1. 08 6月, 2014 1 次提交
  2. 22 5月, 2014 2 次提交
  3. 21 5月, 2014 1 次提交
    • H
      crypto: hash - Add real ahash walk interface · 75ecb231
      Herbert Xu 提交于
      Although the existing hash walk interface has already been used
      by a number of ahash crypto drivers, it turns out that none of
      them were really asynchronous.  They were all essentially polling
      for completion.
      
      That's why nobody has noticed until now that the walk interface
      couldn't work with a real asynchronous driver since the memory
      is mapped using kmap_atomic.
      
      As we now have a use-case for a real ahash implementation on x86,
      this patch creates a minimal ahash walk interface.  Basically it
      just calls kmap instead of kmap_atomic and does away with the
      crypto_yield call.  Real ahash crypto drivers don't need to yield
      since by definition they won't be hogging the CPU.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      75ecb231
  4. 08 5月, 2014 1 次提交
  5. 28 4月, 2014 3 次提交
  6. 25 4月, 2014 1 次提交
  7. 18 4月, 2014 1 次提交
  8. 16 4月, 2014 2 次提交
  9. 21 3月, 2014 7 次提交
    • C
      crypto: sha - SHA1 transform x86_64 AVX2 · 7c1da8d0
      chandramouli narayanan 提交于
      This git patch adds x86_64 AVX2 optimization of SHA1
      transform to crypto support. The patch has been tested with 3.14.0-rc1
      kernel.
      
      On a Haswell desktop, with turbo disabled and all cpus running
      at maximum frequency, tcrypt shows AVX2 performance improvement
      from 3% for 256 bytes update to 16% for 1024 bytes update over
      AVX implementation.
      
      This patch adds sha1_avx2_transform(), the glue, build and
      configuration changes needed for AVX2 optimization of
      SHA1 transform to crypto support.
      
      sha1-ssse3 is one module which adds the necessary optimization
      support (SSSE3/AVX/AVX2) for the low-level SHA1 transform function.
      With better optimization support, transform function is overridden
      as the case may be. In the case of AVX2, due to performance reasons
      across datablock sizes, the AVX or AVX2 transform function is used
      at run-time as it suits best. The Makefile change therefore appends
      the necessary objects to the linkage. Due to this, the patch merely
      appends AVX2 transform to the existing build mix and Kconfig support
      and leaves the configuration build support as is.
      Signed-off-by: NChandramouli Narayanan <mouli@linux.intel.com>
      Reviewed-by: NMarek Vasut <marex@denx.de>
      Acked-by: NH. Peter Anvin <hpa@linux.intel.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      7c1da8d0
    • T
      crypto: crypto_wq - Fix late crypto work queue initialization · 130fa5bc
      Tim Chen 提交于
      The crypto algorithm modules utilizing the crypto daemon could
      be used early when the system start up.  Using module_init
      does not guarantee that the daemon's work queue is initialized
      when the cypto alorithm depending on crypto_wq starts.  It is necessary
      to initialize the crypto work queue earlier at the subsystem
      init time to make sure that it is initialized
      when used.
      Signed-off-by: NTim Chen <tim.c.chen@linux.intel.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      130fa5bc
    • H
      crypto: testmgr - add aead null encryption test vectors · bca4feb0
      Horia Geanta 提交于
      Add test vectors for aead with null encryption and md5,
      respectively sha1 authentication.
      Input data is taken from test vectors listed in RFC2410.
      Signed-off-by: NHoria Geanta <horia.geanta@freescale.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      bca4feb0
    • H
      crypto: export NULL algorithms defines · 72567258
      Horia Geanta 提交于
      These defines might be needed by crypto drivers.
      Signed-off-by: NHoria Geanta <horia.geanta@freescale.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      72567258
    • M
      crypto: hash - Simplify the ahash_finup implementation · d4a7a0fb
      Marek Vasut 提交于
      The ahash_def_finup() can make use of the request save/restore functions,
      thus make it so. This simplifies the code a little and unifies the code
      paths.
      
      Note that the same remark about free()ing the req->priv applies here, the
      req->priv can only be free()'d after the original request was restored.
      
