1. 26 Nov, 2014 1 commit
  2. 31 Oct, 2011 1 commit
  3. 20 Aug, 2009 1 commit
  4. 22 Jul, 2009 2 commits
  5. 15 Jul, 2009 1 commit
  6. 13 Jul, 2009 1 commit
  7. 02 Apr, 2008 1 commit
    • Joy Latten's avatar
      [CRYPTO] xcbc: Fix crash when ipsec uses xcbc-mac with big data chunk · 1edcf2e1
      Joy Latten authored
      The kernel crashes when ipsec passes a udp packet of about 14XX bytes
      of data to aes-xcbc-mac.
      
      It seems the first xxxx bytes of the data are in first sg entry,
      and remaining xx bytes are in next sg entry. But we don't 
      check next sg entry to see if we need to go look the page up.
      
      I noticed in hmac.c, we do a scatterwalk_sg_next(), to do this check
      and possible lookup, thus xcbc.c needs to use this routine too.
      
      A 15-hour run of an ipsec stress test sending streams of tcp and
      udp packets of various sizes,  using this patch and 
      aes-xcbc-mac completed successfully, so hopefully this fixes the
      problem.
      Signed-off-by: default avatarJoy Latten <latten@austin.ibm.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      1edcf2e1
  8. 06 Mar, 2008 1 commit
    • Joy Latten's avatar
      [CRYPTO] xcbc: Fix crash with IPsec · 2f40a178
      Joy Latten authored
      When using aes-xcbc-mac for authentication in IPsec, 
      the kernel crashes. It seems this algorithm doesn't 
      account for the space IPsec may make in scatterlist for authtag.
      Thus when crypto_xcbc_digest_update2() gets called,
      nbytes may be less than sg[i].length. 
      Since nbytes is an unsigned number, it wraps
      at the end of the loop allowing us to go back 
      into loop and causing crash in memcpy.
      
      I used update function in digest.c to model this fix.
      Please let me know if it looks ok.
      Signed-off-by: default avatarJoy Latten <latten@austin.ibm.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      2f40a178
  9. 07 Feb, 2008 1 commit
  10. 10 Jan, 2008 3 commits
  11. 22 Oct, 2007 1 commit
  12. 01 May, 2007 1 commit
    • Herbert Xu's avatar
      [CRYPTO] templates: Pass type/mask when creating instances · ebc610e5
      Herbert Xu authored
      This patch passes the type/mask along when constructing instances of
      templates.  This is in preparation for templates that may support
      multiple types of instances depending on what is requested.  For example,
      the planned software async crypto driver will use this construct.
      
      For the moment this allows us to check whether the instance constructed
      is of the correct type and avoid returning success if the type does not
      match.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      ebc610e5
  13. 06 Feb, 2007 3 commits
  14. 06 Dec, 2006 2 commits