From: Eric Biggers
The generic AEGIS implementations all fail the improved AEAD tests
because they produce the wrong result with some data layouts. The issue
is that they assume that if the skcipher_walk API gives 'nbytes' not
aligned to the walksize (a.k.a. walk.stride), then it is the end of t
From: Eric Biggers
The generic MORUS implementations all fail the improved AEAD tests
because they produce the wrong result with some data layouts. The issue
is that they assume that if the skcipher_walk API gives 'nbytes' not
aligned to the walksize (a.k.a. walk.stride), then it is the end of t
From: Eric Biggers
The arm64 NEON bit-sliced implementation of AES-CTR fails the improved
skcipher tests because it sometimes produces the wrong ciphertext. The
bug is that the final keystream block isn't returned from the assembly
code when the number of non-final blocks is zero. This can happ
From: Eric Biggers
To achieve more comprehensive crypto test coverage, I'd like to add fuzz
tests that use random data layouts and request flags.
To be most effective these tests should be part of testmgr, so they
automatically run on every algorithm registered with the crypto API.
However, they
From: Eric Biggers
Convert alg_test_skcipher() to use the new test framework, adding a list
of testvec_configs to test by default. When the extra self-tests are
enabled, randomly generated testvec_configs are tested as well.
This improves skcipher test coverage mainly because now all algorithms
From: Eric Biggers
Check that algorithms do not change the aead_request structure, as users
may rely on submitting the request again (e.g. after copying new data
into the same source buffer) without reinitializing everything.
Signed-off-by: Eric Biggers
---
crypto/testmgr.c | 44 ++
From: Eric Biggers
Check that algorithms do not change the skcipher_request structure, as
users may rely on submitting the request again (e.g. after copying new
data into the same source buffer) without reinitializing everything.
Signed-off-by: Eric Biggers
---
crypto/testmgr.c | 41 ++
From: Eric Biggers
Hash algorithms with an alignmask set, e.g. "xcbc(aes-aesni)" and
"michael_mic", fail the improved hash tests because they sometimes
produce the wrong digest. The bug is that in the case where a
scatterlist element crosses pages, not all the data is actually hashed
because the
From: Eric Biggers
Convert alg_test_hash() to use the new test framework, adding a list of
testvec_configs to test by default. When the extra self-tests are
enabled, randomly generated testvec_configs are tested as well.
This improves hash test coverage mainly because now all algorithms have
a
From: Eric Biggers
The x86 AEGIS implementations all fail the improved AEAD tests because
they produce the wrong result with some data layouts. The issue is that
they assume that if the skcipher_walk API gives 'nbytes' not aligned to
the walksize (a.k.a. walk.stride), then it is the end of the d
From: Eric Biggers
The x86 MORUS implementations all fail the improved AEAD tests because
they produce the wrong result with some data layouts. The issue is that
they assume that if the skcipher_walk API gives 'nbytes' not aligned to
the walksize (a.k.a. walk.stride), then it is the end of the d
From: Eric Biggers
Convert alg_test_aead() to use the new test framework, using the same
list of testvec_configs that skcipher testing uses.
This significantly improves AEAD test coverage mainly because previously
there was only very limited test coverage of the possible data layouts.
Now the da
From: Eric Biggers
Crypto algorithms must produce the same output for the same input
regardless of data layout, i.e. how the src and dst scatterlists are
divided into chunks and how each chunk is aligned. Request flags such
as CRYPTO_TFM_REQ_MAY_SLEEP must not affect the result either.
However,
From: Eric Biggers
Add functions that generate a random testvec_config, in preparation for
using it for randomized fuzz tests.
Signed-off-by: Eric Biggers
---
crypto/testmgr.c | 117 +++
1 file changed, 117 insertions(+)
diff --git a/crypto/testmgr.
Hello,
Crypto algorithms must produce the same output for the same input
regardless of data layout, i.e. how the src and dst scatterlists are
divided into chunks and how each chunk is aligned. Request flags such
as CRYPTO_TFM_REQ_MAY_SLEEP must not affect the result either.
However, testing of t
From: Eric Biggers
gcmaes_crypt_by_sg() dereferences the NULL pointer returned by
scatterwalk_ffwd() when encrypting an empty plaintext and the source
scatterlist ends immediately after the associated data.
Fix it by only fast-forwarding to the src/dst data scatterlists if the
data length is non
On Thu, Jan 31, 2019 at 9:42 PM Herbert Xu wrote:
>
> This push fixes a bug in cavium/nitrox where the callback is invoked
> prior to the DMA unmap.
