- 26 1月, 2015 5 次提交
-
-
由 Cristian Stoica 提交于
- assoc_nents and src_nents are never zero when all_contig is false - iv_contig is zero on the else branch Signed-off-by: NCristian Stoica <cristian.stoica@freescale.com> Reviewed-by: NRichard Schmitt <richard.schmitt@freescale.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Kim Phillips 提交于
ICV check failures are part of normal operation; leave user notification up to the higher levels, as is done in s/w algorithm implementations. Signed-off-by: NKim Phillips <kim.phillips@freescale.com> Tested-by: NCristian Stoica <cristian.stoica@freescale.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Michael S. Tsirkin 提交于
makes code look a bit prettier. Cc: linux-crypto@vger.kernel.org. Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Cristian Stoica 提交于
Modify crypto drivers to use the generic SG helper since both of them are equivalent and the one from crypto is redundant. See also: 468577ab reverted in b2ab4a57Signed-off-by: NCristian Stoica <cristian.stoica@freescale.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Christophe Jaillet 提交于
If only one of the 2 __get_free_pages fails, then there is a memory leak. Signed-off-by: NChristophe Jaillet <christophe.jaillet@wanadoo.fr> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
- 20 1月, 2015 5 次提交
-
-
由 Stephan Mueller 提交于
As documented in Documentation/kernel-doc-nano-HOWTO.txt lines terminated with a colon are treated as headings. The current layout of the documentation when compiling the kernel crypto API DocBook documentation is messed up by by treating some lines as headings. The patch removes colons from comments that shall not be treated as headings. Signed-off-by: NStephan Mueller <smueller@chronox.de> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Herbert Xu 提交于
Since seqiv is designed for IPsec we need to be able to accomodate the whole IPsec sequence number in order to ensure the uniqueness of the IV. This patch forbids any algorithm with an IV size of less than 8 from using it. This should have no impact on existing users since they all have an IV size of 8. Reported-by: NMaciej ?enczykowski <zenczykowski@gmail.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au> Acked-by: NMaciej ?enczykowski <zenczykowski@gmail.com>
-
由 Herbert Xu 提交于
The cts algorithm as currently implemented assumes the underlying is a CBC-mode algorithm. So this patch adds a check for that to eliminate bogus combinations of cts with non-CBC modes. Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Michael S. Tsirkin 提交于
hw random is crypto-related, Cc the linux-crypto list on patches. Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Herbert Xu 提交于
The seqiv generator is completely inappropriate for cts as it's designed for IPsec algorithms. Since cts users do not actually use the IV generator we can just fall back to the default. Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au> Acked-by: NMaciej ?enczykowski <zenczykowski@gmail.com>
-
- 16 1月, 2015 1 次提交
-
-
由 Tadeusz Struk 提交于
We don't need the qat_auth_state structure anymore. Signed-off-by: NTadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
- 14 1月, 2015 3 次提交
-
-
由 Wei Yongjun 提交于
Fixes the following sparse warnings: crypto/algif_rng.c:185:13: warning: symbol 'rng_exit' was not declared. Should it be static? Signed-off-by: NWei Yongjun <yongjun_wei@trendmicro.com.cn> Acked-by: NStephan Mueller <smueller@chronox.de> Acked-by: NNeil Horman <nhorman@tuxdriver.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Herbert Xu 提交于
The patch ad511e26 (crypto: qat - Fix incorrect uses of memzero_explicit) broke hashing because the code was in fact overwriting the qat_auth_state variable. In fact there is no reason for the variable to exist anyway since all we are using it for is to store ipad and opad. So we could simply create ipad and opad directly and avoid this whole mess. Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Timothy McCaffrey 提交于
These patches fix the RFC4106 implementation in the aesni-intel module so it supports 192 & 256 bit keys. Since the AVX support that was added to this module also only supports 128 bit keys, and this patch only affects the SSE implementation, changes were also made to use the SSE version if key sizes other than 128 are specified. RFC4106 specifies that 192 & 256 bit keys must be supported (section 8.4). Also, this should fix Strongswan issue 341 where the aesni module needs to be unloaded if 256 bit keys are used: http://wiki.strongswan.org/issues/341 This patch has been tested with Sandy Bridge and Haswell processors. With 128 bit keys and input buffers > 512 bytes a slight performance degradation was noticed (~1%). For input buffers of less than 512 bytes there was no performance impact. Compared to 128 bit keys, 256 bit key size performance is approx. .5 cycles per byte slower on Sandy Bridge, and .37 cycles per byte slower on Haswell (vs. SSE code). This patch has also been tested with StrongSwan IPSec connections where it worked correctly. I created this diff from a git clone of crypto-2.6.git. Any questions, please feel free to contact me. Signed-off-by: NTimothy McCaffrey <timothy.mccaffrey@unisys.com> Signed-off-by: NJarod Wilson <jarod@redhat.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