      Finally, squash a bug in the invocation of completion in the ASYNC path.
      In both ahash_def_finup_done{1,2}, the function areq->base.complete(X, err);
      was called with X=areq->base.data . This is incorrect , as X=&areq->base
      is the correct value. By analysis of the data structures, we see the areq is
      of type 'struct ahash_request' , areq->base is of type 'struct crypto_async_request'
      and areq->base.completion is of type crypto_completion_t, which is defined in
      include/linux/crypto.h as:
      
        typedef void (*crypto_completion_t)(struct crypto_async_request *req, int err);
      
      This is one lead that the X should be &areq->base . Next up, we can inspect
      other code which calls the completion callback to give us kind-of statistical
      idea of how this callback is used. We can try:
      
        $ git grep base\.complete\( drivers/crypto/
      
      Finally, by inspecting ahash_request_set_callback() implementation defined
      in include/crypto/hash.h , we observe that the .data entry of 'struct
      crypto_async_request' is intended for arbitrary data, not for completion
      argument.
      Signed-off-by: NMarek Vasut <marex@denx.de>
      Cc: David S. Miller <davem@davemloft.net>
      Cc: Fabio Estevam <fabio.estevam@freescale.com>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Shawn Guo <shawn.guo@linaro.org>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      d4a7a0fb
    • M
      crypto: hash - Pull out the functions to save/restore request · 1ffc9fbd
      Marek Vasut 提交于
      The functions to save original request within a newly adjusted request
      and it's counterpart to restore the original request can be re-used by
      more code in the crypto/ahash.c file. Pull these functions out from the
      code so they're available.
      Signed-off-by: NMarek Vasut <marex@denx.de>
      Cc: David S. Miller <davem@davemloft.net>
      Cc: Fabio Estevam <fabio.estevam@freescale.com>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Shawn Guo <shawn.guo@linaro.org>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      1ffc9fbd
    • M
      crypto: hash - Fix the pointer voodoo in unaligned ahash · ab6bf4e5
      Marek Vasut 提交于
      Add documentation for the pointer voodoo that is happening in crypto/ahash.c
      in ahash_op_unaligned(). This code is quite confusing, so add a beefy chunk
      of documentation.
      
      Moreover, make sure the mangled request is completely restored after finishing
      this unaligned operation. This means restoring all of .result, .base.data
      and .base.complete .
      
      Also, remove the crypto_completion_t complete = ... line present in the
      ahash_op_unaligned_done() function. This type actually declares a function
      pointer, which is very confusing.
      
      Finally, yet very important nonetheless, make sure the req->priv is free()'d
      only after the original request is restored in ahash_op_unaligned_done().
      The req->priv data must not be free()'d before that in ahash_op_unaligned_finish(),
      since we would be accessing previously free()'d data in ahash_op_unaligned_done()
      and cause corruption.
      Signed-off-by: NMarek Vasut <marex@denx.de>
      Cc: David S. Miller <davem@davemloft.net>
      Cc: Fabio Estevam <fabio.estevam@freescale.com>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Shawn Guo <shawn.guo@linaro.org>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      ab6bf4e5
  10. 10 3月, 2014 2 次提交
  11. 25 2月, 2014 1 次提交
  12. 05 1月, 2014 1 次提交
    • M
      crypto: ahash - Fully restore ahash request before completing · 1d9a394b
      Marek Vasut 提交于
      When finishing the ahash request, the ahash_op_unaligned_done() will
      call complete() on the request. Yet, this will not call the correct
      complete callback. The correct complete callback was previously stored
      in the requests' private data, as seen in ahash_op_unaligned(). This
      patch restores the correct complete callback and .data field of the
      request before calling complete() on it.
      Signed-off-by: NMarek Vasut <marex@denx.de>
      Cc: David S. Miller <davem@davemloft.net>
      Cc: Fabio Estevam <fabio.estevam@freescale.com>
      Cc: Shawn Guo <shawn.guo@linaro.org>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      1d9a394b
  13. 20 12月, 2013 1 次提交
  14. 09 12月, 2013 1 次提交
  15. 05 12月, 2013 2 次提交
    • M
      crypto: pcrypt - Fix wrong usage of rcu_dereference() · 3110e400
      Mathias Krause 提交于
      A kernel with enabled lockdep complains about the wrong usage of
      rcu_dereference() under a rcu_read_lock_bh() protected region.
      
