Mathias Krause 0b1e95b2fa crypto: aesni - fix "by8" variant for 128 bit keys ... The "by8" counter mode optimization is broken for 128 bit keys with input data longer than 128 bytes. It uses the wrong key material for en- and decryption. The key registers xkey0, xkey4, xkey8 and xkey12 need to be preserved in case we're handling more than 128 bytes of input data -- they won't get reloaded after the initial load. They must therefore be (a) loaded on the first iteration and (b) be preserved for the latter ones. The implementation for 128 bit keys does not comply with (a) nor (b). Fix this by bringing the implementation back to its original source and correctly load the key registers and preserve their values by *not* re-using the registers for other purposes. Kudos to James for reporting the issue and providing a test case showing the discrepancies. Reported-by: James Yonan <james@openvpn.net> Cc: Chandramouli Narayanan <mouli@linux.intel.com> Cc: <stable@vger.kernel.org> # v3.18 Signed-off-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>		2015-01-05 21:35:02 +11:00
..
sha-mb	crypto: sha-mb - remove a bogus NULL check	2014-11-25 22:50:43 +08:00
aes_ctrby8_avx-x86_64.S	crypto: aesni - fix "by8" variant for 128 bit keys	2015-01-05 21:35:02 +11:00
aes_glue.c	crypto: prefix module autoloading with "crypto-"	2014-11-24 22:43:57 +08:00
aes-i586-asm_32.S	crypto: x86/aes - assembler clean-ups: use ENTRY/ENDPROC, localize jump targets	2013-01-20 10:16:47 +11:00
aes-x86_64-asm_64.S	crypto: x86/aes - assembler clean-ups: use ENTRY/ENDPROC, localize jump targets	2013-01-20 10:16:47 +11:00
aesni-intel_asm.S	crypto: aesni_intel - fix accessing of unaligned memory	2013-06-13 14:57:42 +08:00
aesni-intel_avx-x86_64.S	crypto: aesni - fix build on x86 (32bit)	2014-01-15 11:36:34 +08:00
aesni-intel_glue.c	crypto: prefix module autoloading with "crypto-"	2014-11-24 22:43:57 +08:00
blowfish_glue.c	crypto: prefix module autoloading with "crypto-"	2014-11-24 22:43:57 +08:00
blowfish-x86_64-asm_64.S	crypto: blowfish-x86_64: use ENTRY()/ENDPROC() for assembler functions and localize jump targets	2013-01-20 10:16:48 +11:00
camellia_aesni_avx_glue.c	crypto: prefix module autoloading with "crypto-"	2014-11-24 22:43:57 +08:00
camellia_aesni_avx2_glue.c	crypto: prefix module autoloading with "crypto-"	2014-11-24 22:43:57 +08:00
camellia_glue.c	crypto: prefix module autoloading with "crypto-"	2014-11-24 22:43:57 +08:00
camellia-aesni-avx-asm_64.S	crypto: x86/camellia-aesni-avx - add more optimized XTS code	2013-04-25 21:01:52 +08:00
camellia-aesni-avx2-asm_64.S	crypto: camellia-aesni-avx2 - tune assembly code for more performance	2013-06-21 14:44:23 +08:00
camellia-x86_64-asm_64.S	crypto: camellia-x86_64/aes-ni: use ENTRY()/ENDPROC() for assembler functions and localize jump targets	2013-01-20 10:16:48 +11:00
cast5_avx_glue.c	crypto: prefix module autoloading with "crypto-"	2014-11-24 22:43:57 +08:00
cast5-avx-x86_64-asm_64.S	crypto: cast5-avx: use ENTRY()/ENDPROC() for assembler functions and localize jump targets	2013-01-20 10:16:48 +11:00
cast6_avx_glue.c	crypto: prefix module autoloading with "crypto-"	2014-11-24 22:43:57 +08:00
cast6-avx-x86_64-asm_64.S	crypto: cast6-avx: use new optimized XTS code	2013-04-25 21:01:52 +08:00
crc32-pclmul_asm.S	x86, crc32-pclmul: Fix build with older binutils	2013-05-30 16:36:23 -07:00
crc32-pclmul_glue.c	crypto: prefix module autoloading with "crypto-"	2014-11-24 22:43:57 +08:00
crc32c-intel_glue.c	crypto: prefix module autoloading with "crypto-"	2014-11-24 22:43:57 +08:00
crc32c-pcl-intel-asm_64.S	crypto: crc32c-pclmul - Shrink K_table to 32-bit words	2014-06-20 21:27:57 +08:00
crct10dif-pcl-asm_64.S	Reinstate "crypto: crct10dif - Wrap crc_t10dif function all to use crypto transform framework"	2013-09-07 12:56:26 +10:00
crct10dif-pclmul_glue.c	crypto: prefix module autoloading with "crypto-"	2014-11-24 22:43:57 +08:00
des3_ede_glue.c	crypto: prefix module autoloading with "crypto-"	2014-11-24 22:43:57 +08:00
des3_ede-asm_64.S	crypto: des_3des - add x86-64 assembly implementation	2014-06-20 21:27:58 +08:00