- 13 1月, 2015 11 次提交
-
-
由 Mathias Krause 提交于
This module implements variations of "des3_ede" only. Drop the bogus module aliases for "des". Cc: Jussi Kivilinna <jussi.kivilinna@iki.fi> Signed-off-by: NMathias Krause <minipli@googlemail.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Mathias Krause 提交于
MD5 is not SHA1. Cc: David S. Miller <davem@davemloft.net> Signed-off-by: NMathias Krause <minipli@googlemail.com> Acked-by: NDavid S. Miller <davem@davemloft.net> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Mathias Krause 提交于
This module provides implementations for "des3_ede", too. Announce those via an appropriate crypto module alias so it can be used in favour to the generic C implementation. Cc: David S. Miller <davem@davemloft.net> Signed-off-by: NMathias Krause <minipli@googlemail.com> Acked-by: NDavid S. Miller <davem@davemloft.net> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Mathias Krause 提交于
The module alias should be "camellia", not "aes". Cc: David S. Miller <davem@davemloft.net> Signed-off-by: NMathias Krause <minipli@googlemail.com> Acked-by: NDavid S. Miller <davem@davemloft.net> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Mathias Krause 提交于
AES is a block cipher, not a hash. Cc: David S. Miller <davem@davemloft.net> Signed-off-by: NMathias Krause <minipli@googlemail.com> Acked-by: NDavid S. Miller <davem@davemloft.net> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Allan, Bruce W 提交于
Signed-off-by: NBruce Allan <bruce.w.allan@intel.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Allan, Bruce W 提交于
Prior to resetting the hardware, use pci_wait_for_pending_transaction() instead of open coding similar functionality. Signed-off-by: NBruce Allan <bruce.w.allan@intel.com> Acked-by: NTadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Allan, Bruce W 提交于
In adf_dev_stop(), adf_ae_stop() is never called because adf_dev_started() will always return false since the ADF_STATUS_STARTED bit is cleared earlier in the function. Signed-off-by: NBruce Allan <bruce.w.allan@intel.com> Acked-by: NTadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Allan, Bruce W 提交于
Signed-off-by: NBruce Allan <bruce.w.allan@intel.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Allan, Bruce W 提交于
When the device needs a reset, e.g. when an uncorrectable PCIe AER event occurs, various services/data structures need to be cleaned up, the hardware reset and the services/data structures initialized and started. The code to perform the cleanup and initialization was not performed when a device reset was done. This patch moves some of the initialization code out of the .probe entry- point into a separate function that is now called during probe as well as after the hardware has been reset. Similarly, a new function is added for first cleaning up these services/data structures prior to resetting. The new functions are adf_dev_init() and adf_dev_shutdown(), respectively, for which there are already prototypes but no actual functions just yet and are now called when the device is reset and during probe/cleanup of the driver. The down and up flows via ioctl calls has similarly been updated. In addition, there are two other bugs in the reset flow - one in the logic for determining whether to schedule a device reset upon receiving an uncorrectable AER event which prevents the reset flow from being initiated, and another with clearing the status bit indicating a device is configured (when resetting the device the configuration remains across the reset so the bit should not be cleared, otherwise, the necessary services will not be re-started in adf_dev_start() after the reset - clear the bit only when actually deleting the configuration). Signed-off-by: NBruce Allan <bruce.w.allan@intel.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Rabin Vincent 提交于
tcrypt/testmgr uses wait_for_completion_interruptible() everywhere when it waits for a request to be completed. If it's interrupted, then the test is aborted and the request is freed. However, if any of these calls actually do get interrupted, the result will likely be a kernel crash, when the driver handles the now-freed request. Use wait_for_completion() instead. Signed-off-by: NRabin Vincent <rabin.vincent@axis.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
- 08 1月, 2015 4 次提交
-
-
由 Daniel Borkmann 提交于
Lets improve the comment to add a note on when to use memzero_explicit() for those not digging through the git logs. We don't want people to pollute places with memzero_explicit() where it's not really necessary. Reference: https://lkml.org/lkml/2015/1/4/190Suggested-by: NHerbert Xu <herbert@gondor.apana.org.au> Signed-off-by: NDaniel Borkmann <dborkman@redhat.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Herbert Xu 提交于
memzero_explicit should only be used on stack variables that get zapped just before they go out of scope. This patch replaces all unnecessary uses of memzero_explicit with memset, removes two memzero_explicit calls altogether as the tfm context comes pre-zeroed, and adds a missing memzero_explicit of the stack variable buff in qat_alg_do_precomputes. The memzeros on ipad/opad + digest_size/auth_keylen are also removed as the entire auth_state is already zeroed on entry. Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au> Acked-by: NTadeusz Struk <tadeusz.struk@intel.com>
