- 17 Nov, 2019 1 commit
-
-
Ard Biesheuvel authored
Now that all users of the deprecated ablkcipher interface have been moved to the skcipher interface, ablkcipher is no longer used and can be removed. Reviewed-by:
Eric Biggers <ebiggers@kernel.org> Signed-off-by:
Ard Biesheuvel <ardb@kernel.org> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 13 Jun, 2019 1 commit
-
-
Eric Biggers authored
Now that all algorithms explicitly set cra_driver_name, make it required for algorithm registration and remove the code that generated a default cra_driver_name. Also add an explicit check that cra_name is set too, since that's obviously required too, yet it didn't seem to be checked anywhere. Signed-off-by:
Eric Biggers <ebiggers@google.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 30 May, 2019 2 commits
-
-
Thomas Gleixner authored
Based on 1 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation either version 2 of the license or at your option any later version extracted by the scancode license scanner the SPDX license identifier GPL-2.0-or-later has been chosen to replace the boilerplate/reference in 3029 file(s). Signed-off-by:
Thomas Gleixner <tglx@linutronix.de> Reviewed-by:
Allison Randal <allison@lohutok.net> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190527070032.746973796@linutronix.de Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Eric Biggers authored
Remove the crypto_tfm_in_queue() function, which is unused. Signed-off-by:
Eric Biggers <ebiggers@google.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 25 Jan, 2019 1 commit
-
-
Xiongfeng Wang authored
This patch add a helper to (un)register a array of templates. The following patches will use this helper to simplify the code. Signed-off-by:
Xiongfeng Wang <xiongfeng.wang@linaro.org> Reviewed-by:
Eric Biggers <ebiggers@google.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 11 Jan, 2019 2 commits
-
-
Eric Biggers authored
It took me a while to notice the bug where the adiantum template left crypto_spawn::inst == NULL, because this only caused problems in certain cases where algorithms are dynamically loaded/unloaded. More improvements are needed, but for now make crypto_init_spawn() reject this case and WARN(), so this type of bug will be noticed immediately in the future. Note: I checked all callers and the adiantum template was the only place that had this wrong. So this WARN shouldn't trigger anymore. Signed-off-by:
Eric Biggers <ebiggers@google.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
Eric Biggers authored
Now that all "blkcipher" templates have been converted to "skcipher", crypto_alloc_instance() is no longer used. And it's not useful any longer as it creates an old-style weakly typed instance rather than a new-style strongly typed instance. So remove it, and now that the name is freed up rename crypto_alloc_instance2() to crypto_alloc_instance(). Signed-off-by:
Eric Biggers <ebiggers@google.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 07 Dec, 2018 6 commits
-
-
Corentin Labbe authored
This patch add the crypto_stats_init() function. This will permit to remove some ifdef from __crypto_register_alg(). Signed-off-by:
Corentin Labbe <clabbe@baylibre.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
Corentin Labbe authored
Since now all crypto stats are on their own structures, it is now useless to have the algorithm name in the err_cnt member. Signed-off-by:
Corentin Labbe <clabbe@baylibre.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
Corentin Labbe authored
Like for userspace, this patch splits stats into multiple structures, one for each algorithm class. Signed-off-by:
Corentin Labbe <clabbe@baylibre.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
Corentin Labbe authored
All crypto_stats functions use the struct xxx_request for feeding stats, but in some case this structure could already be freed. For fixing this, the needed parameters (len and alg) will be stored before the request being executed. Fixes: cac5818c ("crypto: user - Implement a generic crypto statistics") Reported-by:
syzbot <syzbot+6939a606a5305e9e9799@syzkaller.appspotmail.com> Signed-off-by:
Corentin Labbe <clabbe@baylibre.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
Corentin Labbe authored
All the 32-bit fields need to be 64-bit. In some cases, UINT32_MAX crypto operations can be done in seconds. Reported-by:
Eric Biggers <ebiggers@kernel.org> Signed-off-by:
Corentin Labbe <clabbe@baylibre.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
Corentin Labbe authored
