- 19 5月, 2018 3 次提交
-
-
由 Ondrej Mosnacek 提交于
This patch adds test vectors for the AEGIS family of AEAD algorithms (AEGIS-128, AEGIS-128L, and AEGIS-256). The test vectors were generated using the reference implementation from SUPERCOP (see code comments for more details). Signed-off-by: NOndrej Mosnacek <omosnacek@gmail.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Ondrej Mosnacek 提交于
This patch adds the generic implementation of the AEGIS family of AEAD algorithms (AEGIS-128, AEGIS-128L, and AEGIS-256). The original authors of AEGIS are Hongjun Wu and Bart Preneel. At the time of writing, AEGIS is one of the finalists in CAESAR, an open competition intended to select a portfolio of alternatives to the problematic AES-GCM: https://competitions.cr.yp.to/caesar-submissions.html https://competitions.cr.yp.to/round3/aegisv11.pdfSigned-off-by: NOndrej Mosnacek <omosnacek@gmail.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Gilad Ben-Yossef 提交于
Due to a snafu "paes" testmgr tests were not ordered lexicographically, which led to boot time warnings. Reorder the tests as needed. Fixes: a794d8d8 ("crypto: ccree - enable support for hardware keys") Reported-by: NAbdul Haleem <abdhalee@linux.vnet.ibm.com> Signed-off-by: NGilad Ben-Yossef <gilad@benyossef.com> Tested-by: NAbdul Haleem <abdhalee@linux.vnet.ibm.com> Tested-by: NCorentin Labbe <clabbe.montjoie@gmail.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
- 05 5月, 2018 3 次提交
-
-
由 Kees Cook 提交于
In the quest to remove all stack VLA usage from the kernel[1], this allocates the return code buffers before starting jiffie timers, rather than using stack space for the array. Additionally cleans up some exit paths and make sure that the num_mb module_param() is used only once per execution to avoid possible races in the value changing. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.comSigned-off-by: NKees Cook <keescook@chromium.org> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Ard Biesheuvel 提交于
In preparation of adding support for the SIMD based arm64 implementation of arm64, which requires a fallback to non-SIMD code when invoked in certain contexts, expose the generic SM4 encrypt and decrypt routines to other drivers. Signed-off-by: NArd Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: NGilad Ben-Yossef <gilad@benyossef.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Gilad Ben-Yossef 提交于
Enable CryptoCell support for hardware keys. Hardware keys are regular AES keys loaded into CryptoCell internal memory via firmware, often from secure boot ROM or hardware fuses at boot time. As such, they can be used for enc/dec purposes like any other key but cannot (read: extremely hard to) be extracted since since they are not available anywhere in RAM during runtime. The mechanism has some similarities to s390 secure keys although the keys are not wrapped or sealed, but simply loaded offline. The interface was therefore modeled based on the s390 secure keys support. Signed-off-by: NGilad Ben-Yossef <gilad@benyossef.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
- 21 4月, 2018 10 次提交
-
-
由 Fabio Estevam 提交于
There is no need to assign an error value to 'ret' prior to calling mpi_read_raw_from_sgl() because in the case of error the 'ret' variable will be assigned to the error code inside the if block. In the case of non failure, 'ret' will be overwritten immediately after, so remove the unneeded assignment. Signed-off-by: NFabio Estevam <fabio.estevam@nxp.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Mahipal Challa 提交于
The following error is triggered by the ThunderX ZIP driver if the testmanager is enabled: [ 199.069437] ThunderX-ZIP 0000:03:00.0: Found ZIP device 0 177d:a01a on Node 0 [ 199.073573] alg: comp: Compression test 1 failed for deflate-generic: output len = 37 The reason for this error is the verification of the compression results. Verifying the compression result only works if all algorithm parameters are identical, in this case to the software implementation. Different compression engines like the ThunderX ZIP coprocessor might yield different compression results by tuning the algorithm parameters. In our case the compressed result is shorter than the test vector. We should not forbid different compression results but only check that compression -> decompression yields the same result. This is done already in the acomp test. Do something similar for test_comp(). Signed-off-by: NMahipal Challa <mchalla@cavium.com> Signed-off-by: NBalakrishna Bhamidipati <bbhamidipati@cavium.com> [jglauber@cavium.com: removed unrelated printk changes, rewrote commit msg, fixed whitespace and unneeded initialization] Signed-off-by: NJan Glauber <jglauber@cavium.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Salvatore Mesoraca 提交于
