07 Oct, 2016
1 commit
-
Pull dmaengine updates from Vinod Koul:
"This is bit large pile of code which bring in some nice additions:- Error reporting: we have added a new mechanism for users of
dmaenegine to register a callback_result which tells them the
result of the dma transaction. Right now only one user (ntb) is
using it.- As we discussed on KS mailing list and pointed out NO_IRQ has no
place in kernel, this also remove NO_IRQ from dmaengine subsystem
(both arm and ppc users)- Support for IOMMU slave transfers and its implementation for arm.
- To get better build coverage, enable COMPILE_TEST for bunch of
driver, and fix the warning and sparse complaints on these.- Apart from above, usual updates spread across drivers"
* tag 'dmaengine-4.9-rc1' of git://git.infradead.org/users/vkoul/slave-dma: (169 commits)
async_pq_val: fix DMA memory leak
dmaengine: virt-dma: move function declarations
dmaengine: omap-dma: Enable burst and data pack for SG
DT: dmaengine: rcar-dmac: document R8A7743/5 support
dmaengine: fsldma: Unmap region obtained by of_iomap
dmaengine: jz4780: fix resource leaks on error exit return
dma-debug: fix ia64 build, use PHYS_PFN
dmaengine: coh901318: fix integer overflow when shifting more than 32 places
dmaengine: edma: avoid uninitialized variable use
dma-mapping: fix m32r build warning
dma-mapping: fix ia64 build, use PHYS_PFN
dmaengine: ti-dma-crossbar: enable COMPILE_TEST
dmaengine: omap-dma: enable COMPILE_TEST
dmaengine: edma: enable COMPILE_TEST
dmaengine: ti-dma-crossbar: Fix of_device_id data parameter usage
dmaengine: ti-dma-crossbar: Correct type for of_find_property() third parameter
dmaengine/ARM: omap-dma: Fix the DMAengine compile test on non OMAP configs
dmaengine: edma: Rename set_bits and remove unused clear_bits helper
dmaengine: edma: Use correct type for of_find_property() third parameter
dmaengine: edma: Fix of_device_id data parameter usage (legacy vs TPCC)
...
05 Oct, 2016
1 commit
-
Add missing dmaengine_unmap_put(), so we don't OOM during RAID6 sync.
Fixes: 1786b943dad0 ("async_pq_val: convert to dmaengine_unmap_data")
Signed-off-by: Justin Maggard
Reviewed-by: Dan Williams
Cc:
Signed-off-by: Vinod Koul
22 Sep, 2016
1 commit
-
As the software RSA implementation now produces fixed-length
output, we need to eliminate leading zeros in the calling code
instead.This patch does just that for pkcs1pad decryption while signature
verification was fixed in an earlier patch.Fixes: 9b45b7bba3d2 ("crypto: rsa - Generate fixed-length output")
Reported-by: Mat Martineau
Signed-off-by: Herbert Xu
13 Sep, 2016
2 commits
-
When we need to allocate a temporary blkcipher_walk_next and it
fails, the code is supposed to take the slow path of processing
the data block by block. However, due to an unrelated change
we instead end up dereferencing the NULL pointer.This patch fixes it by moving the unrelated bsize setting out
of the way so that we enter the slow path as inteded.Fixes: 7607bd8ff03b ("[CRYPTO] blkcipher: Added blkcipher_walk_virt_block")
Cc: stable@vger.kernel.org
Reported-by: xiakaixu
Reported-by: Ard Biesheuvel
Signed-off-by: Herbert Xu
Tested-by: Ard Biesheuvel -
The current implementation uses a global per-cpu array to store
data which are used to derive the next IV. This is insecure as
the attacker may change the stored data.This patch removes all traces of chaining and replaces it with
multiplication of the salt and the sequence number.Fixes: a10f554fa7e0 ("crypto: echainiv - Add encrypted chain IV...")
