crypto: xts - use 'spawn' for underlying single-block cipher
[ Upstream commit bb40d32689d73c46de39a0529d551f523f21dc9b ] Since commitadad556efc
("crypto: api - Fix built-in testing dependency failures"), the following warning appears when booting an x86_64 kernel that is configured with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y and CONFIG_CRYPTO_AES_NI_INTEL=y, even when CONFIG_CRYPTO_XTS=y and CONFIG_CRYPTO_AES=y: alg: skcipher: skipping comparison tests for xts-aes-aesni because xts(ecb(aes-generic)) is unavailable This is caused by an issue in the xts template where it allocates an "aes" single-block cipher without declaring a dependency on it via the crypto_spawn mechanism. This issue was exposed by the above commit because it reversed the order that the algorithms are tested in. Specifically, when "xts(ecb(aes-generic))" is instantiated and tested during the comparison tests for "xts-aes-aesni", the "xts" template allocates an "aes" crypto_cipher for encrypting tweaks. This resolves to "aes-aesni". (Getting "aes-aesni" instead of "aes-generic" here is a bit weird, but it's apparently intended.) Due to the above-mentioned commit, the testing of "aes-aesni", and the finalization of its registration, now happens at this point instead of before. At the end of that, crypto_remove_spawns() unregisters all algorithm instances that depend on a lower-priority "aes" implementation such as "aes-generic" but that do not depend on "aes-aesni". However, because "xts" does not use the crypto_spawn mechanism for its "aes", its dependency on "aes-aesni" is not recognized by crypto_remove_spawns(). Thus, crypto_remove_spawns() unexpectedly unregisters "xts(ecb(aes-generic))". Fix this issue by making the "xts" template use the crypto_spawn mechanism for its "aes" dependency, like what other templates do. Note, this fix could be applied as far back as commitf1c131b454
("crypto: xts - Convert to skcipher"). However, the issue only got exposed by the much more recent changes to how the crypto API runs the self-tests, so there should be no need to backport this to very old kernels. Also, an alternative fix would be to flip the list iteration order in crypto_start_tests() to restore the original testing order. I'm thinking we should do that too, since the original order seems more natural, but it shouldn't be relied on for correctness. Fixes:adad556efc
("crypto: api - Fix built-in testing dependency failures") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
3f1800cade
commit
64170e83ae
23
crypto/xts.c
23
crypto/xts.c
|
@ -28,7 +28,7 @@ struct xts_tfm_ctx {
|
||||||
|
|
||||||
struct xts_instance_ctx {
|
struct xts_instance_ctx {
|
||||||
struct crypto_skcipher_spawn spawn;
|
struct crypto_skcipher_spawn spawn;
|
||||||
char name[CRYPTO_MAX_ALG_NAME];
|
struct crypto_cipher_spawn tweak_spawn;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct xts_request_ctx {
|
struct xts_request_ctx {
|
||||||
|
@ -306,7 +306,7 @@ static int xts_init_tfm(struct crypto_skcipher *tfm)
|
||||||
|
|
||||||
ctx->child = child;
|
ctx->child = child;
|
||||||
|
|
||||||
tweak = crypto_alloc_cipher(ictx->name, 0, 0);
|
tweak = crypto_spawn_cipher(&ictx->tweak_spawn);
|
||||||
if (IS_ERR(tweak)) {
|
if (IS_ERR(tweak)) {
|
||||||
crypto_free_skcipher(ctx->child);
|
crypto_free_skcipher(ctx->child);
|
||||||
return PTR_ERR(tweak);
