- 03 Dec, 2014 4 commits
-
-
Steffen Trumtrar authored
Add support for the MDHA unit in the SAHARA core. The MDHA can generate hash digests for MD5 and SHA1 in version 3 and additionally SHA224 and SHA256 in version 4. Add the SHA1 and SHA256 algorithms to the driver. The implementation was tested with the in-kernel testmgr and a userspace testprogram using AF_ALG with+without upto 128 pthreads on each AES and SHA256 on i.MX53. Signed-off-by:
Steffen Trumtrar <s.trumtrar@pengutronix.de> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
Steffen Trumtrar authored
In preparation for SHA support, replace the tasklets with a kthread that manages one crypto_queue for the core. As the Sahara can only process one AES or SHA request at a time, we make sure that the queue serializes all requests from userspace. Instead of a watchdog timer we now use a completion mechanism in the queue manager thread. This makes the control flow more obvious and guarantees, that only one request is dequeued until the completion is completed. Signed-off-by:
-
Steffen Trumtrar authored
The Sahara on the i.MX53 is of version 4. Add support for probing the device. Signed-off-by:
-
Steffen Trumtrar authored
The driver uses a spinlock, but never initializes it. Fix this. Signed-off-by:
-
- 02 Dec, 2014 5 commits
-
-
Julia Lawall authored
Memset on a local variable may be removed when it is called just before the variable goes out of scope. Using memzero_explicit defeats this optimization. A simplified version of the semantic patch that makes this change is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ identifier x; type T; @@ { ... when any T x[...]; ... when any when exists - memset + memzero_explicit (x, -0, ...) ... when != x when strict } // </smpl> This change was suggested by Daniel Borkmann <dborkman@redhat.com> Signed-off-by:
Julia Lawall <Julia.Lawall@lip6.fr> Acked-by:
Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by:
-
Julia Lawall authored
Memset on a local variable may be removed when it is called just before the variable goes out of scope. Using memzero_explicit defeats this optimization. A simplified version of the semantic patch that makes this change is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ identifier x; type T; @@ { ... when any T x[...]; ... when any when exists - memset + memzero_explicit (x, -0, ...) ... when != x when strict } // </smpl> This change was suggested by Daniel Borkmann <dborkman@redhat.com> Signed-off-by:
Michael Ellerman <mpe@ellerman.id.au> Signed-off-by:
-
Julia Lawall authored
Memset on a local variable may be removed when it is called just before the variable goes out of scope. Using memzero_explicit defeats this optimization. A simplified version of the semantic patch that makes this change is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ identifier x; type T; @@ { ... when any T x[...]; ... when any when exists - memset + memzero_explicit (x, -0, ...) ... when != x when strict } // </smpl> This change was suggested by Daniel Borkmann <dborkman@redhat.com> Signed-off-by:
-
Julia Lawall authored
Memset on a local variable may be removed when it is called just before the variable goes out of scope. Using memzero_explicit defeats this optimization. A simplified version of the semantic patch that makes this change is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ identifier x; type T; @@ { ... when any T x[...]; ... when any when exists - memset + memzero_explicit (x, -0, ...) ... when != x when strict } // </smpl> This change was suggested by Daniel Borkmann <dborkman@redhat.com> Signed-off-by:
-
Stephan Mueller authored
When using the algif_skcipher, the following call sequence causess a re-initialization: 1. sendmsg with ALG_SET_OP and iov == NULL, iovlen == 0 (i.e initializing the cipher, but not sending data) 2. sendmsg with msg->msg-controllen == 0 and iov != NULL (using the initalized cipher handle by sending data) In step 2, the cipher operation type (encryption or decryption) is reset to always decryption, because the local variable of enc is put into ctx->enc as ctx->user is still zero. The same applies when all send data is processed and ctx->used falls to zero followed by user space to send new data. This patch changes the behavior to only reset the cipher operation type (and the IV) if such configuration request is received. Signed-off-by:
Stephan Mueller <smueller@chronox.de> Signed-off-by:
-
- 01 Dec, 2014 1 commit
-
-
Struk, Tadeusz authored
Remover unneeded code. Signed-off-by:
Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by:
-
- 28 Nov, 2014 1 commit
-
-
Herbert Xu authored
As most (all?) users of algif_skcipher are single-threaded and therefore always write before reading from an algif_skcipher socket, they never block and exercise that code-path. It turns out that code path doesn't even work because we never reload ctx->used after waking up so we never even see the new data and immediately return an error (and a loud WARN_ON). This patch fixes this by always reloading ctx->used. Reported-by:
-
- 27 Nov, 2014 1 commit
-
-
Nickolaus Woodruff authored
Compiler dead store optimization can sometimes remove final calls to memset() used to clear sensitive data at the end of a function. Replace trailing memset() calls with memzero_explicit() to preclude unwanted removal. Signed-off-by:
Nickolaus Woodruff <nickolauswoodruff@gmail.com> Signed-off-by:
-
- 26 Nov, 2014 3 commits
-
-
Stephan Mueller authored
Use the crypto- prefix for the DRBG implementations. Signed-off-by:
-
Kees Cook authored
This adds the module loading prefix "crypto-" to the template lookup as well. For example, attempting to load 'vfat(blowfish)' via AF_ALG now correctly includes the "crypto-" prefix at every level, correctly rejecting "vfat": net-pf-38 algif-hash crypto-vfat(blowfish) crypto-vfat(blowfish)-all crypto-vfat Reported-by:
Mathias Krause <minipli@googlemail.com> Signed-off-by:
Kees Cook <keescook@chromium.org> Acked-by:
-
Stephan Mueller authored
To allow automatic loading of the crypto_user kernel module, the netlink MODULE_ALIAS is added. Signed-off-by:
-
- 25 Nov, 2014 3 commits
-
-
Dan Carpenter authored
This can't be NULL and we dereferenced it earlier. Smatch used to ignore these things where the pointer was obviously non-NULL but I've found that sometimes the intention was to check something else so we were maybe missing bugs. Signed-off-by:
Dan Carpenter <dan.carpenter@oracle.com> Acked-by:
Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by:
-
Struk, Tadeusz authored
Fix invalid inflights calculation for 64 bytes requests. Signed-off-by:
-
Daniel Borkmann authored
Commit e1bd95bf ("crypto: algif - zeroize IV buffer") and 2a6af25b ("crypto: algif - zeroize message digest buffer") added memzero_explicit() calls on buffers that are later on passed back to sock_kfree_s(). This is a discussed follow-up that, instead, extends the sock API and adds sock_kzfree_s(), which internally uses kzfree() instead of kfree() for passing the buffers back to slab. Having sock_kzfree_s() allows to keep the changes more minimal by just having a drop-in replacement instead of adding memzero_explicit() calls everywhere before sock_kfree_s(). In kzfree(), the compiler is not allowed to optimize the memset() away and thus there's no need for memzero_explicit(). Both, sock_kfree_s() and sock_kzfree_s() are wrappers for __sock_kfree_s() and call into kfree() resp. kzfree(); here, __sock_kfree_s() needs to be explicitly inlined as we want the compiler to optimize the call and condition away and thus it produces e.g. on x86_64 the _same_ assembler output for sock_kfree_s() before and after, and thus also allows for avoiding code duplication. Cc: David S. Miller <davem@davemloft.net> Signed-off-by:
Daniel Borkmann <dborkman@redhat.com> Signed-off-by:
-
- 24 Nov, 2014 2 commits
-
-
Kees Cook authored
This prefixes all crypto module loading with "crypto-" so we never run the risk of exposing module auto-loading to userspace via a crypto API, as demonstrated by Mathias Krause: https://lkml.org/lkml/2013/3/4/70Signed-off-by:
-
Herbert Xu authored
Currently all get requests with an empty driver name fail with EINVAL. Since most users actually want to supply an empty driver name this patch removes this check. Signed-off-by:
-
- 20 Nov, 2014 6 commits
-
-
Boris Brezillon authored