Cc: stable@vger.kernel.org
Reported-by: Mathias Krause
Signed-off-by: Herbert Xu
07 Sep, 2016
1 commit
-
When calling .import() on a cryptd ahash_request, the structure members
that describe the child transform in the shash_desc need to be initialized
like they are when calling .init()Cc: stable@vger.kernel.org
Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu
31 Aug, 2016
1 commit
-
The AEAD code path incorrectly uses the child tfm to track the
cryptd refcnt, and then potentially frees the child tfm.Fixes: 81760ea6a95a ("crypto: cryptd - Add helpers to check...")
Reported-by: Sowmini Varadhan
Signed-off-by: Herbert Xu
09 Aug, 2016
1 commit
-
The optimised crc32c implementation depends on VMX (aka. Altivec)
instructions, so the kernel must be built with Altivec support in order
for the crc32c code to build.Fixes: 6dd7a82cc54e ("crypto: powerpc - Add POWER8 optimised crc32c")
Acked-by: Anton Blanchard
Signed-off-by: Michael Ellerman
Signed-off-by: Herbert Xu
08 Aug, 2016
1 commit
-
On 32-bit (e.g. with m68k-linux-gnu-gcc-4.1):
crypto/sha3_generic.c:27: warning: integer constant is too large for ‘long’ type
crypto/sha3_generic.c:28: warning: integer constant is too large for ‘long’ type
crypto/sha3_generic.c:29: warning: integer constant is too large for ‘long’ type
crypto/sha3_generic.c:29: warning: integer constant is too large for ‘long’ type
crypto/sha3_generic.c:31: warning: integer constant is too large for ‘long’ type
crypto/sha3_generic.c:31: warning: integer constant is too large for ‘long’ type
crypto/sha3_generic.c:32: warning: integer constant is too large for ‘long’ type
crypto/sha3_generic.c:32: warning: integer constant is too large for ‘long’ type
crypto/sha3_generic.c:32: warning: integer constant is too large for ‘long’ type
crypto/sha3_generic.c:33: warning: integer constant is too large for ‘long’ type
crypto/sha3_generic.c:33: warning: integer constant is too large for ‘long’ type
crypto/sha3_generic.c:34: warning: integer constant is too large for ‘long’ type
crypto/sha3_generic.c:34: warning: integer constant is too large for ‘long’ typeFixes: 53964b9ee63b7075 ("crypto: sha3 - Add SHA-3 hash algorithm")
Signed-off-by: Geert Uytterhoeven
Signed-off-by: Herbert Xu
28 Jul, 2016
1 commit
-
Pull random driver updates from Ted Ts'o:
"A number of improvements for the /dev/random driver; the most
important is the use of a ChaCha20-based CRNG for /dev/urandom, which
is faster, more efficient, and easier to make scalable for
silly/abusive userspace programs that want to read from /dev/urandom
in a tight loop on NUMA systems.This set of patches also improves entropy gathering on VM's running on
Microsoft Azure, and will take advantage of a hw random number
generator (if present) to initialize the /dev/urandom pool"(It turns out that the random tree hadn't been in linux-next this time
around, because it had been dropped earlier as being too quiet. Oh
well).* tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random:
random: strengthen input validation for RNDADDTOENTCNT
random: add backtracking protection to the CRNG
random: make /dev/urandom scalable for silly userspace programs
random: replace non-blocking pool with a Chacha20-based CRNG
random: properly align get_random_int_hash
random: add interrupt callback to VMBus IRQ handler
random: print a warning for the first ten uninitialized random users
random: initialize the non-blocking pool via add_hwgenerator_randomness()
27 Jul, 2016
1 commit
-
Pull crypto updates from Herbert Xu:
"Here is the crypto update for 4.8:API:
- first part of skcipher low-level conversions
- add KPP (Key-agreement Protocol Primitives) interface.Algorithms:
- fix IPsec/cryptd reordering issues that affects aesni
- RSA no longer does explicit leading zero removal
- add SHA3
- add DH
- add ECDH
- improve DRBG performance by not doing CTR by handDrivers:
- add x86 AVX2 multibuffer SHA256/512
- add POWER8 optimised crc32c
- add xts support to vmx
- add DH support to qat
- add RSA support to caam
- add Layerscape support to caam
- add SEC1 AEAD support to talitos
- improve performance by chaining requests in marvell/cesa
- add support for Araneus Alea I USB RNG
- add support for Broadcom BCM5301 RNG
- add support for Amlogic Meson RNG
- add support Broadcom NSP SoC RNG"* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (180 commits)
