08 Mar, 2021
1 commit
-
The MIPS Poly1305 implementation is generic MIPS code written such as to
support down to the original MIPS I and MIPS III ISA for the 32-bit and
64-bit variant respectively. Lift the current limitation then to enable
code for MIPSr1 ISA or newer processors only and have it available for
all MIPS processors.Signed-off-by: Maciej W. Rozycki
Fixes: a11d055e7a64 ("crypto: mips/poly1305 - incorporate OpenSSL/CRYPTOGAMS optimized implementation")
Cc: stable@vger.kernel.org # v5.5+
Acked-by: Jason A. Donenfeld
Signed-off-by: Thomas Bogendoerfer
24 Feb, 2021
1 commit
-
Pull keyring updates from David Howells:
"Here's a set of minor keyrings fixes/cleanups that I've collected from
various people for the upcoming merge window.A couple of them might, in theory, be visible to userspace:
- Make blacklist_vet_description() reject uppercase letters as they
don't match the all-lowercase hex string generated for a blacklist
search.This may want reconsideration in the future, but, currently, you
can't add to the blacklist keyring from userspace and the only
source of blacklist keys generates lowercase descriptions.- Fix blacklist_init() to use a new KEY_ALLOC_* flag to indicate that
it wants KEY_FLAG_KEEP to be set rather than passing KEY_FLAG_KEEP
into keyring_alloc() as KEY_FLAG_KEEP isn't a valid alloc flag.This isn't currently a problem as the blacklist keyring isn't
currently writable by userspace.The rest of the patches are cleanups and I don't think they should
have any visible effect"* tag 'keys-misc-20210126' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs:
watch_queue: rectify kernel-doc for init_watch()
certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID
certs: Fix blacklist flag type confusion
PKCS#7: Fix missing include
certs: Fix blacklisted hexadecimal hash string check
certs/blacklist: fix kernel doc interface issue
crypto: public_key: Remove redundant header file from public_key.h
keys: remove trailing semicolon in macro definition
crypto: pkcs7: Use match_string() helper to simplify the code
PKCS#7: drop function from kernel-doc pkcs7_validate_trust_one
encrypted-keys: Replace HTTP links with HTTPS ones
crypto: asymmetric_keys: fix some comments in pkcs7_parser.h
KEYS: remove redundant memset
security: keys: delete repeated words in comments
KEYS: asymmetric: Fix kerneldoc
security/keys: use kvfree_sensitive()
watch_queue: Drop references to /dev/watch_queue
keys: Remove outdated __user annotations
security: keys: Fix fall-through warnings for Clang
22 Feb, 2021
1 commit
-
Pull crypto update from Herbert Xu:
"API:
- Restrict crypto_cipher to internal API users only.Algorithms:
- Add x86 aesni acceleration for cts.
- Improve x86 aesni acceleration for xts.
- Remove x86 acceleration of some uncommon algorithms.
- Remove RIPE-MD, Tiger and Salsa20.
- Remove tnepres.
- Add ARM acceleration for BLAKE2s and BLAKE2b.Drivers:
- Add Keem Bay OCS HCU driver.
- Add Marvell OcteonTX2 CPT PF driver.
- Remove PicoXcell driver.
- Remove mediatek driver"* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (154 commits)
hwrng: timeriomem - Use device-managed registration API
crypto: hisilicon/qm - fix printing format issue
crypto: hisilicon/qm - do not reset hardware when CE happens
crypto: hisilicon/qm - update irqflag
crypto: hisilicon/qm - fix the value of 'QM_SQC_VFT_BASE_MASK_V2'
crypto: hisilicon/qm - fix request missing error
crypto: hisilicon/qm - removing driver after reset
crypto: octeontx2 - fix -Wpointer-bool-conversion warning
crypto: hisilicon/hpre - enable Elliptic curve cryptography
crypto: hisilicon - PASID fixed on Kunpeng 930
crypto: hisilicon/qm - fix use of 'dma_map_single'
crypto: hisilicon/hpre - tiny fix
crypto: hisilicon/hpre - adapt the number of clusters
crypto: cpt - remove casting dma_alloc_coherent
crypto: keembay-ocs-aes - Fix 'q' assignment during CCM B0 generation
crypto: xor - Fix typo of optimization
hwrng: optee - Use device-managed registration API
crypto: arm64/crc-t10dif - move NEON yield to C code
crypto: arm64/aes-ce-mac - simplify NEON yield
crypto: arm64/aes-neonbs - remove NEON yield calls
...
16 Feb, 2021
1 commit
-
Add the bit of information that makes
restrict_link_by_key_or_keyring_chain different from
restrict_link_by_key_or_keyring to the inline docs comment.Signed-off-by: Andrew Zaborowski
Acked-by: Jarkko Sakkinen
Signed-off-by: Jarkko Sakkinen
10 Feb, 2021
11 commits
-
s/optimzation/optimization/
Signed-off-by: Bhaskar Chowdhury
Acked-by: Randy Dunlap
Signed-off-by: Herbert Xu -
The length ('len' parameter) passed to crypto_ecdh_decode_key() is never
checked against the length encoded in the passed buffer ('buf'
parameter). This could lead to an out-of-bounds access when the passed
length is less than the encoded length.Add a check to prevent that.
