23 Jan, 2016
1 commit
-
Pull crypto fixes from Herbert Xu:
"This fixes the following issues:API:
- A large number of bug fixes for the af_alg interface, credit goes
to Dmitry Vyukov for discovering and reporting these issues.Algorithms:
- sw842 needs to select crc32.
- The soft dependency on crc32c is now in the correct spot.Drivers:
- The atmel AES driver needs HAS_DMA.
- The atmel AES driver was a missing break statement, fortunately
it's only a debug function.
- A number of bug fixes for the Intel qat driver"* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (24 commits)
crypto: algif_skcipher - sendmsg SG marking is off by one
crypto: crc32c - Fix crc32c soft dependency
crypto: algif_skcipher - Load TX SG list after waiting
crypto: atmel-aes - Add missing break to atmel_aes_reg_name
crypto: algif_skcipher - Fix race condition in skcipher_check_key
crypto: algif_hash - Fix race condition in hash_check_key
crypto: CRYPTO_DEV_ATMEL_AES should depend on HAS_DMA
lib: sw842: select crc32
crypto: af_alg - Forbid bind(2) when nokey child sockets are present
crypto: algif_skcipher - Remove custom release parent function
crypto: algif_hash - Remove custom release parent function
crypto: af_alg - Allow af_af_alg_release_parent to be called on nokey path
crypto: qat - update init_esram for C3xxx dev type
crypto: qat - fix timeout issues
crypto: qat - remove to call get_sram_bar_id for qat_c3xxx
crypto: algif_skcipher - Add key check exception for cipher_null
crypto: skcipher - Add crypto_skcipher_has_setkey
crypto: algif_hash - Require setkey before accept(2)
crypto: hash - Add crypto_ahash_has_setkey
crypto: algif_skcipher - Add nokey compatibility path
...
20 Jan, 2016
1 commit
-
We mark the end of the SG list in sendmsg and sendpage and unmark
it on the next send call. Unfortunately the unmarking in sendmsg
is off-by-one, leading to an SG list that is too short.Fixes: 0f477b655a52 ("crypto: algif - Mark sgl end at the end of data")
Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu
19 Jan, 2016
2 commits
-
I don't think it makes sense for a module to have a soft dependency
on itself. This seems quite cyclic by nature and I can't see what
purpose it could serve.OTOH libcrc32c calls crypto_alloc_shash("crc32c", 0, 0) so it pretty
much assumes that some incarnation of the "crc32c" hash algorithm has
been loaded. Therefore it makes sense to have the soft dependency
there (as crc-t10dif does.)Cc: stable@vger.kernel.org
Cc: Tim Chen
Cc: "David S. Miller"
Signed-off-by: Jean Delvare
Signed-off-by: Herbert Xu -
We need to load the TX SG list in sendmsg(2) after waiting for
incoming data, not before.Cc: stable@vger.kernel.org
Reported-by: Dmitry Vyukov
Signed-off-by: Herbert Xu
Tested-by: Dmitry Vyukov
18 Jan, 2016
16 commits
-
We need to lock the child socket in skcipher_check_key as otherwise
two simultaneous calls can cause the parent socket to be freed.Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu -
We need to lock the child socket in hash_check_key as otherwise
two simultaneous calls can cause the parent socket to be freed.Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu -
This patch forbids the calling of bind(2) when there are child
sockets created by accept(2) in existence, even if they are created
on the nokey path.This is needed as those child sockets have references to the tfm
object which bind(2) will destroy.Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu -
This patch removes the custom release parent function as the
generic af_alg_release_parent now works for nokey sockets too.Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu -
This patch removes the custom release parent function as the
generic af_alg_release_parent now works for nokey sockets too.Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu -
This patch allows af_alg_release_parent to be called even for
nokey sockets.Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu -
This patch adds an exception to the key check so that cipher_null
users may continue to use algif_skcipher without setting a key.Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu -
This patch adds a way for skcipher users to determine whether a key
is required by a transform.Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu -
Hash implementations that require a key may crash if you use
them without setting a key. This patch adds the necessary checks
so that if you do attempt to use them without a key that we return
-ENOKEY instead of proceeding.This patch also adds a compatibility path to support old applications
that do acept(2) before setkey.Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu -
This patch adds a way for ahash users to determine whether a key
is required by a crypto_ahash transform.Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu -
This patch adds a compatibility path to support old applications
that do acept(2) before setkey.Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu -
This patch adds a compatibility path to support old applications
that do acept(2) before setkey.Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu -
When we fail an accept(2) call we will end up freeing the socket
twice, once due to the direct sk_free call and once again through
newsock.This patch fixes this by removing the sk_free call.