crypto: vmx - Fix aes_p8_xts_decrypt build failure
crypto: vmx - Ignore generated files
crypto: vmx - Adding support for XTS
crypto: vmx - Adding asm subroutines for XTS
crypto: skcipher - add comment for skcipher_alg->base
crypto: testmgr - Print akcipher algorithm name
crypto: marvell - Fix wrong flag used for GFP in mv_cesa_dma_add_iv_op
crypto: nx - off by one bug in nx_of_update_msc()
crypto: rsa-pkcs1pad - fix rsa-pkcs1pad request struct
crypto: scatterwalk - Inline start/map/done
crypto: scatterwalk - Remove unnecessary BUG in scatterwalk_start
crypto: scatterwalk - Remove unnecessary advance in scatterwalk_pagedone
crypto: scatterwalk - Fix test in scatterwalk_done
crypto: api - Optimise away crypto_yield when hard preemption is on
crypto: scatterwalk - add no-copy support to copychunks
crypto: scatterwalk - Remove scatterwalk_bytes_sglen
crypto: omap - Stop using crypto scatterwalk_bytes_sglen
crypto: skcipher - Remove top-level givcipher interface
crypto: user - Remove crypto_lookup_skcipher call
crypto: cts - Convert to skcipher
...
23 Jul, 2016
1 commit
-
Pull crypto fixes from Herbert Xu:
"This fixes a sporadic build failure in the qat driver as well as a
memory corruption bug in rsa-pkcs1pad"* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: rsa-pkcs1pad - fix rsa-pkcs1pad request struct
crypto: qat - make qat_asym_algs.o depend on asn1 headers
22 Jul, 2016
1 commit
-
To allow for child request context the struct akcipher_request child_req
needs to be at the end of the structure.Cc: stable@vger.kernel.org
Signed-off-by: Tadeusz Struk
Signed-off-by: Herbert Xu
21 Jul, 2016
1 commit
-
Merge the crypto tree to resolve conflict in qat Makefile.
19 Jul, 2016
2 commits
-
When an akcipher test fails, we don't know which algorithm failed
because the name is not printed. This patch fixes this.Signed-off-by: Herbert Xu
-
To allow for child request context the struct akcipher_request child_req
needs to be at the end of the structure.Signed-off-by: Tadeusz Struk
Signed-off-by: Herbert Xu
18 Jul, 2016
24 commits
-
This patch inlines the functions scatterwalk_start, scatterwalk_map
and scatterwalk_done as they're all tiny and mostly used by the block
cipher walker.Signed-off-by: Herbert Xu
-
Nothing bad will happen even if sg->length is zero, so there is
no point in keeping this BUG_ON in scatterwalk_start.Signed-off-by: Herbert Xu
-
The offset advance in scatterwalk_pagedone not only is unnecessary,
but it was also buggy when it was needed by scatterwalk_copychunks.
As the latter has long ago been fixed to call scatterwalk_advance
directly, we can remove this unnecessary offset adjustment.Signed-off-by: Herbert Xu
-
When there is more data to be processed, the current test in
scatterwalk_done may prevent us from calling pagedone even when
we should.In particular, if we're on an SG entry spanning multiple pages
where the last page is not a full page, we will incorrectly skip
calling pagedone on the second last page.This patch fixes this by adding a separate test for whether we've
reached the end of a page.Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu -
The function ablkcipher_done_slow is pretty much identical to
scatterwalk_copychunks except that it doesn't actually copy as
the processing hasn't been completed yet.This patch allows scatterwalk_copychunks to be used in this case
by specifying out == 2.Signed-off-by: Herbert Xu
-
This patch removes the now unused scatterwalk_bytes_sglen. Anyone
using this out-of-tree should switch over to sg_nents_for_len.Signed-off-by: Herbert Xu
-
This patch removes the old crypto_grab_skcipher helper and replaces
it with crypto_grab_skcipher2.As this is the final entry point into givcipher this patch also
removes all traces of the top-level givcipher interface, including
all implicit IV generators such as chainiv.The bottom-level givcipher interface remains until the drivers
using it are converted.Signed-off-by: Herbert Xu
-
As there are no more kernel users of built-in IV generators we
can remove the special lookup for skciphers.Signed-off-by: Herbert Xu
-
This patch converts cts over to the skcipher interface. It also
optimises the implementation to use one CBC operation for all but
the last block, which is then processed separately.Signed-off-by: Herbert Xu
-
The default null blkcipher is no longer used and can now be removed.
