- 14 Dec, 2016 3 commits
-
-
Ard Biesheuvel authored
The new skcipher walk API may crash in the following way. (Interestingly, the tcrypt boot time tests seem unaffected, while an explicit test using the module triggers it) Unable to handle kernel NULL pointer dereference at virtual address 00000000 ... [<ffff000008431d84>] __memcpy+0x84/0x180 [<ffff0000083ec0d0>] skcipher_walk_done+0x328/0x340 [<ffff0000080c5c04>] ctr_encrypt+0x84/0x100 [<ffff000008406d60>] simd_skcipher_encrypt+0x88/0x98 [<ffff0000083fa05c>] crypto_rfc3686_crypt+0x8c/0x98 [<ffff0000009b0900>] test_skcipher_speed+0x518/0x820 [tcrypt] [<ffff0000009b31c0>] do_test+0x1408/0x3b70 [tcrypt] [<ffff0000009bd050>] tcrypt_mod_init+0x50/0x1000 [tcrypt] [<ffff0000080838f4>] do_one_initcall+0x44/0x138 [<ffff0000081aee60>] do_init_module+0x68/0x1e0 [<ffff0000081524d0>] load_module+0x1fd0/0x2458 [<ffff000008152c38>] SyS_finit_module+0xe0/0xf0 [<ffff0000080836f0>] el0_svc_naked+0x24/0x28 This is due to the fact that skcipher_done_slow() may be entered with walk->buffer unset. Since skcipher_walk_done() already deals with the case where walk->buffer == walk->page, it appears to be the intention that walk->buffer point to walk->page after skcipher_next_slow(), so ensure that is the case. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Alex Yashchenko authored
When src and dst both are specified and they point to the same file the sign-file utility will write only signature to the dst file and the module (.ko file) body will not be written. That happens because we open the same file with "rb" and "wb" flags, from fopen man: w Truncate file to zero length or create text file for writing. The stream is positioned at the beginning of the file. ... bm = BIO_new_file(module_name, "rb"); ... bd = BIO_new_file(dest_name, "wb"); ... while ((n = BIO_read(bm, buf, sizeof(buf))), n > 0) { ERR(BIO_write(bd, buf, n) < 0, "%s", dest_name); } ... Signed-off-by: Alex Yashchenko <alexhoppus111@gmail.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Pan Bian authored
In function public_key_verify_signature(), returns variable ret on error paths. When the call to kmalloc() fails, the value of ret is 0, and it is not set to an errno before returning. This patch fixes the bug. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188891Signed-off-by: Pan Bian <bianpan2016@163.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
- 08 Dec, 2016 1 commit
-
-
Ard Biesheuvel authored
Commit 7e4c7f17 ("crypto: testmgr - avoid overlap in chunked tests") attempted to address a problem in the crypto testmgr code where chunked test cases are copied to memory in a way that results in overlap. However, the fix recreated the exact same issue for other chunked tests, by putting IDX3 within 492 bytes of IDX1, which causes overlap if the first chunk exceeds 492 bytes, which is the case for at least one of the xts(aes) test cases. So increase IDX3 by another 1000 bytes. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
- 07 Dec, 2016 8 commits
-
-
Ard Biesheuvel authored
This is a combination of the the Intel algorithm implemented using SSE and PCLMULQDQ instructions from arch/x86/crypto/crc32-pclmul_asm.S, and the new CRC32 extensions introduced for both 32-bit and 64-bit ARM in version 8 of the architecture. Two versions of the above combo are provided, one for CRC32 and one for CRC32C. The PMULL/NEON algorithm is faster, but operates on blocks of at least 64 bytes, and on multiples of 16 bytes only. For the remaining input, or for all input on systems that lack the PMULL 64x64->128 instructions, the CRC32 instructions will be used. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Ard Biesheuvel authored
This is a combination of the the Intel algorithm implemented using SSE and PCLMULQDQ instructions from arch/x86/crypto/crc32-pclmul_asm.S, and the new CRC32 extensions introduced for both 32-bit and 64-bit ARM in version 8 of the architecture. Two versions of the above combo are provided, one for CRC32 and one for CRC32C. The PMULL/NEON algorithm is faster, but operates on blocks of at least 64 bytes, and on multiples of 16 bytes only. For the remaining input, or for all input on systems that lack the PMULL 64x64->128 instructions, the CRC32 instructions will be used. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Ard Biesheuvel authored
This is a transliteration of the Intel algorithm implemented using SSE and PCLMULQDQ instructions that resides in the file arch/x86/crypto/crct10dif-pcl-asm_64.S, but simplified to only operate on buffers that are 16 byte aligned (but of any size) Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Ard Biesheuvel authored