Cc: stable@vger.kernel.org
Reported-by: Dmitry Vyukov
Signed-off-by: Herbert Xu -
Each af_alg parent socket obtained by socket(2) corresponds to a
tfm object once bind(2) has succeeded. An accept(2) call on that
parent socket creates a context which then uses the tfm object.Therefore as long as any child sockets created by accept(2) exist
the parent socket must not be modified or freed.This patch guarantees this by using locks and a reference count
on the parent socket. Any attempt to modify the parent socket will
fail with EBUSY.Cc: stable@vger.kernel.org
Reported-by: Dmitry Vyukov
Signed-off-by: Herbert Xu -
Some cipher implementations will crash if you try to use them
without calling setkey first. This patch adds a check so that
the accept(2) call will fail with -ENOKEY if setkey hasn't been
done on the socket yet.Cc: stable@vger.kernel.org
Reported-by: Dmitry Vyukov
Signed-off-by: Herbert Xu
Tested-by: Dmitry Vyukov -
Pull security subsystem updates from James Morris:
- EVM gains support for loading an x509 cert from the kernel
(EVM_LOAD_X509), into the EVM trusted kernel keyring.- Smack implements 'file receive' process-based permission checking for
sockets, rather than just depending on inode checks.- Misc enhancments for TPM & TPM2.
- Cleanups and bugfixes for SELinux, Keys, and IMA.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (41 commits)
selinux: Inode label revalidation performance fix
KEYS: refcount bug fix
ima: ima_write_policy() limit locking
IMA: policy can be updated zero times
selinux: rate-limit netlink message warnings in selinux_nlmsg_perm()
selinux: export validatetrans decisions
gfs2: Invalid security labels of inodes when they go invalid
selinux: Revalidate invalid inode security labels
security: Add hook to invalidate inode security labels
selinux: Add accessor functions for inode->i_security
security: Make inode argument of inode_getsecid non-const
security: Make inode argument of inode_getsecurity non-const
selinux: Remove unused variable in selinux_inode_init_security
keys, trusted: seal with a TPM2 authorization policy
keys, trusted: select hash algorithm for TPM2 chips
keys, trusted: fix: *do not* allow duplicate key options
tpm_ibmvtpm: properly handle interrupted packet receptions
tpm_tis: Tighten IRQ auto-probing
tpm_tis: Refactor the interrupt setup
tpm_tis: Get rid of the duplicate IRQ probing code
...
13 Jan, 2016
2 commits
-
Pull networking updates from Davic Miller:
1) Support busy polling generically, for all NAPI drivers. From Eric
Dumazet.2) Add byte/packet counter support to nft_ct, from Floriani Westphal.
3) Add RSS/XPS support to mvneta driver, from Gregory Clement.
4) Implement IPV6_HDRINCL socket option for raw sockets, from Hannes
Frederic Sowa.5) Add support for T6 adapter to cxgb4 driver, from Hariprasad Shenai.
6) Add support for VLAN device bridging to mlxsw switch driver, from
Ido Schimmel.7) Add driver for Netronome NFP4000/NFP6000, from Jakub Kicinski.
8) Provide hwmon interface to mlxsw switch driver, from Jiri Pirko.
9) Reorganize wireless drivers into per-vendor directories just like we
do for ethernet drivers. From Kalle Valo.10) Provide a way for administrators "destroy" connected sockets via the
SOCK_DESTROY socket netlink diag operation. From Lorenzo Colitti.11) Add support to add/remove multicast routes via netlink, from Nikolay
Aleksandrov.12) Make TCP keepalive settings per-namespace, from Nikolay Borisov.
13) Add forwarding and packet duplication facilities to nf_tables, from
Pablo Neira Ayuso.14) Dead route support in MPLS, from Roopa Prabhu.
15) TSO support for thunderx chips, from Sunil Goutham.
16) Add driver for IBM's System i/p VNIC protocol, from Thomas Falcon.
