Fixed following checkpatch error:
- do not use assignment in if condition
Fixed following checkpatch warning:
- prefer strscpy over strlcpy
- delete repeated word
Signed-off-by: Zhiqi Song
---
crypto/api.c | 20
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/
Fixed following checkpatch error:
- do not use assignment in if condition
Signed-off-by: Zhiqi Song
---
crypto/cbc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/cbc.c b/crypto/cbc.c
index 6c03e96..152d48d 100644
--- a/crypto/cbc.c
+++ b/crypto/cbc.c
@@ -140,7 +14
Hello Jarkko,
On 01.04.21 01:30, Jarkko Sakkinen wrote:
>> Option (C) sounds reasonable to me but I would rather prefer an info
>> message rather than warning as otherwise it would reflect that we are
>> enforcing kernel RNG choice for a user to trust upon.
>
> I gave some though on this.
>
> I
On 4/1/21 3:09 AM, Herbert Xu wrote:
> On Tue, Mar 30, 2021 at 10:28:12PM +0200, Varad Gautam wrote:
>> An X.509 wrapper for a RSASSA-PSS signature contains additional
>> signature parameters over the PKCSv.15 encoding scheme. Extend the
>> x509 parser to allow parsing RSASSA-PSS encoded certificat
On Tue, 30 Mar 2021 at 21:56, Simo Sorce wrote:
>
> On Tue, 2021-03-30 at 21:45 +0200, Ard Biesheuvel wrote:
> > On Tue, 30 Mar 2021 at 20:05, Simo Sorce wrote:
> > > On Tue, 2021-03-30 at 16:46 +0200, Rafael J. Wysocki wrote:
> > > > On Tue, Mar 30, 2021 at 12:14 AM Dexuan Cui wrote:
> > > > >
Hello Richard,
On 30.03.21 23:50, Richard Weinberger wrote:
> Ahmad,
>
> On Wed, Mar 17, 2021 at 3:08 PM Ahmad Fatoum wrote:
>
>> TABLE="0 $BLOCKS crypt $ALGO :32:trusted:$KEYNAME 0 $DEV 0 1
>> allow_discards"
>> echo $TABLE | dmsetup create mydev
>> echo $TABLE | dmsetup load myde
Hello Richard,
On 31.03.21 21:36, Richard Weinberger wrote:
> James,
>
> - Ursprüngliche Mail -
>> Von: "James Bottomley"
>> Well, yes. For the TPM, there's a defined ASN.1 format for the keys:
>>
>> https://git.kernel.org/pub/scm/linux/kernel/git/jejb/openssl_tpm2_engine.git/tree/tpm2-
Hello Richard,
On 31.03.21 20:35, Richard Weinberger wrote:
> Ahmad,
>
> On Tue, Mar 16, 2021 at 6:24 PM Ahmad Fatoum wrote:
>> +#define KEYMOD "kernel:trusted"
>
> why is the CAAM key modifier hard coded?
> I'd love to have way to pass my own modifier.
>
> That way existing blobs can also be
Hello,
On 01.04.21 12:20, Richard Weinberger wrote:
> Ahmad,
>
> - Ursprüngliche Mail -
>> Von: "Ahmad Fatoum"
>>> I'm pretty sure with minimal changes it will work with your recent approach
>>> too.
>>
>> I am using dmsetup directly in my project. I am not familiar with cryptsetup
>> p
Ahmad,
- Ursprüngliche Mail -
> Von: "Ahmad Fatoum"
>> I'm pretty sure with minimal changes it will work with your recent approach
>> too.
>
> I am using dmsetup directly in my project. I am not familiar with cryptsetup
> plain. What benefits do you see with this over direct dmsetup?
c
Ahmad,
- Ursprüngliche Mail -
> Von: "Ahmad Fatoum"
>> That way existing blobs can also be used with this implementation.
>> IIRC the NXP vendor tree uses "SECURE_KEY" as default modifier.
>
> Being binary compatible with other implementations is not an objective
> for this patch set. If
Ahmad,
- Ursprüngliche Mail -
> Do you mean systemd-cryptsetup? It looks to me like it's just a way to supply
> the keyphrase. With trusted keys and a keyphrase unknown to userspace, this
> won't work.
Nah, I meant existing scripts/service Files.
> I don't (yet) see the utility of it wit
Hello Richard,
On 01.04.21 12:53, Richard Weinberger wrote:
> Ahmad,
>
> - Ursprüngliche Mail -
>> Do you mean systemd-cryptsetup? It looks to me like it's just a way to supply
>> the keyphrase. With trusted keys and a keyphrase unknown to userspace, this
>> won't work.
>
> Nah, I meant
Ahmad,
- Ursprüngliche Mail -
> Von: "Ahmad Fatoum"
>> I don't want you to force to use cryptsetup.
