#
03be4e45 |
| 22-Oct-2023 |
Eric Biggers <ebiggers@google.com> |
crypto: authencesn - stop using alignmask of ahash
Now that the alignmask for ahash and shash algorithms is always 0, simplify the code in authenc accordingly.
Signed-off-by: Eric Biggers <ebiggers
crypto: authencesn - stop using alignmask of ahash
Now that the alignmask for ahash and shash algorithms is always 0, simplify the code in authenc accordingly.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
24a285ce |
| 03-Oct-2023 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: authencesn - Only access common skcipher fields on spawn
As skcipher spawns may be of the type lskcipher, only the common fields may be accessed. This was already the case but use the corre
crypto: authencesn - Only access common skcipher fields on spawn
As skcipher spawns may be of the type lskcipher, only the common fields may be accessed. This was already the case but use the correct helpers to make this more obvious.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
255e48eb |
| 08-Feb-2023 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: api - Use data directly in completion function
This patch does the final flag day conversion of all completion functions which are now all contained in the Crypto API.
Signed-off-by: Herber
crypto: api - Use data directly in completion function
This patch does the final flag day conversion of all completion functions which are now all contained in the Crypto API.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
7bcb2c99 |
| 10-Jul-2020 |
Eric Biggers <ebiggers@google.com> |
crypto: algapi - use common mechanism for inheriting flags
The flag CRYPTO_ALG_ASYNC is "inherited" in the sense that when a template is instantiated, the template will have CRYPTO_ALG_ASYNC set if
crypto: algapi - use common mechanism for inheriting flags
The flag CRYPTO_ALG_ASYNC is "inherited" in the sense that when a template is instantiated, the template will have CRYPTO_ALG_ASYNC set if any of the algorithms it uses has CRYPTO_ALG_ASYNC set.
We'd like to add a second flag (CRYPTO_ALG_ALLOCATES_MEMORY) that gets "inherited" in the same way. This is difficult because the handling of CRYPTO_ALG_ASYNC is hardcoded everywhere. Address this by:
- Add CRYPTO_ALG_INHERITED_FLAGS, which contains the set of flags that have these inheritance semantics.
- Add crypto_algt_inherited_mask(), for use by template ->create() methods. It returns any of these flags that the user asked to be unset and thus must be passed in the 'mask' to crypto_grab_*().
- Also modify crypto_check_attr_type() to handle computing the 'mask' so that most templates can just use this.
- Make crypto_grab_*() propagate these flags to the template instance being created so that templates don't have to do this themselves.
Make crypto/simd.c propagate these flags too, since it "wraps" another algorithm, similar to a template.
Based on a patch by Mikulas Patocka <mpatocka@redhat.com> (https://lore.kernel.org/r/alpine.LRH.2.02.2006301414580.30526@file01.intranet.prod.int.rdu2.redhat.com).
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
d1dc4df1 |
| 26-Feb-2020 |
Eric Biggers <ebiggers@google.com> |
crypto: authencesn - fix weird comma-terminated line
Fix a weird case where a line was terminated by a comma rather than a semicolon, causing the statement to be continued on the next line. Fortunat
crypto: authencesn - fix weird comma-terminated line
Fix a weird case where a line was terminated by a comma rather than a semicolon, causing the statement to be continued on the next line. Fortunately the code still behaved as intended, though.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
37073882 |
| 03-Jan-2020 |
Eric Biggers <ebiggers@google.com> |
crypto: authencesn - use crypto_grab_ahash() and simplify error paths
Make the authencesn template use the new function crypto_grab_ahash() to initialize its ahash spawn.
This is needed to make all
crypto: authencesn - use crypto_grab_ahash() and simplify error paths
Make the authencesn template use the new function crypto_grab_ahash() to initialize its ahash spawn.
This is needed to make all spawns be initialized in a consistent way.
Also simplify the error handling by taking advantage of crypto_drop_*() now accepting (as a no-op) spawns that haven't been initialized yet, and by taking advantage of crypto_grab_*() now handling ERR_PTR() names.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
b9f76ddd |
| 03-Jan-2020 |
Eric Biggers <ebiggers@google.com> |
crypto: skcipher - pass instance to crypto_grab_skcipher()
Initializing a crypto_skcipher_spawn currently requires:
1. Set spawn->base.inst to point to the instance. 2. Call crypto_grab_skcipher().
crypto: skcipher - pass instance to crypto_grab_skcipher()
Initializing a crypto_skcipher_spawn currently requires:
1. Set spawn->base.inst to point to the instance. 2. Call crypto_grab_skcipher().
But there's no reason for these steps to be separate, and in fact this unneeded complication has caused at least one bug, the one fixed by commit 6db43410179b ("crypto: adiantum - initialize crypto_spawn::inst")
So just make crypto_grab_skcipher() take the instance as an argument.
