pm_runtime_get_sync will increment pm usage counter even it failed.
Forgetting to putting operation will result in reference leak here.
Fix it by replacing it with pm_runtime_resume_and_get to keep usage
counter balanced.
Signed-off-by: Shixin Liu
---
drivers/crypto/allwinner/sun4i-ss/sun4i-ss-c
pm_runtime_get_sync will increment pm usage counter even it failed.
Forgetting to putting operation will result in reference leak here.
Fix it by replacing it with pm_runtime_resume_and_get to keep usage
counter balanced.
Signed-off-by: Shixin Liu
---
drivers/crypto/allwinner/sun8i-ce/sun8i-ce-c
pm_runtime_get_sync will increment pm usage counter even it failed.
Forgetting to putting operation will result in reference leak here.
Fix it by replacing it with pm_runtime_resume_and_get to keep usage
counter balanced.
Signed-off-by: Shixin Liu
---
drivers/crypto/allwinner/sun8i-ss/sun8i-ss-c
pm_runtime_get_sync will increment pm usage counter even it failed.
Forgetting to putting operation will result in reference leak here.
Fix it by replacing it with pm_runtime_resume_and_get to keep usage
counter balanced.
Signed-off-by: Shixin Liu
---
drivers/crypto/stm32/stm32-cryp.c | 4 ++--
pm_runtime_get_sync will increment pm usage counter even it failed.
Forgetting to putting operation will result in reference leak here.
Fix it by replacing it with pm_runtime_resume_and_get to keep usage
counter balanced.
Signed-off-by: Shixin Liu
---
drivers/crypto/sa2ul.c | 2 +-
1 file change
pm_runtime_get_sync will increment pm usage counter even it failed.
Forgetting to putting operation will result in reference leak here.
Fix it by replacing it with pm_runtime_resume_and_get to keep usage
counter balanced.
Signed-off-by: Shixin Liu
---
drivers/crypto/stm32/stm32-hash.c | 8 --
pm_runtime_get_sync will increment pm usage counter even it failed.
Forgetting to putting operation will result in reference leak here.
Fix it by replacing it with pm_runtime_resume_and_get to keep usage
counter balanced.
Signed-off-by: Shixin Liu
---
drivers/crypto/omap-aes.c | 7 +++
1 fil
On Thu, Apr 8, 2021 at 8:52 AM Hangbin Liu wrote:
> On Wed, Apr 07, 2021 at 03:15:51PM -0600, Jason A. Donenfeld wrote:
> > Hi Hangbin,
> >
> > On Wed, Apr 7, 2021 at 5:39 AM Hangbin Liu wrote:
> > >
> > > As the cryptos(BLAKE2S, Curve25519, CHACHA20POLY1305) in WireGuard are not
> > > FIPS certi
Hi Hongbo,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on cryptodev/master]
[also build test ERROR on crypto/master security/next-testing linus/master
v5.12-rc6 next-20210407]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submittin
[Resend this email because the previous one contains a HTML subpart.
Very sorry!]
Hi Aaro,
Sorry to bother you. I saw you have added some message digest modules
to support OCTEON hardware accelerator. May I know if we can support
block ciphers
such as AES/DES ? We can get ASM primitives from
http
According to Documentation/core-api/printk-formats.rst, Use
the correct print format. Printing an unsigned int value should use %u
instead of %d.
Signed-off-by: Kai Ye
---
drivers/crypto/hisilicon/sec/sec_drv.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/cry
According to Documentation/core-api/printk-formats.rst, Use
the correct print format. Printing an unsigned int value should use %u
instead of %d.
Signed-off-by: Kai Ye
---
drivers/crypto/atmel-i2c.c | 2 +-
drivers/crypto/atmel-sha.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
di
According to Documentation/core-api/printk-formats.rst,
Use the correct print format. Printing an unsigned int value should use %u
instead of %d. Otherwise printk() might end up displaying negative numbers.
Kai Ye (2):
crypto/atmel - use the correct print format
crypto: hisilicon/sec_drv - use
Suspend fails on a system in fips mode because md5 is used for the e820
integrity check and is not available. Use crc32 instead.
Prior to this patch, MD5 is used only to create a digest to ensure integrity of
the region, no actual encryption is done. This patch set changes the integrity
check to u
On Thu, Apr 08, 2021 at 09:06:52AM +0800, Hangbin Liu wrote:
> > Also, couldn't you just consider WireGuard to be outside your FIPS module
> > boundary, which would remove it from the scope of the certification?