Signed-off-by: Herbert Xu
-
The blkcipher null object is no longer used and can now be removed.
Signed-off-by: Herbert Xu
-
This patch replaces use of the obsolete blkcipher with skcipher.
Signed-off-by: Herbert Xu
-
This patch replaces use of the obsolete blkcipher with skcipher.
Signed-off-by: Herbert Xu
-
This patch adds an skcipher null object alongside the existing
null blkcipher so that IV generators using it can switch over
to skcipher.Signed-off-by: Herbert Xu
-
This patch converts chacha20poly1305 to use the new skcipher
interface as opposed to ablkcipher.It also fixes a buglet where we may end up with an async poly1305
when the user asks for a async algorithm. This shouldn't be a
problem yet as there aren't any async implementations of poly1305
out there.Signed-off-by: Herbert Xu
-
This patch converts gcm to use the new skcipher interface as opposed
to ablkcipher.Signed-off-by: Herbert Xu
-
This patch converts ccm to use the new skcipher interface as opposed
to ablkcipher.Signed-off-by: Herbert Xu
-
This patch converts rfc3686 to use the new skcipher interface as
opposed to ablkcipher.Signed-off-by: Herbert Xu
-
This patch converts authencesn to use the new skcipher interface as
opposed to ablkcipher.It also fixes a little bug where if a sync version of authencesn
is requested we may still end up using an async ahash. This should
have no effect as none of the authencesn users can request for a
sync authencesn.Signed-off-by: Herbert Xu
-
This patch converts authenc to use the new skcipher interface as
opposed to ablkcipher.It also fixes a little bug where if a sync version of authenc
is requested we may still end up using an async ahash. This should
have no effect as none of the authenc users can request for a
sync authenc.Signed-off-by: Herbert Xu
-
This patch adds a chunk size parameter to aead algorithms, just
like the chunk size for skcipher algorithms.However, unlike skcipher we do not currently export this to AEAD
users. It is only meant to be used by AEAD implementors for now.Signed-off-by: Herbert Xu
-
Current the default null skcipher is actually a crypto_blkcipher.
This patch creates a synchronous crypto_skcipher version of the
null cipher which unfortunately has to settle for the name skcipher2.Signed-off-by: Herbert Xu
-
This patch allows skcipher algorithms and instances to be created
and registered with the crypto API. They are accessible through
the top-level skcipher interface, along with ablkcipher/blkcipher
algorithms and instances.This patch also introduces a new parameter called chunk size
which is meant for ciphers such as CTR and CTS which ostensibly
can handle arbitrary lengths, but still behave like block ciphers
in that you can only process a partial block at the very end.For these ciphers the block size will continue to be set to 1
as it is now while the chunk size will be set to the underlying
block size.Signed-off-by: Herbert Xu
-
Arbitrary X.509 certificates without authority key identifiers (AKIs)
can be added to "trusted" keyrings, including IMA or EVM certs loaded
from the filesystem. Signature verification is currently bypassed for
certs without AKIs.Trusted keys were recently refactored, and this bug is not present in
4.6.restrict_link_by_signature should return -ENOKEY (no matching parent
certificate found) if the certificate being evaluated has no AKIs,
instead of bypassing signature checks and returning 0 (new certificate
accepted).Reported-by: Petko Manolov
Signed-off-by: Mat Martineau
Signed-off-by: David Howells
Signed-off-by: James Morris
