On Fri, 2021-03-05 at 08:01 +0100, Álvaro Fernández Rojas wrote:
> BCM6368 devices need to reset the IPSEC controller in order to generate true
> random numbers.
>
> This is what BCM6368 produces without a reset:
> root@OpenWrt:/# cat /dev/hwrng | rngtest -c 1000
> rngtest 6.10
> Copyright (c) 200
As of commit bb475230b8e5 ("reset: make optional functions really
optional"), the reset framework API calls use NULL pointers to describe
optional, non-present reset controls.
This allows to unconditionally return errors from
devm_reset_control_get_optional_exclusive.
Signed-off-by: Philipp Zabel
Please consider applying the following upstream patch to stable trees
v5.4 and up
commit 660d2062190db131d2feaf19914e90f868fe285c
Author: Ard Biesheuvel
Date: Wed Jan 13 10:11:35 2021 +0100
crypto - shash: reduce minimum alignment of shash_desc structure
On architectures such as arm64, it red
On 3/5/21 2:37 AM, Tianjia Zhang wrote:
Hi,
On 3/4/21 7:46 AM, Stefan Berger wrote:
Tianjia,
can you say whether SM2 support works for you before and after
applying this patch? I cannot verify it with an sm2 key I have
created using a sequence of commands like this:
> modprobe sm2_gen
On Thu, Mar 04, 2021 at 07:51:55PM -0500, Stefan Berger wrote:
> From: Stefan Berger
>
> Add support for parsing the parameters of a NIST P256 or NIST P192 key.
> Enable signature verification using these keys. The new module is
> enabled with CONFIG_ECDSA:
> Elliptic Curve Digital Signature Al
On Thu, Mar 04, 2021 at 07:52:00PM -0500, Stefan Berger wrote:
> From: Stefan Berger
>
> This patch adds support for parsing of x509 certificates that contain
"Add support..." instead of "This patch adds"
> ECDSA keys, such as NIST P256, that have been signed by a CA using any
> of the current
On Thu, Mar 04, 2021 at 07:52:03PM -0500, Stefan Berger wrote:
> From: Stefan Berger
>
> This patch adds support for using elliptic curve keys for signing
"Add support
> modules. It uses a NIST P384 (secp384r1) key if the user chooses an
> elliptic curve key and will have ECDSA support built in
On Thu, Mar 04, 2021 at 07:51:56PM -0500, Stefan Berger wrote:
> From: Saulo Alessandre
>
> * crypto/ecc_curve_defs.h
> - add nist_p384 params
>
> * include/crypto/ecdh.h
> - add ECC_CURVE_NIST_P384
>
> * crypto/ecc.c
> - change ecc_get_curve to accept nist_p384
>
> Signed-off-by: Saulo
On Thu, Mar 04, 2021 at 07:51:57PM -0500, Stefan Berger wrote:
> From: Saulo Alessandre
>
> * crypto/ecc.c
> - add vli_mmod_fast_384
> - change some routines to pass ecc_curve forward until vli_mmod_fast
>
> * crypto/ecc.h
> - add ECC_CURVE_NIST_P384_DIGITS
> - change ECC_MAX_DIGITS to P
On Thu, Mar 04, 2021 at 07:52:02PM -0500, Stefan Berger wrote:
> From: Saulo Alessandre
>
> * crypto/asymmetric_keys/x509_cert_parser.c
> - prepare x509 parser to load nist_secp384r1
>
> * include/linux/oid_registry.h
> - add OID_id_secp384r1
>
> Signed-off-by: Saulo Alessandre
> Tested-by
On Thu, Mar 04, 2021 at 07:51:58PM -0500, Stefan Berger wrote:
> From: Saulo Alessandre
>
> * crypto/ecdsa.c
> - add ecdsa_nist_p384_init_tfm
> - register and unregister P384 tfm
>
> * crypto/testmgr.c
> - add test vector for P384 on vector of tests
>
> * crypto/testmgr.h
> - add test v
On Thu, Mar 04, 2021 at 07:53:48PM -0500, Stefan Berger wrote:
> Herbert,
>
> you can take patches 1-8. 9 will not apply without Nayna's series as
> mentioned in the patch.
>
> Regards,
> Stefan
IMHO, these patches are not yet in finished state.
/Jarkko
>
>
> On 3/4/21 7:51 PM, Stefan
On Thu, Mar 04, 2021 at 07:51:59PM -0500, Stefan Berger wrote:
> From: Stefan Berger
>
> Detect whether a key is an sm2 type of key by its OID in the parameters
> array rather than assuming that everything under OID_id_ecPublicKey
> is sm2, which is not the case.