-
由 Stephan Mueller 提交于
The AEAD decryption operation requires the authentication tag to be present as part of the cipher text buffer. The added check verifies that the caller provides a cipher text with at least the authentication tag. Signed-off-by: NStephan Mueller <smueller@chronox.de> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Asaf Vertz 提交于
dd->total is unsigned so it won't do any good to check for negative value after subtracting instead of that we should check if the subtracted value is bigger than him This was partially found by using a static code analysis program called cppcheck. Signed-off-by: NAsaf Vertz <asaf.vertz@tandemg.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
- 05 1月, 2015 3 次提交
-
-
由 Masanari Iida 提交于
This patch removes unnecessary KERN_ERR from bfin_crypto_crc_mod_init(). Signed-off-by: NMasanari Iida <standby24x7@gmail.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Rickard Strandqvist 提交于
Remove the function get_dynamic_sa_offset_iv_field() that is not used anywhere. This was partially found by using a static code analysis program called cppcheck. Signed-off-by: NRickard Strandqvist <rickard_strandqvist@spectrumdigital.se> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Herbert Xu 提交于
This reverts commit 421d82f5. None of the data zeroed are on the stack so the compiler cannot optimise them away. Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
- 29 12月, 2014 2 次提交
-
-
由 Stephan Mueller 提交于
Enable compilation of the RNG AF_ALG support and provide a Kconfig option to compile the RNG AF_ALG support. Signed-off-by: NStephan Mueller <smueller@chronox.de> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Stephan Mueller 提交于
This patch adds the random number generator support for AF_ALG. A random number generator's purpose is to generate data without requiring the caller to provide any data. Therefore, the AF_ALG interface handler for RNGs only implements a callback handler for recvmsg. The following parameters provided with a recvmsg are processed by the RNG callback handler: * sock - to resolve the RNG context data structure accessing the RNG instance private to the socket * len - this parameter allows userspace callers to specify how many random bytes the RNG shall produce and return. As the kernel context for the RNG allocates a buffer of 128 bytes to store random numbers before copying them to userspace, the len parameter is checked that it is not larger than 128. If a caller wants more random numbers, a new request for recvmsg shall be made. The size of 128 bytes is chose because of the following considerations: * to increase the memory footprint of the kernel too much (note, that would be 128 bytes per open socket) * 128 is divisible by any typical cryptographic block size an RNG may have * A request for random numbers typically only shall supply small amount of data like for keys or IVs that should only require one invocation of the recvmsg function. Note, during instantiation of the RNG, the code checks whether the RNG implementation requires seeding. If so, the RNG is seeded with output from get_random_bytes. A fully working example using all aspects of the RNG interface is provided at http://www.chronox.de/libkcapi.htmlSigned-off-by: NStephan Mueller <smueller@chronox.de> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
- 26 12月, 2014 6 次提交
-
-
由 Stephan Mueller 提交于
alg_setkey should zeroize the sensitive data after use. Signed-off-by: NStephan Mueller <smueller@chronox.de> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Herbert Xu 提交于
We always do hwrng_init in set_current_rng. In fact, our current reference count system relies on this. So make this explicit by moving hwrng_init into set_current_rng. Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Herbert Xu 提交于
Rather than having callers of set_current_rng call drop_current_rng, we can do it directly in set_current_rng. Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Herbert Xu 提交于
Currently we only register the device when a valid RNG is added. However the way it's done is buggy because we test whether there is a current RNG to determine whether we need to register. As the current RNG may be missing due to a reinitialisation error this can lead to a reregistration of the device. As the device already has to handle a NULL current RNG anyway, let's just register the device always and remove the complexity. Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Herbert Xu 提交于
The kref solution is still buggy because we were only focusing on the register/unregister race. The same race affects the setting of current_rng through sysfs. This patch fixes it by using kref_get_unless_zero. Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Herbert Xu 提交于
There is no point in doing a manual completion for cleanup_done when struct completion fits in perfectly. Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-