1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
Subject: [PATCH] do not use EIP-197
ovpn-dco is currently incompatible with the SafeXcel EIP-197
cryptographic engine [1]. Disable async until this is fixed.
[1] https://github.com/openwrt/packages/pull/27421
---
drivers/net/ovpn/crypto_aead.c | 10 +++++++---
drivers/net/ovpn/io.c | 10 ++++++++++
drivers/net/ovpn/io.h | 2 ++
3 files changed, 19 insertions(+), 3 deletions(-)
--- a/drivers/net/ovpn/crypto_aead.c
+++ b/drivers/net/ovpn/crypto_aead.c
@@ -134,7 +134,7 @@ static struct scatterlist *ovpn_aead_cry
__alignof__(struct scatterlist));
}
-#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0)
+#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0) && !IS_ENABLED(CONFIG_CRYPTO_DEV_SAFEXCEL)
static inline void ovpn_encrypt_post_compl(struct crypto_async_request *req, int ret)
{
ovpn_encrypt_post(req->data, ret);
@@ -235,11 +235,13 @@ int ovpn_aead_encrypt(struct ovpn_peer *
/* setup async crypto operation */
aead_request_set_tfm(req, ks->encrypt);
+#if !IS_ENABLED(CONFIG_CRYPTO_DEV_SAFEXCEL)
#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0)
aead_request_set_callback(req, 0, ovpn_encrypt_post_compl, skb);
#else
aead_request_set_callback(req, 0, ovpn_encrypt_post, skb);
#endif
+#endif
aead_request_set_crypt(req, sg, sg,
skb->len - ovpn_aead_encap_overhead(ks), iv);
aead_request_set_ad(req, OVPN_AAD_SIZE);
@@ -248,7 +250,7 @@ int ovpn_aead_encrypt(struct ovpn_peer *
return crypto_aead_encrypt(req);
}
-#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0)
+#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0) && !IS_ENABLED(CONFIG_CRYPTO_DEV_SAFEXCEL)
static inline void ovpn_decrypt_post_compl(struct crypto_async_request *req, int ret)
{
ovpn_decrypt_post(req->data, ret);
@@ -333,11 +335,13 @@ int ovpn_aead_decrypt(struct ovpn_peer *
/* setup async crypto operation */
aead_request_set_tfm(req, ks->decrypt);
+#if !IS_ENABLED(CONFIG_CRYPTO_DEV_SAFEXCEL)
#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0)
aead_request_set_callback(req, 0, ovpn_decrypt_post_compl, skb);
#else
aead_request_set_callback(req, 0, ovpn_decrypt_post, skb);
#endif
+#endif
aead_request_set_crypt(req, sg, sg, payload_len + tag_size, iv);
aead_request_set_ad(req, OVPN_AAD_SIZE);
@@ -355,7 +359,7 @@ static struct crypto_aead *ovpn_aead_ini
struct crypto_aead *aead;
int ret;
- aead = crypto_alloc_aead(alg_name, 0, 0);
+ aead = crypto_alloc_aead(alg_name, 0, IS_ENABLED(CONFIG_CRYPTO_DEV_SAFEXCEL) ? CRYPTO_ALG_ASYNC : 0);
if (IS_ERR(aead)) {
ret = PTR_ERR(aead);
pr_err("%s crypto_alloc_aead failed, err=%d\n", title, ret);
--- a/drivers/net/ovpn/io.c
+++ b/drivers/net/ovpn/io.c
@@ -98,6 +98,9 @@ static void ovpn_netdev_write(struct ovp
}
}
+#if IS_ENABLED(CONFIG_CRYPTO_DEV_SAFEXCEL)
+static
+#endif
void ovpn_decrypt_post(void *data, int ret)
{
struct ovpn_crypto_key_slot *ks;
@@ -108,11 +111,13 @@ void ovpn_decrypt_post(void *data, int r
__be16 proto;
__be32 *pid;
+#if !IS_ENABLED(CONFIG_CRYPTO_DEV_SAFEXCEL)
/* crypto is happening asynchronously. this function will be called
* again later by the crypto callback with a proper return code
*/
if (unlikely(ret == -EINPROGRESS))
return;
+#endif
payload_offset = ovpn_skb_cb(skb)->payload_offset;
ks = ovpn_skb_cb(skb)->ks;
@@ -228,6 +233,9 @@ void ovpn_recv(struct ovpn_peer *peer, s
ovpn_decrypt_post(skb, ovpn_aead_decrypt(peer, ks, skb));
}
+#if IS_ENABLED(CONFIG_CRYPTO_DEV_SAFEXCEL)
+static
+#endif
void ovpn_encrypt_post(void *data, int ret)
{
struct ovpn_crypto_key_slot *ks;
@@ -236,11 +244,13 @@ void ovpn_encrypt_post(void *data, int r
struct ovpn_peer *peer;
unsigned int orig_len;
+#if !IS_ENABLED(CONFIG_CRYPTO_DEV_SAFEXCEL)
/* encryption is happening asynchronously. This function will be
* called later by the crypto callback with a proper return value
*/
if (unlikely(ret == -EINPROGRESS))
return;
+#endif
ks = ovpn_skb_cb(skb)->ks;
peer = ovpn_skb_cb(skb)->peer;
--- a/drivers/net/ovpn/io.h
+++ b/drivers/net/ovpn/io.h
@@ -28,7 +28,9 @@ void ovpn_recv(struct ovpn_peer *peer, s
void ovpn_xmit_special(struct ovpn_peer *peer, const void *data,
const unsigned int len);
+#if !IS_ENABLED(CONFIG_CRYPTO_DEV_SAFEXCEL)
void ovpn_encrypt_post(void *data, int ret);
void ovpn_decrypt_post(void *data, int ret);
+#endif
#endif /* _NET_OVPN_OVPN_H_ */
|