Fixes: 3c4b23901a0c7 ("crypto: ecdh - Add ECDH software support")
Signed-off-by: Daniele Alessandrelli
Signed-off-by: Herbert Xu -
Instead of using an alignmask of 0x3 to ensure 32-bit alignment of the
Twofish input and output blocks, which propagates to mode drivers, and
results in pointless copying on architectures that don't care about
alignment, use the unaligned accessors, which will do the right thing on
each respective architecture, avoiding the need for double buffering.Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu -
The fcrypt implementation uses memcpy() to access the input and output
buffers so there is no need to set an alignmask.Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu -
Instead of using an alignmask of 0x3 to ensure 32-bit alignment of the
CAST6 input and output blocks, which propagates to mode drivers, and
results in pointless copying on architectures that don't care about
alignment, use the unaligned accessors, which will do the right thing on
each respective architecture, avoiding the need for double buffering.Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu -
Instead of using an alignmask of 0x3 to ensure 32-bit alignment of the
CAST5 input and output blocks, which propagates to mode drivers, and
results in pointless copying on architectures that don't care about
alignment, use the unaligned accessors, which will do the right thing on
each respective architecture, avoiding the need for double buffering.Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu -
Instead of using an alignmask of 0x3 to ensure 32-bit alignment of the
Camellia input and output blocks, which propagates to mode drivers, and
results in pointless copying on architectures that don't care about
alignment, use the unaligned accessors, which will do the right thing on
each respective architecture, avoiding the need for double buffering.Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu -
Instead of using an alignmask of 0x3 to ensure 32-bit alignment of
the Blowfish input and output blocks, which propagates to mode drivers,
and results in pointless copying on architectures that don't care about
alignment, use the unaligned accessors, which will do the right thing on
each respective architecture, avoiding the need for double buffering.Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu -
Instead of using an alignmask of 0x3 to ensure 32-bit alignment of the
Serpent input and output blocks, which propagates to mode drivers, and
results in pointless copying on architectures that don't care about
alignment, use the unaligned accessors, which will do the right thing on
each respective architecture, avoiding the need for double buffering.Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu -
It is not trivial to trace back why exactly the tnepres variant of
serpent was added ~17 years ago - Google searches come up mostly empty,
but it seems to be related with the 'kerneli' version, which was based
on an incorrect interpretation of the serpent spec.In other words, nobody is likely to care anymore today, so let's get rid
of it.Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu -
The Michael MIC driver uses the cra_alignmask to ensure that pointers
presented to its update and finup/final methods are 32-bit aligned.
However, due to the way the shash API works, this is no guarantee that
the 32-bit reads occurring in the update method are also aligned, as the
size of the buffer presented to update may be of uneven length. For
instance, an update() of 3 bytes followed by a misaligned update() of 4
or more bytes will result in a misaligned access using an accessor that
is not suitable for this.On most architectures, this does not matter, and so setting the
cra_alignmask is pointless. On architectures where this does matter,
setting the cra_alignmask does not actually solve the problem.So let's get rid of the cra_alignmask, and use unaligned accessors
instead, where appropriate.Cc:
Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu
29 Jan, 2021
5 commits
-
Salsa20 is not used anywhere in the kernel, is not suitable for disk
encryption, and widely considered to have been superseded by ChaCha20.
So let's remove it.Signed-off-by: Ard Biesheuvel
Acked-by: Mike Snitzer
Signed-off-by: Herbert Xu -
Tiger is never referenced anywhere in the kernel, and unlikely
to be depended upon by userspace via AF_ALG. So let's remove it.Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu -
RIPE-MD 320 is never referenced anywhere in the kernel, and unlikely
to be depended upon by userspace via AF_ALG. So let's remove itSigned-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu -
RIPE-MD 256 is never referenced anywhere in the kernel, and unlikely
to be depended upon by userspace via AF_ALG. So let's remove itSigned-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu -
RIPE-MD 128 is never referenced anywhere in the kernel, and unlikely
to be depended upon by userspace via AF_ALG. So let's remove it.Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu
22 Jan, 2021
4 commits
-
match_string() returns the array index of a matching string.
Use it instead of the open-coded implementation.Signed-off-by: YueHaibing
Signed-off-by: David Howells
Reviewed-by: Ben Boeckel -
The function is a static function, so no needs add into kernel-doc. and
we could avoid warning:
crypto/asymmetric_keys/pkcs7_trust.c:25: warning: Function parameter or
member 'pkcs7' not described in 'pkcs7_validate_trust_one'
crypto/asymmetric_keys/pkcs7_trust.c:25: warning: Function parameter or
member 'sinfo' not described in 'pkcs7_validate_trust_one'
crypto/asymmetric_keys/pkcs7_trust.c:25: warning: Function parameter or
member 'trust_keyring' not described in 'pkcs7_validate_trust_one'Signed-off-by: Alex Shi
Signed-off-by: David Howells
Reviewed-by: Ben Boeckel
Cc: Herbert Xu
Cc: "David S. Miller"
Cc: keyrings@vger.kernel.org
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org -
Drop the doubled word "the" in a comment.