> >
> > And how do you handle all the other places in the kernel that use ChaCha20
>
On Thu, 2021-04-08 at 06:46 -0400, Chris von Recklinghausen wrote:
> Suspend fails on a system in fips mode because md5 is used for the e820
> integrity check and is not available. Use crc32 instead.
>
> Prior to this patch, MD5 is used only to create a digest to ensure integrity
> of
> the regio
git master
config: x86_64-randconfig-a006-20210408 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce (this is a W=1 build):
#
https://github.com/0day-ci/linux/commit/16672847d0bd803ad40d0b2065125645c082585a
git remote add linux-review https://github.com/0da
Suspend fails on a system in fips mode because md5 is used for the e820
integrity check and is not available. Use crc32 instead.
This patch changes the integrity check algorithm from md5 to
crc32. This integrity check is used only to verify accidental
corruption of the hybernation data and is not
On Thu, Apr 8, 2021 at 3:15 PM Chris von Recklinghausen
wrote:
>
> Suspend fails on a system in fips mode because md5 is used for the e820
> integrity check and is not available. Use crc32 instead.
>
> This patch changes the integrity check algorithm from md5 to
> crc32. This integrity check is us
On Thu, 2021-04-08 at 15:32 +0200, Rafael J. Wysocki wrote:
> On Thu, Apr 8, 2021 at 3:15 PM Chris von Recklinghausen
> wrote:
> > Suspend fails on a system in fips mode because md5 is used for the e820
> > integrity check and is not available. Use crc32 instead.
> >
> > This patch changes the in
On Wed, 2021-04-07 at 15:15 -0600, Jason A. Donenfeld wrote:
> Hi Hangbin,
>
> On Wed, Apr 7, 2021 at 5:39 AM Hangbin Liu wrote:
> > As the cryptos(BLAKE2S, Curve25519, CHACHA20POLY1305) in WireGuard are not
> > FIPS certified, the WireGuard module should be disabled in FIPS mode.
>
> I'm not su
Linux currently supports RSA PKCSv1.5 encoding scheme for
signing / verification. This adds support for RSASSA PSS signature
verification as described in RFC8017 [1].
Patch 1 extends the x509 certificate parser to unpack PSS signature
parameters.
Patches 2-8 pull out the common functions / struc
An X.509 wrapper for a RSASSA-PSS signature contains additional
signature parameters over the PKCSv.15 encoding scheme. Extend the
x509 parser to allow parsing RSASSA-PSS encoded certificates, with
the defaults taken from RFC8017.
References: https://tools.ietf.org/html/rfc8017#appendix-C
Signed-o
which can be reused by other signature padding schemes as
rsapad_akcipher_create. This will be moved out of rsa-pkcs1pad.c to
be used across rsa-*pad implementations.
Signed-off-by: Varad Gautam
---
crypto/rsa-pkcs1pad.c | 48 ++-
1 file changed, 34 insert
The existing RSA implementation supports PKCSv1.5 style signature
paddings via rsa-pkcs1pad. A lot of the functionality implemented
for rsa-pkcs1pad can be reused across other RSA padding schemes.
Rename such functions as rsapad_* before moving them out of
rsa-pkcs1pad.c.
Signed-off-by: Varad Gaut
rsa-pkcs1pad operations that require using RSA primitives rely on
creating an akcipher child RSA transform and processing the results
in the operation-specific callback. Add helpers
rsapad_akcipher_setup_child and rsapad_akcipher_req_complete for req
setup and callback handling, and switch pkcs1pad
Use generic naming to share with other padding scheme implementations.
These will be moved out of rsa-pkcs1pad.c.
Signed-off-by: Varad Gautam
---
crypto/rsa-pkcs1pad.c | 62 +--
1 file changed, 31 insertions(+), 31 deletions(-)
diff --git a/crypto/rsa-pkc
Pull out more common code from rsa-pkcs1pad into rsa-common.
Signed-off-by: Varad Gautam
---
crypto/rsa-common.c | 31 +++
crypto/rsa-pkcs1pad.c| 32
include/crypto/internal/rsa-common.h | 9
3 files
Move out helpers from rsa-pkcs1pad.c which will be shared across
rsa-*pad implementations.
Signed-off-by: Varad Gautam
---
crypto/Makefile | 1 +
crypto/rsa-common.c | 76 ++
crypto/rsa-pkcs1pad.c| 97 +---
For certain signature encoding schemes (eg. RSASSA-PSS), the
verify/sign operation behavior depends on information contained in
the signature blob. Allow passing this down to the crypto_template by
introducing a crypto_akcipher_set_sig_params() call.