We avoid various VLAs[1] by using constant expressions for block size and alignment mask. [1] http://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.comSigned-off-by: NSalvatore Mesoraca <s.mesoraca16@gmail.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Salvatore Mesoraca 提交于
In preparation for the removal of VLAs[1] from crypto code. We create 2 new compile-time constants: all ciphers implemented in Linux have a block size less than or equal to 16 bytes and the most demanding hw require 16 bytes alignment for the block buffer. We also enforce these limits in crypto_check_alg when a new cipher is registered. [1] http://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.comSigned-off-by: NSalvatore Mesoraca <s.mesoraca16@gmail.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Tudor-Dan Ambarus 提交于
In crypto_authenc_esn_setkey we save pointers to the authenc keys in a local variable of type struct crypto_authenc_keys and we don't zeroize it after use. Fix this and don't leak pointers to the authenc keys. Signed-off-by: NTudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Tudor-Dan Ambarus 提交于
In crypto_authenc_setkey we save pointers to the authenc keys in a local variable of type struct crypto_authenc_keys and we don't zeroize it after use. Fix this and don't leak pointers to the authenc keys. Signed-off-by: NTudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Nick Terrell 提交于
Adds zstd support to crypto and scompress. Only supports the default level. Previously we held off on this patch, since there weren't any users. Now zram is ready for zstd support, but depends on CONFIG_CRYPTO_ZSTD, which isn't defined until this patch is in. I also see a patch adding zstd to pstore [0], which depends on crypto zstd. [0] lkml.kernel.org/r/9c9416b2dff19f05fb4c35879aaa83d11ff72c92.1521626182.git.geliangtang@gmail.com Signed-off-by: NNick Terrell <terrelln@fb.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Kees Cook 提交于
On the quest to remove all VLAs from the kernel[1], this avoids VLAs by just using the maximum allocation size (4 bytes) for stack arrays. All the VLAs in ecc were either 3 or 4 bytes (or a multiple), so just make it 4 bytes all the time. Initialization routines are adjusted to check that ndigits does not end up larger than the arrays. This includes a removal of the earlier attempt at this fix from commit a963834b4742 ("crypto/ecc: Remove stack VLA usage") [1] https://lkml.org/lkml/2018/3/7/621Signed-off-by: NKees Cook <keescook@chromium.org> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Stephan Mueller 提交于
During freeing of the internal buffers used by the DRBG, set the pointer to NULL. It is possible that the context with the freed buffers is reused. In case of an error during initialization where the pointers do not yet point to allocated memory, the NULL value prevents a double free. Cc: stable@vger.kernel.org Fixes: 3cfc3b97 ("crypto: drbg - use aligned buffers") Signed-off-by: NStephan Mueller <smueller@chronox.de> Reported-by: syzbot+75397ee3df5c70164154@syzkaller.appspotmail.com Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Eric Biggers 提交于
Commit eb02c38f ("crypto: api - Keep failed instances alive") is making allocating crypto transforms sometimes fail with ELIBBAD, when multiple processes try to access encrypted files with fscrypt for the first time since boot. The problem is that the "request larval" for the algorithm is being mistaken for an algorithm which failed its tests. Fix it by only returning ELIBBAD for "non-larval" algorithms. Also don't leak a reference to the algorithm. Fixes: eb02c38f ("crypto: api - Keep failed instances alive") Signed-off-by: NEric Biggers <ebiggers@google.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
- 08 4月, 2018 1 次提交
-
-
由 Eric Dumazet 提交于
syzbot reported : BUG: KMSAN: uninit-value in alg_bind+0xe3/0xd90 crypto/af_alg.c:162 We need to check addr_len before dereferencing sa (or uaddr) Fixes: bb30b884 ("crypto: af_alg - whitelist mask and type") Signed-off-by: NEric Dumazet <edumazet@google.com> Reported-by: Nsyzbot <syzkaller@googlegroups.com> Cc: Stephan Mueller <smueller@chronox.de> Cc: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 07 4月, 2018 3 次提交