This is not so much a comment about the pull itself (which I did half
an hour ago), as about the fact that it looks like the pr-tracker
robot doesn'
when the source sg contains more than 1 fragment and
destination sg contains 1 fragment, the caam driver
mishandle the buffers to be sent to caam.
Fixes: f2147b88b2b1 ("crypto: caam - Convert GCM to new AEAD interface")
Cc: # 4.2+
Signed-off-by: Pankaj Gupta
Signed-off-by: Arun Pathak
Reviewed-
Herbert,
On Fri, Feb 01, 2019 at 02:26:55PM +0800, Herbert Xu wrote:
> On Fri, Jan 25, 2019 at 09:01:16PM +0300, Vitaly Chikunov wrote:
> >
> > @@ -781,36 +780,17 @@ static int tpm_key_verify_signature(const struct key
> > *key,
> > if (!req)
> > goto error_free_tfm;
> >
> > -
On 2019/2/1 13:22, Herbert Xu wrote:
> On Wed, Jan 23, 2019 at 09:08:51PM +0800, Zhou Wang wrote:
>>
>> +/**
>> + * hisi_qp_poll() - Poll current cqe to see if a task is finished.
>> + * @qp: The qp which will poll.
>> + *
>> + * This function polls current cqe for a give qp to see if a task is
>>
On Fri, Feb 01, 2019 at 01:31:46PM +0800, Herbert Xu wrote:
> On Wed, Jan 23, 2019 at 02:49:20PM -0800, Eric Biggers wrote:
> >
> > diff --git a/crypto/Kconfig b/crypto/Kconfig
> > index 86960aa53e0f..cbeba16fd8c1 100644
> > --- a/crypto/Kconfig
> > +++ b/crypto/Kconfig
> > @@ -168,6 +168,16 @@ co
On Sun, Jan 27, 2019 at 10:16:51AM +0100, Ard Biesheuvel wrote:
> Fix the issues in both NEON implementations of the CRC-T10DIF routines,
> that were reported by Eric's new testing code.
>
> v3:
> - fix commit log to state 'at least 16 bytes' not 'more than 16 bytes' (#1-#2)
> - add Eric's R-b to
On 2/1/2019 7:50 AM, Pankaj Gupta wrote:
> when the source sg contains more than 1 fragment and
> destination sg contains 1 fragment, the caam driver
> mishandle the buffers to be sent to caam.
>
> Fixes: f2147b88b2b1 ("crypto: caam - Convert GCM to new AEAD interface")
> Cc: # 4.2+
> Signed-off-
On Sat, Jan 26, 2019 at 08:02:15PM +0200, Horia Geantă wrote:
> Roland reports the following issue and provides a root cause analysis:
>
> "On a v4.19 i.MX6 system with IMA and CONFIG_DMA_API_DEBUG enabled, a
> warning is generated when accessing files on a filesystem for which IMA
> measurement i
On Fri, Jan 25, 2019 at 12:49:36PM +0900, Masahiro Yamada wrote:
> Currently, the Kbuild core manipulates header search paths in a crazy
> way [1].
>
> To fix this mess, I want all Makefiles to add explicit $(srctree)/ to
> the search paths in the srctree. Some Makefiles are already written in
> t
On Fri, Jan 25, 2019 at 10:36:25AM +0100, Ard Biesheuvel wrote:
> Both the GHASH and the CRC-T10DIF SIMD routines are based on 64-bit
> polynomial multiplication, but fall back to the slower 8-bit polynomial
> instructions if the optional 64-bit PMULL instruction is not implemented.
>
> This means
On Fri, Jan 25, 2019 at 09:31:47AM +, Milan Broz wrote:
> The CRC32 is not a cryptographic hash algorithm,
> so the FIPS restrictions should not apply to it.
> (The CRC32C variant is already allowed.)
>
> This CRC32 variant is used for in dm-crypt legacy TrueCrypt
> IV implementation (tcw); de
On Fri, Jan 25, 2019 at 03:07:48PM +0900, Masahiro Yamada wrote:
> The header search path -I. in kernel Makefiles is very suspicious;
> it allows the compiler to search for headers in the top of $(srctree),
> where obviously no header file exists.
>
> 'git grep BCMDRIVER' has no hit. So, this macr
On Thu, Jan 24, 2019 at 05:33:44PM +0100, Ard Biesheuvel wrote:
> Fix a couple of bugs found by Eric's new testing code, and another
> issue found by inspection.