To keep the function calls from getting too unwieldy due to this extra argument, also introduce a 'mask' variable into the affected places which weren't already using one.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
af5034e8 |
| 31-Dec-2019 |
Eric Biggers <ebiggers@google.com> |
crypto: remove propagation of CRYPTO_TFM_RES_* flags
The CRYPTO_TFM_RES_* flags were apparently meant as a way to make the ->setkey() functions provide more information about errors. But these flag
crypto: remove propagation of CRYPTO_TFM_RES_* flags
The CRYPTO_TFM_RES_* flags were apparently meant as a way to make the ->setkey() functions provide more information about errors. But these flags weren't actually being used or tested, and in many cases they weren't being set correctly anyway. So they've now been removed.
Also, if someone ever actually needs to start better distinguishing ->setkey() errors (which is somewhat unlikely, as this has been unneeded for a long time), we'd be much better off just defining different return values, like -EINVAL if the key is invalid for the algorithm vs. -EKEYREJECTED if the key was rejected by a policy like "no weak keys". That would be much simpler, less error-prone, and easier to test.
So just remove CRYPTO_TFM_RES_MASK and all the unneeded logic that propagates these flags around.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
674f368a |
| 31-Dec-2019 |
Eric Biggers <ebiggers@google.com> |
crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN
The CRYPTO_TFM_RES_BAD_KEY_LEN flag was apparently meant as a way to make the ->setkey() functions provide more information about errors.
However, no one a
crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN
The CRYPTO_TFM_RES_BAD_KEY_LEN flag was apparently meant as a way to make the ->setkey() functions provide more information about errors.
However, no one actually checks for this flag, which makes it pointless.
Also, many algorithms fail to set this flag when given a bad length key. Reviewing just the generic implementations, this is the case for aes-fixed-time, cbcmac, echainiv, nhpoly1305, pcrypt, rfc3686, rfc4309, rfc7539, rfc7539esp, salsa20, seqiv, and xcbc. But there are probably many more in arch/*/crypto/ and drivers/crypto/.
Some algorithms can even set this flag when the key is the correct length. For example, authenc and authencesn set it when the key payload is malformed in any way (not just a bad length), the atmel-sha and ccree drivers can set it if a memory allocation fails, and the chelsio driver sets it for bad auth tag lengths, not just bad key lengths.
So even if someone actually wanted to start checking this flag (which seems unlikely, since it's been unused for a long time), there would be a lot of work needed to get it working correctly. But it would probably be much better to go back to the drawing board and just define different return values, like -EINVAL if the key is invalid for the algorithm vs. -EKEYREJECTED if the key was rejected by a policy like "no weak keys". That would be much simpler, less error-prone, and easier to test.
So just remove this flag.
Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
2874c5fd |
| 27-May-2019 |
Thomas Gleixner <tglx@linutronix.de> |
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify it under the terms of th
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation either version 2 of the license or at your option any later version
extracted by the scancode license scanner the SPDX license identifier
GPL-2.0-or-later
has been chosen to replace the boilerplate/reference in 3029 file(s).
Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190527070032.746973796@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
c4741b23 |
| 12-Apr-2019 |
Eric Biggers <ebiggers@google.com> |
crypto: run initcalls for generic implementations earlier
Use subsys_initcall for registration of all templates and generic algorithm implementations, rather than module_init. Then change cryptomgr
crypto: run initcalls for generic implementations earlier
Use subsys_initcall for registration of all templates and generic algorithm implementations, rather than module_init. Then change cryptomgr to use arch_initcall, to place it before the subsys_initcalls.
This is needed so that when both a generic and optimized implementation of an algorithm are built into the kernel (not loadable modules), the generic implementation is registered before the optimized one. Otherwise, the self-tests for the optimized implementation are unable to allocate the generic implementation for the new comparison fuzz tests.
Note that on arm, a side effect of this change is that self-tests for generic implementations may run before the unaligned access handler has been installed. So, unaligned accesses will crash the kernel. This is arguably a good thing as it makes it easier to detect that type of bug.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
a7773363 |
| 03-Jan-2019 |
Harsh Jain <harsh@chelsio.com> |
crypto: authencesn - Avoid twice completion call in decrypt path
Authencesn template in decrypt path unconditionally calls aead_request_complete after ahash_verify which leads to following kernel pa
crypto: authencesn - Avoid twice completion call in decrypt path
Authencesn template in decrypt path unconditionally calls aead_request_complete after ahash_verify which leads to following kernel panic in after decryption.