17) Rationalize, consolidate, and more completely document the checksum
offloading facilities in the networking stack. From Tom Herbert.18) Support aborting an ongoing scan in mac80211/cfg80211, from
Vidyullatha Kanchanapally.19) Use per-bucket spinlock for bpf hash facility, from Tom Leiming.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1375 commits)
net: bnxt: always return values from _bnxt_get_max_rings
net: bpf: reject invalid shifts
phonet: properly unshare skbs in phonet_rcv()
dwc_eth_qos: Fix dma address for multi-fragment skbs
phy: remove an unneeded condition
mdio: remove an unneed condition
mdio_bus: NULL dereference on allocation error
net: Fix typo in netdev_intersect_features
net: freescale: mac-fec: Fix build error from phy_device API change
net: freescale: ucc_geth: Fix build error from phy_device API change
bonding: Prevent IPv6 link local address on enslaved devices
IB/mlx5: Add flow steering support
net/mlx5_core: Export flow steering API
net/mlx5_core: Make ipv4/ipv6 location more clear
net/mlx5_core: Enable flow steering support for the IB driver
net/mlx5_core: Initialize namespaces only when supported by device
net/mlx5_core: Set priority attributes
net/mlx5_core: Connect flow tables
net/mlx5_core: Introduce modify flow table command
net/mlx5_core: Managing root flow table
... -
Pull crypto update from Herbert Xu:
"Algorithms:
- Add RSA padding algorithmDrivers:
- Add GCM mode support to atmel
- Add atmel support for SAMA5D2 devices
- Add cipher modes to talitos
- Add rockchip driver for rk3288
- Add qat support for C3XXX and C62X"* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (103 commits)
crypto: hifn_795x, picoxcell - use ablkcipher_request_cast
crypto: qat - fix SKU definiftion for c3xxx dev
crypto: qat - Fix random config build issue
crypto: ccp - use to_pci_dev and to_platform_device
crypto: qat - Rename dh895xcc mmp firmware
crypto: 842 - remove WARN inside printk
crypto: atmel-aes - add debug facilities to monitor register accesses.
crypto: atmel-aes - add support to GCM mode
crypto: atmel-aes - change the DMA threshold
crypto: atmel-aes - fix the counter overflow in CTR mode
crypto: atmel-aes - fix atmel-ctr-aes driver for RFC 3686
crypto: atmel-aes - create sections to regroup functions by usage
crypto: atmel-aes - fix typo and indentation
crypto: atmel-aes - use SIZE_IN_WORDS() helper macro
crypto: atmel-aes - improve performances of data transfer
crypto: atmel-aes - fix atmel_aes_remove()
crypto: atmel-aes - remove useless AES_FLAGS_DMA flag
crypto: atmel-aes - reduce latency of DMA completion
crypto: atmel-aes - remove unused 'err' member of struct atmel_aes_dev
crypto: atmel-aes - rework crypto request completion
...
07 Jan, 2016
1 commit
-
These async_XX functions are called from md/raid5 in an atomic
section, between get_cpu() and put_cpu(), so they must not sleep.
So use GFP_NOWAIT rather than GFP_IO.Dan Williams writes: Longer term async_tx needs to be merged into md
directly as we can allocate this unmap data statically per-stripe
rather than per request.Fixed: 7476bd79fc01 ("async_pq: convert to dmaengine_unmap_data")
Cc: stable@vger.kernel.org (v3.13+)
Reported-and-tested-by: Stanislav Samsonov
Acked-by: Dan Williams
Signed-off-by: NeilBrown
Signed-off-by: Vinod Koul
01 Jan, 2016
1 commit
29 Dec, 2015
1 commit
-
Pull crypto fix from Herbert Xu:
"This fixes a bug in the algif_skcipher interface that can trigger a
kernel WARN_ON from user-space. It does so by using the new skcipher
interface which unlike the previous ablkcipher does not need to create
extra geniv objects which is what was used to trigger the WARN_ON"* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: algif_skcipher - Use new skcipher interface
26 Dec, 2015
1 commit
22 Dec, 2015
3 commits
-
Some crypto drivers cannot process empty data message and return a
precalculated hash for md5/sha1/sha224/sha256.This patch add thoses precalculated hash in include/crypto.
