-when-adding-extra-sgl.patch')
| -rw-r--r-- | target/linux/ipq40xx/patches-5.4/047-crypto-qce-use-cryptlen-when-adding-extra-sgl.patch | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/target/linux/ipq40xx/patches-5.4/047-crypto-qce-use-cryptlen-when-adding-extra-sgl.patch b/target/linux/ipq40xx/patches-5.4/047-crypto-qce-use-cryptlen-when-adding-extra-sgl.patch new file mode 100644 index 0000000000..160420b485 --- /dev/null +++ b/target/linux/ipq40xx/patches-5.4/047-crypto-qce-use-cryptlen-when-adding-extra-sgl.patch @@ -0,0 +1,89 @@ +From d6364b8128439a8c0e381f80c38667de9f15eef8 Mon Sep 17 00:00:00 2001 +From: Eneas U de Queiroz <cotequeiroz@gmail.com> +Date: Fri, 7 Feb 2020 12:02:25 -0300 +Subject: [PATCH 09/11] crypto: qce - use cryptlen when adding extra sgl + +The qce crypto driver appends an extra entry to the dst sgl, to maintain +private state information. + +When the gcm driver sends requests to the ctr skcipher, it passes the +authentication tag after the actual crypto payload, but it must not be +touched. + +Commit 1336c2221bee ("crypto: qce - save a sg table slot for result +buf") limited the destination sgl to avoid overwriting the +authentication tag but it assumed the tag would be in a separate sgl +entry. + +This is not always the case, so it is better to limit the length of the +destination buffer to req->cryptlen before appending the result buf. + +Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> +Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> +--- + drivers/crypto/qce/dma.c | 11 ++++++----- + drivers/crypto/qce/dma.h | 2 +- + drivers/crypto/qce/skcipher.c | 5 +++-- + 3 files changed, 10 insertions(+), 8 deletions(-) + +--- a/drivers/crypto/qce/dma.c ++++ b/drivers/crypto/qce/dma.c +@@ -48,9 +48,10 @@ void qce_dma_release(struct qce_dma_data + + struct scatterlist * + qce_sgtable_add(struct sg_table *sgt, struct scatterlist *new_sgl, +- int max_ents) ++ unsigned int max_len) + { + struct scatterlist *sg = sgt->sgl, *sg_last = NULL; ++ unsigned int new_len; + + while (sg) { + if (!sg_page(sg)) +@@ -61,13 +62,13 @@ qce_sgtable_add(struct sg_table *sgt, st + if (!sg) + return ERR_PTR(-EINVAL); + +- while (new_sgl && sg && max_ents) { +- sg_set_page(sg, sg_page(new_sgl), new_sgl->length, +- new_sgl->offset); ++ while (new_sgl && sg && max_len) { ++ new_len = new_sgl->length > max_len ? max_len : new_sgl->length; ++ sg_set_page(sg, sg_page(new_sgl), new_len, new_sgl->offset); + sg_last = sg; + sg = sg_next(sg); + new_sgl = sg_next(new_sgl); +- max_ents--; ++ max_len -= new_len; + } + + return sg_last; +--- a/drivers/crypto/qce/dma.h ++++ b/drivers/crypto/qce/dma.h +@@ -43,6 +43,6 @@ void qce_dma_issue_pending(struct qce_dm + int qce_dma_terminate_all(struct qce_dma_data *dma); + struct scatterlist * + qce_sgtable_add(struct sg_table *sgt, struct scatterlist *sg_add, +- int max_ents); ++ unsigned int max_len); + + #endif /* _DMA_H_ */ +--- a/drivers/crypto/qce/skcipher.c ++++ b/drivers/crypto/qce/skcipher.c +@@ -97,13 +97,14 @@ qce_skcipher_async_req_handle(struct cry + + sg_init_one(&rctx->result_sg, qce->dma.result_buf, QCE_RESULT_BUF_SZ); + +- sg = qce_sgtable_add(&rctx->dst_tbl, req->dst, rctx->dst_nents - 1); ++ sg = qce_sgtable_add(&rctx->dst_tbl, req->dst, req->cryptlen); + if (IS_ERR(sg)) { + ret = PTR_ERR(sg); + goto error_free; + } + +- sg = qce_sgtable_add(&rctx->dst_tbl, &rctx->result_sg, 1); ++ sg = qce_sgtable_add(&rctx->dst_tbl, &rctx->result_sg, ++ QCE_RESULT_BUF_SZ); + if (IS_ERR(sg)) { + ret = PTR_ERR(sg); + goto error_free; |