From patchwork Thu Jan 24 16:33:45 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 156499
Delivered-To: patch@linaro.org
Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp2164987jaa;
 Thu, 24 Jan 2019 08:33:55 -0800 (PST)
X-Google-Smtp-Source: ALg8bN4j+03h8ZEuVLrj31PNJcMkpK2rDcv8+F8pIIayVFBOCbYk6Sf/7BSgD9nCtS3Yk9ErOtBP
X-Received: by 2002:a17:902:7e4f:: with SMTP id
 a15mr7063338pln.149.1548347635614; 
 Thu, 24 Jan 2019 08:33:55 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1548347635; cv=none;
 d=google.com; s=arc-20160816;
 b=L2RN6NKFfaVHsG3wcqClA0JLx+wsWa0e4zMwUzz9KSXKFsds3CpLZCb9s3T9yyIwxG
 Fdo+QhcQW+ey4YNZvSe3N1cTTDxdxJmx4Q3/sFUGXz21GNLKm7iISVQhCAhdFtRHG31L
 I9CpULKLwuJqQNrnJ6kPvGVvTs5V/YdILKOYxfe/MocsiXXI20t4bW23+6SdX4mmH7AE
 PLa/+utfGMs/7cODjnSoteNfQi4uU3REe6WSNLr8A2Qztr7W7MGS1V/LHsyi4jbhwQTT
 bq1rflxFjaZATGkgr+7RbojAid8Q9cMTeGKjIN4oJEGyEdQXaxE0Mld4IZoCogWNOAPJ
 JT0A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:content-transfer-encoding:mime-version
 :references:in-reply-to:message-id:date:subject:cc:to:from
 :dkim-signature;
 bh=OLi5gHDALg2HIynknA0SAYqbdOxodGcDILlCdC99Kpk=;
 b=Mb+7Dm/1gCwhghuyPUVpjgr+DOTk6w8VYRSCPGOkhCU9ZlYNQU7vgVnO2rKjKFBiPi
 EPyPO2s72IrlgfvngmD0KjNhSi5jSYX3BpmVmJ9snRYc/k3fjpmUuf4DbGIJgjMRoWXL
 qdrgJUwPQ2y/k0GHRfgtPxJYpUYDsD3sfXazYo4b+gsmdsZsrHgAw+gcobHblp9gYSvj
 NPNaTboXNc8XsaOEgyJtW5YW2oxNI6Ljdz9z6Gz99FQP+KTy2zspa9PdNObgiTtNXBZE
 IM1GWoFKZhkEoxMHXa7qsdkjx80eZ2GXc5TD1u/Q5RPcZFErai+c41OeeasvMOVRY7WN
 hruQ==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=kXmE1bWh;
 spf=pass (google.com: best guess record for domain of
 linux-crypto-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-crypto-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 c5si20261952pgq.434.2019.01.24.08.33.55; 
 Thu, 24 Jan 2019 08:33:55 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 linux-crypto-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=kXmE1bWh;
 spf=pass (google.com: best guess record for domain of
 linux-crypto-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-crypto-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1727709AbfAXQdy (ORCPT <rfc822;sumit.garg@linaro.org>
 + 3 others); Thu, 24 Jan 2019 11:33:54 -0500
Received: from mail-wm1-f65.google.com ([209.85.128.65]:51606 "EHLO
 mail-wm1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1727649AbfAXQdy (ORCPT
 <rfc822;linux-crypto@vger.kernel.org>);
 Thu, 24 Jan 2019 11:33:54 -0500
Received: by mail-wm1-f65.google.com with SMTP id b11so3856416wmj.1
 for <linux-crypto@vger.kernel.org>;
 Thu, 24 Jan 2019 08:33:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=OLi5gHDALg2HIynknA0SAYqbdOxodGcDILlCdC99Kpk=;
 b=kXmE1bWhgBruckURkRoo23Ne8trpq1XGAqJ40Tl7m7ukZxhzHhTfSvmrzBYjvrXia/
 5c/oS8tXAiFpxHT4kc+lEkpRnSxMOKAKRvHi21ISNWEBbmA5XC8tTuKejfYDSN2ezPQq
 +rPgTa8bEMizRgi5VobIzGTR0gFmfnuyOenCI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=OLi5gHDALg2HIynknA0SAYqbdOxodGcDILlCdC99Kpk=;
 b=coutmh7XdmcJ5spwCHnhVXIaaKzmhhMC5mb18KzCMvidKVt8BftgiXsvAsfioayvo6
 5NHL+yEBu1U5SoKiNYjLImRT3WK5MD09VTy9hv3oGmxsW56uHIPEK59IRojLgmywsKja
 617Ix+hMVxtTJ0dXlqjZonbRCLrII+Qk8dMG7sLMiZJtN3DN1bwyBGocqF5hzYdoLBoO
 p1wPzksub9DXTDCWRA+zok6OQ5qUfTyp6U2pQnVscKOEMc41ilXCIChO3ZxY1KwBorRO
 3MN89tRuD1IeuJ8tr/cZfgVXHMTAdyqFe86HypifjUF9VA+BFKZLyS/kjYnUqswVQ4Pz
 7BvQ==
X-Gm-Message-State: AJcUukdZ+m/HKfZRWLZQu8IX8NWO1g6azQulG7bnVlakXm6df0BB5bJj
 GgvkIvISXtCW+kjsiO4NtHz7//XjBob2Ag==
X-Received: by 2002:a1c:1d81:: with SMTP id
 d123mr3286230wmd.112.1548347632214; 
 Thu, 24 Jan 2019 08:33:52 -0800 (PST)
Received: from localhost.localdomain
 (laubervilliers-657-1-83-120.w92-154.abo.wanadoo.fr.
 [92.154.90.120]) by smtp.gmail.com with ESMTPSA id
 t12sm99629069wrr.65.2019.01.24.08.33.51
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Thu, 24 Jan 2019 08:33:51 -0800 (PST)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-crypto@vger.kernel.org
Cc: herbert@gondor.apana.org.au, ebiggers@kernel.org,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: [PATCH 1/3] crypto: arm64/aes-ccm - fix logical bug in AAD MAC
 handling
Date: Thu, 24 Jan 2019 17:33:45 +0100
Message-Id: <20190124163347.12653-2-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190124163347.12653-1-ard.biesheuvel@linaro.org>
References: <20190124163347.12653-1-ard.biesheuvel@linaro.org>
MIME-Version: 1.0
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