|
return PTR_ERR(tweak);
|
||||||
|
@ -333,11 +333,13 @@ static void xts_free_instance(struct skcipher_instance *inst)
|
||||||
struct xts_instance_ctx *ictx = skcipher_instance_ctx(inst);
|
struct xts_instance_ctx *ictx = skcipher_instance_ctx(inst);
|
||||||
|
|
||||||
crypto_drop_skcipher(&ictx->spawn);
|
crypto_drop_skcipher(&ictx->spawn);
|
||||||
|
crypto_drop_cipher(&ictx->tweak_spawn);
|
||||||
kfree(inst);
|
kfree(inst);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int xts_create(struct crypto_template *tmpl, struct rtattr **tb)
|
static int xts_create(struct crypto_template *tmpl, struct rtattr **tb)
|
||||||
{
|
{
|
||||||
|
char name[CRYPTO_MAX_ALG_NAME];
|
||||||
struct skcipher_instance *inst;
|
struct skcipher_instance *inst;
|
||||||
struct xts_instance_ctx *ctx;
|
struct xts_instance_ctx *ctx;
|
||||||
struct skcipher_alg *alg;
|
struct skcipher_alg *alg;
|
||||||
|
@ -363,13 +365,13 @@ static int xts_create(struct crypto_template *tmpl, struct rtattr **tb)
|
||||||
cipher_name, 0, mask);
|
cipher_name, 0, mask);
|
||||||
if (err == -ENOENT) {
|
if (err == -ENOENT) {
|
||||||
err = -ENAMETOOLONG;
|
err = -ENAMETOOLONG;
|
||||||
if (snprintf(ctx->name, CRYPTO_MAX_ALG_NAME, "ecb(%s)",
|
if (snprintf(name, CRYPTO_MAX_ALG_NAME, "ecb(%s)",
|
||||||
cipher_name) >= CRYPTO_MAX_ALG_NAME)
|
cipher_name) >= CRYPTO_MAX_ALG_NAME)
|
||||||
goto err_free_inst;
|
goto err_free_inst;
|
||||||
|
|
||||||
err = crypto_grab_skcipher(&ctx->spawn,
|
err = crypto_grab_skcipher(&ctx->spawn,
|
||||||
skcipher_crypto_instance(inst),
|
skcipher_crypto_instance(inst),
|
||||||
ctx->name, 0, mask);
|
name, 0, mask);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (err)
|
if (err)
|
||||||
|
@ -398,23 +400,28 @@ static int xts_create(struct crypto_template *tmpl, struct rtattr **tb)
|
||||||
if (!strncmp(cipher_name, "ecb(", 4)) {
|
if (!strncmp(cipher_name, "ecb(", 4)) {
|
||||||
int len;
|
int len;
|
||||||
|
|
||||||
len = strscpy(ctx->name, cipher_name + 4, sizeof(ctx->name));
|
len = strscpy(name, cipher_name + 4, sizeof(name));
|
||||||
if (len < 2)
|
if (len < 2)
|
||||||
goto err_free_inst;
|
goto err_free_inst;
|
||||||
|
|
||||||
if (ctx->name[len - 1] != ')')
|
if (name[len - 1] != ')')
|
||||||
goto err_free_inst;
|
goto err_free_inst;
|
||||||
|
|
||||||
ctx->name[len - 1] = 0;
|
name[len - 1] = 0;
|
||||||
|
|
||||||
if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,
|
if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,
|
||||||
"xts(%s)", ctx->name) >= CRYPTO_MAX_ALG_NAME) {
|
"xts(%s)", name) >= CRYPTO_MAX_ALG_NAME) {
|
||||||
err = -ENAMETOOLONG;
|
err = -ENAMETOOLONG;
|
||||||
goto err_free_inst;
|
goto err_free_inst;
|
||||||
}
|
}
|
||||||
} else
|
} else
|
||||||
goto err_free_inst;
|
goto err_free_inst;
|
||||||
|
|
||||||
|
err = crypto_grab_cipher(&ctx->tweak_spawn,
|
||||||
|
skcipher_crypto_instance(inst), name, 0, mask);
|
||||||
|
if (err)
|
||||||
|
goto err_free_inst;
|
||||||
|
|
||||||
inst->alg.base.cra_priority = alg->base.cra_priority;
|
inst->alg.base.cra_priority = alg->base.cra_priority;
|
||||||
inst->alg.base.cra_blocksize = XTS_BLOCK_SIZE;
|
inst->alg.base.cra_blocksize = XTS_BLOCK_SIZE;
|
||||||
inst->alg.base.cra_alignmask = alg->base.cra_alignmask |
|
inst->alg.base.cra_alignmask = alg->base.cra_alignmask |
|
||||||
|
|
Loading…
Reference in New Issue