Revision tags: v5.18-rc5, v5.18-rc4, v5.18-rc3, v5.18-rc2, v5.18-rc1, v5.17, v5.17-rc8, v5.17-rc7, v5.17-rc6, v5.17-rc5, v5.17-rc4, v5.17-rc3, v5.17-rc2, v5.17-rc1, v5.16, v5.16-rc8, v5.16-rc7, v5.16-rc6, v5.16-rc5, v5.16-rc4, v5.16-rc3, v5.16-rc2, v5.16-rc1, v5.15, v5.15-rc7, v5.15-rc6, v5.15-rc5, v5.15-rc4, v5.15-rc3, v5.15-rc2, v5.15-rc1, v5.14, v5.14-rc7, v5.14-rc6, v5.14-rc5, v5.14-rc4, v5.14-rc3, v5.14-rc2, v5.14-rc1, v5.13, v5.13-rc7, v5.13-rc6, v5.13-rc5, v5.13-rc4, v5.13-rc3, v5.13-rc2, v5.13-rc1, v5.12, v5.12-rc8, v5.12-rc7, v5.12-rc6, v5.12-rc5, v5.12-rc4, v5.12-rc3, v5.12-rc2, v5.12-rc1-dontuse, v5.11, v5.11-rc7, v5.11-rc6, v5.11-rc5, v5.11-rc4, v5.11-rc3, v5.11-rc2, v5.11-rc1, v5.10, v5.10-rc7, v5.10-rc6, v5.10-rc5, v5.10-rc4, v5.10-rc3, v5.10-rc2, v5.10-rc1, v5.9, v5.9-rc8, v5.9-rc7, v5.9-rc6, v5.9-rc5, v5.9-rc4, v5.9-rc3, v5.9-rc2, v5.9-rc1, v5.8, v5.8-rc7, v5.8-rc6, v5.8-rc5 |
|
#
e72b48c5 |
| 10-Jul-2020 |
Eric Biggers <ebiggers@google.com> |
crypto: geniv - remove unneeded arguments from aead_geniv_alloc()
The type and mask arguments to aead_geniv_alloc() are always 0, so remove them.
Signed-off-by: Eric Biggers <ebiggers@google.com> S
crypto: geniv - remove unneeded arguments from aead_geniv_alloc()
The type and mask arguments to aead_geniv_alloc() are always 0, so remove them.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v5.8-rc4, v5.8-rc3, v5.8-rc2, v5.8-rc1, v5.7, v5.7-rc7, v5.7-rc6, v5.7-rc5, v5.7-rc4, v5.7-rc3, v5.7-rc2, v5.7-rc1, v5.6, v5.6-rc7, v5.6-rc6, v5.6-rc5, v5.6-rc4, v5.6-rc3, v5.6-rc2, v5.6-rc1, v5.5, v5.5-rc7, v5.5-rc6, v5.5-rc5 |
|
#
0f8f6d86 |
| 03-Jan-2020 |
Eric Biggers <ebiggers@google.com> |
crypto: geniv - convert to new way of freeing instances
Convert the "seqiv" template to the new way of freeing instances where a ->free() method is installed to the instance struct itself. Also rem
crypto: geniv - convert to new way of freeing instances
Convert the "seqiv" template to the new way of freeing instances where a ->free() method is installed to the instance struct itself. Also remove the unused implementation of the old way of freeing instances from the "echainiv" template, since it's already using the new way too.
In doing this, also simplify the code by making the helper function aead_geniv_alloc() install the ->free() method, instead of making seqiv and echainiv do this themselves. This is analogous to how skcipher_alloc_instance_simple() works.