The NEON MAC calculation routine fails to handle the case correctly
where there is some data in the buffer, and the input fills it up
exactly. In this case, we enter the loop at the end with w8 == 0,
while a negative value is assumed, and so the loop carries on until
the increment of the 32-bit counter wraps around, which is quite
obviously wrong.

So omit the loop altogether in this case, and exit right away.

Reported-by: Eric Biggers <ebiggers@kernel.org>
Fixes: a3fd82105b9d1 ("arm64/crypto: AES in CCM mode using ARMv8 Crypto ...")
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 arch/arm64/crypto/aes-ce-ccm-core.S | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

-- 
2.20.1

diff --git a/arch/arm64/crypto/aes-ce-ccm-core.S b/arch/arm64/crypto/aes-ce-ccm-core.S
index e3a375c4cb83..1b151442dac1 100644
--- a/arch/arm64/crypto/aes-ce-ccm-core.S
+++ b/arch/arm64/crypto/aes-ce-ccm-core.S
@@ -74,12 +74,13 @@ ENTRY(ce_aes_ccm_auth_data)
 	beq	10f
 	ext	v0.16b, v0.16b, v0.16b, #1	/* rotate out the mac bytes */
 	b	7b
-8:	mov	w7, w8
+8:	cbz	w8, 91f
+	mov	w7, w8
 	add	w8, w8, #16
 9:	ext	v1.16b, v1.16b, v1.16b, #1
 	adds	w7, w7, #1
 	bne	9b
-	eor	v0.16b, v0.16b, v1.16b
+91:	eor	v0.16b, v0.16b, v1.16b
 	st1	{v0.16b}, [x0]
 10:	str	w8, [x3]
 	ret