        ===============================
        [ INFO: suspicious RCU usage. ]
        3.13.0-rc1+ #126 Not tainted
        -------------------------------
        linux/crypto/pcrypt.c:81 suspicious rcu_dereference_check() usage!
      
        other info that might help us debug this:
      
        rcu_scheduler_active = 1, debug_locks = 1
        1 lock held by cryptomgr_test/153:
         #0:  (rcu_read_lock_bh){.+....}, at: [<ffffffff812c8075>] pcrypt_do_parallel.isra.2+0x5/0x200
      
      Fix that by using rcu_dereference_bh() instead.
      Signed-off-by: NMathias Krause <minipli@googlemail.com>
      Cc: "David S. Miller" <davem@davemloft.net>
      Acked-by: NSteffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      3110e400
    • C
      crypto: more robust crypto_memneq · fe8c8a12
      Cesar Eduardo Barros 提交于
      Disabling compiler optimizations can be fragile, since a new
      optimization could be added to -O0 or -Os that breaks the assumptions
      the code is making.
      
      Instead of disabling compiler optimizations, use a dummy inline assembly
      (based on RELOC_HIDE) to block the problematic kinds of optimization,
      while still allowing other optimizations to be applied to the code.
      
      The dummy inline assembly is added after every OR, and has the
      accumulator variable as its input and output. The compiler is forced to
      assume that the dummy inline assembly could both depend on the
      accumulator variable and change the accumulator variable, so it is
      forced to compute the value correctly before the inline assembly, and
      cannot assume anything about its value after the inline assembly.
      
      This change should be enough to make crypto_memneq work correctly (with
      data-independent timing) even if it is inlined at its call sites. That
      can be done later in a followup patch.
      
      Compile-tested on x86_64.
      Signed-off-by: NCesar Eduardo Barros <cesarb@cesarb.eti.br>
      Acked-by: NDaniel Borkmann <dborkman@redhat.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      fe8c8a12
  16. 30 11月, 2013 1 次提交
  17. 28 11月, 2013 4 次提交
    • H
      crypto: testmgr - fix sglen in test_aead for case 'dst != src' · 8ec25c51
      Horia Geanta 提交于
      Commit d8a32ac2 (crypto: testmgr - make
      test_aead also test 'dst != src' code paths) added support for different
      source and destination buffers in test_aead.
      
      This patch modifies the source and destination buffer lengths accordingly:
      the lengths are not equal since encryption / decryption adds / removes
      the ICV.
      
      Cc: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
      Signed-off-by: NHoria Geanta <horia.geanta@freescale.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      8ec25c51
    • H
      crypto: caam - fix aead sglen for case 'dst != src' · bbf9c893
      Horia Geanta 提交于
      For aead case when source and destination buffers are different,
      there is an incorrect assumption that the source length includes the ICV
      length. Fix this, since it leads to an oops when using sg_count() to
      find the number of nents in the scatterlist:
      
      Unable to handle kernel paging request for data at address 0x00000004
      Faulting instruction address: 0xf91f7634
      Oops: Kernel access of bad area, sig: 11 [#1]
      SMP NR_CPUS=8 P4080 DS
      Modules linked in: caamalg(+) caam_jr caam
      CPU: 1 PID: 1053 Comm: cryptomgr_test Not tainted 3.11.0 #16
      task: eeb24ab0 ti: eeafa000 task.ti: eeafa000
      NIP: f91f7634 LR: f91f7f24 CTR: f91f7ef0
      REGS: eeafbbc0 TRAP: 0300   Not tainted  (3.11.0)
      MSR: 00029002 <CE,EE,ME>  CR: 44044044  XER: 00000000
      DEAR: 00000004, ESR: 00000000
      