Add a DT node for the TRNG (True Random Number Generator) block. Keep this block enabled as it does not depend on any external connection, and thus should be available on all boards. Signed-off-by:
Boris Brezillon <boris.brezillon@free-electrons.com> Acked-by:
Nicolas Ferre <nicolas.ferre@atmel.com> Signed-off-by:
-
Boris Brezillon authored
Document DT bindings of Atmel's TRNG (True Random Number Generator) IP. Signed-off-by:
Peter Korsgaard <peter@korsgaard.com> Acked-by:
-
Boris Brezillon authored
Add DT support. Make the driver depend on CONFIG_OF as at91sam9g45 was the only SoC making use of the TRNG block and this SoC is now fully migrated to DT. Signed-off-by:
-
Boris Brezillon authored
Use clk_prepare_enable/_disable_unprepare instead of clk_enable/disable to work properly with the CCF. Signed-off-by:
-
Johannes Berg authored
This is a specific implementation, <asm/unaligned.h> is the multiplexer that has the arch-specific knowledge of which of the implementations needs to be used, so include that. Signed-off-by:
Johannes Berg <johannes.berg@intel.com> Signed-off-by:
-
Yazen Ghannam authored
This module registers a crc32 algorithm and a crc32c algorithm that use the optional CRC32 and CRC32C instructions in ARMv8. Tested on AMD Seattle. Improvement compared to crc32c-generic algorithm: TCRYPT CRC32C speed test shows ~450% speedup. Simple dd write tests to btrfs filesystem show ~30% speedup. Signed-off-by:
Yazen Ghannam <yazen.ghannam@linaro.org> Acked-by:
Steve Capper <steve.capper@linaro.org> Acked-by:
-
- 17 Nov, 2014 3 commits
-
-
Struk, Tadeusz authored
Use the new memzero_explicit function to cleanup sensitive data. Signed-off-by:
-
Stephan Mueller authored
Fix documentation typo for shash_alg->descsize. Add documentation for initially uncovered member variables. Signed-off-by:
-
Pranith Kumar authored
Recently lockless_dereference() was added which can be used in place of hard-coding smp_read_barrier_depends(). The following PATCH makes the change. Signed-off-by:
Pranith Kumar <bobby.prani@gmail.com> Reviewed-by:
Kim Phillips <kim.phillips@freescale.com> Signed-off-by:
-
- 13 Nov, 2014 11 commits
-
-
Stephan Mueller authored
The API function calls exported by the kernel crypto API for message digests to be used by consumers are documented. Signed-off-by:
-
Stephan Mueller authored
The API function calls exported by the kernel crypto API for signle block ciphers to be used by consumers are documented. Signed-off-by:
-
Stephan Mueller authored
The API function calls exported by the kernel crypto API for synchronous block ciphers to be used by consumers are documented. Signed-off-by:
-
Stephan Mueller authored
The API function calls exported by the kernel crypto API for AEAD ciphers to be used by consumers are documented. Signed-off-by:
-
Stephan Mueller authored
The API function calls exported by the kernel crypto API for asynchronous block ciphers to be used by consumers are documented. Signed-off-by:
-
Stephan Mueller authored
The data structure of struct crypto_alg together with various other data structures needed by cipher developers is documented wit all parameters that can be set by a developer of a transformation. All parameters that are internal to the crypto API are marked as such. Signed-off-by:
-
Stephan Mueller authored
The API function calls exported by the kernel crypto API for SHASHes to be used by consumers are documented. Signed-off-by:
-
Stephan Mueller authored
The API function calls exported by the kernel crypto API for AHASHes to be used by consumers are documented. Signed-off-by:
-
Stephan Mueller authored
The hash data structures needed to be filled in by cipher developers are documented. Signed-off-by:
-
Stephan Mueller authored
The API function calls exported by the kernel crypto API for RNGs to be used by consumers are documented. Signed-off-by:
-
Stephan Mueller authored
The userspace interface of the kernel crypto API is documented with * a general explanation * a discussion of the memory in-place operation * the description of the message digest API * the description of the symmetric cipher API The documentation refers to libkcapi as a working example on how to use the kernel crypto API from user space. Signed-off-by:
-