>
> I'd love to use cryptsetup with LUKS and trusted keys eventually. I'll take
But using LUKS would mean that cryptsetup has access to the plain disc
encryption key material?
This would
Richard Weinberger wrote:
> On Wed, Mar 17, 2021 at 3:08 PM Ahmad Fatoum wrote:
> > keyctl add trusted $KEYNAME "load $(cat ~/kmk.blob)" @s
>
> Is there a reason why we can't pass the desired backend name in the
> trusted key parameters?
> e.g.
> keyctl add trusted $KEYNAME "backendtype caam
Hello Richard,
On 01.04.21 13:05, Richard Weinberger wrote:
> Ahmad,
>
> - Ursprüngliche Mail -
>> Von: "Ahmad Fatoum"
>>> I don't want you to force to use cryptsetup.
>>
>> I'd love to use cryptsetup with LUKS and trusted keys eventually. I'll take
>
> But using LUKS would mean that cr
Sumit,
- Ursprüngliche Mail -
> Von: "Sumit Garg"
> In this case why would one prefer to use CAAM when you have standards
> compliant TPM-Chip which additionally offers sealing to specific PCR
> (integrity measurement) values.
I don't think we can dictate what good/sane solutions are and
On Thu, 1 Apr 2021 at 15:36, Ahmad Fatoum wrote:
>
> Hello Richard,
>
> On 31.03.21 21:36, Richard Weinberger wrote:
> > James,
> >
> > - Ursprüngliche Mail -
> >> Von: "James Bottomley"
> >> Well, yes. For the TPM, there's a defined ASN.1 format for the keys:
> >>
> >> https://git.kerne
Hello Richard, Sumit,
On 01.04.21 15:17, Richard Weinberger wrote:
> Sumit,
>
> - Ursprüngliche Mail -
>> Von: "Sumit Garg"
>> IIUC, this would require support for multiple trusted keys backends at
>> runtime but currently the trusted keys subsystem only supports a
>> single backend whic
Suspend fails on a system in fips mode because md5 is used for the e820
integrity check and is not available. Use crc32 instead.
Fixes: 62a03defeabd ("PM / hibernate: Verify the consistent of e820 memory map
by md5 digest")
Signed-off-by: Chris von Recklinghausen
---
arch/x86/power/hibern
On Thu, 1 Apr 2021 at 15:34, Rafael J. Wysocki wrote:
>
> On Thu, Apr 1, 2021 at 2:25 PM Chris von Recklinghausen
> wrote:
> >
> > Suspend fails on a system in fips mode because md5 is used for the e820
> > integrity check and is not available. Use crc32 instead.
> >
> > Fixes: 62a03defeabd ("PM
Currently, suspend on x86_64 fails when FIPS mode is enabled because it uses md5
to generate a digest of the e820 region. MD5 is not FIPS compliant so an error
is reported and the suspend fails.
MD5 is used only to create a digest to ensure integrity of the region, no actual
encryption is done. Th
On Thu, Apr 1, 2021 at 2:25 PM Chris von Recklinghausen
wrote:
>
> Suspend fails on a system in fips mode because md5 is used for the e820
> integrity check and is not available. Use crc32 instead.
>
> Fixes: 62a03defeabd ("PM / hibernate: Verify the consistent of e820 memory map
>by md5 d
Currently, suspend on x86_64 fails when FIPS mode is enabled because it uses md5
to generate a digest of the e820 region. MD5 is not FIPS compliant so an error
is reported and the suspend fails.
MD5 is used only to create a digest to ensure integrity of the region, no actual
encryption is done. Th
Suspend fails on a system in fips mode because md5 is used for the e820
integrity check and is not available. Use crc32 instead.
Fixes: 62a03defeabd ("PM / hibernate: Verify the consistent of e820 memory map
by md5 digest")
Signed-off-by: Chris von Recklinghausen
---
arch/x86/power/hibern
On Thu, 1 Apr 2021 at 19:00, Ahmad Fatoum wrote:
>
> Hello Richard, Sumit,
>
> On 01.04.21 15:17, Richard Weinberger wrote:
> > Sumit,
> >
> > - Ursprüngliche Mail -
> >> Von: "Sumit Garg"
> >> IIUC, this would require support for multiple trusted keys backends at
> >> runtime but current
Ahmad,
- Ursprüngliche Mail -
> Von: "Ahmad Fatoum"
>> But using LUKS would mean that cryptsetup has access to the plain disc
>> encryption key material?
>> This would be a no-go for many systems out there, key material must not
>> accessible to userspace.