This will allow removing support for the old way of freeing instances.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v5.5-rc4, v5.5-rc3, v5.5-rc2, v5.5-rc1, v5.4, v5.4-rc8, v5.4-rc7, v5.4-rc6, v5.4-rc5, v5.4-rc4, v5.4-rc3, v5.4-rc2, v5.4-rc1, v5.3, v5.3-rc8, v5.3-rc7, v5.3-rc6, v5.3-rc5, v5.3-rc4, v5.3-rc3, v5.3-rc2, v5.3-rc1, v5.2, v5.2-rc7, v5.2-rc6, v5.2-rc5, v5.2-rc4, v5.2-rc3 |
|
#
2874c5fd |
| 27-May-2019 |
Thomas Gleixner <tglx@linutronix.de> |
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify it under the terms of th
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation either version 2 of the license or at your option any later version
extracted by the scancode license scanner the SPDX license identifier
GPL-2.0-or-later
has been chosen to replace the boilerplate/reference in 3029 file(s).
Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190527070032.746973796@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
Revision tags: v5.2-rc2, v5.2-rc1, v5.1, v5.1-rc7, v5.1-rc6, v5.1-rc5 |
|
#
c4741b23 |
| 12-Apr-2019 |
Eric Biggers <ebiggers@google.com> |
crypto: run initcalls for generic implementations earlier
Use subsys_initcall for registration of all templates and generic algorithm implementations, rather than module_init. Then change cryptomgr
crypto: run initcalls for generic implementations earlier
Use subsys_initcall for registration of all templates and generic algorithm implementations, rather than module_init. Then change cryptomgr to use arch_initcall, to place it before the subsys_initcalls.
This is needed so that when both a generic and optimized implementation of an algorithm are built into the kernel (not loadable modules), the generic implementation is registered before the optimized one. Otherwise, the self-tests for the optimized implementation are unable to allocate the generic implementation for the new comparison fuzz tests.
Note that on arm, a side effect of this change is that self-tests for generic implementations may run before the unaligned access handler has been installed. So, unaligned accesses will crash the kernel. This is arguably a good thing as it makes it easier to detect that type of bug.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v5.1-rc4, v5.1-rc3, v5.1-rc2, v5.1-rc1, v5.0, v5.0-rc8, v5.0-rc7, v5.0-rc6, v5.0-rc5, v5.0-rc4, v5.0-rc3, v5.0-rc2, v5.0-rc1, v4.20, v4.20-rc7, v4.20-rc6, v4.20-rc5, v4.20-rc4, v4.20-rc3, v4.20-rc2, v4.20-rc1, v4.19, v4.19-rc8, v4.19-rc7, v4.19-rc6, v4.19-rc5 |
|
#
8d605398 |
| 19-Sep-2018 |
Kees Cook <keescook@chromium.org> |
crypto: null - Remove VLA usage of skcipher
In the quest to remove all stack VLA usage from the kernel[1], this replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage with struct cryp
crypto: null - Remove VLA usage of skcipher
In the quest to remove all stack VLA usage from the kernel[1], this replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(), which uses a fixed stack size.
[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com
Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v4.19-rc4, v4.19-rc3, v4.19-rc2, v4.19-rc1, v4.18, v4.18-rc8, v4.18-rc7, v4.18-rc6, v4.18-rc5, v4.18-rc4, v4.18-rc3, v4.18-rc2, v4.18-rc1, v4.17, v4.17-rc7, v4.17-rc6, v4.17-rc5, v4.17-rc4, v4.17-rc3, v4.17-rc2, v4.17-rc1, v4.16, v4.16-rc7, v4.16-rc6, v4.16-rc5, v4.16-rc4, v4.16-rc3, v4.16-rc2, v4.16-rc1, v4.15, v4.15-rc9, v4.15-rc8, v4.15-rc7, v4.15-rc6, v4.15-rc5, v4.15-rc4 |
|
#
1f83f4d1 |
| 12-Dec-2017 |
Corentin Labbe <clabbe@baylibre.com> |
crypto: echainiv - Remove unused alg/spawn variable
This patch remove two unused variable and some dead "code" using it.
Fixes: 66008d4230f6 ("crypto: echainiv - Remove AEAD compatibility code") Si
crypto: echainiv - Remove unused alg/spawn variable
This patch remove two unused variable and some dead "code" using it.
