Eric Lee / smarc-fsl-linux-kernel

27 Dec, 2019

1 commit

  • b3c16bfc6   crypto: skcipher - Add skcipher_ialg_simple helper ... Browse Code »

    This patch introduces the skcipher_ialg_simple helper which fetches
    the crypto_alg structure from a simple skcipher instance's spawn.

    This allows us to remove the third argument from the function
    skcipher_alloc_instance_simple.

    In doing so the reference count to the algorithm is now maintained
    by the Crypto API and the caller no longer needs to drop the alg
    refcount.

    Signed-off-by: Herbert Xu

    Herbert Xu
     

18 Apr, 2019

1 commit

  • c4741b230   crypto: run initcalls for generic implementations earlier ... Browse Code »

    Use subsys_initcall for registration of all templates and generic
    algorithm implementations, rather than module_init. Then change
    cryptomgr to use arch_initcall, to place it before the subsys_initcalls.

    This is needed so that when both a generic and optimized implementation
    of an algorithm are built into the kernel (not loadable modules), the
    generic implementation is registered before the optimized one.
    Otherwise, the self-tests for the optimized implementation are unable to
    allocate the generic implementation for the new comparison fuzz tests.

    Note that on arm, a side effect of this change is that self-tests for
    generic implementations may run before the unaligned access handler has
    been installed. So, unaligned accesses will crash the kernel. This is
    arguably a good thing as it makes it easier to detect that type of bug.

    Signed-off-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Eric Biggers
     

11 Jan, 2019

3 commits

  • 03b8302dd   crypto: cfb - convert to skcipher_alloc_instance_simple() ... Browse Code »

    The CFB template just wraps a single block cipher algorithm, so simplify
    it by converting it to use skcipher_alloc_instance_simple().

    Cc: James Bottomley
    Signed-off-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Eric Biggers
     
  • 6c2e322b3   crypto: cfb - remove bogus memcpy() with src == dest ... Browse Code »

    The memcpy() in crypto_cfb_decrypt_inplace() uses walk->iv as both the
    source and destination, which has undefined behavior. It is unneeded
    because walk->iv is already used to hold the previous ciphertext block;
    thus, walk->iv is already updated to its final value. So, remove it.

    Also, note that in-place decryption is the only case where the previous
    ciphertext block is not directly available. Therefore, as a related
    cleanup I also updated crypto_cfb_encrypt_segment() to directly use the
    previous ciphertext block rather than save it into walk->iv. This makes
    it consistent with in-place encryption and out-of-place decryption; now
    only in-place decryption is different, because it has to be.

    Fixes: a7d85e06ed80 ("crypto: cfb - add support for Cipher FeedBack mode")
    Cc: # v4.17+
    Cc: James Bottomley
    Signed-off-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Eric Biggers
     
  • 394a9e044   crypto: cfb - add missing 'chunksize' property ... Browse Code »

    Like some other block cipher mode implementations, the CFB
    implementation assumes that while walking through the scatterlist, a
    partial block does not occur until the end. But the walk is incorrectly
    being done with a blocksize of 1, as 'cra_blocksize' is set to 1 (since
    CFB is a stream cipher) but no 'chunksize' is set. This bug causes
    incorrect encryption/decryption for some scatterlist layouts.

    Fix it by setting the 'chunksize'. Also extend the CFB test vectors to
    cover this bug as well as cases where the message length is not a
    multiple of the block size.

    Fixes: a7d85e06ed80 ("crypto: cfb - add support for Cipher FeedBack mode")
    Cc: # v4.17+
    Cc: James Bottomley
    Signed-off-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Eric Biggers
     

07 Dec, 2018

1 commit

29 Nov, 2018

1 commit

  • e5bde04cc   crypto: do not free algorithm before using ... Browse Code »

    In multiple functions, the algorithm fields are read after its reference
    is dropped through crypto_mod_put. In this case, the algorithm memory
    may be freed, resulting in use-after-free bugs. This patch delays the
    put operation until the algorithm is never used.

    Fixes: 79c65d179a40 ("crypto: cbc - Convert to skcipher")
    Fixes: a7d85e06ed80 ("crypto: cfb - add support for Cipher FeedBack mode")
    Fixes: 043a44001b9e ("crypto: pcbc - Convert to skcipher")
    Cc:
    Signed-off-by: Pan Bian
    Signed-off-by: Herbert Xu

    Pan Bian
     

09 Nov, 2018

1 commit

  • fa4600734   crypto: cfb - fix decryption ... Browse Code »

    crypto_cfb_decrypt_segment() incorrectly XOR'ed generated keystream with
    IV, rather than with data stream, resulting in incorrect decryption.
    Test vectors will be added in the next patch.

    Signed-off-by: Dmitry Eremin-Solenikov
    Cc: stable@vger.kernel.org
    Signed-off-by: Herbert Xu

    Dmitry Eremin-Solenikov
     

21 Apr, 2018

1 commit

  • 6650c4de6   crypto: remove several VLAs ... Browse Code »

    We avoid various VLAs[1] by using constant expressions for block size
    and alignment mask.

    [1] http://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com

    Signed-off-by: Salvatore Mesoraca
    Signed-off-by: Herbert Xu

    Salvatore Mesoraca
     

09 Mar, 2018

1 commit

  • a7d85e06e   crypto: cfb - add support for Cipher FeedBack mode ... Browse Code »

    TPM security routines require encryption and decryption with AES in
    CFB mode, so add it to the Linux Crypto schemes. CFB is basically a
    one time pad where the pad is generated initially from the encrypted
    IV and then subsequently from the encrypted previous block of
    ciphertext. The pad is XOR'd into the plain text to get the final
    ciphertext.

    https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CFB

    Signed-off-by: James Bottomley
    Signed-off-by: Herbert Xu

    James Bottomley