Change "THis" to "This".Signed-off-by: Randy Dunlap
Signed-off-by: David Howells
Reviewed-by: Ben Boeckel
Cc: keyrings@vger.kernel.org -
Fix W=1 compile warnings (invalid kerneldoc):
crypto/asymmetric_keys/asymmetric_type.c:160: warning: Function parameter or member 'kid1' not described in 'asymmetric_key_id_same'
crypto/asymmetric_keys/asymmetric_type.c:160: warning: Function parameter or member 'kid2' not described in 'asymmetric_key_id_same'
crypto/asymmetric_keys/asymmetric_type.c:160: warning: Excess function parameter 'kid_1' description in 'asymmetric_key_id_same'
crypto/asymmetric_keys/asymmetric_type.c:160: warning: Excess function parameter 'kid_2' description in 'asymmetric_key_id_same'Signed-off-by: Krzysztof Kozlowski
Signed-off-by: David Howells
Acked-by: Randy Dunlap
Reviewed-by: Ben Boeckel
Reviewed-by: Jarkko Sakkinen
21 Jan, 2021
1 commit
-
On the following call path, `sig->pkey_algo` is not assigned
in asymmetric_key_verify_signature(), which causes runtime
crash in public_key_verify_signature().keyctl_pkey_verify
asymmetric_key_verify_signature
verify_signature
public_key_verify_signatureThis patch simply check this situation and fixes the crash
caused by NULL pointer.Fixes: 215525639631 ("X.509: support OSCCA SM2-with-SM3 certificate verification")
Reported-by: Tobias Markus
Signed-off-by: Tianjia Zhang
Signed-off-by: David Howells
Reviewed-and-tested-by: Toke Høiland-Jørgensen
Tested-by: João Fonseca
Acked-by: Jarkko Sakkinen
Cc: stable@vger.kernel.org # v5.10+
Signed-off-by: Linus Torvalds
19 Jan, 2021
1 commit
-
Pull crypto fixes from Herbert Xu:
"A Kconfig dependency issue with omap-sham and a divide by zero in xor
on some platforms"* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: omap-sham - Fix link error without crypto-engine
crypto: xor - Fix divide error in do_xor_speed()
14 Jan, 2021
14 commits
-
All dependencies on the x86 glue helper module have been replaced by
local instantiations of the new ECB/CBC preprocessor helper macros, so
the glue helper module can be retired.Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu -
Replace the glue helper dependency with implementations of ECB and CBC
based on the new CPP macros, which avoid the need for indirect calls.Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu -
Replace the glue helper dependency with implementations of ECB and CBC
based on the new CPP macros, which avoid the need for indirect calls.Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu -
Replace the glue helper dependency with implementations of ECB and CBC
based on the new CPP macros, which avoid the need for indirect calls.Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu -
Replace the glue helper dependency with implementations of ECB and CBC
based on the new CPP macros, which avoid the need for indirect calls.Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu -
Blowfish in counter mode is never used in the kernel, so there
is no point in keeping an accelerated implementation around.Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu -
DES or Triple DES in counter mode is never used in the kernel, so there
is no point in keeping an accelerated implementation around.Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu -
Twofish in CTR mode is never used by the kernel directly, and is highly
unlikely to be relied upon by dm-crypt or algif_skcipher. So let's drop
the accelerated CTR mode implementation, and instead, rely on the CTR
template and the bare cipher.Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu -
CAST6 in CTR mode is never used by the kernel directly, and is highly
unlikely to be relied upon by dm-crypt or algif_skcipher. So let's drop
the accelerated CTR mode implementation, and instead, rely on the CTR
template and the bare cipher.Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu -
CAST5 in CTR mode is never used by the kernel directly, and is highly
unlikely to be relied upon by dm-crypt or algif_skcipher. So let's drop
the accelerated CTR mode implementation, and instead, rely on the CTR
template and the bare cipher.Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu -
Serpent in CTR mode is never used by the kernel directly, and is highly
unlikely to be relied upon by dm-crypt or algif_skcipher. So let's drop
the accelerated CTR mode implementation, and instead, rely on the CTR
template and the bare cipher.Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu -
Camellia in CTR mode is never used by the kernel directly, and is highly
unlikely to be relied upon by dm-crypt or algif_skcipher. So let's drop
the accelerated CTR mode implementation, and instead, rely on the CTR
template and the bare cipher.Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu -
Now that the XTS template can wrap accelerated ECB modes, it can be
used to implement Twofish in XTS mode as well, which turns out to
be at least as fast, and sometimes even fasterAcked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu -
Now that the XTS template can wrap accelerated ECB modes, it can be
used to implement Serpent in XTS mode as well, which turns out to
be at least as fast, and sometimes even fasterAcked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu