• Eric Biggers's avatar
    crypto: x86/morus - fix handling chunked inputs and MAY_SLEEP · 2060e284
    Eric Biggers authored
    The x86 MORUS implementations all fail the improved AEAD tests because
    they produce the wrong result with some data layouts.  The issue is that
    they assume that if the skcipher_walk API gives 'nbytes' not aligned to
    the walksize (a.k.a. walk.stride), then it is the end of the data.  In
    fact, this can happen before the end.
    
    Also, when the CRYPTO_TFM_REQ_MAY_SLEEP flag is given, they can
    incorrectly sleep in the skcipher_walk_*() functions while preemption
    has been disabled by kernel_fpu_begin().
    
    Fix these bugs.
    
    Fixes: 56e8e57f ("crypto: morus - Add common SIMD glue code for MORUS")
    Cc: <stable@vger.kernel.org> # v4.18+
    Cc: Ondrej Mosnacek <omosnace@redhat.com>
    Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
    Reviewed-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    2060e284
morus1280_glue.c 8.39 KB