ecc_point_mult is supposed to be used with a regularized scalar,
otherwise, it's possible to deduce the position of the top bit of the
scalar with timing attack.
ecc_point_mult is already using a regular algorithm (i.e. having an
operation flow independent of the input scalar) but regularization s
On Sat, Nov 03, 2018 at 03:35:04PM -0700, Eric Biggers wrote:
> [+cla...@baylibre.com]
>
> Hi Corentin, I think this is a bug in the new crypto statistics feature. In
> the
> skcipher_decrypt case the code is (but this applies elsewhere too!):
>
> static inline void crypto_stat_skcipher_decrypt
As per Sp800-38A addendum from Oct 2010[1], cts(cbc(aes)) is
allowed as a FIPS mode algorithm. Mark it as such.
[1] https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
Signed-off-by: Gilad Ben-Yossef
---
crypto/testmgr.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/crypto
On Sat, Nov 03, 2018 at 03:52:35PM -0700, Eric Biggers wrote:
> On Wed, Sep 19, 2018 at 10:10:54AM +, Corentin Labbe wrote:
> > diff --git a/include/uapi/linux/cryptouser.h
> > b/include/uapi/linux/cryptouser.h
> > index 19bf0ca6d635..6dafbc3e4414 100644
> > --- a/include/uapi/linux/cryptouser
On Sat, Nov 03, 2018 at 03:19:36PM -0700, Eric Biggers wrote:
> Hi Corentin,
>
> On Wed, Sep 19, 2018 at 10:10:54AM +, Corentin Labbe wrote:
> > This patch implement a generic way to get statistics about all crypto
> > usages.
> >
> > Signed-off-by: Corentin Labbe
> > ---
> > crypto/Kconfig