From patchwork Thu Jan 24 16:33:46 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 156500
Delivered-To: patch@linaro.org
Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp2165008jaa;
 Thu, 24 Jan 2019 08:33:56 -0800 (PST)
X-Google-Smtp-Source: ALg8bN4qgcMv94G1rbi/jFpZT5U8Hb9BfQfRe9QZRCVSirPl89nU/rqcmgbA0p5yeAbwKRhMx9XB
X-Received: by 2002:a17:902:4681:: with SMTP id
 p1mr7421430pld.184.1548347636852; 
 Thu, 24 Jan 2019 08:33:56 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1548347636; cv=none;
 d=google.com; s=arc-20160816;
 b=JAnzXhpivDsQQ/RpIzwO+Kz1zgECUF4CTa1V6DJr3PKZ2vG06VcHr5jPqGUQtUIK4a
 8B/zf/95py+IppDN/TQBTlzsD0gGSQk9YcPKWfFl7uu7jSuyUfVijtOYgPlEMahzq02s
 yMsI1pf13oMcD7/5n4RT90K5EwX1cdSAsEdrxz/QYeo/d1qe8qPYplyhcX9D4hLemlvI
 uvMIIo52J9r1ZoAD3wWIDP6+uTgPz065XpbhcvbHNMauiDMdLH8x7Q3gkOpG2Tyk+Oi0
 IP8el1YbdWNz4lHhxDWXhEHVMajV2gJDpuM7d5Oa6BJBPA+vQQeo3PekKF8KWf6FKVwQ
 //7A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:content-transfer-encoding:mime-version
 :references:in-reply-to:message-id:date:subject:cc:to:from
 :dkim-signature;
 bh=G41sgJAH7cOGISzvmX0cU+gy3eCXCkMtDvUqIcUHa8o=;
 b=s8A3zFYFQNtDvQikfW09Tu0+aBjdP1xsNtTG5HxAKLWsJ8wTZcQ0BsFhFODPyzrvbb
 8g94lFTJz5pLpinKUMRBgC0EbWIm3LdP39Sd5Iz4G8BA6FT111CwOmp547S6GjtCOPNO
 EUE/2EOhgPe8OAnI/5Qc6NTvAmcZvocYGV/ztQBF6018ZXf6P7UkHO4MoVzD/gs1LKLd
 2+5eAg6AflNqYw/ii4Z42ZPtchXJHz+cp9cE9tlCsN8N1IY96S5IDwS76g7EjC8P3RdQ
 SsZDDY/fLIfAYeSZ7fe6NIqjDe77AQ9wG45IbMNrx3B6RlXG3Ld5PvUw6PTvC7CfWOos
 gk3g==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=QCP0TruD;
 spf=pass (google.com: best guess record for domain of
 linux-crypto-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-crypto-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 c5si20261952pgq.434.2019.01.24.08.33.56; 
 Thu, 24 Jan 2019 08:33:56 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 linux-crypto-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=QCP0TruD;
 spf=pass (google.com: best guess record for domain of
 linux-crypto-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-crypto-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1727740AbfAXQd4 (ORCPT <rfc822;sumit.garg@linaro.org>
 + 3 others); Thu, 24 Jan 2019 11:33:56 -0500
Received: from mail-wm1-f67.google.com ([209.85.128.67]:40825 "EHLO
 mail-wm1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1727573AbfAXQdz (ORCPT
 <rfc822;linux-crypto@vger.kernel.org>);
 Thu, 24 Jan 2019 11:33:55 -0500
Received: by mail-wm1-f67.google.com with SMTP id f188so3705689wmf.5
 for <linux-crypto@vger.kernel.org>;
 Thu, 24 Jan 2019 08:33:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=G41sgJAH7cOGISzvmX0cU+gy3eCXCkMtDvUqIcUHa8o=;
 b=QCP0TruD5NqlWG78qRspIyKRhyZUDVgHDQI6xFIOtZOj1rVYG8KkE0iTaYViG+1TF+
 lgTNQBFMdHW0ilDblDGlHSd2HFrTY0F44c2hg62rU689AVCNCgc6ez3g4AlDNqAb6FX7
 5UhgeDBHb0H5+zuFslLxAva0WV+GbeRo3FTtA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=G41sgJAH7cOGISzvmX0cU+gy3eCXCkMtDvUqIcUHa8o=;
 b=b1pJDxdzO8VEIpeR3JRHIq3qhHclJiLhhFQ8hiTiaagMPco1NSn6t4GHB50zoFeshb
 Ut7Dq1nv/nWnNkgTZpxiU7rUaDzpslJ/B+Je8LGjQYqWnNBpsI2KmWXQmy9SHG15/qQc
 44VdLjEE+cH8RwSsVYGnC2ttBRmJbdoRwai2M8I6stXSen5wFSlMibJAS0nmaG6pULNt
 Atiza89aivFTX4BWNkCuoHSUMv0MRMUtXmFEYRo33iPJ2LKSmpuOSrO400JnHPtkID+d
 p72QLAOZsNvNHozQnAFPRJ4dxXT2naU3iDEUCmtC5bCUKYQfw8fYpbjVZ4Ra3ohrUqbW
 dbtA==
X-Gm-Message-State: AJcUukcPRiYT7L4G273Up/sjTOMZDFgaHQ+NZ16MbCg28HNnbe1ElnVD
 xk6k/EJbJ67Qj4zcD4gn1WBUHy8GM3HtXA==
X-Received: by 2002:a1c:9cce:: with SMTP id
 f197mr3381997wme.135.1548347633691; 
 Thu, 24 Jan 2019 08:33:53 -0800 (PST)
Received: from localhost.localdomain
 (laubervilliers-657-1-83-120.w92-154.abo.wanadoo.fr.
 [92.154.90.120]) by smtp.gmail.com with ESMTPSA id
 t12sm99629069wrr.65.2019.01.24.08.33.52
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Thu, 24 Jan 2019 08:33:52 -0800 (PST)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-crypto@vger.kernel.org
Cc: herbert@gondor.apana.org.au, ebiggers@kernel.org,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: [PATCH 2/3] crypto: arm64/aes-ccm - fix bugs in non-NEON fallback
 routine
Date: Thu, 24 Jan 2019 17:33:46 +0100
Message-Id: <20190124163347.12653-3-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190124163347.12653-1-ard.biesheuvel@linaro.org>
References: <20190124163347.12653-1-ard.biesheuvel@linaro.org>
MIME-Version: 1.0
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

Commit 5092fcf34908 ("crypto: arm64/aes-ce-ccm: add non-SIMD generic
fallback") introduced C fallback code to replace the NEON routines
when invoked from a context where the NEON is not available (i.e.,
from the context of a softirq taken while the NEON is already being
used in kernel process context)

Fix two logical flaws in the MAC calculation of the associated data.

Reported-by: Eric Biggers <ebiggers@kernel.org>
Fixes: 5092fcf34908 ("crypto: arm64/aes-ce-ccm: add non-SIMD generic fallback")
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 arch/arm64/crypto/aes-ce-ccm-glue.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

-- 
2.20.1

diff --git a/arch/arm64/crypto/aes-ce-ccm-glue.c b/arch/arm64/crypto/aes-ce-ccm-glue.c
index 68b11aa690e4..986191e8c058 100644
--- a/arch/arm64/crypto/aes-ce-ccm-glue.c
+++ b/arch/arm64/crypto/aes-ce-ccm-glue.c
@@ -125,7 +125,7 @@ static void ccm_update_mac(struct crypto_aes_ctx *key, u8 mac[], u8 const in[],
 			abytes -= added;
 		}
 
-		while (abytes > AES_BLOCK_SIZE) {
+		while (abytes >= AES_BLOCK_SIZE) {
 			__aes_arm64_encrypt(key->key_enc, mac, mac,
 					    num_rounds(key));
 			crypto_xor(mac, in, AES_BLOCK_SIZE);
@@ -139,8 +139,6 @@ static void ccm_update_mac(struct crypto_aes_ctx *key, u8 mac[], u8 const in[],
 					    num_rounds(key));
 			crypto_xor(mac, in, abytes);
 			*macp = abytes;
-		} else {
-			*macp = 0;
 		}
 	}
 }