fpu.c	crypto: include crypto- module prefix in template	2014-11-26 20:06:30 +08:00
ghash-clmulni-intel_asm.S	crypto: ghash-clmulni-intel - Use u128 instead of be128 for internal key	2014-04-04 21:06:14 +08:00
ghash-clmulni-intel_glue.c	crypto: prefix module autoloading with "crypto-"	2014-11-24 22:43:57 +08:00
glue_helper-asm-avx.S	crypto: x86 - add more optimized XTS-mode for serpent-avx	2013-04-25 21:01:51 +08:00
glue_helper-asm-avx2.S	crypto: twofish - add AVX2/x86_64 assembler implementation of twofish cipher	2013-04-25 21:09:05 +08:00
glue_helper.c	crypto: x86 - add more optimized XTS-mode for serpent-avx	2013-04-25 21:01:51 +08:00
Makefile	crypto: sha-mb - SHA1 multibuffer job manager and glue code	2014-08-25 20:32:30 +08:00
salsa20_glue.c	crypto: prefix module autoloading with "crypto-"	2014-11-24 22:43:57 +08:00
salsa20-i586-asm_32.S	crypto: x86/salsa20 - assembler cleanup, use ENTRY/ENDPROC for assember functions and rename ECRYPT_* to salsa20_*	2013-01-20 10:16:50 +11:00
salsa20-x86_64-asm_64.S	crypto: x86/salsa20 - assembler cleanup, use ENTRY/ENDPROC for assember functions and rename ECRYPT_* to salsa20_*	2013-01-20 10:16:50 +11:00
serpent_avx_glue.c	crypto: prefix module autoloading with "crypto-"	2014-11-24 22:43:57 +08:00
serpent_avx2_glue.c	crypto: prefix module autoloading with "crypto-"	2014-11-24 22:43:57 +08:00
serpent_sse2_glue.c	crypto: prefix module autoloading with "crypto-"	2014-11-24 22:43:57 +08:00
serpent-avx-x86_64-asm_64.S	crypto: x86 - add more optimized XTS-mode for serpent-avx	2013-04-25 21:01:51 +08:00
serpent-avx2-asm_64.S	crypto: serpent - add AVX2/x86_64 assembler implementation of serpent cipher	2013-04-25 21:09:07 +08:00
serpent-sse2-i586-asm_32.S	crypto: x86/serpent - use ENTRY/ENDPROC for assember functions and localize jump targets	2013-01-20 10:16:50 +11:00
serpent-sse2-x86_64-asm_64.S	crypto: x86/serpent - use ENTRY/ENDPROC for assember functions and localize jump targets	2013-01-20 10:16:50 +11:00
sha1_avx2_x86_64_asm.S	crypto: x86/sha1 - reduce size of the AVX2 asm implementation	2014-03-25 20:25:43 +08:00
sha1_ssse3_asm.S	crypto: x86/sha1 - assembler clean-ups: use ENTRY/ENDPROC	2013-01-20 10:16:51 +11:00
sha1_ssse3_glue.c	crypto: prefix module autoloading with "crypto-"	2014-11-24 22:43:57 +08:00
sha256_ssse3_glue.c	crypto: sha - replace memset by memzero_explicit	2014-12-02 22:55:49 +08:00
sha256-avx-asm.S	crypto: sha256_ssse3 - fix stack corruption with SSSE3 and AVX implementations	2013-05-28 13:46:47 +08:00
sha256-avx2-asm.S	crypto: sha256 - Optimized sha256 x86_64 routine using AVX2's RORX instructions	2013-04-03 09:06:32 +08:00
sha256-ssse3-asm.S	crypto: sha256_ssse3 - fix stack corruption with SSSE3 and AVX implementations	2013-05-28 13:46:47 +08:00
sha512_ssse3_glue.c	crypto: sha - replace memset by memzero_explicit	2014-12-02 22:55:49 +08:00
sha512-avx-asm.S	crypto: sha512 - Optimized SHA512 x86_64 assembly routine using AVX instructions.	2013-04-25 21:00:58 +08:00
sha512-avx2-asm.S	crypto: sha512 - Optimized SHA512 x86_64 assembly routine using AVX2 RORX instruction.	2013-04-25 21:00:58 +08:00
sha512-ssse3-asm.S	crypto: sha512 - Optimized SHA512 x86_64 assembly routine using Supplemental SSE3 instructions.	2013-04-25 21:00:58 +08:00
twofish_avx_glue.c	crypto: prefix module autoloading with "crypto-"	2014-11-24 22:43:57 +08:00
twofish_glue_3way.c	crypto: prefix module autoloading with "crypto-"	2014-11-24 22:43:57 +08:00
twofish_glue.c	crypto: prefix module autoloading with "crypto-"	2014-11-24 22:43:57 +08:00
twofish-avx-x86_64-asm_64.S	crypto: x86/twofish-avx - use optimized XTS code	2013-04-25 21:01:51 +08:00
twofish-i586-asm_32.S	crypto: x86/twofish - assembler clean-ups: use ENTRY/ENDPROC, localize jump labels	2013-01-20 10:16:51 +11:00
twofish-x86_64-asm_64-3way.S	crypto: x86/twofish - assembler clean-ups: use ENTRY/ENDPROC, localize jump labels	2013-01-20 10:16:51 +11:00
twofish-x86_64-asm_64.S	crypto: x86/twofish - assembler clean-ups: use ENTRY/ENDPROC, localize jump labels	2013-01-20 10:16:51 +11:00