>
> Ard Biesheuvel (3):
> crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling
> crypto: arm64/aes-ccm - fix bugs in non-NEON
On Wed, Jan 23, 2019 at 12:59:39PM +0100, Lars Persson wrote:
> Hi
>
> This series brings to mainline fixes done during our product development and
> fixes for errors detected by the IPsec testsuite in LTP.
>
> Lars Persson (6):
> crypto: axis - remove sha384 support for artpec7
> crypto: axi
On Wed, Jan 23, 2019 at 11:24:18AM +, Corentin Labbe wrote:
> When building without CONFIG_HW_RANDOM_PPC4XX, I hit the following build
> failure:
> drivers/crypto/amcc/crypto4xx_core.c: In function 'crypto4xx_probe':
> drivers/crypto/amcc/crypto4xx_core.c:1407:20: error: passing argument 1 of
On Wed, Jan 23, 2019 at 08:57:35PM -0800, Eric Biggers wrote:
> From: Eric Biggers
>
> Instantiating "cryptd(crc32c)" causes a crypto self-test failure because
> the crypto_alloc_shash() in alg_test_crc32c() fails. This is because
> cryptd(crc32c) is an ahash algorithm, not a shash algorithm; so
On Wed, Jan 23, 2019 at 02:55:17PM +0800, YueHaibing wrote:
> Fix a static code checker warning:
> drivers/crypto/chelsio/chcr_algo.c:3681
> chcr_aead_op() warn: passing zero to 'PTR_ERR'
>
> Fixes: 2debd3325e55 ("crypto: chcr - Add AEAD algos.")
> Signed-off-by: YueHaibing
> ---
> drivers/cryp
On Tue, Jan 22, 2019 at 04:14:15PM +0100, Greg Kroah-Hartman wrote:
> When calling debugfs code, there is no need to ever check the return
> value of the call, as no logic should ever change if a call works
> properly or not. Fix up a bunch of crypto-specific code to not care
> about the results o
On Tue, Jan 22, 2019 at 03:26:08PM +, Roland Hieber wrote:
> Signed-off-by: Roland Hieber
> ---
> drivers/crypto/caam/caamhash.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Patch applied. Thanks.
--
Email: Herbert Xu
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: htt
On Tue, Jan 22, 2019 at 04:47:01PM +0200, Horia Geantă wrote:
> Recent AEAD changes in testmgr framework introduced by commit
> a0d608ee5ebf ("crypto: testmgr - unify the AEAD encryption and decryption
> test vectors")
> uncovered an error in the CAAM drivers, since they don't correctly
> handle t
On Mon, Jan 21, 2019 at 07:57:00AM +, YueHaibing wrote:
> Use kmemdup rather than duplicating its implementation
>
> Signed-off-by: YueHaibing
Patch applied. Thanks.
--
Email: Herbert Xu
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.tx
On Mon, Jan 21, 2019 at 03:22:42PM +0200, Horia Geantă wrote:
> From: Iuliana Prodan
>
> Add cmac(aes) keyed hash offloading support.
>
> Similar to xcbc implementation, driver must make sure there are still
> some bytes buffered when ahash_final() is called. This way HW is able to
> decide whet
On Fri, Jan 25, 2019 at 09:01:16PM +0300, Vitaly Chikunov wrote:
>
> @@ -781,36 +780,17 @@ static int tpm_key_verify_signature(const struct key
> *key,
> if (!req)
> goto error_free_tfm;
>
> - ret = -ENOMEM;
> - outlen = crypto_akcipher_maxsize(tfm);
> - output =
when the source sg contains more than 1 fragment and
destination sg contains 1 fragment, the caam driver
mishandle the buffers to be sent to caam.
Fixes: f2147b88b2b1 ("crypto: caam - Convert GCM to new AEAD interface")
Cc: # 4.2+
Signed-off-by: Pankaj Gupta
Signed-off-by: Arun Pathak
---
driv
Hi Linus:
This push fixes a bug in cavium/nitrox where the callback is invoked
prior to the DMA unmap.
