mirror of
https://github.com/openwrt/packages.git
synced 2026-05-31 06:51:51 +08:00
ovpn-dco: work around EIP-197 incompatibility
ovpn-dco is currently incompatible with the SafeXcel EIP-197 cryptographic engine. Disable async until this is fixed. Signed-off-by: Qingfang Deng <dqfext@gmail.com>
This commit is contained in:
Qingfang Deng
committed by
Alexandru Ardelean
Alexandru Ardelean
parent
2cf1c2dda9
commit
974c2be6b8
@@ -10,7 +10,7 @@ include $(INCLUDE_DIR)/kernel.mk
|
||||
|
||||
PKG_NAME:=ovpn-backports
|
||||
PKG_VERSION:=7.0.0.2026032400
|
||||
PKG_RELEASE:=1
|
||||
PKG_RELEASE:=2
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL= \
|
||||
|
||||
@@ -0,0 +1,131 @@
|
||||
Subject: [PATCH] do not use EIP-197
|
||||
|
||||
ovpn-dco is currently incompatible with the SafeXcel EIP-197
|
||||
cryptographic engine [1]. Disable async until this is fixed.
|
||||
|
||||
[1] https://github.com/openwrt/packages/pull/27421
|
||||
---
|
||||
drivers/net/ovpn/crypto_aead.c | 10 +++++++---
|
||||
drivers/net/ovpn/io.c | 10 ++++++++++
|
||||
drivers/net/ovpn/io.h | 2 ++
|
||||
3 files changed, 19 insertions(+), 3 deletions(-)
|
||||
|
||||
--- a/drivers/net/ovpn/crypto_aead.c
|
||||
+++ b/drivers/net/ovpn/crypto_aead.c
|
||||
@@ -134,7 +134,7 @@ static struct scatterlist *ovpn_aead_cry
|
||||
__alignof__(struct scatterlist));
|
||||
}
|
||||
|
||||
-#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0)
|
||||
+#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0) && !IS_ENABLED(CONFIG_CRYPTO_DEV_SAFEXCEL)
|
||||
static inline void ovpn_encrypt_post_compl(struct crypto_async_request *req, int ret)
|
||||
{
|
||||
ovpn_encrypt_post(req->data, ret);
|
||||
@@ -235,11 +235,13 @@ int ovpn_aead_encrypt(struct ovpn_peer *
|
||||
|
||||
/* setup async crypto operation */
|
||||
aead_request_set_tfm(req, ks->encrypt);
|
||||
+#if !IS_ENABLED(CONFIG_CRYPTO_DEV_SAFEXCEL)
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0)
|
||||
aead_request_set_callback(req, 0, ovpn_encrypt_post_compl, skb);
|
||||
#else
|
||||
aead_request_set_callback(req, 0, ovpn_encrypt_post, skb);
|
||||
#endif
|
||||
+#endif
|
||||
aead_request_set_crypt(req, sg, sg,
|
||||
skb->len - ovpn_aead_encap_overhead(ks), iv);
|
||||
aead_request_set_ad(req, OVPN_AAD_SIZE);
|
||||
@@ -248,7 +250,7 @@ int ovpn_aead_encrypt(struct ovpn_peer *
|
||||
return crypto_aead_encrypt(req);
|
||||
}
|
||||
|
||||
-#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0)
|
||||
+#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0) && !IS_ENABLED(CONFIG_CRYPTO_DEV_SAFEXCEL)
|
||||
static inline void ovpn_decrypt_post_compl(struct crypto_async_request *req, int ret)
|
||||
{
|
||||
ovpn_decrypt_post(req->data, ret);
|
||||
@@ -333,11 +335,13 @@ int ovpn_aead_decrypt(struct ovpn_peer *
|
||||
|
||||
/* setup async crypto operation */
|
||||
aead_request_set_tfm(req, ks->decrypt);
|
||||
+#if !IS_ENABLED(CONFIG_CRYPTO_DEV_SAFEXCEL)
