On Thu, Jul 09, 2020 at 11:24:03PM -0700, Eric Biggers wrote:
>
> I decided to make crypto_check_attr_type() return the mask instead, and do so
> via a pointer argument instead of the return value (so that we don't overload
> an
> errno return value and prevent flag 0x8000 from working).
> Ple
On Thu, Jul 09, 2020 at 03:31:26PM +1000, Herbert Xu wrote:
> Eric Biggers wrote:
> >
> > @@ -875,14 +873,21 @@ static void cbcmac_exit_tfm(struct crypto_tfm *tfm)
> >
> > static int cbcmac_create(struct crypto_template *tmpl, struct rtattr **tb)
> > {
> > + struct crypto_attr_type *algt;
>
From: Eric Biggers
seqiv_create() is pointless because it just checks that the template is
being instantiated as an AEAD, then calls seqiv_aead_create(). But
seqiv_aead_create() does the exact same check, via aead_geniv_alloc().
Just remove seqiv_create() and use seqiv_aead_create() directly.
From: Eric Biggers
The type and mask arguments to aead_geniv_alloc() are always 0, so
remove them.
Signed-off-by: Eric Biggers
---
crypto/echainiv.c | 2 +-
crypto/geniv.c | 7 ---
crypto/seqiv.c | 2 +-
include/crypto/internal/geniv.h | 2 +-
From: Eric Biggers
CRYPTO_ALG_NEED_FALLBACK is handled inconsistently. When it's requested
to be clear, some templates propagate that request to child algorithms,
while others don't.
It's apparently desired for NEED_FALLBACK to be propagated, to avoid
deadlocks where a module tries to load itse
This series introduces a flag that algorithms can set to indicate that
they allocate memory during processing of typical inputs, and thus
shouldn't be used in cases like dm-crypt where memory allocation
failures aren't acceptable.
Compared to Mikulas's patches, I've made the following improvements
From: Mikulas Patocka
Don't use crypto drivers that have the flag CRYPTO_ALG_ALLOCATES_MEMORY
set. These drivers allocate memory and thus they are unsuitable for block
I/O processing.
Signed-off-by: Mikulas Patocka
---
drivers/md/dm-crypt.c | 17 +++--
1 file changed, 11 insertions
From: Eric Biggers
Introduce a new algorithm flag CRYPTO_ALG_ALLOCATES_MEMORY. If this
flag is set, then the driver allocates memory in its request routine.
Such drivers are not suitable for disk encryption because GFP_ATOMIC
allocation can fail anytime (causing random I/O errors) and GFP_KERNEL
From: Mikulas Patocka
Set the flag CRYPTO_ALG_ALLOCATES_MEMORY in the crypto drivers that
allocate memory.
drivers/crypto/allwinner/sun8i-ce/sun8i-ce-core.c: sun8i_ce_cipher
drivers/crypto/allwinner/sun8i-ss/sun8i-ss-core.c: sun8i_ss_cipher
drivers/crypto/amlogic/amlogic-gxl-core.c: meson_cipher
From: Eric Biggers
The flag CRYPTO_ALG_ASYNC is "inherited" in the sense that when a
template is instantiated, the template will have CRYPTO_ALG_ASYNC set if
any of the algorithms it uses has CRYPTO_ALG_ASYNC set.
We'd like to add a second flag (CRYPTO_ALG_ALLOCATES_MEMORY) that gets
"inherited"
On Thu, Jul 09, 2020 at 10:09:37PM +1000, Herbert Xu wrote:
> On Thu, Jul 09, 2020 at 11:51:10AM +0300, Ard Biesheuvel wrote:
> >
> > That looks like a sparse bug to me. Since when is it not allowed to
> > pass a non-const value as a const parameter?
> >
> > I.e., you can pass a u64[] to a functio
On Thu, Jul 09, 2020 at 10:44:04PM +1000, Herbert Xu wrote:
> This patch kills an strncpy by using strscpy instead. The name
> would be silently truncated if it is too long.
>
> Signed-off-by: Herbert Xu
Acked-by: John Allen
Current minimum required version of binutils is 2.23,
which supports PSHUFB, PCLMULQDQ, PEXTRD, AESKEYGENASSIST,
AESIMC, AESENC, AESENCLAST, AESDEC, AESDECLAST and MOVQ
instruction mnemonics.