Even if CRYPTO_STATS is set to n, some part of CRYPTO_STATS are compiled. This patch made all part of crypto_user_stat uncompiled in that case. Signed-off-by:
Corentin Labbe <clabbe@baylibre.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 28 Sep, 2018 1 commit
-
-
Corentin Labbe authored
This patch implement a generic way to get statistics about all crypto usages. Signed-off-by:
Corentin Labbe <clabbe@baylibre.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 04 Sep, 2018 2 commits
-
-
Martin K. Petersen authored
Introduce a facility that can be used to receive a notification callback when a new algorithm becomes available. This can be used by existing crypto registrations to trigger a switch from a software-only algorithm to a hardware-accelerated version. A new CRYPTO_MSG_ALG_LOADED state is introduced to the existing crypto notification chain, and the register/unregister functions are exported so they can be called by subsystems outside of crypto. Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com> Suggested-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
Kees Cook authored
In the quest to remove all stack VLA usage from the kernel[1], this exposes a new general upper bound on crypto blocksize and alignmask (higher than for the existing cipher limits) for VLA removal, and introduces new checks. At present, the highest cra_alignmask in the kernel is 63. The highest cra_blocksize is 144 (SHA3_224_BLOCK_SIZE, 18 8-byte words). For the new blocksize limit, I went with 160 (20 8-byte words). [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by:
Kees Cook <keescook@chromium.org> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 20 Apr, 2018 1 commit
-
-
Salvatore Mesoraca authored
In preparation for the removal of VLAs[1] from crypto code. We create 2 new compile-time constants: all ciphers implemented in Linux have a block size less than or equal to 16 bytes and the most demanding hw require 16 bytes alignment for the block buffer. We also enforce these limits in crypto_check_alg when a new cipher is registered. [1] http://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by:
Salvatore Mesoraca <s.mesoraca16@gmail.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 30 Mar, 2018 1 commit
-
-
Herbert Xu authored
This patch reverts commit 9c521a20 ("crypto: api - remove instance when test failed") and fixes the underlying problem in a different way. To recap, prior to the reverted commit, an instance that fails a self-test is kept around. However, it would satisfy any new lookups against its name and therefore the system may accumlulate an unbounded number of failed instances for the same algorithm name. The reverted commit fixed it by unregistering the instance. Hoever, this still does not prevent the creation of the same failed instance over and over again each time the name is looked up. This patch fixes it by keeping the failed instance around, just as we would if it were a normal algorithm. However, the lookup code has been udpated so that we do not attempt to create another instance as long as this failed one is still registered. Of course, you could still force a new creation by deleting the instance from user-space. A new error (ELIBBAD) has been commandeered for this purpose and will be returned when all registered algorithm of a given name have failed the self-test. Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 05 Jan, 2018 3 commits
-
-
Eric Biggers authored
There is a message posted to the crypto notifier chain when an algorithm is unregistered, and when a template is registered or unregistered. But nothing is listening for those messages; currently there are only listeners for the algorithm request and registration messages. Get rid of these unused notifications for now. Signed-off-by:
Eric Biggers <ebiggers@google.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
Eric Biggers authored
Reference counters should use refcount_t rather than atomic_t, since the refcount_t implementation can prevent overflows, reducing the exploitability of reference leak bugs. crypto_alg.cra_refcount is a reference counter with the usual semantics, so switch it over to refcount_t. Signed-off-by:
Eric Biggers <ebiggers@google.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
Eric Biggers authored