Signed-off-by: LABBE Corentin
Signed-off-by: Herbert Xu -
Avoid the s390 compile "warning: 'pkcs1pad_encrypt_sign_complete'
uses dynamic stack allocation" reported by kbuild test robot. Don't
use a flat zero-filled buffer, instead zero the contents of the SGL.Signed-off-by: Andrew Zaborowski
Signed-off-by: Herbert Xu -
This patch replaces uses of ablkcipher with the new skcipher
interface.Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu
Tested-by:
20 Dec, 2015
1 commit
-
Added 'hash=' option for selecting the hash algorithm for add_key()
syscall and documentation for it.Added entry for sm3-256 to the following tables in order to support
TPM_ALG_SM3_256:* hash_algo_name
* hash_digest_sizeIncludes support for the following hash algorithms:
* sha1
* sha256
* sha384
* sha512
* sm3-256Signed-off-by: Jarkko Sakkinen
Tested-by: Colin Ian King
Reviewed-by: James Morris
Reviewed-by: Mimi Zohar
Acked-by: Peter Huewe
18 Dec, 2015
1 commit
-
Conflicts:
drivers/net/geneve.cHere we had an overlapping change, where in 'net' the extraneous stats
bump was being removed whilst in 'net-next' the final argument to
udp_tunnel6_xmit_skb() was being changed.Signed-off-by: David S. Miller
16 Dec, 2015
1 commit
-
Pull crypto fix from Herbert Xu:
"This fixes a boundary condition in the blkcipher SG walking code that
can lead to a crash when used with the new chacha20 algorithm"* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: skcipher - Copy iv from desc even for 0-len walks
15 Dec, 2015
1 commit
-
This option creates IMA MOK and blacklist keyrings. IMA MOK is an
intermediate keyring that sits between .system and .ima keyrings,
effectively forming a simple CA hierarchy. To successfully import a key
into .ima_mok it must be signed by a key which CA is in .system keyring.
On turn any key that needs to go in .ima keyring must be signed by CA in
either .system or .ima_mok keyrings. IMA MOK is empty at kernel boot.IMA blacklist keyring contains all revoked IMA keys. It is consulted
before any other keyring. If the search is successful the requested
operation is rejected and error is returned to the caller.Signed-off-by: Petko Manolov
Signed-off-by: Mimi Zohar
11 Dec, 2015
1 commit
-
This file does not contain any modular related function calls. So get
rid of module.h since it drags in a lot of other headers and adds to
the preprocessing load. It does export some symbols though, so we'll
need to ensure it has export.h present instead.Cc: Herbert Xu
Cc: "David S. Miller"
Cc: linux-crypto@vger.kernel.org
Signed-off-by: Paul Gortmaker
Signed-off-by: Herbert Xu
10 Dec, 2015
1 commit
-
The drbg_state_ops structures are never modified, so declare them as const.
Done with the help of Coccinelle.
Signed-off-by: Julia Lawall
Signed-off-by: Herbert Xu
09 Dec, 2015
4 commits
-
Some ciphers actually support encrypting zero length plaintexts. For
example, many AEAD modes support this. The resulting ciphertext for
those winds up being only the authentication tag, which is a result of
the key, the iv, the additional data, and the fact that the plaintext
had zero length. The blkcipher constructors won't copy the IV to the
right place, however, when using a zero length input, resulting in
some significant problems when ciphers call their initialization
routines, only to find that the ->iv parameter is uninitialized. One
such example of this would be using chacha20poly1305 with a zero length
input, which then calls chacha20, which calls the key setup routine,
which eventually OOPSes due to the uninitialized ->iv member.Signed-off-by: Jason A. Donenfeld
Cc:
Signed-off-by: Herbert Xu -
If the length of the plaintext is zero, there's no need to waste cycles
on encryption and decryption. Using the chacha20poly1305 construction
for zero-length plaintexts is a common way of using a shared encryption
key for AAD authentication.Signed-off-by: Jason A. Donenfeld
Signed-off-by: Herbert Xu -
This patch adds PKCS#1 v1.5 standard RSA padding as a separate template.
This way an RSA cipher with padding can be obtained by instantiating
"pkcs1pad(rsa)". The reason for adding this is that RSA is almost
never used without this padding (or OAEP) so it will be needed for
either certificate work in the kernel or the userspace, and I also hear
that it is likely implemented by hardware RSA in which case hardware
implementations of the whole of pkcs1pad(rsa) can be provided.Signed-off-by: Andrew Zaborowski
Signed-off-by: Herbert Xu -
Add a struct akcipher_instance and struct akcipher_spawn similar to
how AEAD declares them and the macros for converting to/from
crypto_instance/crypto_spawn. Also add register functions to
avoid exposing crypto_akcipher_type.Signed-off-by: Andrew Zaborowski
Signed-off-by: Herbert Xu
04 Dec, 2015
1 commit
-
cryptd_create_hash() fails by returning -EINVAL. It is because after
8996eafdc ("crypto: ahash - ensure statesize is non-zero") all ahash
drivers must have a non-zero statesize.This patch fixes the problem by properly assigning the statesize.
Signed-off-by: Rui Wang
Signed-off-by: Herbert Xu