Substitute macros from include/asm/inst.h with a proper
instruction mnemonics in various assmbly files fro
On Sun, Jul 05, 2020 at 09:18:57PM +1200, Barry Song wrote:
> For a typical Linux server, probably there are multiple ZIP modules.
> For example, numa node0 has a compressor, numa node2 has a same module.
> Some drivers are automatically using the module near the CPU calling
> acomp_alloc.
> But it
On Fri, Jul 03, 2020 at 04:32:06PM +0200, Sedat Dilek wrote:
> When building with LLVM_IAS=1 means using Clang's Integrated Assembly (IAS)
> from LLVM/Clang >= v10.0.1-rc1+ instead of GNU/as from GNU/binutils
> I see the following breakage in Debian/testing AMD64:
>
> :15:74: error: too many posit
On Wed, Jul 01, 2020 at 10:09:45PM +0200, Rikard Falkeborn wrote:
> Constify some static variables (mostly structs) that are not modified.
>
> Rikard Falkeborn (5):
> hwrng: bcm2835 - Constify bcm2835_rng_devtype[]
> hwrng: nomadik - Constify nmk_rng_ids[]
> hwrng: virtio - Constify id_table
On Wed, Jul 01, 2020 at 10:29:36PM +0200, Rikard Falkeborn wrote:
> features[] and id_table[] are not modified and can be made const to
> allow the compiler to put them in read-only memory.
>
> Before:
>textdata bss dec hex filename
> 115342056 160 1375035b6
>
On Tue, Jun 30, 2020 at 03:39:41PM +0200, Geert Uytterhoeven wrote:
> As HW_RANDOM_BA431 does not have any platform dependency, it should not
> default to enabled.
>
> Fixes: 0289e9be5dc26d84 ("hwrng: ba431 - add support for BA431 hwrng")
> Signed-off-by: Geert Uytterhoeven
> ---
> drivers/char/
On Mon, Jun 29, 2020 at 06:16:16PM +0100, Giovanni Cabiddu wrote:
> This series fixes a few issues with the xts(aes) implementation in the
> QuickAssist driver:
> - Requests that are not multiple of the block size are rejected
> - Input key not validated
> - xts(aes) requests with key size 192 b
On Mon, Jun 29, 2020 at 01:30:03PM +0100, Lee Jones wrote:
> A recent change to the Regulator consumer API (which this driver
> utilises) add prototypes for the some suspend functions. These
> functions require including header file include/linux/suspend.h.
>
> The following tree of includes affe
This patch kills an strncpy by using strscpy instead. The name
would be silently truncated if it is too long.
Signed-off-by: Herbert Xu
diff --git a/drivers/crypto/ccp/ccp-crypto-sha.c
b/drivers/crypto/ccp/ccp-crypto-sha.c
index b0cc2bd73af8..2bc29736fa45 100644
--- a/drivers/crypto/ccp/ccp-cr
Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.
Deterministic algorithm:
For each file:
If not .svg:
For each line:
If doesn't contain `\bxmlns\b`:
For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
On Mon, Jun 29, 2020 at 09:39:20AM +0200, Ard Biesheuvel wrote:
> Get rid of pointless indirect calls where the target of the call is decided
> at boot and never changes. Also, make the size of the key struct variable,
> and only carry the extra keys needed for aggregation when using a version
> of
> -Original Message-
> From: linux-crypto-ow...@vger.kernel.org
> [mailto:linux-crypto-ow...@vger.kernel.org] On Behalf Of Sebastian Andrzej
> Siewior
> Sent: Thursday, July 9, 2020 7:17 PM
> To: Song Bao Hua (Barry Song)
> Cc: a...@linux-foundation.org; herb...@gondor.apana.org.au;
> da
On Thu, Jul 09, 2020 at 10:12:31PM +1000, Herbert Xu wrote:
> On Thu, Jul 09, 2020 at 06:22:58PM +1000, Herbert Xu wrote:
> > On Mon, Jun 29, 2020 at 09:39:23AM +0200, Ard Biesheuvel wrote:
> > > Now that the ghash and gcm drivers are split, we no longer need to
> > > allocate
> > > a key struct f
On Thu, Jul 09, 2020 at 06:22:58PM +1000, Herbert Xu wrote:
> On Mon, Jun 29, 2020 at 09:39:23AM +0200, Ard Biesheuvel wrote:
> > Now that the ghash and gcm drivers are split, we no longer need to allocate
> > a key struct for the former that carries powers of H that are only used by
> > the latter
On Thu, Jul 09, 2020 at 11:51:10AM +0300, Ard Biesheuvel wrote:
>
> That looks like a sparse bug to me. Since when is it not allowed to
> pass a non-const value as a const parameter?
