26 Nov, 2014
2 commits
-
This adds the module loading prefix "crypto-" to the template lookup
as well.For example, attempting to load 'vfat(blowfish)' via AF_ALG now correctly
includes the "crypto-" prefix at every level, correctly rejecting "vfat":net-pf-38
algif-hash
crypto-vfat(blowfish)
crypto-vfat(blowfish)-all
crypto-vfatReported-by: Mathias Krause
Signed-off-by: Kees Cook
Acked-by: Mathias Krause
Signed-off-by: Herbert Xu -
To allow automatic loading of the crypto_user kernel module, the netlink
MODULE_ALIAS is added.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu
25 Nov, 2014
3 commits
-
This can't be NULL and we dereferenced it earlier. Smatch used to
ignore these things where the pointer was obviously non-NULL but I've
found that sometimes the intention was to check something else so we
were maybe missing bugs.Signed-off-by: Dan Carpenter
Acked-by: Tim Chen
Signed-off-by: Herbert Xu -
Fix invalid inflights calculation for 64 bytes requests.
Signed-off-by: Tadeusz Struk
Signed-off-by: Herbert Xu -
Commit e1bd95bf7c25 ("crypto: algif - zeroize IV buffer") and
2a6af25befd0 ("crypto: algif - zeroize message digest buffer")
added memzero_explicit() calls on buffers that are later on
passed back to sock_kfree_s().This is a discussed follow-up that, instead, extends the sock
API and adds sock_kzfree_s(), which internally uses kzfree()
instead of kfree() for passing the buffers back to slab.Having sock_kzfree_s() allows to keep the changes more minimal
by just having a drop-in replacement instead of adding
memzero_explicit() calls everywhere before sock_kfree_s().In kzfree(), the compiler is not allowed to optimize the memset()
away and thus there's no need for memzero_explicit(). Both,
sock_kfree_s() and sock_kzfree_s() are wrappers for
__sock_kfree_s() and call into kfree() resp. kzfree(); here,
__sock_kfree_s() needs to be explicitly inlined as we want the
compiler to optimize the call and condition away and thus it
produces e.g. on x86_64 the _same_ assembler output for
sock_kfree_s() before and after, and thus also allows for
avoiding code duplication.Cc: David S. Miller
Signed-off-by: Daniel Borkmann
Signed-off-by: Herbert Xu
24 Nov, 2014
2 commits
-
This prefixes all crypto module loading with "crypto-" so we never run
the risk of exposing module auto-loading to userspace via a crypto API,
as demonstrated by Mathias Krause:https://lkml.org/lkml/2013/3/4/70
Signed-off-by: Kees Cook
Signed-off-by: Herbert Xu -
Currently all get requests with an empty driver name fail with
EINVAL. Since most users actually want to supply an empty driver
name this patch removes this check.Signed-off-by: Herbert Xu
20 Nov, 2014
6 commits
-
Add a DT node for the TRNG (True Random Number Generator) block.
Keep this block enabled as it does not depend on any external connection,
and thus should be available on all boards.Signed-off-by: Boris Brezillon
Acked-by: Nicolas Ferre
Signed-off-by: Herbert Xu -
Document DT bindings of Atmel's TRNG (True Random Number Generator) IP.
Signed-off-by: Boris Brezillon
Acked-by: Peter Korsgaard
Acked-by: Nicolas Ferre
Signed-off-by: Herbert Xu -
Add DT support.
Make the driver depend on CONFIG_OF as at91sam9g45 was the only SoC making
use of the TRNG block and this SoC is now fully migrated to DT.Signed-off-by: Boris Brezillon
Acked-by: Peter Korsgaard
Acked-by: Nicolas Ferre
Signed-off-by: Herbert Xu -
Use clk_prepare_enable/_disable_unprepare instead of clk_enable/disable
to work properly with the CCF.Signed-off-by: Boris Brezillon
Acked-by: Peter Korsgaard
Acked-by: Nicolas Ferre
Signed-off-by: Herbert Xu -
This is a specific implementation, is the
multiplexer that has the arch-specific knowledge of which
of the implementations needs to be used, so include that.Signed-off-by: Johannes Berg
Signed-off-by: Herbert Xu -
This module registers a crc32 algorithm and a crc32c algorithm
that use the optional CRC32 and CRC32C instructions in ARMv8.Tested on AMD Seattle.
Improvement compared to crc32c-generic algorithm:
TCRYPT CRC32C speed test shows ~450% speedup.
Simple dd write tests to btrfs filesystem show ~30% speedup.Signed-off-by: Yazen Ghannam
Acked-by: Steve Capper
Acked-by: Ard Biesheuvel
Signed-off-by: Herbert Xu
17 Nov, 2014
3 commits
-
Use the new memzero_explicit function to cleanup sensitive data.
