- 05 9月, 2014 1 次提交
-
-
由 Stephan Mueller 提交于
The drbg_healthcheck() contained a test to call the DRBG with an uninitialized DRBG cipher handle. As this is an inappropriate use of the kernel crypto API to try to generate random numbers before initialization, checks verifying for an initialized DRBG have been removed in previous patches. Now, the drbg_healthcheck test must also be removed. Changes V2: Added patch marker to email subject line. Signed-off-by: NStephan Mueller <smueller@chronox.de> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
- 03 9月, 2014 2 次提交
-
-
由 David Howells 提交于
Relax the check on the length of the PKCS#7 cert as it appears that the PE file wrapper size gets rounded up to the nearest 8. The debugging output looks like this: PEFILE: ==> verify_pefile_signature() PEFILE: ==> pefile_parse_binary() PEFILE: checksum @ 110 PEFILE: header size = 200 PEFILE: cert = 968 @547be0 [68 09 00 00 00 02 02 00 30 82 09 56 ] PEFILE: sig wrapper = { 968, 200, 2 } PEFILE: Signature data not PKCS#7 The wrapper is the first 8 bytes of the hex dump inside []. This indicates a length of 0x968 bytes, including the wrapper header - so 0x960 bytes of payload. The ASN.1 wrapper begins [ ... 30 82 09 56 ]. That indicates an object of size 0x956 - a four byte discrepency, presumably just padding for alignment purposes. So we just check that the ASN.1 container is no bigger than the payload and reduce the recorded size appropriately. Whilst we're at it, allow shorter PKCS#7 objects that manage to squeeze within 127 or 255 bytes. It's just about conceivable if no X.509 certs are included in the PKCS#7 message. Reported-by: NVivek Goyal <vgoyal@redhat.com> Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NVivek Goyal <vgoyal@redhat.com> Acked-by: NPeter Jones <pjones@redhat.com> Signed-off-by: NJames Morris <james.l.morris@oracle.com>
-
由 David Howells 提交于
The length of the name of an asymmetric key subtype must be stored in struct asymmetric_key_subtype::name_len so that it can be matched by a search for "<subkey_name>:<partial_fingerprint>". Fix the public_key subtype to have name_len set. Signed-off-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NJames Morris <james.l.morris@oracle.com>
-
- 09 8月, 2014 1 次提交
-
-
由 Yinghai Lu 提交于
Now with 64bit bzImage and kexec tools, we support ramdisk that size is bigger than 2g, as we could put it above 4G. Found compressed initramfs image could not be decompressed properly. It turns out that image length is int during decompress detection, and it will become < 0 when length is more than 2G. Furthermore, during decompressing len as int is used for inbuf count, that has problem too. Change len to long, that should be ok as on 32 bit platform long is 32bits. Tested with following compressed initramfs image as root with kexec. gzip, bzip2, xz, lzma, lzop, lz4. run time for populate_rootfs(): size name Nehalem-EX Westmere-EX Ivybridge-EX 9034400256 root_img : 26s 24s 30s 3561095057 root_img.lz4 : 28s 27s 27s 3459554629 root_img.lzo : 29s 29s 28s 3219399480 root_img.gz : 64s 62s 49s 2251594592 root_img.xz : 262s 260s 183s 2226366598 root_img.lzma: 386s 376s 277s 2901482513 root_img.bz2 : 635s 599s Signed-off-by: NYinghai Lu <yinghai@kernel.org> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: Rashika Kheria <rashika.kheria@gmail.com> Cc: Josh Triplett <josh@joshtriplett.org> Cc: Kyungsik Lee <kyungsik.lee@lge.com> Cc: P J P <ppandit@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> Cc: "Daniel M. Weeks" <dan@danweeks.net> Cc: Alexandre Courbot <acourbot@nvidia.com> Cc: Jan Beulich <JBeulich@suse.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 03 8月, 2014 1 次提交
-
-
由 David Howells 提交于
Need to export x509_request_asymmetric_key() so that PKCS#7 can use it if compiled as a module. Reported-by: NJames Morris <jmorris@namei.org> Signed-off-by: NDavid Howells <dhowells@redhat.com>
-
- 02 8月, 2014 2 次提交
-
-
由 Jussi Kivilinna 提交于
This patch adds ARM NEON assembly implementation of SHA-512 and SHA-384 algorithms. tcrypt benchmark results on Cortex-A8, sha512-generic vs sha512-neon-asm: block-size bytes/update old-vs-new 16 16 2.99x 64 16 2.67x 64 64 3.00x 256 16 2.64x 256 64 3.06x 256 256 3.33x 1024 16 2.53x 1024 256 3.39x 1024 1024 3.52x 2048 16 2.50x 2048 256 3.41x 2048 1024 3.54x 2048 2048 3.57x 4096 16 2.49x 4096 256 3.42x 4096 1024 3.56x 4096 4096 3.59x 8192 16 2.48x 8192 256 3.42x 8192 1024 3.56x 8192 4096 3.60x 8192 8192 3.60x Acked-by: NArd Biesheuvel <ard.biesheuvel@linaro.org> Tested-by: NArd Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: NJussi Kivilinna <jussi.kivilinna@iki.fi> Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
-
由 Jussi Kivilinna 提交于