[ 338.539800] BUG: unable to handle kernel NULL pointer dereference at 0000000000000004 [ 338.548372] PGD 0 P4D 0 [ 338.551157] Oops: 0000 [#1] SMP PTI [ 338.554919] CPU: 0 PID: 0 Comm: swapper/0 Kdump: loaded Tainted: G W I 4.19.7+ #13 [ 338.564431] Hardware name: Supermicro X8ST3/X8ST3, BIOS 2.0 07/29/10 [ 338.572212] RIP: 0010:esp_input_done2+0x350/0x410 [esp4] [ 338.578030] Code: ff 0f b6 68 10 48 8b 83 c8 00 00 00 e9 8e fe ff ff 8b 04 25 04 00 00 00 83 e8 01 48 98 48 8b 3c c5 10 00 00 00 e9 f7 fd ff ff <8b> 04 25 04 00 00 00 83 e8 01 48 98 4c 8b 24 c5 10 00 00 00 e9 3b [ 338.598547] RSP: 0018:ffff911c97803c00 EFLAGS: 00010246 [ 338.604268] RAX: 0000000000000002 RBX: ffff911c4469ee00 RCX: 0000000000000000 [ 338.612090] RDX: 0000000000000000 RSI: 0000000000000130 RDI: ffff911b87c20400 [ 338.619874] RBP: 0000000000000000 R08: ffff911b87c20498 R09: 000000000000000a [ 338.627610] R10: 0000000000000001 R11: 0000000000000004 R12: 0000000000000000 [ 338.635402] R13: ffff911c89590000 R14: ffff911c91730000 R15: 0000000000000000 [ 338.643234] FS: 0000000000000000(0000) GS:ffff911c97800000(0000) knlGS:0000000000000000 [ 338.652047] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 338.658299] CR2: 0000000000000004 CR3: 00000001ec20a000 CR4: 00000000000006f0 [ 338.666382] Call Trace: [ 338.669051] <IRQ> [ 338.671254] esp_input_done+0x12/0x20 [esp4] [ 338.675922] chcr_handle_resp+0x3b5/0x790 [chcr] [ 338.680949] cpl_fw6_pld_handler+0x37/0x60 [chcr] [ 338.686080] chcr_uld_rx_handler+0x22/0x50 [chcr] [ 338.691233] uldrx_handler+0x8c/0xc0 [cxgb4] [ 338.695923] process_responses+0x2f0/0x5d0 [cxgb4] [ 338.701177] ? bitmap_find_next_zero_area_off+0x3a/0x90 [ 338.706882] ? matrix_alloc_area.constprop.7+0x60/0x90 [ 338.712517] ? apic_update_irq_cfg+0x82/0xf0 [ 338.717177] napi_rx_handler+0x14/0xe0 [cxgb4] [ 338.722015] net_rx_action+0x2aa/0x3e0 [ 338.726136] __do_softirq+0xcb/0x280 [ 338.730054] irq_exit+0xde/0xf0 [ 338.733504] do_IRQ+0x54/0xd0 [ 338.736745] common_interrupt+0xf/0xf
Fixes: 104880a6b470 ("crypto: authencesn - Convert to new AEAD...") Signed-off-by: Harsh Jain <harsh@chelsio.com> Cc: stable@vger.kernel.org Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
8d605398 |
| 19-Sep-2018 |
Kees Cook <keescook@chromium.org> |
crypto: null - Remove VLA usage of skcipher
In the quest to remove all stack VLA usage from the kernel[1], this replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage with struct cryp
crypto: null - Remove VLA usage of skcipher
In the quest to remove all stack VLA usage from the kernel[1], this replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(), which uses a fixed stack size.
[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com
Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
31545df3 |
| 03-Apr-2018 |
Tudor-Dan Ambarus <tudor.ambarus@microchip.com> |
crypto: authencesn - don't leak pointers to authenc keys
In crypto_authenc_esn_setkey we save pointers to the authenc keys in a local variable of type struct crypto_authenc_keys and we don't zeroize
crypto: authencesn - don't leak pointers to authenc keys
In crypto_authenc_esn_setkey we save pointers to the authenc keys in a local variable of type struct crypto_authenc_keys and we don't zeroize it after use. Fix this and don't leak pointers to the authenc keys.
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
3a2d4fb5 |
| 07-Dec-2017 |
Eric Biggers <ebiggers@google.com> |
crypto: null - Get rid of crypto_{get,put}_default_null_skcipher2()
Since commit 499a66e6b689 ("crypto: null - Remove default null blkcipher"), crypto_get_default_null_skcipher2() and crypto_put_def
crypto: null - Get rid of crypto_{get,put}_default_null_skcipher2()
Since commit 499a66e6b689 ("crypto: null - Remove default null blkcipher"), crypto_get_default_null_skcipher2() and crypto_put_default_null_skcipher2() are the same as their non-2 equivalents. So switch callers of the "2" versions over to the original versions and remove the "2" versions.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
41cdf7a4 |
| 17-Jul-2017 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: authencesn - Fix digest_null crash
When authencesn is used together with digest_null a crash will occur on the decrypt path. This is because normally we perform a special setup to preserve
crypto: authencesn - Fix digest_null crash
When authencesn is used together with digest_null a crash will occur on the decrypt path. This is because normally we perform a special setup to preserve the ESN, but this is skipped if there is no authentication. However, on the post-authentication path it always expects the preservation to be in place, thus causing a crash when digest_null is used.