>
> I.e., you can pass a u64[] to a function that takes a u64 const *,
> giving the caller the guarantee that their
On Thu, Jul 09, 2020 at 07:05:11PM +0800, shenyang (M) wrote:
>
> Yes, this patch just fixes the bug for 'hisi_zip'. As for 'hisi_hpre'
> and 'hisi_sec2', this patch doesn't change the logic.
> We have noticed the problem you say, and the patch is prepared. We fix
> this in 'hisi_qm', and you will
On 2020/7/9 13:36, Herbert Xu wrote:
On Wed, Jul 01, 2020 at 03:19:54PM +0800, Yang Shen wrote:
When the devices are removed or not existing, the corresponding algorithms
which are registered by 'hisi-zip' driver can't be used.
Move 'hisi_zip_register_to_crypto' from 'hisi_zip_init' to
'hisi
On Thu, 9 Jul 2020 at 11:53, Horia Geantă wrote:
>
> On 7/9/2020 3:47 AM, Herbert Xu wrote:
> > On Wed, Jul 08, 2020 at 07:24:08PM +0300, Horia Geantă wrote:
> >>
> >> I think the commit message should be updated to reflect this logic:
> >> indeed, caam's implementation of ecb(arc4) is broken,
> >
> -Original Message-
> From: owner-linux...@kvack.org [mailto:owner-linux...@kvack.org] On
> Behalf Of Sebastian Andrzej Siewior
> Sent: Thursday, July 9, 2020 8:41 PM
> To: Song Bao Hua (Barry Song)
> Cc: a...@linux-foundation.org; herb...@gondor.apana.org.au;
> da...@davemloft.net; lin
Balance the irqs of the marvell cesa driver over all
available cpus.
Currently all interrupts are handled by the first CPU.
>From my testing with IPSec AES 256 SHA256
on my clearfog base with 2 Cores I get a 2x speed increase:
Before the patch: 26.74 Kpps
With the patch: 56.11 Kpps
Signed-off-by
On 7/9/2020 3:47 AM, Herbert Xu wrote:
> On Wed, Jul 08, 2020 at 07:24:08PM +0300, Horia Geantă wrote:
>>
>> I think the commit message should be updated to reflect this logic:
>> indeed, caam's implementation of ecb(arc4) is broken,
>> but instead of fixing it, crypto API-based ecb(arc4)
>> is rem
On Thu, 9 Jul 2020 at 11:22, Herbert Xu wrote:
>
> On Mon, Jun 29, 2020 at 09:39:25AM +0200, Ard Biesheuvel wrote:
> > Of the two versions of GHASH that the ARM driver implements, only one
> > performs aggregation, and so the other one has no use for the powers
> > of H to be precomputed, or space
The implementation of EC is introduced from libgcrypt as the
basic algorithm of elliptic curve, which can be more perfectly
integrated with MPI implementation.
Some other algorithms will be developed based on mpi ecc, such as SM2.
Signed-off-by: Tianjia Zhang
---
include/linux/mpi.h | 105 +++
This new module implement the SM2 public key algorithm. It was
published by State Encryption Management Bureau, China.
List of specifications for SM2 elliptic curve public key cryptography:
* GM/T 0003.1-2012
* GM/T 0003.2-2012
* GM/T 0003.3-2012
* GM/T 0003.4-2012
* GM/T 0003.5-2012
IETF: https:
Asymmetric digsig supports SM2-with-SM3 algorithm combination,
so that IMA can also verify SM2's signature data.
Signed-off-by: Tianjia Zhang
---
security/integrity/digsig_asymmetric.c | 14 +++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/security/integrity/digsig_a
Both crypto_sm3_update and crypto_sm3_finup have been
exported, exporting crypto_sm3_final, to avoid having to
use crypto_sm3_finup(desc, NULL, 0, dgst) to calculate
the hash in some cases.
Signed-off-by: Tianjia Zhang
---
crypto/sm3_generic.c | 7 ---
include/crypto/sm3.h | 2 ++
2 files ch
The digital certificate format based on SM2 crypto algorithm as
specified in GM/T 0015-2012. It was published by State Encryption
Management Bureau, China.
This patch adds the OID object identifier defined by OSCCA. The
x509 certificate supports sm2-with-sm3 type certificate parsing.