This patch adds ARM NEON assembly implementation of SHA-1 algorithm. tcrypt benchmark results on Cortex-A8, sha1-arm-asm vs sha1-neon-asm: block-size bytes/update old-vs-new 16 16 1.04x 64 16 1.02x 64 64 1.05x 256 16 1.03x 256 64 1.04x 256 256 1.30x 1024 16 1.03x 1024 256 1.36x 1024 1024 1.52x 2048 16 1.03x 2048 256 1.39x 2048 1024 1.55x 2048 2048 1.59x 4096 16 1.03x 4096 256 1.40x 4096 1024 1.57x 4096 4096 1.62x 8192 16 1.03x 8192 256 1.40x 8192 1024 1.58x 8192 4096 1.63x 8192 8192 1.63x Acked-by: NArd Biesheuvel <ard.biesheuvel@linaro.org> Tested-by: NArd Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: NJussi Kivilinna <jussi.kivilinna@iki.fi> Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
-
- 01 8月, 2014 4 次提交
-
-
由 Stephan Mueller 提交于
The function drbg_generate_long slices the request into 2**16 byte or smaller chunks. However, the loop, however invokes the random number generation function with zero bytes when the request size is a multiple of 2**16 bytes. The fix prevents zero bytes requests. Signed-off-by: NStephan Mueller <smueller@chronox.de> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Jarod Wilson 提交于
There are a few missing spaces in the error text strings for drbg_cavs_test, trivial fix. CC: "David S. Miller" <davem@davemloft.net> CC: linux-crypto@vger.kernel.org Signed-off-by: NJarod Wilson <jarod@redhat.com> Acked-by: NStephan Mueller <smueller@chronox.de> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Ard Biesheuvel 提交于
This patch updates many of the chunked tcrypt test cases so that not all of the chunks are an exact multiple of the block size. This should help uncover cases where the residue passed to blkcipher_walk_done() is incorrect. Signed-off-by: NArd Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Mark Rustad 提交于
Change formal parameters to not clash with global names to eliminate many W=2 warnings. Signed-off-by: NMark Rustad <mark.d.rustad@intel.com> Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
- 31 7月, 2014 2 次提交
-
-
由 Milan Broz 提交于
Th AF_ALG socket was missing a security label (e.g. SELinux) which means that socket was in "unlabeled" state. This was recently demonstrated in the cryptsetup package (cryptsetup v1.6.5 and later.) See https://bugzilla.redhat.com/show_bug.cgi?id=1115120 This patch clones the sock's label from the parent sock and resolves the issue (similar to AF_BLUETOOTH protocol family). Cc: stable@vger.kernel.org Signed-off-by: NMilan Broz <gmazyland@gmail.com> Acked-by: NPaul Moore <paul@paul-moore.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 David Howells 提交于
X.509 certificate issuer and subject fields are mandatory fields in the ASN.1 and so their existence needn't be tested for. They are guaranteed to end up with an empty string if the name material has nothing we can use (see x509_fabricate_name()). Reported-by: NDan Carpenter <dan.carpenter@oracle.com> Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NVivek Goyal <vgoyal@redhat.com>
-
- 29 7月, 2014 1 次提交
-
-
由 David Howells 提交于
pkcs7_request_asymmetric_key() and x509_request_asymmetric_key() do the same thing, the latter being a copy of the former created by the IMA folks, so drop the PKCS#7 version as the X.509 location is more general. Whilst we're at it, rename the arguments of x509_request_asymmetric_key() to better reflect what the values being passed in are intended to match on an X.509 cert. Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
- 28 7月, 2014 2 次提交
-
-
由 David Howells 提交于
x509_request_asymmetric_keys() doesn't need the lengths of the NUL-terminated strings passing in as it can work that out for itself. Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
由 Wei Yongjun 提交于
Fixes the following sparse warnings: crypto/asymmetric_keys/pkcs7_key_type.c:73:17: warning: symbol 'key_type_pkcs7' was not declared. Should it be static? Signed-off-by: NWei Yongjun <yongjun_wei@trendmicro.com.cn> Signed-off-by: NDavid Howells <dhowells@redhat.com>
-
- 25 7月, 2014 1 次提交
-
-
由 David Howells 提交于
crypto/asymmetric_keys/pkcs7_key_type.c needs to #include linux/err.h rather than relying on getting it through other headers. Without this, the powerpc allyesconfig build fails. Reported-by: NStephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: NDavid Howells <dhowells@redhat.com>
-
- 23 7月, 2014 2 次提交
-
-
由 Horia Geanta 提交于
With DMA_API_DEBUG set, following warnings are emitted (tested on CAAM accelerator): DMA-API: device driver maps memory from kernel text or rodata DMA-API: device driver maps memory from stack and the culprits are: -key in __test_aead and __test_hash -result in __test_hash MAX_KEYLEN is changed to accommodate maximum key length from existing test vectors in crypto/testmgr.h (131 bytes) and rounded. Signed-off-by: NHoria Geanta <horia.geanta@freescale.com> Acked-by: NKim Phillips <kim.phillips@freescale.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 David Howells 提交于