syzkaller triggered a NULL pointer dereference in crypto_remove_spawns() via a program that repeatedly and concurrently requests AEADs "authenc(cmac(des3_ede-asm),pcbc-aes-aesni)" and hashes "cmac(des3_ede)" through AF_ALG, where the hashes are requested as "untested" (CRYPTO_ALG_TESTED is set in ->salg_mask but clear in ->salg_feat; this causes the template to be instantiated for every request). Although AF_ALG users really shouldn't be able to request an "untested" algorithm, the NULL pointer dereference is actually caused by a longstanding race condition where crypto_remove_spawns() can encounter an instance which has had spawn(s) "grabbed" but hasn't yet been registered, resulting in ->cra_users still being NULL. We probably should properly initialize ->cra_users earlier, but that would require updating many templates individually. For now just fix the bug in a simple way that can easily be backported: make crypto_remove_spawns() treat a NULL ->cra_users list as empty. Reported-by:
syzbot <syzkaller@googlegroups.com> Cc: stable@vger.kernel.org Signed-off-by:
Eric Biggers <ebiggers@google.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 03 Nov, 2017 1 commit
-
-
Gilad Ben-Yossef authored
The crypto API was using the -EBUSY return value to indicate both a hard failure to submit a crypto operation into a transformation provider when the latter was busy and the backlog mechanism was not enabled as well as a notification that the operation was queued into the backlog when the backlog mechanism was enabled. Having the same return code indicate two very different conditions depending on a flag is both error prone and requires extra runtime check like the following to discern between the cases: if (err == -EINPROGRESS || (err == -EBUSY && (ahash_request_flags(req) & CRYPTO_TFM_REQ_MAY_BACKLOG))) This patch changes the return code used to indicate a crypto op failed due to the transformation provider being transiently busy to -ENOSPC. Signed-off-by:
Gilad Ben-Yossef <gilad@benyossef.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 04 Aug, 2017 1 commit
-
-
Ard Biesheuvel authored
In preparation of introducing crypto_xor_cpy(), which will use separate operands for input and output, modify the __crypto_xor() implementation, which it will share with the existing crypto_xor(), which provides the actual functionality when not using the inline version. Signed-off-by:
Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 19 Jun, 2017 1 commit
-
-
Karim Eshapa authored
Use more common error logging style. Signed-off-by:
Karim Eshapa <karim.eshapa@gmail.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 09 Mar, 2017 1 commit
-
-
Ard Biesheuvel authored
To prevent unnecessary branching, mark the exit condition of the primary loop as likely(), given that a carry in a 32-bit counter occurs very rarely. On arm64, the resulting code is emitted by GCC as 9a8: cmp w1, #0x3 9ac: add x3, x0, w1, uxtw 9b0: b.ls 9e0 <crypto_inc+0x38> 9b4: ldr w2, [x3,#-4]! 9b8: rev w2, w2 9bc: add w2, w2, #0x1 9c0: rev w4, w2 9c4: str w4, [x3] 9c8: cbz w2, 9d0 <crypto_inc+0x28> 9cc: ret where the two remaining branch conditions (one for size < 4 and one for the carry) are statically predicted as non-taken, resulting in optimal execution in the vast majority of cases. Also, replace the open coded alignment test with IS_ALIGNED(). Cc: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by:
Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 11 Feb, 2017 1 commit
-
-
Ard Biesheuvel authored
Instead of unconditionally forcing 4 byte alignment for all generic chaining modes that rely on crypto_xor() or crypto_inc() (which may result in unnecessary copying of data when the underlying hardware can perform unaligned accesses efficiently), make those functions deal with unaligned input explicitly, but only if the Kconfig symbol HAVE_EFFICIENT_UNALIGNED_ACCESS is set. This will allow us to drop the alignmasks from the CBC, CMAC, CTR, CTS, PCBC and SEQIV drivers. For crypto_inc(), this simply involves making the 4-byte stride conditional on HAVE_EFFICIENT_UNALIGNED_ACCESS being set, given that it typically operates on 16 byte buffers. For crypto_xor(), an algorithm is implemented that simply runs through the input using the largest strides possible if unaligned accesses are allowed. If they are not, an optimal sequence of memory accesses is emitted that takes the relative alignment of the input buffers into account, e.g., if the relative misalignment of dst and src is 4 bytes, the entire xor operation will be completed using 4 byte loads and stores (modulo unaligned bits at the start and end). Note that all expressions involving misalign are simply eliminated by the compiler when HAVE_EFFICIENT_UNALIGNED_ACCESS is defined. Signed-off-by:
Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 23 Jan, 2017 1 commit
-
-
Salvatore Benedetto authored
