- 30 Nov, 2016 4 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6Herbert Xu authored
Merge the crypto tree to pull in chelsio chcr fix.
-
David Michael authored
Both asn1 headers are included by rsa_helper.c, so rsa_helper.o should explicitly depend on them. Signed-off-by:
David Michael <david.michael@coreos.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
Harsh Jain authored
Fix memory corruption done by *((u32 *)dec_key + k) operation. Signed-off-by:
Jitendra Lulla <JLULLA@chelsio.com> Signed-off-by:
-
Stephan Mueller authored
When using SGs, only heap memory (memory that is valid as per virt_addr_valid) is allowed to be referenced. The CTR DRBG used to reference the caller-provided memory directly in an SG. In case the caller provided stack memory pointers, the SG mapping is not considered to be valid. In some cases, this would even cause a paging fault. The change adds a new scratch buffer that is used unconditionally to catch the cases where the caller-provided buffer is not suitable for use in an SG. The crypto operation of the CTR DRBG produces its output with that scratch buffer and finally copies the content of the scratch buffer to the caller's buffer. The scratch buffer is allocated during allocation time of the CTR DRBG as its access is protected with the DRBG mutex. Signed-off-by:
Stephan Mueller <smueller@chronox.de> Signed-off-by:
-
- 29 Nov, 2016 2 commits
-
-
Herbert Xu authored
The skcipher conversion for ARM missed the select on CRYPTO_SIMD, causing build failures if SIMD was not otherwise enabled. Fixes: da40e7a4 ("crypto: aes-ce - Convert to skcipher") Fixes: 211f41af ("crypto: aesbs - Convert to skcipher") Reported-by:
Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by:
-
Ard Biesheuvel authored
Add the files that are generated by the recently merged OpenSSL SHA-256/512 implementation to .gitignore so Git disregards them when showing untracked files. Signed-off-by:
Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by:
-
- 28 Nov, 2016 29 commits
-
-
Eric Biggers authored
With virtually-mapped stacks (CONFIG_VMAP_STACK=y), using the scatterlist crypto API with stack buffers is not allowed, and with appropriate debugging options will cause the 'BUG_ON(!virt_addr_valid(buf));' in sg_set_buf() to be triggered. Use a heap buffer instead. Fixes: d7db7a88 ("crypto: acomp - update testmgr with support for acomp") Signed-off-by:
Eric Biggers <ebiggers@google.com> Signed-off-by:
-
Horia Geantă authored
Add myself and Dan as maintainers of the caam crypto driver. Cc: Dan Douglass <dan.douglass@nxp.com> Signed-off-by:
Horia Geantă <horia.geanta@nxp.com> Signed-off-by:
-
Horia Geantă authored
Move ahash shared descriptor generation into a single function. Currently there is no plan to support ahash on any other interface besides the Job Ring, thus for now the functionality is not exported. Signed-off-by:
-
Horia Geantă authored
Move split key length and padded length computation from caamalg.c and caamhash.c to key_gen.c. Signed-off-by:
-
Horia Geantă authored
Refactor the generation of the authenc, ablkcipher shared descriptors and exports the functionality, such that they could be shared with the upcoming caam/qi (Queue Interface) driver. Signed-off-by:
-
Horia Geantă authored
Remove dependency on CRYPTO_DEV_FSL_CAAM where superfluous: depends on CRYPTO_DEV_FSL_CAAM && CRYPTO_DEV_FSL_CAAM_JR is equivalent to depends on CRYPTO_DEV_FSL_CAAM_JR since CRYPTO_DEV_FSL_CAAM_JR depends on CRYPTO_DEV_FSL_CAAM. Signed-off-by:
-
Horia Geantă authored
A few descriptor commands are generated using generic inline append "append_cmd" function. Rewrite them using specific inline append functions. Signed-off-by:
-
Horia Geantă authored
For authenc / stitched AEAD algorithms, check independently each of the two (authentication, encryption) keys whether inlining is possible. Prioritize the inlining of the authentication key, since the length of the (split) key is bigger than that of the encryption key. For the other algorithms, compute only once per tfm the remaining available bytes and decide whether key inlining is possible based on this. Signed-off-by:
-
Horia Geantă authored
Information carried by alg_op can be deduced from adata->algtype plus some fixed flags. Signed-off-by:
-
Horia Geantă authored
In preparation of factoring out the shared descriptors, struct alginfo is introduced to group the algorithm related parameters. Signed-off-by:
-
Horia Geantă authored
append_key_aead() is used in only one place, thus inline it. Signed-off-by:
-
Herbert Xu authored
This patch converts aesbs over to the skcipher interface. Signed-off-by: -
Herbert Xu authored
This patch moves the core CBC implementation into a header file so that it can be reused by drivers implementing CBC. Signed-off-by: -
Herbert Xu authored
This patch converts cbc over to the skcipher interface. It also rearranges the code to allow it to be reused by drivers. Signed-off-by: -
Herbert Xu authored
This patch converts aes-ce over to the skcipher interface. Signed-off-by: -
Herbert Xu authored
This patch converts arm64/aes over to the skcipher interface. Signed-off-by: -
Herbert Xu authored
This patch converts aesni (including fpu) over to the skcipher interface. The LRW implementation has been removed as the generic LRW code can now be used directly on top of the accelerated ECB implementation. Signed-off-by: -
Herbert Xu authored
Currently we manually filter out internal algorithms using a list in testmgr. This is dangerous as internal algorithms cannot be safely used even by testmgr. This patch ensures that they're never processed by testmgr at all. This patch also removes an obsolete bypass for nivciphers which no longer exist. Signed-off-by: -
