17 Feb, 2018

1 commit

• 8d906d183   crypto: hash - annotate algorithms taking optional key ... Browse Code »

  commit a208fa8f33031b9e0aba44c7d1b7e68eb0cbd29e upstream.

  We need to consistently enforce that keyed hashes cannot be used without
  setting the key. To do this we need a reliable way to determine whether
  a given hash algorithm is keyed or not. AF_ALG currently does this by
  checking for the presence of a ->setkey() method. However, this is
  actually slightly broken because the CRC-32 algorithms implement
  ->setkey() but can also be used without a key. (The CRC-32 "key" is not
  actually a cryptographic key but rather represents the initial state.
  If not overridden, then a default initial state is used.)

  Prepare to fix this by introducing a flag CRYPTO_ALG_OPTIONAL_KEY which
  indicates that the algorithm has a ->setkey() method, but it is not
  required to be called. Then set it on all the CRC-32 algorithms.

  The same also applies to the Adler-32 implementation in Lustre.

  Also, the cryptd and mcryptd templates have to pass through the flag
  from their underlying algorithm.

  Signed-off-by: Eric Biggers
  Signed-off-by: Herbert Xu
  Signed-off-by: Greg Kroah-Hartman

  Eric Biggers

  2018-02-17 03:23:00 +0800  

19 Jan, 2016

1 commit

• fd7f67271   crypto: crc32c - Fix crc32c soft dependency ... Browse Code »

  I don't think it makes sense for a module to have a soft dependency
  on itself. This seems quite cyclic by nature and I can't see what
  purpose it could serve.

  OTOH libcrc32c calls crypto_alloc_shash("crc32c", 0, 0) so it pretty
  much assumes that some incarnation of the "crc32c" hash algorithm has
  been loaded. Therefore it makes sense to have the soft dependency
  there (as crc-t10dif does.)

  Cc: stable@vger.kernel.org
  Cc: Tim Chen
  Cc: "David S. Miller"
  Signed-off-by: Jean Delvare
  Signed-off-by: Herbert Xu

  Jean Delvare

  2016-01-19 15:52:10 +0800  

13 Jan, 2015

1 commit

• 3e14dcf7c   crypto: add missing crypto module aliases ... Browse Code »

  Commit 5d26a105b5a7 ("crypto: prefix module autoloading with "crypto-"")
  changed the automatic module loading when requesting crypto algorithms
  to prefix all module requests with "crypto-". This requires all crypto
  modules to have a crypto specific module alias even if their file name
  would otherwise match the requested crypto algorithm.

  Even though commit 5d26a105b5a7 added those aliases for a vast amount of
  modules, it was missing a few. Add the required MODULE_ALIAS_CRYPTO
  annotations to those files to make them get loaded automatically, again.
  This fixes, e.g., requesting 'ecb(blowfish-generic)', which used to work
  with kernels v3.18 and below.

  Also change MODULE_ALIAS() lines to MODULE_ALIAS_CRYPTO(). The former
  won't work for crypto modules any more.

  Fixes: 5d26a105b5a7 ("crypto: prefix module autoloading with "crypto-"")
  Cc: Kees Cook
  Signed-off-by: Mathias Krause
  Signed-off-by: Herbert Xu

  Mathias Krause

  2015-01-13 19:29:11 +0800  

24 Nov, 2014

1 commit

• 5d26a105b   crypto: prefix module autoloading with "crypto-" ... Browse Code »

  This prefixes all crypto module loading with "crypto-" so we never run
  the risk of exposing module auto-loading to userspace via a crypto API,
  as demonstrated by Mathias Krause:

  https://lkml.org/lkml/2013/3/4/70

  Signed-off-by: Kees Cook
  Signed-off-by: Herbert Xu

  Kees Cook

  2014-11-24 22:43:57 +0800  

25 Feb, 2014

1 commit

• 06e5a1f29   CRC32C: Add soft module dependency to load other accelerated crc32c modules ... Browse Code »

  We added the soft module dependency of crc32c module alias
  to generic crc32c module so other hardware accelerated crc32c
  modules could get loaded and used before the generic version.
  We also renamed the crypto/crc32c.c containing the generic
  crc32c crypto computation to crypto/crc32c_generic.c according
  to convention.

  Signed-off-by: Tim Chen
  Signed-off-by: Herbert Xu

  Tim Chen

  2014-02-25 19:45:04 +0800