Fixes: 66008d4230f6 ("crypto: echainiv - Remove AEAD compatibility code") Signed-off-by: Corentin Labbe <clabbe@baylibre.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v4.15-rc3, v4.15-rc2, v4.15-rc1, v4.14, v4.14-rc8, v4.14-rc7, v4.14-rc6, v4.14-rc5, v4.14-rc4, v4.14-rc3, v4.14-rc2, v4.14-rc1, v4.13, v4.13-rc7, v4.13-rc6, v4.13-rc5, v4.13-rc4, v4.13-rc3, v4.13-rc2, v4.13-rc1, v4.12, v4.12-rc7, v4.12-rc6, v4.12-rc5, v4.12-rc4, v4.12-rc3, v4.12-rc2, v4.12-rc1, v4.11, v4.11-rc8, v4.11-rc7, v4.11-rc6, v4.11-rc5, v4.11-rc4, v4.11-rc3, v4.11-rc2, v4.11-rc1, v4.10, v4.10-rc8, v4.10-rc7, v4.10-rc6, v4.10-rc5, v4.10-rc4, v4.10-rc3, v4.10-rc2, v4.10-rc1, v4.9, v4.9-rc8, v4.9-rc7, v4.9-rc6, v4.9-rc5, v4.9-rc4, v4.9-rc3, v4.9-rc2, v4.9-rc1, v4.8, v4.8-rc8, v4.8-rc7, v4.8-rc6 |
|
#
53a5d5dd |
| 07-Sep-2016 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: echainiv - Replace chaining with multiplication
The current implementation uses a global per-cpu array to store data which are used to derive the next IV. This is insecure as the attacker m
crypto: echainiv - Replace chaining with multiplication
The current implementation uses a global per-cpu array to store data which are used to derive the next IV. This is insecure as the attacker may change the stored data.
This patch removes all traces of chaining and replaces it with multiplication of the salt and the sequence number.
Fixes: a10f554fa7e0 ("crypto: echainiv - Add encrypted chain IV...") Cc: stable@vger.kernel.org Reported-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v4.8-rc5, v4.8-rc4, v4.8-rc3, v4.8-rc2, v4.8-rc1, v4.7 |
|
#
0e8bff47 |
| 12-Jul-2016 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: echainiv - Use skcipher
This patch replaces use of the obsolete blkcipher with skcipher.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
Revision tags: v4.7-rc7, v4.7-rc6, v4.7-rc5, v4.7-rc4, v4.7-rc3, v4.7-rc2, v4.7-rc1, v4.6, v4.6-rc7, v4.6-rc6, v4.6-rc5, v4.6-rc4, v4.6-rc3, v4.6-rc2, v4.6-rc1, v4.5, v4.5-rc7, v4.5-rc6, v4.5-rc5, v4.5-rc4, v4.5-rc3, v4.5-rc2, v4.5-rc1, v4.4, v4.4-rc8, v4.4-rc7, v4.4-rc6, v4.4-rc5, v4.4-rc4, v4.4-rc3, v4.4-rc2, v4.4-rc1, v4.3, v4.3-rc7, v4.3-rc6, v4.3-rc5, v4.3-rc4, v4.3-rc3, v4.3-rc2, v4.3-rc1, v4.2, v4.2-rc8, v4.2-rc7 |
|
#
376e0d69 |
| 13-Aug-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: echainiv - Use generic geniv init/exit helpers
This patch replaces the echainiv init/exit handlers with the generic geniv helpers.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
66008d42 |
| 13-Aug-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: echainiv - Remove AEAD compatibility code
Now that we no longer have any legacy AEAD implementations the compatibility code path can no longer be triggered. This patch removes it.
Signed-o
crypto: echainiv - Remove AEAD compatibility code
Now that we no longer have any legacy AEAD implementations the compatibility code path can no longer be triggered. This patch removes it.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v4.2-rc6, v4.2-rc5, v4.2-rc4, v4.2-rc3, v4.2-rc2 |
|
#
5499b1a7 |
| 08-Jul-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: echainiv - Fix encryption convention
This patch fixes a bug where we were incorrectly including the IV in the AD during encryption. The IV must remain in the plain text for it to be encrypt
crypto: echainiv - Fix encryption convention
This patch fixes a bug where we were incorrectly including the IV in the AD during encryption. The IV must remain in the plain text for it to be encrypted.
