11 Dec, 2019

1 commit

  • The crypto glue performed function prototype casting via macros to make
    indirect calls to assembly routines. Instead of performing casts at the
    call sites (which trips Control Flow Integrity prototype checking), switch
    each prototype to a common standard set of arguments which allows the
    removal of the existing macros. In order to keep pointer math unchanged,
    internal casting between u128 pointers and u8 pointers is added.

    Co-developed-by: João Moreira
    Signed-off-by: João Moreira
    Signed-off-by: Kees Cook
    Reviewed-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Kees Cook
     

09 Jul, 2019

1 commit

  • Pull crypto updates from Herbert Xu:
    "Here is the crypto update for 5.3:

    API:
    - Test shash interface directly in testmgr
    - cra_driver_name is now mandatory

    Algorithms:
    - Replace arc4 crypto_cipher with library helper
    - Implement 5 way interleave for ECB, CBC and CTR on arm64
    - Add xxhash
    - Add continuous self-test on noise source to drbg
    - Update jitter RNG

    Drivers:
    - Add support for SHA204A random number generator
    - Add support for 7211 in iproc-rng200
    - Fix fuzz test failures in inside-secure
    - Fix fuzz test failures in talitos
    - Fix fuzz test failures in qat"

    * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (143 commits)
    crypto: stm32/hash - remove interruptible condition for dma
    crypto: stm32/hash - Fix hmac issue more than 256 bytes
    crypto: stm32/crc32 - rename driver file
    crypto: amcc - remove memset after dma_alloc_coherent
    crypto: ccp - Switch to SPDX license identifiers
    crypto: ccp - Validate the the error value used to index error messages
    crypto: doc - Fix formatting of new crypto engine content
    crypto: doc - Add parameter documentation
    crypto: arm64/aes-ce - implement 5 way interleave for ECB, CBC and CTR
    crypto: arm64/aes-ce - add 5 way interleave routines
    crypto: talitos - drop icv_ool
    crypto: talitos - fix hash on SEC1.
    crypto: talitos - move struct talitos_edesc into talitos.h
    lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE
    crypto/NX: Set receive window credits to max number of CRBs in RxFIFO
    crypto: asymmetric_keys - select CRYPTO_HASH where needed
    crypto: serpent - mark __serpent_setkey_sbox noinline
    crypto: testmgr - dynamically allocate crypto_shash
    crypto: testmgr - dynamically allocate testvec_config
    crypto: talitos - eliminate unneeded 'done' functions at build time
    ...

    Linus Torvalds
     

27 Jun, 2019

1 commit

  • The same bug that gcc hit in the past is apparently now showing
    up with clang, which decides to inline __serpent_setkey_sbox:

    crypto/serpent_generic.c:268:5: error: stack frame size of 2112 bytes in function '__serpent_setkey' [-Werror,-Wframe-larger-than=]

    Marking it 'noinline' reduces the stack usage from 2112 bytes to
    192 and 96 bytes, respectively, and seems to generate more
    useful object code.

    Fixes: c871c10e4ea7 ("crypto: serpent - improve __serpent_setkey with UBSAN")
    Signed-off-by: Arnd Bergmann
    Reviewed-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Arnd Bergmann
     

13 Jun, 2019

1 commit

  • Most generic crypto algorithms declare a driver name ending in
    "-generic". The rest don't declare a driver name and instead rely on
    the crypto API automagically appending "-generic" upon registration.

    Having multiple conventions is unnecessarily confusing and makes it
    harder to grep for all generic algorithms in the kernel source tree.
    But also, allowing NULL driver names is problematic because sometimes
    people fail to set it, e.g. the case fixed by commit 417980364300
    ("crypto: cavium/zip - fix collision with generic cra_driver_name").

    Of course, people can also incorrectly name their drivers "-generic".
    But that's much easier to notice / grep for.

    Therefore, let's make cra_driver_name mandatory. In preparation for
    this, this patch makes all generic algorithms set cra_driver_name.

