Eric Lee / smarc-fsl-linux-kernel

18 Jul, 2016

1 commit

0605c41cc crypto: cts - Convert to skcipher ... Browse Code »

This patch converts cts over to the skcipher interface. It also
optimises the implementation to use one CBC operation for all but
the last block, which is then processed separately.

Signed-off-by: Herbert Xu

Herbert Xu
2016-07-18 17:35:44 +0800

20 Jan, 2015

2 commits

988dc0174 crypto: cts - Weed out non-CBC algorithms ... Browse Code »

The cts algorithm as currently implemented assumes the underlying
is a CBC-mode algorithm. So this patch adds a check for that to
eliminate bogus combinations of cts with non-CBC modes.

Signed-off-by: Herbert Xu

Herbert Xu
2015-01-20 11:44:15 +0800
0c5c8e646 crypto: cts - Remove bogus use of seqiv ... Browse Code »

The seqiv generator is completely inappropriate for cts as it's
designed for IPsec algorithms. Since cts users do not actually
use the IV generator we can just fall back to the default.

Signed-off-by: Herbert Xu
Acked-by: Maciej ?enczykowski

Herbert Xu
2015-01-20 11:44:15 +0800

26 Nov, 2014

1 commit

4943ba16b crypto: include crypto- module prefix in template ... Browse Code »

This adds the module loading prefix "crypto-" to the template lookup
as well.

For example, attempting to load 'vfat(blowfish)' via AF_ALG now correctly
includes the "crypto-" prefix at every level, correctly rejecting "vfat":

net-pf-38
algif-hash
crypto-vfat(blowfish)
crypto-vfat(blowfish)-all
crypto-vfat

Reported-by: Mathias Krause
Signed-off-by: Kees Cook
Acked-by: Mathias Krause
Signed-off-by: Herbert Xu

Kees Cook
2014-11-26 20:06:30 +0800

17 Oct, 2014

1 commit

7185ad267 crypto: memzero_explicit - make sure to clear out sensitive data ... Browse Code »

Recently, in commit 13aa93c70e71 ("random: add and use memzero_explicit()
for clearing data"), we have found that GCC may optimize some memset()
cases away when it detects a stack variable is not being used anymore
and going out of scope. This can happen, for example, in cases when we
are clearing out sensitive information such as keying material or any
e.g. intermediate results from crypto computations, etc.

With the help of Coccinelle, we can figure out and fix such occurences
in the crypto subsytem as well. Julia Lawall provided the following
Coccinelle program:

@@
type T;
identifier x;
@@

T x;
... when exists
when any
-memset
+memzero_explicit
(&x,
-0,
...)
... when != x
when strict

@@
type T;
identifier x;
@@

T x[...];
... when exists
when any
-memset
+memzero_explicit
(x,
-0,
...)
... when != x
when strict

Therefore, make use of the drop-in replacement memzero_explicit() for
exactly such cases instead of using memset().

Signed-off-by: Daniel Borkmann
Cc: Julia Lawall
Cc: Herbert Xu
Cc: Theodore Ts'o
Cc: Hannes Frederic Sowa
Acked-by: Hannes Frederic Sowa
Acked-by: Herbert Xu
Signed-off-by: Theodore Ts'o

Daniel Borkmann
2014-10-17 23:44:07 +0800

04 Feb, 2013

1 commit

3e8afe35c crypto: use ERR_CAST ... Browse Code »

Replace PTR_ERR followed by ERR_PTR by ERR_CAST, to be more concise.

The semantic patch that makes this change is as follows:
(http://coccinelle.lip6.fr/)

//
@@
expression err,x;
@@
- err = PTR_ERR(x);
if (IS_ERR(x))
- return ERR_PTR(err);
+ return ERR_CAST(x);
//

Signed-off-by: Julia Lawall
Signed-off-by: Herbert Xu

Julia Lawall
2013-02-04 21:16:53 +0800

02 Jun, 2008

1 commit

c4913c7b7 [CRYPTO] cts: Init SG tables ... Browse Code »

Steps to reproduce:

modprobe tcrypt # with CONFIG_DEBUG_SG=y

testing cts(cbc(aes)) encryption
test 1 (128 bit key):
------------[ cut here ]------------
kernel BUG at include/linux/scatterlist.h:65!
invalid opcode: 0000 [1] PREEMPT SMP DEBUG_PAGEALLOC
CPU 0
Modules linked in: tea xts twofish twofish_common tcrypt(+) [maaaany]
Pid: 16151, comm: modprobe Not tainted 2.6.26-rc4-fat #7
RIP: 0010:[] [] :cts:cts_cbc_encrypt+0x151/0x355
RSP: 0018:ffff81016f497a88 EFLAGS: 00010286
RAX: ffffe20009535d58 RBX: ffff81016f497af0 RCX: 0000000087654321
RDX: ffff8100010d4f28 RSI: ffff81016f497ee8 RDI: ffff81016f497ac0
RBP: ffff81016f497c38 R08: 0000000000000000 R09: 0000000000000011
R10: ffffffff00000008 R11: ffff8100010d4f28 R12: ffff81016f497ac0
R13: ffff81016f497b30 R14: 0000000000000010 R15: 0000000000000010
FS: 00007fac6fa276f0(0000) GS:ffffffff8060e000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007f12ca7cc000 CR3: 000000016f441000 CR4: 00000000000026e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400
Process modprobe (pid: 16151, threadinfo ffff81016f496000, task ffff8101755b4ae0)
Stack: 0000000000000001 ffff81016f496000 ffffffff80719f78 0000000000000001
0000000000000001 ffffffff8020c87c ffff81016f99c918 20646c756f772049
65687420656b696c 0000000000000020 0000000000000000 0000000033341102
Call Trace:
[] ? restore_args+0x0/0x30
[] ? :aes_generic:crypto_aes_expand_key+0x311/0x369
[] ? check_object+0x15a/0x213
[] ? init_object+0x6e/0x76
[] ? __slab_free+0xfc/0x371
[] :cts:crypto_cts_encrypt+0xbb/0xca
[] ? :crypto_blkcipher:setkey+0xc7/0xec
[] :crypto_blkcipher:async_encrypt+0x38/0x3a
[] :tcrypt:test_cipher+0x261/0x7c6
[] :tcrypt:tcrypt_mod_init+0x9df/0x1b30
[] sys_init_module+0x9e/0x1b2
[] system_call_after_swapgs+0x8a/0x8f
Code: 45 c0 e8 aa 24 63 df 48 c1 e8 0c 48 b9 00 00 00 00 00 e2 ff ff 48 8b 55 88 48 6b c0 68 48 01 c8 b9 21 43 65 87 48 39 4d 80 74 04 0b eb fe f6 c2 01 74 04 0f 0b eb fe 83 e2 03 4c 89 ef 44 89
RIP [] :cts:cts_cbc_encrypt+0x151/0x355
RSP
---[ end trace e8bahiarjand37fd ]---

Signed-off-by: Alexey Dobriyan
Signed-off-by: Herbert Xu

Alexey Dobriyan
2008-06-02 13:46:51 +0800

21 Apr, 2008

1 commit

76cb95217 [CRYPTO] cts: Add CTS mode required for Kerberos AES support ... Browse Code »

Implement CTS wrapper for CBC mode required for support of AES
encryption support for Kerberos (rfc3962).

Signed-off-by: Kevin Coffman
Signed-off-by: Herbert Xu

Kevin Coffman
2008-04-21 10:19:23 +0800