It uses the s
The digital certificate format based on SM2 crypto algorithm as
specified in GM/T 0015-2012. It was published by State Encryption
Management Bureau, China.
The method of generating Other User Information is defined as
ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA), it also
specified in ht
On 2020-07-09 07:55:22 [+], Song Bao Hua (Barry Song) wrote:
> Hello Sebastian, thanks for your reply and careful review.
Hi,
> I don't think we can simply "forward the result to the caller and let him
> decide".
> Would you like to present some pseudo code?
I provided just some pseudo code
Expand the mpi library based on libgcrypt, and the ECC algorithm of
mpi based on libgcrypt requires these functions.
Some other algorithms will be developed based on mpi ecc, such as SM2.
Signed-off-by: Tianjia Zhang
---
include/linux/mpi.h| 88 +++
lib/mpi/Makefile | 5 +
l
Hello all,
This new module implement the OSCCA certificate and SM2 public key
algorithm. It was published by State Encryption Management Bureau, China.
List of specifications for OSCCA certificate and SM2 elliptic curve
public key cryptography:
* GM/T 0003.1-2012
* GM/T 0003.2-2012
* GM/T 0003.3-
Some asymmetric algorithms will get different ciphertext after
each encryption, such as SM2, and let testmgr support the testing
of such algorithms.
In struct akcipher_testvec, set c and c_size to be empty, skip
the comparison of the ciphertext, and compare the decrypted
plaintext with m to achiev
On Mon, Jun 29, 2020 at 09:39:23AM +0200, Ard Biesheuvel wrote:
> Now that the ghash and gcm drivers are split, we no longer need to allocate
> a key struct for the former that carries powers of H that are only used by
> the latter. Also, take this opportunity to clean up the code a little bit.
>
On Mon, Jun 29, 2020 at 09:39:25AM +0200, Ard Biesheuvel wrote:
> Of the two versions of GHASH that the ARM driver implements, only one
> performs aggregation, and so the other one has no use for the powers
> of H to be precomputed, or space to be allocated for them in the key
> struct. So make the
On Thu, Jul 09, 2020 at 06:03:01PM +1000, Herbert Xu wrote:
> On Wed, Jul 01, 2020 at 11:05:48AM +0300, Tero Kristo wrote:
> > From: Keerthy
> >
> > Adds a basic crypto driver and currently supports AES/3DES
> > in cbc mode for both encryption and decryption.
> >
> > Signed-off-by: Keerthy
> >
On Wed, Jul 01, 2020 at 11:05:48AM +0300, Tero Kristo wrote:
> From: Keerthy
>
> Adds a basic crypto driver and currently supports AES/3DES
> in cbc mode for both encryption and decryption.
>
> Signed-off-by: Keerthy
> [t-kri...@ti.com: major re-work to fix various bugs in the driver and to
>
On Thu, Jul 02, 2020 at 10:31:13AM +0800, Meng Yu wrote:
> Bugfix: crypto: hisilicon/hpre - modify the macros, add a switch in
> sriov_configure, unified debugfs interface, and disable
> hardware FLR.
>
> Hui Tang (2):
> crypto: hisilicon/hpre - HPRE_OVERTIME_THRHLD can be written by
> -Original Message-
> From: linux-crypto-ow...@vger.kernel.org
> [mailto:linux-crypto-ow...@vger.kernel.org] On Behalf Of Sebastian Andrzej
> Siewior
> Sent: Thursday, July 9, 2020 7:39 PM
> To: Song Bao Hua (Barry Song)
> Cc: a...@linux-foundation.org; herb...@gondor.apana.org.au;
> da
On 2020-07-09 01:32:38 [+], Song Bao Hua (Barry Song) wrote:
> > This looks using the same synchronous mechanism around an asynchronous
> > interface. It works as a PoC.
> >
> > As far as I remember the crypto async interface, the incoming skbs were fed
> > to
> > the async interface and retu
On 2020-07-08 21:45:47 [+], Song Bao Hua (Barry Song) wrote:
> > On 2020-07-08 00:52:10 [+1200], Barry Song wrote:
> > > @@ -127,9 +129,17 @@
> > > +struct crypto_acomp_ctx {
> > > + struct crypto_acomp *acomp;
> > > + struct acomp_req *req;
> > > + struct crypto_wait wait;
> > > + u8 *dstmem;
52 matches
Mail list logo