-
-
由 Masahiro Yamada 提交于
Our convention is to distinguish file types by suffixes with a period as a separator. *-asn1.[ch] is a different pattern from other generated sources such as *.lex.c, *.tab.[ch], *.dtb.S, etc. More confusing, files with '-asn1.[ch]' are generated files, but '_asn1.[ch]' are checked-in files: net/netfilter/nf_conntrack_h323_asn1.c include/linux/netfilter/nf_conntrack_h323_asn1.h include/linux/sunrpc/gss_asn1.h Rename generated files to *.asn1.[ch] for consistency. Signed-off-by: NMasahiro Yamada <yamada.masahiro@socionext.com>
-
由 Masahiro Yamada 提交于
Clean up these patterns from the top Makefile to omit 'clean-files' in each Makefile. Signed-off-by: NMasahiro Yamada <yamada.masahiro@socionext.com>
-
由 Masahiro Yamada 提交于
These are common patterns where source files are parsed by the asn1_compiler. Signed-off-by: NMasahiro Yamada <yamada.masahiro@socionext.com>
-
- 31 3月, 2018 6 次提交
-
-
由 Herbert Xu 提交于
When we have an unaligned SG list entry where there is no leftover aligned data, the hash walk code will incorrectly return zero as if the entire SG list has been processed. This patch fixes it by moving onto the next page instead. Reported-by: NEli Cooper <elicooper@gmx.com> Cc: <stable@vger.kernel.org> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Herbert Xu 提交于
The buffer rctx->ext contains potentially sensitive data and should be freed with kzfree. Cc: <stable@vger.kernel.org> Fixes: 700cb3f5 ("crypto: lrw - Convert to skcipher") Reported-by: NDan Carpenter <dan.carpenter@oracle.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Andy Shevchenko 提交于
Deduplicate le32_to_cpu_array() and cpu_to_le32_array() by moving them to the generic header. No functional change implied. Signed-off-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Herbert Xu 提交于
This patch reverts commit 9c521a20 ("crypto: api - remove instance when test failed") and fixes the underlying problem in a different way. To recap, prior to the reverted commit, an instance that fails a self-test is kept around. However, it would satisfy any new lookups against its name and therefore the system may accumlulate an unbounded number of failed instances for the same algorithm name. The reverted commit fixed it by unregistering the instance. Hoever, this still does not prevent the creation of the same failed instance over and over again each time the name is looked up. This patch fixes it by keeping the failed instance around, just as we would if it were a normal algorithm. However, the lookup code has been udpated so that we do not attempt to create another instance as long as this failed one is still registered. Of course, you could still force a new creation by deleting the instance from user-space. A new error (ELIBBAD) has been commandeered for this purpose and will be returned when all registered algorithm of a given name have failed the self-test. Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Herbert Xu 提交于
The function crypto_alg_lookup is only usd within the crypto API and should be not be exported to the modules. This patch marks it as a static function. Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Herbert Xu 提交于
The lookup function in crypto_type was only used for the implicit IV generators which have been completely removed from the crypto API. This patch removes the lookup function as it is now useless. Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
- 16 3月, 2018 4 次提交
-
-
由 Ard Biesheuvel 提交于
In order to be able to test yield support under preempt, add a test vector for CRC-T10DIF that is long enough to take multiple iterations (and thus possible preemption between them) of the primary loop of the accelerated x86 and arm64 implementations. Signed-off-by: NArd Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Kees Cook 提交于
On the quest to remove all VLAs from the kernel[1], this switches to a pair of kmalloc regions instead of using the stack. This also moves the get_random_bytes() after all allocations (and drops the needless "nbytes" variable). [1] https://lkml.org/lkml/2018/3/7/621Signed-off-by: NKees Cook <keescook@chromium.org> Reviewed-by: NTudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Gilad Ben-Yossef 提交于