      GPR00: f91f7f24 eeafbc70 eeb24ab0 00000002 ee8e0900 ee8e0800 00000024 c45c4462
      GPR08: 00000010 00000000 00000014 0c0e4000 24044044 00000000 00000000 c0691590
      GPR16: eeab0000 eeb23000 00000000 00000000 00000000 00000001 00000001 eeafbcc8
      GPR24: 000000d1 00000010 ee2d5000 ee49ea10 ee49ea10 ee46f640 ee46f640 c0691590
      NIP [f91f7634] aead_edesc_alloc.constprop.14+0x144/0x780 [caamalg]
      LR [f91f7f24] aead_encrypt+0x34/0x288 [caamalg]
      Call Trace:
      [eeafbc70] [a1004000] 0xa1004000 (unreliable)
      [eeafbcc0] [f91f7f24] aead_encrypt+0x34/0x288 [caamalg]
      [eeafbcf0] [c020d77c] __test_aead+0x3ec/0xe20
      [eeafbe20] [c020f35c] test_aead+0x6c/0xe0
      [eeafbe40] [c020f420] alg_test_aead+0x50/0xd0
      [eeafbe60] [c020e5e4] alg_test+0x114/0x2e0
      [eeafbee0] [c020bd1c] cryptomgr_test+0x4c/0x60
      [eeafbef0] [c0047058] kthread+0xa8/0xb0
      [eeafbf40] [c000eb0c] ret_from_kernel_thread+0x5c/0x64
      Instruction dump:
      69084321 7d080034 5508d97e 69080001 0f080000 81290024 552807fe 0f080000
      3a600001 5529003a 2f8a0000 40dd0028 <80e90004> 3ab50001 8109000c 70e30002
      ---[ end trace b3c3e23925c7484e ]---
      
      While here, add a tcrypt mode for making it easy to test authenc
      (needed for triggering case above).
      Signed-off-by: NHoria Geanta <horia.geanta@freescale.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      bbf9c893
    • H
      crypto: ccm - Fix handling of zero plaintext when computing mac · 5638cabf
      Horia Geanta 提交于
      There are cases when cryptlen can be zero in crypto_ccm_auth():
      -encryptiom: input scatterlist length is zero (no plaintext)
      -decryption: input scatterlist contains only the mac
      plus the condition of having different source and destination buffers
      (or else scatterlist length = max(plaintext_len, ciphertext_len)).
      
      These are not handled correctly, leading to crashes like:
      
      root@p4080ds:~/crypto# insmod tcrypt.ko mode=45
      ------------[ cut here ]------------
      kernel BUG at crypto/scatterwalk.c:37!
      Oops: Exception in kernel mode, sig: 5 [#1]
      SMP NR_CPUS=8 P4080 DS
      Modules linked in: tcrypt(+) crc32c xts xcbc vmac pcbc ecb gcm ghash_generic gf128mul ccm ctr seqiv
      CPU: 3 PID: 1082 Comm: cryptomgr_test Not tainted 3.11.0 #14
      task: ee12c5b0 ti: eecd0000 task.ti: eecd0000
      NIP: c0204d98 LR: f9225848 CTR: c0204d80
      REGS: eecd1b70 TRAP: 0700   Not tainted  (3.11.0)
      MSR: 00029002 <CE,EE,ME>  CR: 22044022  XER: 20000000
      
      GPR00: f9225c94 eecd1c20 ee12c5b0 eecd1c28 ee879400 ee879400 00000000 ee607464
      GPR08: 00000001 00000001 00000000 006b0000 c0204d80 00000000 00000002 c0698e20
      GPR16: ee987000 ee895000 fffffff4 ee879500 00000100 eecd1d58 00000001 00000000
      GPR24: ee879400 00000020 00000000 00000000 ee5b2800 ee607430 00000004 ee607460
      NIP [c0204d98] scatterwalk_start+0x18/0x30
      LR [f9225848] get_data_to_compute+0x28/0x2f0 [ccm]
      Call Trace:
      [eecd1c20] [f9225974] get_data_to_compute+0x154/0x2f0 [ccm] (unreliable)
      [eecd1c70] [f9225c94] crypto_ccm_auth+0x184/0x1d0 [ccm]
      [eecd1cb0] [f9225d40] crypto_ccm_encrypt+0x60/0x2d0 [ccm]
      [eecd1cf0] [c020d77c] __test_aead+0x3ec/0xe20
      [eecd1e20] [c020f35c] test_aead+0x6c/0xe0
      [eecd1e40] [c020f420] alg_test_aead+0x50/0xd0
      [eecd1e60] [c020e5e4] alg_test+0x114/0x2e0
      [eecd1ee0] [c020bd1c] cryptomgr_test+0x4c/0x60
      [eecd1ef0] [c0047058] kthread+0xa8/0xb0
      [eecd1f40] [c000eb0c] ret_from_kernel_thread+0x5c/0x64
      Instruction dump:
      0f080000 81290024 552807fe 0f080000 5529003a 4bffffb4 90830000 39400000
      39000001 8124000c 2f890000 7d28579e <0f090000> 81240008 91230004 4e800020
      ---[ end trace 6d652dfcd1be37bd ]---
      