>
> Cc: David Howells
> Cc: key
Jarkko,
On Fri, Mar 05, 2021 at 07:05:39PM +0200, Jarkko Sakkinen wrote:
> On Thu, Mar 04, 2021 at 07:51:55PM -0500, Stefan Berger wrote:
> > +module_exit(ecdsa_exit);
> > +
> > +MODULE_LICENSE("GPL");
> > +MODULE_AUTHOR("Stefan Berger ");
>
> Remove MODULE_AUTHOR(). It's redundant because of Git
On 3/5/21 12:16 PM, Jarkko Sakkinen wrote:
On Thu, Mar 04, 2021 at 07:51:59PM -0500, Stefan Berger wrote:
From: Stefan Berger
Detect whether a key is an sm2 type of key by its OID in the parameters
array rather than assuming that everything under OID_id_ecPublicKey
is sm2, which is not the cas
On 3/5/21 12:10 PM, Jarkko Sakkinen wrote:
On Thu, Mar 04, 2021 at 07:51:58PM -0500, Stefan Berger wrote:
From: Saulo Alessandre
* crypto/ecdsa.c
- add ecdsa_nist_p384_init_tfm
- register and unregister P384 tfm
* crypto/testmgr.c
- add test vector for P384 on vector of tests
* cryp
Jarkko,
On Fri, Mar 05, 2021 at 07:05:39PM +0200, Jarkko Sakkinen wrote:
> > +// SPDX-License-Identifier: GPL-2.0+
> > +/*
> > + * Copyright (c) 2021 IBM Corporation
> > + *
> > + * Redistribution and use in source and binary forms, with or without
> > + * modification, are permitted provided that
From: Saulo Alessandre
Register NIST P384 as an akcipher and extend the testmgr with
NIST P384-specific test vectors.
Summary of changes:
* crypto/ecdsa.c
- add ecdsa_nist_p384_init_tfm
- register and unregister P384 tfm
* crypto/testmgr.c
- add test vector for P384 on vector of tests
*
From: Saulo Alessandre
Add the parameters for the NIST P384 curve and define a new curve ID
for it. Make the curve available in ecc_get_curve.
Summary of changes:
* crypto/ecc_curve_defs.h
- add nist_p384 params
* include/crypto/ecdh.h
- add ECC_CURVE_NIST_P384
* crypto/ecc.c
- change e
From: Saulo Alessandre
Add the math needed for NIST P384 and adapt certain functions'
parameters so that the ecc_curve is passed to vli_mmod_fast. This
allows to identify the curve by its name prefix and the appropriate
function for fast mmod calculation can be used.
Summary of changes:
* crypt
From: Stefan Berger
Add support for using elliptic curve keys for signing modules. It uses
a NIST P384 (secp384r1) key if the user chooses an elliptic curve key
and will have ECDSA support built into the kernel.
Note: A developer choosing an ECDSA key for signing modules has to
manually delete t
From: Stefan Berger
Add support for IMA signature verification for EC keys. Since SHA type
of hashes can be used by RSA and ECDSA signature schemes we need to
look at the key and derive from the key which signature scheme to use.
Since this can be applied to all types of keys, we change the selec
From: Stefan Berger
Add support for parsing of x509 certificates that contain ECDSA keys,
such as NIST P256, that have been signed by a CA using any of the
current SHA hash algorithms.
Cc: David Howells
Cc: keyri...@vger.kernel.org
Signed-off-by: Stefan Berger
---
v7->v8:
- do not detect ke
From: Stefan Berger
Add support for parsing the parameters of a NIST P256 or NIST P192 key.
Enable signature verification using these keys. The new module is
enabled with CONFIG_ECDSA:
Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.)
is A NIST cryptographic standard algorithm
From: Stefan Berger
This series of patches adds support for x509 certificates signed by a CA
that uses NIST P384, P256 or P192 keys for signing. It also adds support for
certificates where the public key is one of this type of a key. The math
for ECDSA signature verification is also added as well
From: Stefan Berger
Detect whether a key is an sm2 type of key by its OID in the parameters
array rather than assuming that everything under OID_id_ecPublicKey
is sm2, which is not the case.
Cc: David Howells
Cc: keyri...@vger.kernel.org
Signed-off-by: Stefan Berger
Reviewed-by: Tianjia Zhang
From: Stefan Berger
Add OIDs for ECDSA with sha224/256/384/512.
Signed-off-by: Stefan Berger
---
include/linux/oid_registry.h | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
index 4462ed2c18cd..b504e2f36b25 10
From: Saulo Alessandre
Prepare the x509 parser to accept NIST P384 certificates and add the
OID for ansip384r1, which is the identifier for NIST P384.
Summary of changes:
* crypto/asymmetric_keys/x509_cert_parser.c
- prepare x509 parser to load NIST P384
* include/linux/oid_registry.h
- ad
On 3/5/21 2:46 PM, Vitaly Chikunov wrote:
Jarkko,
On Fri, Mar 05, 2021 at 07:05:39PM +0200, Jarkko Sakkinen wrote:
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (c) 2021 IBM Corporation
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are pe
29 matches
Mail list logo