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0)
|
||||
aead_request_set_callback(req, 0, ovpn_decrypt_post_compl, skb);
|
||||
#else
|
||||
aead_request_set_callback(req, 0, ovpn_decrypt_post, skb);
|
||||
#endif
|
||||
+#endif
|
||||
aead_request_set_crypt(req, sg, sg, payload_len + tag_size, iv);
|
||||
|
||||
aead_request_set_ad(req, OVPN_AAD_SIZE);
|
||||
@@ -355,7 +359,7 @@ static struct crypto_aead *ovpn_aead_ini
|
||||
struct crypto_aead *aead;
|
||||
int ret;
|
||||
|
||||
- aead = crypto_alloc_aead(alg_name, 0, 0);
|
||||
+ aead = crypto_alloc_aead(alg_name, 0, IS_ENABLED(CONFIG_CRYPTO_DEV_SAFEXCEL) ? CRYPTO_ALG_ASYNC : 0);
|
||||
if (IS_ERR(aead)) {
|
||||
ret = PTR_ERR(aead);
|
||||
pr_err("%s crypto_alloc_aead failed, err=%d\n", title, ret);
|
||||
--- a/drivers/net/ovpn/io.c
|
||||
+++ b/drivers/net/ovpn/io.c
|
||||
@@ -98,6 +98,9 @@ static void ovpn_netdev_write(struct ovp
|
||||
}
|
||||
}
|
||||
|
||||
+#if IS_ENABLED(CONFIG_CRYPTO_DEV_SAFEXCEL)
|
||||
+static
|
||||
+#endif
|
||||
void ovpn_decrypt_post(void *data, int ret)
|
||||
{
|
||||
struct ovpn_crypto_key_slot *ks;
|
||||
@@ -108,11 +111,13 @@ void ovpn_decrypt_post(void *data, int r
|
||||
__be16 proto;
|
||||
__be32 *pid;
|
||||
|
||||
+#if !IS_ENABLED(CONFIG_CRYPTO_DEV_SAFEXCEL)
|
||||
/* crypto is happening asynchronously. this function will be called
|
||||
* again later by the crypto callback with a proper return code
|
||||
*/
|
||||
if (unlikely(ret == -EINPROGRESS))
|
||||
return;
|
||||
+#endif
|
||||
|
||||
payload_offset = ovpn_skb_cb(skb)->payload_offset;
|
||||
ks = ovpn_skb_cb(skb)->ks;
|
||||
@@ -228,6 +233,9 @@ void ovpn_recv(struct ovpn_peer *peer, s
|
||||
ovpn_decrypt_post(skb, ovpn_aead_decrypt(peer, ks, skb));
|
||||
}
|
||||
|
||||
+#if IS_ENABLED(CONFIG_CRYPTO_DEV_SAFEXCEL)
|
||||
+static
|
||||
+#endif
|
||||
void ovpn_encrypt_post(void *data, int ret)
|
||||
{
|
||||
struct ovpn_crypto_key_slot *ks;
|
||||
@@ -236,11 +244,13 @@ void ovpn_encrypt_post(void *data, int r
|
||||
struct ovpn_peer *peer;
|
||||
unsigned int orig_len;
|
||||
|
||||
+#if !IS_ENABLED(CONFIG_CRYPTO_DEV_SAFEXCEL)
|
||||
/* encryption is happening asynchronously. This function will be
|
||||
* called later by the crypto callback with a proper return value
|
||||
*/
|
||||
if (unlikely(ret == -EINPROGRESS))
|
||||
return;
|
||||
+#endif
|
||||
|
||||
ks = ovpn_skb_cb(skb)->ks;
|
||||
peer = ovpn_skb_cb(skb)->peer;
|
||||
--- a/drivers/net/ovpn/io.h
|
||||
+++ b/drivers/net/ovpn/io.h
|
||||
@@ -28,7 +28,9 @@ void ovpn_recv(struct ovpn_peer *peer, s
|
||||
void ovpn_xmit_special(struct ovpn_peer *peer, const void *data,
|
||||
const unsigned int len);
|
||||
|
||||
+#if !IS_ENABLED(CONFIG_CRYPTO_DEV_SAFEXCEL)
|
||||
void ovpn_encrypt_post(void *data, int ret);
|
||||
void ovpn_decrypt_post(void *data, int ret);
|
||||
+#endif
|
||||
|
||||
#endif /* _NET_OVPN_OVPN_H_ */
|
||||
Reference in New Issue
Block a user