Herbert Xu authored
This patch adds xts helpers that use the skcipher interface rather than blkcipher. This will be used by aesni_intel. Signed-off-by: -
Herbert Xu authored
This patch converts lrw over to the skcipher interface. Signed-off-by: -
Herbert Xu authored
This patch adds the simd skcipher helper which is meant to be a replacement for ablk helper. It replaces the underlying blkcipher interface with skcipher, and also presents the top-level algorithm as an skcipher. Signed-off-by: -
Herbert Xu authored
This patch adds skcipher support to cryptd alongside ablkcipher. Signed-off-by: -
Herbert Xu authored
Currently all bits not set in mask are cleared in crypto_larval_lookup. This is unnecessary as wherever the type bits are used it is always masked anyway. This patch removes the clearing so that we may use bits set in the type but not in the mask for special purposes, e.g., picking up internal algorithms. Signed-off-by: -
Herbert Xu authored
This patch converts xts over to the skcipher interface. It also optimises the implementation to be based on ECB instead of the underlying cipher. For compatibility the existing naming scheme of xts(aes) is maintained as opposed to the more obvious one of xts(ecb(aes)). Signed-off-by: -
Herbert Xu authored
This patch converts lrw over to the skcipher interface. It also optimises the implementation to be based on ECB instead of the underlying cipher. For compatibility the existing naming scheme of lrw(aes) is maintained as opposed to the more obvious one of lrw(ecb(aes)). Signed-off-by: -
Herbert Xu authored
This patch makes use of the new skcipher walk interface instead of the obsolete blkcipher walk interface. Signed-off-by: -
Herbert Xu authored
This patch adds the skcipher walk interface which replaces both blkcipher walk and ablkcipher walk. Just like blkcipher walk it can also be used for AEAD algorithms. Signed-off-by: -
Jean Delvare authored
For consistency with the other 246 kernel configuration options, rename CRYPT_CRC32C_VPMSUM to CRYPTO_CRC32C_VPMSUM. Signed-off-by:
Jean Delvare <jdelvare@suse.de> Cc: Anton Blanchard <anton@samba.org> Cc: Herbert Xu <herbert@gondor.apana.org.au> Acked-by:
Anton Blanchard <anton@samba.org> Signed-off-by:
-
Ard Biesheuvel authored
This integrates both the accelerated scalar and the NEON implementations of SHA-224/256 as well as SHA-384/512 from the OpenSSL project. Relative performance compared to the respective generic C versions: | SHA256-scalar | SHA256-NEON* | SHA512 | ------------+-----------------+--------------+----------+ Cortex-A53 | 1.63x | 1.63x | 2.34x | Cortex-A57 | 1.43x | 1.59x | 1.95x | Cortex-A73 | 1.26x | 1.56x | ? | The core crypto code was authored by Andy Polyakov of the OpenSSL project, in collaboration with whom the upstream code was adapted so that this module can be built from the same version of sha512-armv8.pl. The version in this patch was taken from OpenSSL commit 32bbb62ea634 ("sha/asm/sha512-armv8.pl: fix big-endian support in __KERNEL__ case.") * The core SHA algorithm is fundamentally sequential, but there is a secondary transformation involved, called the schedule update, which can be performed independently. The NEON version of SHA-224/SHA-256 only implements this part of the algorithm using NEON instructions, the sequential part is always done using scalar instructions. Signed-off-by:
-
- 22 Nov, 2016 2 commits
-
-
Herbert Xu authored
The aliasing check in map_and_copy is no longer necessary because the IPsec ESP code no longer provides an IV that points into the actual request data. As this check is now triggering BUG checks due to the vmalloced stack code, I'm removing it. Reported-by:
-
Herbert Xu authored
Recently an init call was added to hash_recvmsg so as to reset the hash state in case a sendmsg call was never made. Unfortunately this ended up clobbering the result if the previous sendmsg was done with a MSG_MORE flag. This patch fixes it by excluding that case when we make the init call. Fixes: a8348bca ("algif_hash - Fix NULL hash crash with shash") Reported-by:
Patrick Steinhardt <ps@pks.im> Signed-off-by:
-
- 21 Nov, 2016 2 commits
-
-
PrasannaKumar Muralidharan authored
As hw_random core calls ->read with max > 32 or more, make it explicit. Also remove checks involving 'max' being less than 8. Signed-off-by:
PrasannaKumar Muralidharan <prasannatsmkumar@gmail.com> Signed-off-by:
-
Stephan Mueller authored
The CTR DRBG segments the number of random bytes to be generated into 128 byte blocks. The current code misses the advancement of the output buffer pointer when the requestor asks for more than 128 bytes of data. In this case, the next 128 byte block of random numbers is copied to the beginning of the output buffer again. This implies that only the first 128 bytes of the output buffer would ever be filled. The patch adds the advancement of the buffer pointer to fill the entire buffer. Signed-off-by:
-
- 18 Nov, 2016 1 commit
-
-
Herbert Xu authored
Recently algif_hash has been changed to allow null hashes. This triggers a bug when used with an shash algorithm whereby it will cause a crash during the digest operation. This patch fixes it by avoiding the digest operation and instead doing an init followed by a final which avoids the buggy code in shash. This patch also ensures that the result buffer is freed after an error so that it is not returned as a genuine hash result on the next recv call. The shash/ahash wrapper code will be fixed later to handle this case correctly. Fixes: 493b2ed3 ("crypto: algif_hash - Handle NULL hashes correctly") Signed-off-by:
Laura Abbott <labbott@redhat.com>
-