    Signed-off-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Eric Biggers
     

31 May, 2019

1 commit

  • Based on 1 normalized pattern(s):

    this program is free software you can redistribute it and or modify
    it under the terms of the gnu general public license as published by
    the free software foundation either version 2 of the license or at
    your option any later version

    extracted by the scancode license scanner the SPDX license identifier

    GPL-2.0-or-later

    has been chosen to replace the boilerplate/reference in 3029 file(s).

    Signed-off-by: Thomas Gleixner
    Reviewed-by: Allison Randal
    Cc: linux-spdx@vger.kernel.org
    Link: https://lkml.kernel.org/r/20190527070032.746973796@linutronix.de
    Signed-off-by: Greg Kroah-Hartman

    Thomas Gleixner
     

18 Apr, 2019

1 commit

  • Use subsys_initcall for registration of all templates and generic
    algorithm implementations, rather than module_init. Then change
    cryptomgr to use arch_initcall, to place it before the subsys_initcalls.

    This is needed so that when both a generic and optimized implementation
    of an algorithm are built into the kernel (not loadable modules), the
    generic implementation is registered before the optimized one.
    Otherwise, the self-tests for the optimized implementation are unable to
    allocate the generic implementation for the new comparison fuzz tests.

    Note that on arm, a side effect of this change is that self-tests for
    generic implementations may run before the unaligned access handler has
    been installed. So, unaligned accesses will crash the kernel. This is
    arguably a good thing as it makes it easier to detect that type of bug.

    Signed-off-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Eric Biggers
     

09 Aug, 2017

1 commit

  • When UBSAN is enabled, we get a very large stack frame for
    __serpent_setkey, when the register allocator ends up using more registers
    than it has, and has to spill temporary values to the stack. The code
    was originally optimized for in-order x86-32 CPU implementations using
    older compilers, but it now runs into a highly suboptimal case on all
    CPU architectures, as seen by this warning:

    crypto/serpent_generic.c: In function '__serpent_setkey':
    crypto/serpent_generic.c:436:1: error: the frame size of 2720 bytes is larger than 2048 bytes [-Werror=frame-larger-than=]

    Disabling -fsanitize=alignment would avoid that warning, presumably the
    option turns off a optimization step that is required for getting the
    register allocation right, but there is no easy way to do that on gcc-7
    (gcc-8 introduces a function attribute for this).

    I tried to figure out a way to modify the source code instead, and noticed
    that the two stages of the setkey() function (keyiter and sbox) each are
    fine by themselves, but not when combined into one function. Splitting
    out the entire sbox into a separate function also happens to work fine
    with all compilers I tried (arm, arm64 and x86).

    The setkey function uses a strange way to handle offsets into the key
    array, using both negative and positive index values, as well as adjusting
    the array pointer back and forth. I have checked that this actually
    makes no difference to modern compilers, but I left that untouched
    to make the patch easier to review and to keep the code closer to
    the reference implementation.

    Link: https://patchwork.kernel.org/patch/9189575/
    Signed-off-by: Arnd Bergmann
    Signed-off-by: Herbert Xu

    Arnd Bergmann
     

13 Jan, 2015

1 commit

  • Commit 5d26a105b5a7 ("crypto: prefix module autoloading with "crypto-"")
    changed the automatic module loading when requesting crypto algorithms
    to prefix all module requests with "crypto-". This requires all crypto
    modules to have a crypto specific module alias even if their file name
    would otherwise match the requested crypto algorithm.

    Even though commit 5d26a105b5a7 added those aliases for a vast amount of
    modules, it was missing a few. Add the required MODULE_ALIAS_CRYPTO
    annotations to those files to make them get loaded automatically, again.
    This fixes, e.g., requesting 'ecb(blowfish-generic)', which used to work
    with kernels v3.18 and below.

    Also change MODULE_ALIAS() lines to MODULE_ALIAS_CRYPTO(). The former
    won't work for crypto modules any more.

    Fixes: 5d26a105b5a7 ("crypto: prefix module autoloading with "crypto-"")
    Cc: Kees Cook
    Signed-off-by: Mathias Krause
    Signed-off-by: Herbert Xu

    Mathias Krause
     

24 Nov, 2014

1 commit


01 Aug, 2012

1 commit


30 Nov, 2011

1 commit