>> I know, distrusting userspace
On Thu, 1 Apr 2021 at 19:29, Richard Weinberger wrote:
>
> Sumit,
>
> - Ursprüngliche Mail -
> > Von: "Sumit Garg"
> > In this case why would one prefer to use CAAM when you have standards
> > compliant TPM-Chip which additionally offers sealing to specific PCR
> > (integrity measurement)
On Thu, 2021-04-01 at 18:31 +0200, Rafael J. Wysocki wrote:
> On Thu, Apr 1, 2021 at 6:22 PM Simo Sorce wrote:
> > On Thu, 2021-04-01 at 18:02 +0200, Rafael J. Wysocki wrote:
> > > On Thu, Apr 1, 2021 at 3:54 PM Ard Biesheuvel wrote:
> > > > On Thu, 1 Apr 2021 at 15:38, Rafael J. Wysocki
> > >
On Thu, Apr 1, 2021 at 3:59 PM Ard Biesheuvel wrote:
>
> On Thu, 1 Apr 2021 at 15:34, Rafael J. Wysocki wrote:
> >
> > On Thu, Apr 1, 2021 at 2:25 PM Chris von Recklinghausen
> > wrote:
> > >
> > > Suspend fails on a system in fips mode because md5 is used for the e820
> > > integrity check and
On 4/1/21 9:38 AM, Rafael J. Wysocki wrote:
On Thu, Apr 1, 2021 at 10:47 AM Ard Biesheuvel wrote:
On Tue, 30 Mar 2021 at 21:56, Simo Sorce wrote:
On Tue, 2021-03-30 at 21:45 +0200, Ard Biesheuvel wrote:
On Tue, 30 Mar 2021 at 20:05, Simo Sorce wrote:
On Tue, 2021-03-30 at 16:46 +0200, Rafa
Sumit,
- Ursprüngliche Mail -
> Von: "Sumit Garg"
> IIUC, this would require support for multiple trusted keys backends at
> runtime but currently the trusted keys subsystem only supports a
> single backend which is selected via kernel module parameter during
> boot.
>
> So the trusted k
On Thu, Apr 1, 2021 at 6:22 PM Simo Sorce wrote:
>
> On Thu, 2021-04-01 at 18:02 +0200, Rafael J. Wysocki wrote:
> > On Thu, Apr 1, 2021 at 3:54 PM Ard Biesheuvel wrote:
> > > On Thu, 1 Apr 2021 at 15:38, Rafael J. Wysocki wrote:
> > > > On Thu, Apr 1, 2021 at 10:47 AM Ard Biesheuvel wrote:
> >
On Thu, Apr 1, 2021 at 10:47 AM Ard Biesheuvel wrote:
>
> On Tue, 30 Mar 2021 at 21:56, Simo Sorce wrote:
> >
> > On Tue, 2021-03-30 at 21:45 +0200, Ard Biesheuvel wrote:
> > > On Tue, 30 Mar 2021 at 20:05, Simo Sorce wrote:
> > > > On Tue, 2021-03-30 at 16:46 +0200, Rafael J. Wysocki wrote:
> >
On Thu, Apr 1, 2021 at 3:54 PM Ard Biesheuvel wrote:
>
> On Thu, 1 Apr 2021 at 15:38, Rafael J. Wysocki wrote:
> >
> > On Thu, Apr 1, 2021 at 10:47 AM Ard Biesheuvel wrote:
> > >
> > > On Tue, 30 Mar 2021 at 21:56, Simo Sorce wrote:
> > > >
> > > > On Tue, 2021-03-30 at 21:45 +0200, Ard Biesheu
Hi Richard,
On Wed, 31 Mar 2021 at 03:34, Richard Weinberger
wrote:
>
> Ahmad,
>
> On Wed, Mar 17, 2021 at 3:08 PM Ahmad Fatoum wrote:
> > keyctl add trusted $KEYNAME "load $(cat ~/kmk.blob)" @s
>
> Is there a reason why we can't pass the desired backend name in the
> trusted key parameters?
On Thu, Apr 1, 2021 at 3:34 PM Rafael J. Wysocki wrote:
>
> On Thu, Apr 1, 2021 at 2:25 PM Chris von Recklinghausen
> wrote:
> >
> > Suspend fails on a system in fips mode because md5 is used for the e820
> > integrity check and is not available. Use crc32 instead.