Signed-off-by: Tadeusz Struk
Signed-off-by: Herbert Xu -
Fix documentation typo for shash_alg->descsize.
Add documentation for initially uncovered member variables.
Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
Recently lockless_dereference() was added which can be used in place of
hard-coding smp_read_barrier_depends(). The following PATCH makes the change.Signed-off-by: Pranith Kumar
Reviewed-by: Kim Phillips
Signed-off-by: Herbert Xu
13 Nov, 2014
13 commits
-
The API function calls exported by the kernel crypto API for
message digests to be used by consumers are documented.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
The API function calls exported by the kernel crypto API for
signle block ciphers to be used by consumers are documented.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
The API function calls exported by the kernel crypto API for
synchronous block ciphers to be used by consumers are documented.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
The API function calls exported by the kernel crypto API for AEAD
ciphers to be used by consumers are documented.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
The API function calls exported by the kernel crypto API for
asynchronous block ciphers to be used by consumers are documented.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
The data structure of struct crypto_alg together with various other
data structures needed by cipher developers is documented wit all
parameters that can be set by a developer of a transformation. All
parameters that are internal to the crypto API are marked as such.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
The API function calls exported by the kernel crypto API for SHASHes
to be used by consumers are documented.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
The API function calls exported by the kernel crypto API for AHASHes
to be used by consumers are documented.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
The hash data structures needed to be filled in by cipher developers are
documented.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
The API function calls exported by the kernel crypto API for RNGs to
be used by consumers are documented.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
The userspace interface of the kernel crypto API is documented with
* a general explanation
* a discussion of the memory in-place operation
* the description of the message digest API
* the description of the symmetric cipher APIThe documentation refers to libkcapi as a working example on how to use
the kernel crypto API from user space.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
Add the crypto API documentation into the DocBook Makefile to allow it
being compiledSigned-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
The design of the kernel crypto API as well as hints to program with
the kernel crypto API are given.The documentation contains:
* design aspects of crypto API
* develper specific hints
* references to the API function description
* source code examplesCC: Marek Vasut
Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu
12 Nov, 2014
4 commits
-
Merge DES Cipher Block Chaining mode (CBC) and Triple DES Cipher Block
Chaining mode (CBC) algorithms from ablkcipher to givencrypt.Signed-off-by: Catalin Vasile
Signed-off-by: Herbert Xu -
Zeroize the buffer holding the IV used for the completed
cipher operation before the buffer is released by the
skcipher AF_ALG interface handler.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
Zeroize the buffer holding the message digest calculated for the
consumer before the buffer is released by the hash AF_ALG interface
handler.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
Merging 3.18-rc4 in order to pick up the memzero_explicit helper.
10 Nov, 2014
7 commits
-
The system PM functions were unused when CONFIG_PM is unset. Let's move
them inside CONFIG_PM_SLEEP to silence the compiler warning.Signed-off-by: Ulf Hansson
Signed-off-by: Herbert Xu -
The system PM functions were unused when CONFIG_PM is unset. Let's move
them inside CONFIG_PM_SLEEP to silence the compiler warning.Signed-off-by: Ulf Hansson
Signed-off-by: Herbert Xu -
The kernel module drbg.ko is currently not loaded automatically when a
DRBG is requested by a consumer. This is due to missing MODULE_ALIAS
flags for each of the implemented DRBG types.This patch adds aliases for each of the 22 defined DRBGs.
Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
Pull arm64 fixes from Catalin Marinas:
- enable bpf syscall for compat
- cpu_suspend fix when checking the idle state type
- defconfig update* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: defconfig: update defconfig for 3.18
arm64: compat: Enable bpf syscall
arm64: psci: fix cpu_suspend to check idle state type for index -
Pull ARM SoC fixes from Olof Johansson:
"Another quiet week:- a fix to silence edma probe error on non-supported platforms from
Arnd
- a fix to enable the PL clock for Parallella, to make mainline
usable with the SDK.
- a somewhat verbose fix for the PLL clock tree on VF610
- enabling of SD/MMC on one of the VF610-based boards (for testing)
- a fix for i.MX where CONFIG_SPI used to be implicitly enabled and
now needs to be added to the defconfig instead
- another maintainer added for bcm2835: Lee Jones"* tag 'armsoc-for-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
ARM: dts: zynq: Enable PL clocks for Parallella
dma: edma: move device registration to platform code
ARM: dts: vf610: add SD node to cosmic dts
MAINTAINERS: update bcm2835 entry
ARM: imx: Fix the removal of CONFIG_SPI option
ARM: imx: clk-vf610: define PLL's clock tree -
Pull devicetree bugfix from Grant Likely:
"One buffer overflow bug that shouldn't be left around"* 'devicetree/merge' of git://git.kernel.org/pub/scm/linux/kernel/git/glikely/linux:
of: Fix overflow bug in string property parsing functions