From patchwork Thu Jan 24 16:33:47 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 156501
Delivered-To: patch@linaro.org
Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp2165035jaa;
 Thu, 24 Jan 2019 08:33:58 -0800 (PST)
X-Google-Smtp-Source: ALg8bN6QUhLJ+vPn25rdMAfpKHaZfh0nOp9STbwz0OOLmFyPL/z33TDvsqxlVogozGpmh1kwfdJ5
X-Received: by 2002:a63:a35c:: with SMTP id v28mr6463067pgn.205.1548347638535; 
 Thu, 24 Jan 2019 08:33:58 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1548347638; cv=none;
 d=google.com; s=arc-20160816;
 b=tWf7azrxgVtlMwVdxEhz7m+o1RVfPTAUX6Uye8pjy3Ejq/838WGEmcF0BtqT95OzXl
 +hVqYgTKu4XYijY1DL8D8HjO7QTAaUGfrUVaFmEWMytDhXz3j+vm7zIC0Bml1UqZlh5d
 y/e84KHVX8G3CjaiUKM8+vgRPFHYnEU+VwpgnK0RMVhOUhno2Mw0yKHTxpJrVnklrwSg
 OlfKEu44L1HZ+6YfRndcM/5vw6NLIEGeFy0w6qrvBGZl5/mRsMKFM2dHUlAi+Dz95LK4
 plP/OMpv5RqqyYvWRLtkBPrqSGWG/6BkUZyVJY4ZFiMrkaQBg/+kIhPxojEVDvOAPc87
 F/BQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:content-transfer-encoding:mime-version
 :references:in-reply-to:message-id:date:subject:cc:to:from
 :dkim-signature;
 bh=RPyzbyLlh3W2c/h1LkXMkKRinYA35oe3Ivdo9s+NBuM=;
 b=hHc7Acce4aPBZ+KluiNmaMP0q/PUdDFo/0Zh2XG3sD3AKV+aNwXxAyZjR32kK6Rgwu
 DcWTBlWMMEhlkVPHCUqCcbhtEsYbHcsBWq1m/oGZsf0c350nYePZck1l1tlkCFgLMGoC
 WCLh2cvwNOGc7XpfHDy8oiEozSvrtK6jEFuOlZWJn3LDv115sOuRSQDbwZ7VAaM9w4Yg
 sTcaBrHw3J6VdTGV4uUjw/5/Ybp/MMTZRBVYEBmXK8JyZIaUf77VDw/uuaiS1SmQ6eVX
 QDzrMrHqPlUntiwINUa4elNRJp4j880QPyEQ+Ts4cjsOqKXaxndOKqasIoP2/r8wvEng
 q3jg==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=UyjWTiTn;
 spf=pass (google.com: best guess record for domain of
 linux-crypto-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-crypto-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 c5si20261952pgq.434.2019.01.24.08.33.58; 
 Thu, 24 Jan 2019 08:33:58 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 linux-crypto-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=UyjWTiTn;
 spf=pass (google.com: best guess record for domain of
 linux-crypto-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-crypto-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1727573AbfAXQd5 (ORCPT <rfc822;sumit.garg@linaro.org>
 + 3 others); Thu, 24 Jan 2019 11:33:57 -0500
Received: from mail-wm1-f65.google.com ([209.85.128.65]:35108 "EHLO
 mail-wm1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1727649AbfAXQd5 (ORCPT
 <rfc822;linux-crypto@vger.kernel.org>);
 Thu, 24 Jan 2019 11:33:57 -0500
Received: by mail-wm1-f65.google.com with SMTP id t200so3789901wmt.0
 for <linux-crypto@vger.kernel.org>;
 Thu, 24 Jan 2019 08:33:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=RPyzbyLlh3W2c/h1LkXMkKRinYA35oe3Ivdo9s+NBuM=;
 b=UyjWTiTnHAfLcBttuKjyCyxxh4Aa8zetJMxMInnaRfr1zO2W4PYmohLJUgHs2XjRYt
 m7nZWUTZoxtpGje/ovujA90qpv32Ks1ViRUam9BPzWF3ib7NlMXjJDfg2nmcz89V9arh
 C9j8sZlv94rFmsX8+eE17hc0RYJWlCIEmC38w=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=RPyzbyLlh3W2c/h1LkXMkKRinYA35oe3Ivdo9s+NBuM=;
 b=o2XMWrVJpnBUXxLW1AaAHI93+BimTsWsAzmnmvsEHgvrfVYGbeTFZJR8OEi/duni27
 Tx65B4LEdChTQAn73BoMyjP16Dyzcyw0Nx9itgbM00S8cvpuhvXtxdKUz/H3tWrHYfZ2
 0C5XFMtXH0aknnmMs/Y47tHp25r/ISEexlzOtfouZedg1pqByLZ5sfQ2Dad9wZijODiP
 hPu6l4Godrm6FUKJ0XzoEEwMf81YGP8pf+r68FNocv2HaYmf7setweSuY3gzEXhI4clG
 CjwixWzjr9KaAfQXx4jkZ2IDA24/ZYo25u3dwSS7qulrLszPd+1RvTcKaqLQxHPIZQDT
 b2dQ==
X-Gm-Message-State: AJcUukfuqgztDdynOzySWVodvkimloiaC2sHMvulDQA6ZVEjei+OwHcw
 rKVFqr5qoQ6rUVo01R7fE3HjNqzftCfMIw==
X-Received: by 2002:a1c:be11:: with SMTP id o17mr3282887wmf.111.1548347635155; 
 Thu, 24 Jan 2019 08:33:55 -0800 (PST)
Received: from localhost.localdomain
 (laubervilliers-657-1-83-120.w92-154.abo.wanadoo.fr.
 [92.154.90.120]) by smtp.gmail.com with ESMTPSA id
 t12sm99629069wrr.65.2019.01.24.08.33.53
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Thu, 24 Jan 2019 08:33:54 -0800 (PST)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-crypto@vger.kernel.org
Cc: herbert@gondor.apana.org.au, ebiggers@kernel.org,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: [PATCH 3/3] crypto: arm64/aes-ccm - don't use an atomic walk
 needlessly
Date: Thu, 24 Jan 2019 17:33:47 +0100
Message-Id: <20190124163347.12653-4-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190124163347.12653-1-ard.biesheuvel@linaro.org>
References: <20190124163347.12653-1-ard.biesheuvel@linaro.org>
MIME-Version: 1.0
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