> >
> > Fixes: 62a03defeabd ("P
On Thu, 2021-04-01 at 18:02 +0200, Rafael J. Wysocki wrote:
> On Thu, Apr 1, 2021 at 3:54 PM Ard Biesheuvel wrote:
> > On Thu, 1 Apr 2021 at 15:38, Rafael J. Wysocki wrote:
> > > On Thu, Apr 1, 2021 at 10:47 AM Ard Biesheuvel wrote:
> > > > On Tue, 30 Mar 2021 at 21:56, Simo Sorce wrote:
> > >
On Thu, Apr 01, 2021 at 09:54:21AM -0400, Chris von Recklinghausen wrote:
> On 4/1/21 9:38 AM, Rafael J. Wysocki wrote:
> > On Thu, Apr 1, 2021 at 10:47 AM Ard Biesheuvel wrote:
> > > On Tue, 30 Mar 2021 at 21:56, Simo Sorce wrote:
> > > > On Tue, 2021-03-30 at 21:45 +0200, Ard Biesheuvel wrote:
On Thu, 2021-04-01 at 18:50 +0530, Sumit Garg wrote:
> On Thu, 1 Apr 2021 at 15:36, Ahmad Fatoum
> wrote:
> > Hello Richard,
> >
> > On 31.03.21 21:36, Richard Weinberger wrote:
> > > James,
> > >
> > > - Ursprüngliche Mail -
> > > > Von: "James Bottomley"
> > > > Well, yes. For the TP
On Thu, 1 Apr 2021 at 15:38, Rafael J. Wysocki wrote:
>
> On Thu, Apr 1, 2021 at 10:47 AM Ard Biesheuvel wrote:
> >
> > On Tue, 30 Mar 2021 at 21:56, Simo Sorce wrote:
> > >
> > > On Tue, 2021-03-30 at 21:45 +0200, Ard Biesheuvel wrote:
> > > > On Tue, 30 Mar 2021 at 20:05, Simo Sorce wrote:
>
On Thu, 1 Apr 2021 at 15:54, Chris von Recklinghausen
wrote:
>
> On 4/1/21 9:38 AM, Rafael J. Wysocki wrote:
> > On Thu, Apr 1, 2021 at 10:47 AM Ard Biesheuvel wrote:
> >> On Tue, 30 Mar 2021 at 21:56, Simo Sorce wrote:
> >>> On Tue, 2021-03-30 at 21:45 +0200, Ard Biesheuvel wrote:
> On Tue
On Thu, Apr 01, 2021 at 06:19:57PM +0200, Rafael J. Wysocki wrote:
> On Thu, Apr 1, 2021 at 3:59 PM Ard Biesheuvel wrote:
> >
> > On Thu, 1 Apr 2021 at 15:34, Rafael J. Wysocki wrote:
> > >
> > > On Thu, Apr 1, 2021 at 2:25 PM Chris von Recklinghausen
> > > wrote:
> > > >
> > > > Suspend fails o
Le 01/04/2021 à 14:24, Chris von Recklinghausen a écrit :
Currently, suspend on x86_64 fails when FIPS mode is enabled because it uses md5
to generate a digest of the e820 region. MD5 is not FIPS compliant so an error
is reported and the suspend fails.
MD5 is used only to create a digest to e
> From: Chris von Recklinghausen
> Sent: Thursday, April 1, 2021 9:42 AM
> To: a...@kernel.org; s...@redhat.com; raf...@kernel.org; Dexuan Cui
> ; linux...@vger.kernel.org;
> linux-crypto@vger.kernel.org; linux-ker...@vger.kernel.org
> Subject: [PATCH v2 1/1] use crc32 instead of md5 for hibernati
From: Colin Ian King
There are two error return paths that are not freeing rxd and causing
memory leaks. Fix these.
Addresses-Coverity: ("Resource leak")
Fixes: 00c9211f60db ("crypto: sa2ul - Fix DMA mapping API usage")
Signed-off-by: Colin Ian King
---
V2: Fix typo in $SUBJECT
---
drivers/
From: Colin Ian King
There are two error return paths that are not freeing rxd and causing
memory leaks. Fix these.
Addresses-Coverity: ("Resource leak")
Fixes: 00c9211f60db ("crypto: sa2ul - Fix DMA mapping API usage")
Signed-off-by: Colin Ian King
---
drivers/crypto/sa2ul.c | 8 ++--
1
From: Colin Ian King
It appears there are several failure return paths that don't seem
to be free'ing pad. Fix these.
Addresses-Coverity: ("Resource leak")
Fixes: d9b45418a917 ("crypto: sun8i-ss - support hash algorithms")
Signed-off-by: Colin Ian King
---
drivers/crypto/allwinner/sun8i-ss/sun
On Wed, Mar 24, 2021 at 09:14:02AM -0700, James Bottomley wrote:
> On Tue, 2021-03-23 at 14:07 -0400, Mimi Zohar wrote:
> > On Tue, 2021-03-23 at 17:35 +0100, Ahmad Fatoum wrote:
> > > Hello Horia,
> > >
> > > On 21.03.21 21:48, Horia Geantă wrote:
> > > > On 3/16/2021 7:02 PM, Ahmad Fatoum wrote:
skcipher: Add a verifying to check whether the triple DES key
is weak.
Signed-off-by: Kai Ye
---
drivers/crypto/hisilicon/sec2/sec_crypto.c | 13 +++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/hisilicon/sec2/sec_crypto.c
b/drivers/crypto/hisilicon/se
50 matches
Mail list logo