This patch fixes this by also skipping the post-processing when there is no authentication.
Fixes: 104880a6b470 ("crypto: authencesn - Convert to new AEAD...") Cc: <stable@vger.kernel.org> Reported-by: Jan Tluka <jtluka@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
60425a8b |
| 28-Oct-2016 |
Eric Biggers <ebiggers@google.com> |
crypto: skcipher - Get rid of crypto_spawn_skcipher2()
Since commit 3a01d0ee2b99 ("crypto: skcipher - Remove top-level givcipher interface"), crypto_spawn_skcipher2() and crypto_spawn_skcipher() are
crypto: skcipher - Get rid of crypto_spawn_skcipher2()
Since commit 3a01d0ee2b99 ("crypto: skcipher - Remove top-level givcipher interface"), crypto_spawn_skcipher2() and crypto_spawn_skcipher() are equivalent. So switch callers of crypto_spawn_skcipher2() to crypto_spawn_skcipher() and remove it.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
a35528ec |
| 28-Oct-2016 |
Eric Biggers <ebiggers@google.com> |
crypto: skcipher - Get rid of crypto_grab_skcipher2()
Since commit 3a01d0ee2b99 ("crypto: skcipher - Remove top-level givcipher interface"), crypto_grab_skcipher2() and crypto_grab_skcipher() are eq
crypto: skcipher - Get rid of crypto_grab_skcipher2()
Since commit 3a01d0ee2b99 ("crypto: skcipher - Remove top-level givcipher interface"), crypto_grab_skcipher2() and crypto_grab_skcipher() are equivalent. So switch callers of crypto_grab_skcipher2() to crypto_grab_skcipher() and remove it.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
e75445a8 |
| 12-Jul-2016 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: authencesn - Use skcipher
This patch converts authencesn to use the new skcipher interface as opposed to ablkcipher.
It also fixes a little bug where if a sync version of authencesn is requ
crypto: authencesn - Use skcipher
This patch converts authencesn to use the new skcipher interface as opposed to ablkcipher.
It also fixes a little bug where if a sync version of authencesn is requested we may still end up using an async ahash. This should have no effect as none of the authencesn users can request for a sync authencesn.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
927ef32d |
| 29-Jun-2016 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: authenc - Consider ahash ASYNC bit
As it is, if you get an async ahash with a sync skcipher you'll end up with a sync authenc, which is wrong.
This patch fixes it by considering the ASYNC b
crypto: authenc - Consider ahash ASYNC bit
As it is, if you get an async ahash with a sync skcipher you'll end up with a sync authenc, which is wrong.
This patch fixes it by considering the ASYNC bit from ahash as well.
It also fixes a little bug where if a sync version of authenc is requested we may still end up using an async ahash.
Neither of them should have any effect as none of the authenc users can request for a sync authenc.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
5e4b8c1f |
| 13-Aug-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: aead - Remove CRYPTO_ALG_AEAD_NEW flag
This patch removes the CRYPTO_ALG_AEAD_NEW flag now that everyone has been converted.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
104880a6 |
| 07-Aug-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: authencesn - Convert to new AEAD interface
This patch converts authencesn to the new AEAD interface.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
443c0d7e |
| 07-Aug-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: authencesn - Fix breakage with new ESP code
The ESP code has been updated to generate a completely linear AD SG list. This unfortunately broke authencesn which expects the AD to be divided
crypto: authencesn - Fix breakage with new ESP code
The ESP code has been updated to generate a completely linear AD SG list. This unfortunately broke authencesn which expects the AD to be divided into at least three parts.
This patch fixes it to cope with the new format. Later we will fix it properly to accept arbitrary input and not rely on the input being linear as part of the AEAD conversion.
Fixes: 7021b2e1cddd ("esp4: Switch to new AEAD interface") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
6650d09b |
| 11-May-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: authencesn - Use crypto_aead_set_reqsize helper
This patch uses the crypto_aead_set_reqsize helper to avoid directly touching the internals of aead.
Signed-off-by: Herbert Xu <herbert@gondo
crypto: authencesn - Use crypto_aead_set_reqsize helper
This patch uses the crypto_aead_set_reqsize helper to avoid directly touching the internals of aead.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
7fb2a4bd |
| 11-May-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: authencesn - Include internal/aead.h
All AEAD implementations must include internal/aead.h in order to access required helpers.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|