struct key_preparsed_payload should have two payload pointers to correspond with those in struct key. Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NSteve Dickson <steved@redhat.com> Acked-by: NJeff Layton <jlayton@primarydata.com> Reviewed-by: NSage Weil <sage@redhat.com>
-
- 19 7月, 2014 1 次提交
-
-
由 David Howells 提交于
Provide a generic instantiation function for key types that use the preparse hook. This makes it easier to prereserve key quota before keyrings get locked to retain the new key. Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NSteve Dickson <steved@redhat.com> Acked-by: NJeff Layton <jlayton@primarydata.com> Reviewed-by: NSage Weil <sage@redhat.com>
-
- 18 7月, 2014 1 次提交
-
-
由 Jean Delvare 提交于
You can select MPILIB_EXTRA all you want, it doesn't exist ;-) Surprised kconfig doesn't complain about that... Signed-off-by: NJean Delvare <jdelvare@suse.de> Acked-by: NMarek Vasut <marex@denx.de> Signed-off-by: NDavid Howells <dhowells@redhat.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net>
-
- 17 7月, 2014 4 次提交
-
-
由 Dmitry Kasatkin 提交于
Instead of allowing public keys, with certificates signed by any key on the system trusted keyring, to be added to a trusted keyring, this patch further restricts the certificates to those signed only by builtin keys on the system keyring. This patch defines a new option 'builtin' for the kernel parameter 'keys_ownerid' to allow trust validation using builtin keys. Simplified Mimi's "KEYS: define an owner trusted keyring" patch Changelog v7: - rename builtin_keys to use_builtin_keys Signed-off-by: NDmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
由 Dmitry Kasatkin 提交于
Instead of allowing public keys, with certificates signed by any key on the system trusted keyring, to be added to a trusted keyring, this patch further restricts the certificates to those signed by a particular key on the system keyring. This patch defines a new kernel parameter 'ca_keys' to identify the specific key which must be used for trust validation of certificates. Simplified Mimi's "KEYS: define an owner trusted keyring" patch. Changelog: - support for builtin x509 public keys only - export "asymmetric_keyid_match" - remove ifndefs MODULE - rename kernel boot parameter from keys_ownerid to ca_keys Signed-off-by: NDmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
由 Dmitry Kasatkin 提交于
To avoid code duplication this patch refactors asymmetric_key_match(), making partial ID string match a separate function. This patch also implicitly fixes a bug in the code. asymmetric_key_match() allows to match the key by its subtype. But subtype matching could be undone if asymmetric_key_id(key) would return NULL. This patch first checks for matching spec and then for its value. Signed-off-by: NDmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
由 Mimi Zohar 提交于
Only public keys, with certificates signed by an existing 'trusted' key on the system trusted keyring, should be added to a trusted keyring. This patch adds support for verifying a certificate's signature. This is derived from David Howells pkcs7_request_asymmetric_key() patch. Changelog v6: - on error free key - Dmitry - validate trust only for not already trusted keys - Dmitry - formatting cleanup Changelog: - define get_system_trusted_keyring() to fix kbuild issues Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NDmitry Kasatkin <dmitry.kasatkin@gmail.com>
-
- 10 7月, 2014 1 次提交
-
-
由 Fengguang Wu 提交于
CC: Stephan Mueller <smueller@chronox.de> Signed-off-by: NFengguang Wu <fengguang.wu@intel.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
- 09 7月, 2014 8 次提交
-
-
由 David Howells 提交于
Validate the PKCS#7 trust chain against the contents of the system keyring. Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NVivek Goyal <vgoyal@redhat.com>
-
由 David Howells 提交于
Digest the signed parts of the PE binary, canonicalising the section table before we need it, and then compare the the resulting digest to the one in the PKCS#7 signed content. Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NVivek Goyal <vgoyal@redhat.com> Reviewed-by: NKees Cook <keescook@chromium.org>
-
由 Vivek Goyal 提交于
The pesign utility had a bug where it was using OID_msIndividualSPKeyPurpose instead of OID_msPeImageDataObjId - so allow both OIDs. Signed-off-by: NVivek Goyal <vgoyal@redhat.com> Acked-by: NVivek Goyal <vgoyal@redhat.com>
-
由 David Howells 提交于
The PKCS#7 certificate should contain a "Microsoft individual code signing" data blob as its signed content. This blob contains a digest of the signed content of the PE binary and the OID of the digest algorithm used (typically SHA256). Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NVivek Goyal <vgoyal@redhat.com> Reviewed-by: NKees Cook <keescook@chromium.org>