Add testmgr tests for the newly introduced SM4 ECB symmetric cipher. Signed-off-by: NGilad Ben-Yossef <gilad@benyossef.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Gilad Ben-Yossef 提交于
Introduce the SM4 cipher algorithms (OSCCA GB/T 32907-2016). SM4 (GBT.32907-2016) is a cryptographic standard issued by the Organization of State Commercial Administration of China (OSCCA) as an authorized cryptographic algorithms for the use within China. SMS4 was originally created for use in protecting wireless networks, and is mandated in the Chinese National Standard for Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) (GB.15629.11-2003). Signed-off-by: NGilad Ben-Yossef <gilad@benyossef.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
- 10 3月, 2018 1 次提交
-
-
由 David Howells 提交于
Remove the MN10300 arch as the hardware is defunct. Suggested-by: NArnd Bergmann <arnd@arndb.de> Signed-off-by: NDavid Howells <dhowells@redhat.com> cc: Masahiro Yamada <yamada.masahiro@socionext.com> cc: linux-am33-list@redhat.com Signed-off-by: NArnd Bergmann <arnd@arndb.de>
-
- 09 3月, 2018 2 次提交
-
-
由 James Bottomley 提交于
Apparently the ecdh use case was in bluetooth which always has single element scatterlists, so the ecdh module was hard coded to expect them. Now we're using this in TPM, we need multi-element scatterlists, so remove this limitation. Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 James Bottomley 提交于
TPM security routines require encryption and decryption with AES in CFB mode, so add it to the Linux Crypto schemes. CFB is basically a one time pad where the pad is generated initially from the encrypted IV and then subsequently from the encrypted previous block of ciphertext. The pad is XOR'd into the plain text to get the final ciphertext. https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CFBSigned-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
- 03 3月, 2018 7 次提交
-
-
由 Eric Biggers 提交于
All users of ablk_helper have been converted over to crypto_simd, so remove ablk_helper. Signed-off-by: NEric Biggers <ebiggers@google.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Eric Biggers 提交于
Now that all users of lrw_crypt() have been removed in favor of the LRW template wrapping an ECB mode algorithm, remove lrw_crypt(). Also remove crypto/lrw.h as that is no longer needed either; and fold 'struct lrw_table_ctx' into 'struct priv', lrw_init_table() into setkey(), and lrw_free_table() into exit_tfm(). Signed-off-by: NEric Biggers <ebiggers@google.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Eric Biggers 提交于
Now that all users of xts_crypt() have been removed in favor of the XTS template wrapping an ECB mode algorithm, remove xts_crypt(). Signed-off-by: NEric Biggers <ebiggers@google.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Eric Biggers 提交于
Convert the AESNI AVX and AESNI AVX2 implementations of Camellia from the (deprecated) ablkcipher and blkcipher interfaces over to the skcipher interface. Note that this includes replacing the use of ablk_helper with crypto_simd. Signed-off-by: NEric Biggers <ebiggers@google.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Eric Biggers 提交于
Convert the x86 asm implementation of Camellia from the (deprecated) blkcipher interface over to the skcipher interface. Signed-off-by: NEric Biggers <ebiggers@google.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Eric Biggers 提交于
The XTS template now wraps an ECB mode algorithm rather than the block cipher directly. Therefore it is now redundant for crypto modules to wrap their ECB code with generic XTS code themselves via xts_crypt(). Remove the xts-camellia-asm algorithm which did this. Users who request xts(camellia) and previously would have gotten xts-camellia-asm will now get xts(ecb-camellia-asm) instead, which is just as fast. Signed-off-by: NEric Biggers <ebiggers@google.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Eric Biggers 提交于
The LRW template now wraps an ECB mode algorithm rather than the block cipher directly. Therefore it is now redundant for crypto modules to wrap their ECB code with generic LRW code themselves via lrw_crypt(). Remove the lrw-camellia-asm algorithm which did this. Users who request lrw(camellia) and previously would have gotten lrw-camellia-asm will now get lrw(ecb-camellia-asm) instead, which is just as fast. Signed-off-by: NEric Biggers <ebiggers@google.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-