When the AES-CCM code was first added, the NEON register were saved
and restored eagerly, and so the code avoided doing so, and executed
the scatterwalk in atomic context inside the kernel_neon_begin/end
section.

This has been changed in the meantime, so switch to non-atomic
scatterwalks.

Fixes: bd2ad885e30d ("crypto: arm64/aes-ce-ccm - move kernel mode neon ...")
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 arch/arm64/crypto/aes-ce-ccm-glue.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
2.20.1

diff --git a/arch/arm64/crypto/aes-ce-ccm-glue.c b/arch/arm64/crypto/aes-ce-ccm-glue.c
index 986191e8c058..5fc6f51908fd 100644
--- a/arch/arm64/crypto/aes-ce-ccm-glue.c
+++ b/arch/arm64/crypto/aes-ce-ccm-glue.c
@@ -253,7 +253,7 @@ static int ccm_encrypt(struct aead_request *req)
 	/* preserve the original iv for the final round */
 	memcpy(buf, req->iv, AES_BLOCK_SIZE);
 
-	err = skcipher_walk_aead_encrypt(&walk, req, true);
+	err = skcipher_walk_aead_encrypt(&walk, req, false);
 
 	if (may_use_simd()) {
 		while (walk.nbytes) {
@@ -311,7 +311,7 @@ static int ccm_decrypt(struct aead_request *req)
 	/* preserve the original iv for the final round */
 	memcpy(buf, req->iv, AES_BLOCK_SIZE);
 
-	err = skcipher_walk_aead_decrypt(&walk, req, true);
+	err = skcipher_walk_aead_decrypt(&walk, req, false);
 
 	if (may_use_simd()) {
 		while (walk.nbytes) {