-
由 David Howells 提交于
Parse the content of the certificate blob, presuming it to be PKCS#7 format. Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NVivek Goyal <vgoyal@redhat.com> Reviewed-by: NKees Cook <keescook@chromium.org>
-
由 David Howells 提交于
The certificate data block in a PE binary has a wrapper around the PKCS#7 signature we actually want to get at. Strip this off and check that we've got something that appears to be a PKCS#7 signature. Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NVivek Goyal <vgoyal@redhat.com> Reviewed-by: NKees Cook <keescook@chromium.org>
-
由 David Howells 提交于
Parse a PE binary to find a key and a signature contained therein. Later patches will check the signature and add the key if the signature checks out. Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NVivek Goyal <vgoyal@redhat.com> Reviewed-by: NKees Cook <keescook@chromium.org>
-
由 David Howells 提交于
Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NVivek Goyal <vgoyal@redhat.com>
-
- 08 7月, 2014 6 次提交
-
-
由 Stephan Mueller 提交于
The patch corrects the security strength of the HMAC-SHA1 DRBG to 128 bits. This strength defines the size of the seed required for the DRBG. Thus, the patch lowers the seeding requirement from 256 bits to 128 bits for HMAC-SHA1. Signed-off-by: NStephan Mueller <smueller@chronox.de> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Stephan Mueller 提交于
The current locking approach of the DRBG tries to keep the protected code paths very minimal. It is therefore possible that two threads query one DRBG instance at the same time. When thread A requests random numbers, a shadow copy of the DRBG state is created upon which the request for A is processed. After finishing the state for A's request is merged back into the DRBG state. If now thread B requests random numbers from the same DRBG after the request for thread A is received, but before A's shadow state is merged back, the random numbers for B will be identical to the ones for A. Please note that the time window is very small for this scenario. To prevent that there is even a theoretical chance for thread A and B having the same DRBG state, the current time stamp is provided as additional information string for each new request. The addition of the time stamp as additional information string implies that now all generate functions must be capable to process a linked list with additional information strings instead of a scalar. CC: Rafael Aquini <aquini@redhat.com> Signed-off-by: NStephan Mueller <smueller@chronox.de> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Stephan Mueller 提交于
When the DRBG is initialized, the core is looked up using the DRBG name. The name that can be used for the lookup is registered in cra_driver_name. The cra_name value contains stdrng. Thus, the lookup code must use crypto_tfm_alg_driver_name to obtain the precise DRBG name and select the correct DRBG. Signed-off-by: NStephan Mueller <smueller@chronox.de> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Stephan Mueller 提交于
The CTR DRBG requires the update function to be called twice when generating a random number. In both cases, update function must process the additional information string by using the DF function. As the DF produces the same result in both cases, we can save one invocation of the DF function when the first DF function result is reused. The result of the DF function is stored in the scratchpad storage. The patch ensures that the scratchpad is not cleared when we want to reuse the DF result. For achieving this, the CTR DRBG update function must know by whom and in which scenario it is called. This information is provided with the reseed parameter to the update function. Signed-off-by: NStephan Mueller <smueller@chronox.de> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Stephan Mueller 提交于
The initial format strings caused warnings on several architectures. The updated format strings now match the variable types. Reported-by: Nkbuild test robot <fengguang.wu@intel.com> Reported-by: NRandy Dunlap <rdunlap@infradead.org> CC: Joe Perches <joe@perches.com> Signed-off-by: NStephan Mueller <smueller@chronox.de> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Stephan Mueller 提交于
The structure used to construct the module description line was marked problematic by the sparse code analysis tool. The module line description now does not contain any ifdefs to prevent error reports from sparse. Reported-by: Nkbuild test robot <fengguang.wu@intel.com> Signed-off-by: NStephan Mueller <smueller@chronox.de> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-