During decryption there is no need to copy the IV to dst because it's now part of the AD.
This patch removes an unncessary check on authsize which would be performed by the underlying decrypt call.
Finally this patch makes use of the type-safe init/exit functions.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v4.2-rc1, v4.1 |
|
#
9fcc704d |
| 21-Jun-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: echainiv - Only hold RNG during initialisation
This patch changes the RNG allocation so that we only hold a reference to the RNG during initialisation.
Signed-off-by: Herbert Xu <herbert@go
crypto: echainiv - Only hold RNG during initialisation
This patch changes the RNG allocation so that we only hold a reference to the RNG during initialisation.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v4.1-rc8, v4.1-rc7 |
|
#
f261c5fb |
| 03-Jun-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: echainiv - Move IV seeding into init function
We currently do the IV seeding on the first givencrypt call in order to conserve entropy. However, this does not work with DRBG which cannot be
crypto: echainiv - Move IV seeding into init function
We currently do the IV seeding on the first givencrypt call in order to conserve entropy. However, this does not work with DRBG which cannot be called from interrupt context. In fact, with DRBG we don't need to conserve entropy anyway. So this patch moves the seeding into the init function.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v4.1-rc6 |
|
#
9d03aee1 |
| 27-May-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: echainiv - Fix IV size in context size calculation
This patch fixes a bug in the context size calculation where we were still referring to the old cra_aead.
Signed-off-by: Herbert Xu <herbe
crypto: echainiv - Fix IV size in context size calculation
This patch fixes a bug in the context size calculation where we were still referring to the old cra_aead.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
d97de47c |
| 27-May-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: echainiv - Use common IV generation code
This patch makes use of the new common IV generation code.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
838c9d56 |
| 27-May-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: echainiv - Copy AD along with plain text
As the AD does not necessarily exist in the destination buffer it must be copied along with the plain text.
Signed-off-by: Herbert Xu <herbert@gondo
crypto: echainiv - Copy AD along with plain text
As the AD does not necessarily exist in the destination buffer it must be copied along with the plain text.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v4.1-rc5 |
|
#
374d4ad1 |
| 23-May-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: aead - Remove unused cryptoff parameter
This patch removes the cryptoff parameter now that all users set it to zero.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
823655c9 |
| 23-May-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: echainiv - Stop using cryptoff
The cryptoff parameter was added to facilitate the skipping of IVs that sit between the AD and the plain/cipher text. However, it was never implemented correc
crypto: echainiv - Stop using cryptoff
The cryptoff parameter was added to facilitate the skipping of IVs that sit between the AD and the plain/cipher text. However, it was never implemented correctly as and we do not handle users such as IPsec setting cryptoff. It is simply ignored.
Implementing correctly is in fact more trouble than what it's worth.
This patch removes the uses of cryptoff and simply falls back to using the old AEAD interface as it's only needed for old AEAD implementations.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
1e419c79 |
| 23-May-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: echainiv - Use aead_register_instance
New style AEAD instances must use aead_register_instance. This worked by chance because aead_geniv_alloc is still setting things the old way.
This pat
crypto: echainiv - Use aead_register_instance
New style AEAD instances must use aead_register_instance. This worked by chance because aead_geniv_alloc is still setting things the old way.
This patch converts the template over to the create model where we are responsible for instance registration so that we can call the correct function.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
622ff875 |
| 23-May-2015 |
Wu Fengguang <fengguang.wu@intel.com> |
crypto: echainiv - echainiv_read_iv() can be static
Signed-off-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
a10f554f |
| 21-May-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: echainiv - Add encrypted chain IV generator
This patch adds a new AEAD IV generator echainiv. It is intended to replace the existing skcipher IV generator eseqiv.
If the underlying AEAD al
crypto: echainiv - Add encrypted chain IV generator
This patch adds a new AEAD IV generator echainiv. It is intended to replace the existing skcipher IV generator eseqiv.
If the underlying AEAD algorithm is using the old AEAD interface, then echainiv will simply use its IV generator.
Otherwise, echainiv will encrypt a counter just like eseqiv but it'll first xor it against a previously stored IV similar to chainiv.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|