Please pull from
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git linus
Nagadheeraj Rottela (1):
crypto: cavium/nitrox - Invoke callback after DMA unmap
drivers/
On Wed, Jan 23, 2019 at 02:49:20PM -0800, Eric Biggers wrote:
>
> diff --git a/crypto/Kconfig b/crypto/Kconfig
> index 86960aa53e0f..cbeba16fd8c1 100644
> --- a/crypto/Kconfig
> +++ b/crypto/Kconfig
> @@ -168,6 +168,16 @@ config CRYPTO_MANAGER_DISABLE_TESTS
> Disable run-time self tests th
On Thu, Jan 31, 2019 at 10:05:17AM +0100, Ondrej Mosnacek wrote:
> Hi Eric,
>
> On Wed, Jan 23, 2019 at 11:52 PM Eric Biggers wrote:
> > From: Eric Biggers
> >
> > The generic MORUS implementations all fail the improved AEAD tests
> > because they produce the wrong result with some data layouts.
On Wed, Jan 23, 2019 at 09:08:51PM +0800, Zhou Wang wrote:
>
> +/**
> + * hisi_qp_poll() - Poll current cqe to see if a task is finished.
> + * @qp: The qp which will poll.
> + *
> + * This function polls current cqe for a give qp to see if a task is
> finished.
> + * Return -ETIME if timeout.
> +
when the source sg contains more than 1 fragment and
destination sg contains 1 fragment, the caam driver
mishandle the buffers to be sent to caam.
Fixes: f2147b88b2b1 ("crypto: caam - Convert GCM to new AEAD interface")
Signed-off-by: Pankaj Gupta
Signed-off-by: Arun Pathak
---
drivers/crypto/c
Change the assembly code to use only relative references of symbols for the
kernel to be PIE compatible.
Position Independent Executable (PIE) support will allow to extend the
KASLR randomization range below 0x8000.
Signed-off-by: Thomas Garnier
---
arch/x86/crypto/aegis128-aesni-as
Hi,
On 30.01.2019 17:51, Rob Herring wrote:
> On Thu, Jan 24, 2019 at 04:45:20PM +0100, Kamil Konieczny wrote:
>> Document DT bindings for crypto Samsung Exynos5433 SlimSSS (Slim Security
>> SubSystem) IP.
>>
>> Reviewed-by: Krzysztof Kozlowski
>> Signed-off-by: Kamil Konieczny
>> ---
>> .../de
On 1/30/19 2:57 PM, Singh, Brijesh wrote:
> A kexec reboot may leave the firmware in INIT or WORKING state.
> Currently, we issue PLATFORM_INIT command during the probe without
> checking the current state. The PLATFORM_INIT command fails if the
> FW is already in INIT state. Lets check the current
On Thu, 31 Jan 2019 at 17:36, Herbert Xu wrote:
>
> On Thu, Jan 31, 2019 at 09:41:43AM +0100, Jens Wiklander wrote:
> >
> > I think this patch series is good now. It has received comments which
> > has been addressed and have also gathered a few R-B tags.
> >
> > All patches but "hwrng: add OP-TEE
On Thu, Jan 31, 2019 at 09:41:43AM +0100, Jens Wiklander wrote:
>
> I think this patch series is good now. It has received comments which
> has been addressed and have also gathered a few R-B tags.
>
> All patches but "hwrng: add OP-TEE based rng driver" covers what I
> normally send pull requests
On 1/31/2019 11:38 AM, Horia Geanta wrote:
> Thanks Pankaj.
>
> On 1/31/2019 9:18 AM, Pankaj Gupta wrote:
>> when the source sg contains more than 1 fragment and
>> destination sg contains 1 fragment, the caam driver
>> mishandle the buffers to be sent to caam.
>>
> Patch subject prefix should be:
Thanks Pankaj.
On 1/31/2019 9:18 AM, Pankaj Gupta wrote:
> when the source sg contains more than 1 fragment and
> destination sg contains 1 fragment, the caam driver
> mishandle the buffers to be sent to caam.
>
Patch subject prefix should be: "crypto: caam -"
Please Cc stable by adding:
Cc: #
Hi Eric,
On Wed, Jan 23, 2019 at 11:52 PM Eric Biggers wrote:
> From: Eric Biggers
>
> The generic MORUS implementations all fail the improved AEAD tests
> because they produce the wrong result with some data layouts. Fix them.
>
> Fixes: 396be41f16fd ("crypto: morus - Add generic MORUS AEAD im
Hi Matt and Herbert,
On Tue, Jan 29, 2019 at 11:19:34AM +0530, Sumit Garg wrote:
> This series introduces a generic TEE bus driver concept for TEE based
> kernel drivers which would like to communicate with TEE based devices/
> services.
>
> Patch #1 adds TEE bus concept where devices/services ar
54 matches
Mail list logo
