When I added generic-gcm-aes I didn't add a wrapper like the one
provided for rfc4106(gcm(aes)). We need to add a cryptd wrapper to fall
back on in case the FPU is not available, otherwise we might corrupt the
FPU state.

Fixes: cce2ea8d90fe ("crypto: aesni - add generic gcm(aes)")
Reported-by: Ilya Lesokhin <il...@mellanox.com>
Signed-off-by: Sabrina Dubroca <s...@queasysnail.net>
Reviewed-by: Stefano Brivio <sbri...@redhat.com>
---
 arch/x86/crypto/aesni-intel_glue.c | 66 +++++++++++++++++++++++++++++++-------
 1 file changed, 54 insertions(+), 12 deletions(-)

diff --git a/arch/x86/crypto/aesni-intel_glue.c 
b/arch/x86/crypto/aesni-intel_glue.c
index 8981ed1eb7ad..a5ee78d723cd 100644
--- a/arch/x86/crypto/aesni-intel_glue.c
+++ b/arch/x86/crypto/aesni-intel_glue.c
@@ -690,8 +690,8 @@ static int common_rfc4106_set_key(struct crypto_aead *aead, 
const u8 *key,
               rfc4106_set_hash_subkey(ctx->hash_subkey, key, key_len);
 }
 
-static int rfc4106_set_key(struct crypto_aead *parent, const u8 *key,
-                          unsigned int key_len)
+static int gcmaes_wrapper_set_key(struct crypto_aead *parent, const u8 *key,
+                                 unsigned int key_len)
 {
        struct cryptd_aead **ctx = crypto_aead_ctx(parent);
        struct cryptd_aead *cryptd_tfm = *ctx;
@@ -716,8 +716,8 @@ static int common_rfc4106_set_authsize(struct crypto_aead 
*aead,
 
 /* This is the Integrity Check Value (aka the authentication tag length and can
  * be 8, 12 or 16 bytes long. */
-static int rfc4106_set_authsize(struct crypto_aead *parent,
-                               unsigned int authsize)
+static int gcmaes_wrapper_set_authsize(struct crypto_aead *parent,
+                                      unsigned int authsize)
 {
        struct cryptd_aead **ctx = crypto_aead_ctx(parent);
        struct cryptd_aead *cryptd_tfm = *ctx;
@@ -929,7 +929,7 @@ static int helper_rfc4106_decrypt(struct aead_request *req)
                              aes_ctx);
 }
 
-static int rfc4106_encrypt(struct aead_request *req)
+static int gcmaes_wrapper_encrypt(struct aead_request *req)
 {
        struct crypto_aead *tfm = crypto_aead_reqtfm(req);
        struct cryptd_aead **ctx = crypto_aead_ctx(tfm);
@@ -945,7 +945,7 @@ static int rfc4106_encrypt(struct aead_request *req)
        return crypto_aead_encrypt(req);
 }
 
-static int rfc4106_decrypt(struct aead_request *req)
+static int gcmaes_wrapper_decrypt(struct aead_request *req)
 {
        struct crypto_aead *tfm = crypto_aead_reqtfm(req);
        struct cryptd_aead **ctx = crypto_aead_ctx(tfm);
@@ -1128,6 +1128,30 @@ static int generic_gcmaes_decrypt(struct aead_request 
*req)
                              aes_ctx);
 }
 
+static int generic_gcmaes_init(struct crypto_aead *aead)
+{
+       struct cryptd_aead *cryptd_tfm;
+       struct cryptd_aead **ctx = crypto_aead_ctx(aead);
+
+       cryptd_tfm = cryptd_alloc_aead("__driver-generic-gcm-aes-aesni",
+                                      CRYPTO_ALG_INTERNAL,
+                                      CRYPTO_ALG_INTERNAL);
+       if (IS_ERR(cryptd_tfm))
+               return PTR_ERR(cryptd_tfm);
+
+       *ctx = cryptd_tfm;
+       crypto_aead_set_reqsize(aead, crypto_aead_reqsize(&cryptd_tfm->base));
+
+       return 0;
+}
+
+static void generic_gcmaes_exit(struct crypto_aead *aead)
+{
+       struct cryptd_aead **ctx = crypto_aead_ctx(aead);
+
+       cryptd_free_aead(*ctx);
+}
+
 static struct aead_alg aesni_aead_algs[] = { {
        .setkey                 = common_rfc4106_set_key,
        .setauthsize            = common_rfc4106_set_authsize,
@@ -1147,10 +1171,10 @@ static struct aead_alg aesni_aead_algs[] = { {
 }, {
        .init                   = rfc4106_init,
        .exit                   = rfc4106_exit,
-       .setkey                 = rfc4106_set_key,
-       .setauthsize            = rfc4106_set_authsize,
-       .encrypt                = rfc4106_encrypt,
-       .decrypt                = rfc4106_decrypt,
+       .setkey                 = gcmaes_wrapper_set_key,
+       .setauthsize            = gcmaes_wrapper_set_authsize,
+       .encrypt                = gcmaes_wrapper_encrypt,
+       .decrypt                = gcmaes_wrapper_decrypt,
        .ivsize                 = GCM_RFC4106_IV_SIZE,
        .maxauthsize            = 16,
        .base = {
@@ -1169,14 +1193,32 @@ static struct aead_alg aesni_aead_algs[] = { {
        .decrypt                = generic_gcmaes_decrypt,
        .ivsize                 = GCM_AES_IV_SIZE,
        .maxauthsize            = 16,
+       .base = {
+               .cra_name               = "__generic-gcm-aes-aesni",
+               .cra_driver_name        = "__driver-generic-gcm-aes-aesni",
+               .cra_priority           = 0,
+               .cra_flags              = CRYPTO_ALG_INTERNAL,
+               .cra_blocksize          = 1,
+               .cra_ctxsize            = sizeof(struct generic_gcmaes_ctx),
+               .cra_alignmask          = AESNI_ALIGN - 1,
+               .cra_module             = THIS_MODULE,
+       },
+}, {
+       .init                   = generic_gcmaes_init,
+       .exit                   = generic_gcmaes_exit,
+       .setkey                 = gcmaes_wrapper_set_key,
+       .setauthsize            = gcmaes_wrapper_set_authsize,
+       .encrypt                = gcmaes_wrapper_encrypt,
+       .decrypt                = gcmaes_wrapper_decrypt,
+       .ivsize                 = GCM_AES_IV_SIZE,
+       .maxauthsize            = 16,
        .base = {
                .cra_name               = "gcm(aes)",
                .cra_driver_name        = "generic-gcm-aesni",
                .cra_priority           = 400,
                .cra_flags              = CRYPTO_ALG_ASYNC,
                .cra_blocksize          = 1,
-               .cra_ctxsize            = sizeof(struct generic_gcmaes_ctx),
-               .cra_alignmask          = AESNI_ALIGN - 1,
+               .cra_ctxsize            = sizeof(struct cryptd_aead *),
                .cra_module             = THIS_MODULE,
        },
 } };
-- 
2.15.1

Reply via email to