This is a transliteration of the Intel algorithm implemented using SSE and PCLMULQDQ instructions that resides in the file arch/x86/crypto/crct10dif-pcl-asm_64.S, but simplified to only operate on buffers that are 16 byte aligned (but of any size) Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Ard Biesheuvel authored
The existing test cases only exercise a small slice of the various possible code paths through the x86 SSE/PCLMULQDQ implementation, and the upcoming ports of it for arm64. So add one that exceeds 256 bytes in size, and convert another to a chunked test. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Ard Biesheuvel authored
The IDXn offsets are chosen such that tap values (which may go up to 255) end up overlapping in the xbuf allocation. In particular, IDX1 and IDX3 are too close together, so update IDX3 to avoid this issue. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Dan Carpenter authored
The create_hash_wr() function never returns error pointers. It returns NULL on error. Fixes: 358961d1 ("crypto: chcr - Added new structure chcr_wr") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Marcus Folkesson authored
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
- 01 Dec, 2016 11 commits
-
-
Stephan Mueller authored
Handle the case when the caller provided a zero buffer to sendmsg/sendpage. Such scenario is legal for AEAD ciphers when no plaintext / ciphertext and no AAD is provided and the caller only requests the generation of the tag value. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Herbert Xu authored
The variable aes_simd_algs should be static. In fact if it isn't it causes build errors when multiple copies of aes-ce-glue.c are built into the kernel. Fixes: da40e7a4 ("crypto: aes-ce - Convert to skcipher") Reported-by: kbuild test robot <fengguang.wu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Pan Bian authored
Fix bug https://bugzilla.kernel.org/show_bug.cgi?id=188521. In function skcipher_recvmsg_async(), variable err takes the return value, and its value should be negative on failures. Because variable err may be reassigned and checked before calling kcalloc(), its value may be 0 (indicates no error) even if kcalloc() fails. This patch fixes the bug by explicitly assigning -ENOMEM to err when kcalloc() returns a NULL pointer. Signed-off-by: Pan Bian <bianpan2016@163.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Arnd Bergmann authored
The drivers/crypto/caam/ directory is entered during build only for building modules when CONFIG_CRYPTO_DEV_FSL_CAAM=m, but CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_DESC is defined as a 'bool' symbol, meaning that caamalg_desc.c is always compiled into built-in code, or not at all, leading to a link failure: ERROR: "cnstr_shdsc_xts_ablkcipher_decap" [drivers/crypto/caam/caamalg.ko] undefined! ERROR: "cnstr_shdsc_xts_ablkcipher_encap" [drivers/crypto/caam/caamalg.ko] undefined! ERROR: "cnstr_shdsc_aead_givencap" [drivers/crypto/caam/caamalg.ko] undefined! ERROR: "cnstr_shdsc_aead_decap" [drivers/crypto/caam/caamalg.ko] undefined! ERROR: "cnstr_shdsc_aead_encap" [drivers/crypto/caam/caamalg.ko] undefined! ERROR: "cnstr_shdsc_aead_null_decap" [drivers/crypto/caam/caamalg.ko] undefined! ERROR: "cnstr_shdsc_aead_null_encap" [drivers/crypto/caam/caamalg.ko] undefined! ERROR: "cnstr_shdsc_rfc4106_decap" [drivers/crypto/caam/caamalg.ko] undefined! ERROR: "cnstr_shdsc_rfc4106_encap" [drivers/crypto/caam/caamalg.ko] undefined! ... Making caamalg_desc itself a loadable module fixes this configuration by ensuring the driver gets built. Aside from making the symbol 'tristate', I'm adding appropriate module metadata here. Fixes: 8cea7b66 ("crypto: caam - refactor encryption descriptors generation") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Arnd Bergmann authored
The 'key' field is defined as a 'u64' and used for two different pieces of information: either to store a pointer or a dma_addr_t. The former leads to a build error on 32-bit machines: drivers/crypto/caam/caamalg_desc.c: In function 'cnstr_shdsc_aead_null_encap': drivers/crypto/caam/caamalg_desc.c:67:27: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast] drivers/crypto/caam/caamalg_desc.c: In function 'cnstr_shdsc_aead_null_decap': drivers/crypto/caam/caamalg_desc.c:143:27: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast] Using a union to provide correct types gets rid of the warnings and as well as a couple of redundant casts. Fixes: db57656b ("crypto: caam - group algorithm related params") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Herbert Xu authored
This patch fixes the ARM64 CE CCM implementation decryption by using skcipher_walk_aead_decrypt instead of skcipher_walk_aead, which ensures the correct length is used when doing the walk. Fixes: cf2c0fe7 ("crypto: aes-ce-ccm - Use skcipher walk interface") Reported-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Baruch Siach authored
Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Baruch Siach authored
The asynchronous API is quite mature. Not mentioning is at all is probably better than saying it is under development. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Baruch Siach authored
Fixes: 8bc618d6 ("crypto: doc - Use ahash") Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Baruch Siach authored
Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Herbert Xu authored
The AEAD decrypt interface includes the authentication tag in req->cryptlen. Therefore we need to exlucde that when doing a walk over it. This patch adds separate walker functions for AEAD encryption and decryption. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
-
- 30 Nov, 2016 17 commits
-
-
Ard Biesheuvel authored
The CBC encryption routine should use the encryption round keys, not the decryption round keys. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Harsh Jain authored
Add support for following AEAD algos. GCM,CCM,RFC4106,RFC4309,authenc(hmac(shaXXX),cbc(aes)). Reviewed-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Harsh Jain <harsh@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Harsh Jain authored
Move request specific data in request context. Signed-off-by: Harsh Jain <harsh@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Harsh Jain authored
Use SHASH_DESC_ON_STACK macro to allocate memory for ipad/opad calculation. Signed-off-by: Harsh Jain <harsh@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Harsh Jain authored
Destination buffer size passed to hardware should not be greater than crypto operation output. Signed-off-by: Harsh Jain <harsh@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Harsh Jain authored
Move reverse round key calculation logic in setkey operation. Signed-off-by: Harsh Jain <harsh@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Harsh Jain authored
Remove malloc/free in hash operation and allocate memory in chcr_ahash_req_ctx structure. Signed-off-by: Jitendra Lulla <JLULLA@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Harsh Jain authored
Fixes 324429d7, Unchecked dereference inside function. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Jitendra Lulla <JLULLA@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Harsh Jain authored
Added new structure chcr_wr to populate Work Request Header. Signed-off-by: Jitendra Lulla <JLULLA@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Harsh Jain authored
Moves get_aes_decrypt_key function to .c file and declare inline for "aes_ks_subword" Signed-off-by: Jitendra Lulla <JLULLA@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Ard Biesheuvel authored
Fix a missing statement that got lost in the skcipher conversion of the CTR transform. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Ard Biesheuvel authored
The new skcipher_walk_aead() may crash in the following way due to the walk flag SKCIPHER_WALK_PHYS not being cleared at the start of the walk: Unable to handle kernel NULL pointer dereference at virtual address 00000001 [..] Internal error: Oops: 96000044 [#1] PREEMPT SMP [..] PC is at skcipher_walk_next+0x208/0x450 LR is at skcipher_walk_next+0x1e4/0x450 pc : [<ffff2b93b7104e20>] lr : [<ffff2b93b7104dfc>] pstate: 40000045 sp : ffffb925fa517940 [...] [<ffff2b93b7104e20>] skcipher_walk_next+0x208/0x450 [<ffff2b93b710535c>] skcipher_walk_first+0x54/0x148 [<ffff2b93b7105664>] skcipher_walk_aead+0xd4/0x108 [<ffff2b93b6e77928>] ccm_encrypt+0x68/0x158 So clear the flag at the appropriate time. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Ard Biesheuvel authored
When building the arm64 kernel with both CONFIG_CRYPTO_AES_ARM64_CE_BLK=y and CONFIG_CRYPTO_AES_ARM64_NEON_BLK=y configured, the build breaks with the following error: arch/arm64/crypto/aes-neon-blk.o:(.bss+0x0): multiple definition of `aes_simd_algs' arch/arm64/crypto/aes-ce-blk.o:(.bss+0x0): first defined here Fix this by making aes_simd_algs 'static'. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Herbert Xu authored
This patch adds one more missing SIMD select for AES_ARM_BS. It also changes selects on ALGAPI to BLKCIPHER. Fixes: 211f41af ("crypto: aesbs - Convert to skcipher") Reported-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6Herbert Xu authored
Merge the crypto tree to pull in chelsio chcr fix.
-
David Michael authored
Both asn1 headers are included by rsa_helper.c, so rsa_helper.o should explicitly depend on them. Signed-off-by: David Michael <david.michael@coreos.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Harsh Jain authored
Fix memory corruption done by *((u32 *)dec_key + k) operation. Signed-off-by: Jitendra Lulla <JLULLA@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-