diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-12-15 12:35:19 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-12-15 12:35:19 -0800 |
commit | 1c11ed58397f048d8187222927092b397a149d70 (patch) | |
tree | daaf99d935098038fd66e1bd238dcd3746dc5ea4 /crypto/vmac.c | |
parent | b9f30e24bc65d510c4732e8b300ca026641255fb (diff) | |
parent | 450d9637938d1dfe4dcd25de9eb352ddffff43fe (diff) | |
download | linux-crypto-1c11ed58397f048d8187222927092b397a149d70.tar.gz linux-crypto-1c11ed58397f048d8187222927092b397a149d70.zip |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto update from Herbert Xu:
- Added aesni/avx/x86_64 implementations for camellia.
- Optimised AVX code for cast5/serpent/twofish/cast6.
- Fixed vmac bug with unaligned input.
- Allow compression algorithms in FIPS mode.
- Optimised crc32c implementation for Intel.
- Misc fixes.
* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (32 commits)
crypto: caam - Updated SEC-4.0 device tree binding for ERA information.
crypto: testmgr - remove superfluous initializers for xts(aes)
crypto: testmgr - allow compression algs in fips mode
crypto: testmgr - add larger crc32c test vector to test FPU path in crc32c_intel
crypto: testmgr - clean alg_test_null entries in alg_test_descs[]
crypto: testmgr - remove fips_allowed flag from camellia-aesni null-tests
crypto: cast5/cast6 - move lookup tables to shared module
padata: use __this_cpu_read per-cpu helper
crypto: s5p-sss - Fix compilation error
crypto: picoxcell - Add terminating entry for platform_device_id table
crypto: omap-aes - select BLKCIPHER2
crypto: camellia - add AES-NI/AVX/x86_64 assembler implementation of camellia cipher
crypto: camellia-x86_64 - share common functions and move structures and function definitions to header file
crypto: tcrypt - add async speed test for camellia cipher
crypto: tegra-aes - fix error-valued pointer dereference
crypto: tegra - fix missing unlock on error case
crypto: cast5/avx - avoid using temporary stack buffers
crypto: serpent/avx - avoid using temporary stack buffers
crypto: twofish/avx - avoid using temporary stack buffers
crypto: cast6/avx - avoid using temporary stack buffers
...
Diffstat (limited to 'crypto/vmac.c')
-rw-r--r-- | crypto/vmac.c | 47 |
1 files changed, 43 insertions, 4 deletions
diff --git a/crypto/vmac.c b/crypto/vmac.c index f2338ca9..2eb11a30 100644 --- a/crypto/vmac.c +++ b/crypto/vmac.c @@ -375,6 +375,11 @@ static void vhash_update(const unsigned char *m, u64 pkh = ctx->polykey[0]; u64 pkl = ctx->polykey[1]; + if (!mbytes) + return; + + BUG_ON(mbytes % VMAC_NHBYTES); + mptr = (u64 *)m; i = mbytes / VMAC_NHBYTES; /* Must be non-zero */ @@ -454,7 +459,7 @@ do_l3: } static u64 vmac(unsigned char m[], unsigned int mbytes, - unsigned char n[16], u64 *tagl, + const unsigned char n[16], u64 *tagl, struct vmac_ctx_t *ctx) { u64 *in_n, *out_p; @@ -559,8 +564,33 @@ static int vmac_update(struct shash_desc *pdesc, const u8 *p, { struct crypto_shash *parent = pdesc->tfm; struct vmac_ctx_t *ctx = crypto_shash_ctx(parent); + int expand; + int min; + + expand = VMAC_NHBYTES - ctx->partial_size > 0 ? + VMAC_NHBYTES - ctx->partial_size : 0; + + min = len < expand ? len : expand; + + memcpy(ctx->partial + ctx->partial_size, p, min); + ctx->partial_size += min; + + if (len < expand) + return 0; - vhash_update(p, len, &ctx->__vmac_ctx); + vhash_update(ctx->partial, VMAC_NHBYTES, &ctx->__vmac_ctx); + ctx->partial_size = 0; + + len -= expand; + p += expand; + + if (len % VMAC_NHBYTES) { + memcpy(ctx->partial, p + len - (len % VMAC_NHBYTES), + len % VMAC_NHBYTES); + ctx->partial_size = len % VMAC_NHBYTES; + } + + vhash_update(p, len - len % VMAC_NHBYTES, &ctx->__vmac_ctx); return 0; } @@ -572,10 +602,20 @@ static int vmac_final(struct shash_desc *pdesc, u8 *out) vmac_t mac; u8 nonce[16] = {}; - mac = vmac(NULL, 0, nonce, NULL, ctx); + /* vmac() ends up accessing outside the array bounds that + * we specify. In appears to access up to the next 2-word + * boundary. We'll just be uber cautious and zero the + * unwritten bytes in the buffer. + */ + if (ctx->partial_size) { + memset(ctx->partial + ctx->partial_size, 0, + VMAC_NHBYTES - ctx->partial_size); + } + mac = vmac(ctx->partial, ctx->partial_size, nonce, NULL, ctx); memcpy(out, &mac, sizeof(vmac_t)); memset(&mac, 0, sizeof(vmac_t)); memset(&ctx->__vmac_ctx, 0, sizeof(struct vmac_ctx)); + ctx->partial_size = 0; return 0; } @@ -673,4 +713,3 @@ module_exit(vmac_module_exit); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("VMAC hash algorithm"); - |