Make sure CRYPTO_ALG_DEAD bit is cleared before proceeding with the algorithm registration. This fixes qat-dh registration when driver is restarted Cc: <stable@vger.kernel.org> Signed-off-by:
Salvatore Benedetto <salvatore.benedetto@intel.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 01 Jul, 2016 1 commit
-
-
Herbert Xu authored
This patch adds the helper crypto_inst_setname because the current helper crypto_alloc_instance2 is no longer useful given that we now look up the algorithm after we allocate the instance object. Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 25 Jan, 2016 1 commit
-
-
Herbert Xu authored
This patch adds the helper crypto_type_has_alg which is meant to replace crypto_has_alg for new-style crypto types. Rather than hard-coding type/mask information they're now retrieved from the crypto_type object. Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 23 Nov, 2015 1 commit
-
-
Geliang Tang authored
Simplify crypto_more_spawns() with list_first_entry_or_null() and list_next_entry(). Signed-off-by:
Geliang Tang <geliangtang@163.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 20 Oct, 2015 1 commit
-
-
Herbert Xu authored
Currently a number of Crypto API operations may fail when a signal occurs. This causes nasty problems as the caller of those operations are often not in a good position to restart the operation. In fact there is currently no need for those operations to be interrupted by user signals at all. All we need is for them to be killable. This patch replaces the relevant calls of signal_pending with fatal_signal_pending, and wait_for_completion_interruptible with wait_for_completion_killable, respectively. Cc: stable@vger.kernel.org Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 14 Jul, 2015 2 commits
-
-
Herbert Xu authored
Currently the task of freeing an instance is given to the crypto template. However, it has no type information on the instance so we have to resort to checking type information at runtime. This patch introduces a free function to crypto_type that will be used to free an instance. This can then be used to free an instance in a type-safe manner. Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
Herbert Xu authored
The function __crypto_dequeue_request is completely unused. Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 03 Jun, 2015 1 commit
-
-
Herbert Xu authored
This patch ensures that the tfm context always has enough extra memory to ensure that it is aligned according to cra_alignment. Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 13 May, 2015 1 commit
-
-
Herbert Xu authored
This patch adds a new primitive crypto_grab_spawn which is meant to replace crypto_init_spawn and crypto_init_spawn2. Under the new scheme the user no longer has to worry about reference counting the alg object before it is subsumed by the spawn. It is pretty much an exact copy of crypto_grab_aead. Prior to calling this function spawn->frontend and spawn->inst must have been set. Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 26 Apr, 2015 1 commit
-
-
Herbert Xu authored
The commit 59afdc7b ("crypto: api - Move module sig ifdef into accessor function") broke the build when modules are completely disabled because we directly dereference module->name. This patch fixes this by using the accessor function module_name. Reported-by:
Fengguang Wu <fengguang.wu@intel.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 23 Apr, 2015 2 commits
-
-
Herbert Xu authored
All users of fips_enabled should include linux/fips.h directly instead of getting it through internal.h. Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
Herbert Xu authored
Currently we're hiding mod->sig_ok under an ifdef in open code. This patch adds a module_sig_ok accessor function and removes that ifdef. Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au> Acked-by:
Rusty Russell <rusty@rustcorp.com.au>
-
- 21 Apr, 2015 1 commit
-
-
Herbert Xu authored
This patch adds a crypto_alg_extsize helper that can be used by algorithm types such as pcompress and shash. Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 16 Apr, 2015 1 commit
-
-
Herbert Xu authored
Commit 9c521a20 ("crypto: api - remove instance when test failed") tried to grab a module reference count before the module was even set. Worse, it then goes on to free the module reference count after it is set so you quickly end up with a negative module reference count which prevents people from using any instances belonging to that module. This patch moves the module initialisation before the reference count. Reported-by:
Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-