      Cc: <stable@vger.kernel.org>
      Cc: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
      Signed-off-by: NHoria Geanta <horia.geanta@freescale.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      5638cabf
    • T
      crypto: authenc - Find proper IV address in ablkcipher callback · fc019c71
      Tom Lendacky 提交于
      When performing an asynchronous ablkcipher operation the authenc
      completion callback routine is invoked, but it does not locate and use
      the proper IV.
      
      The callback routine, crypto_authenc_encrypt_done, is updated to use
      the same method of calculating the address of the IV as is done in
      crypto_authenc_encrypt function which sets up the callback.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NTom Lendacky <thomas.lendacky@amd.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      fc019c71
  18. 24 11月, 2013 1 次提交
    • L
      Revert "KEYS: verify a certificate is signed by a 'trusted' key" · 4c1cc40a
      Linus Torvalds 提交于
      This reverts commit 09fbc473, which
      caused the following build errors:
      
        crypto/asymmetric_keys/x509_public_key.c: In function ‘x509_key_preparse’:
        crypto/asymmetric_keys/x509_public_key.c:237:35: error: ‘system_trusted_keyring’ undeclared (first use in this function)
         ret = x509_validate_trust(cert, system_trusted_keyring);
                                         ^
        crypto/asymmetric_keys/x509_public_key.c:237:35: note: each undeclared identifier is reported only once for each function it appears in
      
      reported by Jim Davis. Mimi says:
      
       "I made the classic mistake of requesting this patch to be upstreamed
        at the last second, rather than waiting until the next open window.
      
        At this point, the best course would probably be to revert the two
        commits and fix them for the next open window"
      Reported-by: NJim Davis <jim.epost@gmail.com>
      Acked-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      4c1cc40a
  19. 21 11月, 2013 1 次提交
    • H
      net: rework recvmsg handler msg_name and msg_namelen logic · f3d33426
      Hannes Frederic Sowa 提交于
      This patch now always passes msg->msg_namelen as 0. recvmsg handlers must
      set msg_namelen to the proper size <= sizeof(struct sockaddr_storage)
      to return msg_name to the user.
      
      This prevents numerous uninitialized memory leaks we had in the
      recvmsg handlers and makes it harder for new code to accidentally leak
      uninitialized memory.
      
      Optimize for the case recvfrom is called with NULL as address. We don't
      need to copy the address at all, so set it to NULL before invoking the
      recvmsg handler. We can do so, because all the recvmsg handlers must
      cope with the case a plain read() is called on them. read() also sets
      msg_name to NULL.
      
      Also document these changes in include/linux/net.h as suggested by David
      Miller.
      
      Changes since RFC:
      
      Set msg->msg_name = NULL if user specified a NULL in msg_name but had a
      non-null msg_namelen in verify_iovec/verify_compat_iovec. This doesn't
      affect sendto as it would bail out earlier while trying to copy-in the
      address. It also more naturally reflects the logic by the callers of
      verify_iovec.
      
      With this change in place I could remove "
      if (!uaddr || msg_sys->msg_namelen == 0)
      	msg->msg_name = NULL
      ".
      
      This change does not alter the user visible error logic as we ignore
      msg_namelen as long as msg_name is NULL.
      
      Also remove two unnecessary curly brackets in ___sys_recvmsg and change
      comments to netdev style.
      
      Cc: David Miller <davem@davemloft.net>
      Suggested-by: NEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: NHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f3d33426
  20. 15 11月, 2013 6 次提交
反馈
建议
客服 返回
顶部