Signed-off-by: Varad Gautam
---
crypto/rsa-co
Move helpers for setting public/private keys, RSA akcipher
instance setup, keysize querying etc. to rsa-common.c.
Signed-off-by: Varad Gautam
---
crypto/rsa-common.c | 183 +++
crypto/rsa-pkcs1pad.c| 183 ---
includ
The RSASSA-PSS signature scheme requires knowing the RSA modulus size
in bits. The rsa akcipher_alg max_size call is insufficient for this,
as the returned keysize is rounded up to the next byte.
Since the RSA modulus is stored as an MPI accessible via
struct rsa_mpi_key, move the struct definitio
Add a crypto_template for rsa-psspad, hidden behind
CONFIG_CRYPTO_RSASSA_PSS. Set the sign/verify/encrypt/decrypt
operations to return -EOPNOTSUPP, to be implemented in the future
Signed-off-by: Varad Gautam
---
crypto/Kconfig| 6 ++
crypto/Makefile | 1 +
cry
The RSA output must be processed as per the EMSA-PSS-VERIFY operation
from RFC8017, which forms the core of the PSS signature verification.
Implement the verification callback, which operates on the RSA output
buffer.
Reference: https://tools.ietf.org/html/rfc8017#section-9.1.2
Signed-off-by: Var
RSASSA-PSS verify operation needs to compute digests for its
Mask Generation Function (MGF1), and for digest comparison.
Add helpers to populate a crypto_shash and desc for use in both cases.
Signed-off-by: Varad Gautam
---
crypto/rsa-psspad.c | 24
1 file changed, 24 i
Implement akcipher_alg->set_sig_params for rsassa-psspad to receive the
salt length and MGF hash function for the signature being verified.
Signed-off-by: Varad Gautam
---
v2: Set mgf_hash_algo in psspad_set_sig_params. v1 assumed this to be the same
as the digest hash.
crypto/rsa-psspad.c
Trigger RSA transform on the signature being verified from
psspad_verify, to produce intermediary data which will be handled
in the psspad_verify_complete callback.
Reference: https://tools.ietf.org/html/rfc8017#section-8.1.2
Signed-off-by: Varad Gautam
---
crypto/rsa-psspad.c | 53 +
This generates a "mask" byte array of size mask_len bytes as a
concatenation of digests, where each digest is calculated on a
concatenation of an input seed and a running counter to fill up
mask_len bytes - as described by RFC8017 sec B.2.1. "MGF1".
The mask is useful for RSA signing/verification
keyctl pkey_* operations accept enc and hash parameters at present.
RSASSA-PSS signatures also require passing in the signature salt
length and the mgf hash function.
Add parameters:
- 'slen' to feed in salt length of a PSS signature.
- 'mgfhash' to feed in the hash function used for MGF.
Signed-
Accept pss encoding for public_key_verify_signature. If
CONFIG_CRYPTO_RSASSA_PSS is disabled, crypto_alloc_akcipher will
fail to find a pss backend anyway.
Signed-off-by: Varad Gautam
Acked-by: Jarkko Sakkinen
---
crypto/asymmetric_keys/public_key.c | 18 +-
1 file changed, 13 i
On 4/8/21 4:29 AM, hongbo li wrote:
> Hi Varad,
>
> Varad Gautam mailto:varad.gau...@suse.com>>
> 于2021年4月8日周四 上午5:20写道:
>>
>> Hi Hongbo,
>>
>> On 4/7/21 10:27 AM, hongbo li wrote:
>> > Hello Varad,
>> >
>> > I also made an implementation of rsa pss: "[PATCH v3 0/4] crypto: add
>> > rsa pss suppo
Varad Gautam wrote:
> + Opt_slen, /* "slen=" eg. "slen=32" */
"slen" seems a bit unobvious. Maybe "saltlen=..."?
David
Varad Gautam wrote:
> The test harness is available at [5].
Can you add this to the keyutils testsuite?
https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git
David
On Thu, Apr 08, 2021 at 07:58:08PM +0800, Hangbin Liu wrote:
> On Thu, Apr 08, 2021 at 09:06:52AM +0800, Hangbin Liu wrote:
> > > Also, couldn't you just consider WireGuard to be outside your FIPS module
> > > boundary, which would remove it from the scope of the certification?
> > >
> > > And how
On Thu, Apr 08, 2021 at 03:32:38PM +0200, Rafael J. Wysocki wrote:
> On Thu, Apr 8, 2021 at 3:15 PM Chris von Recklinghausen
> wrote:
> >
> > Suspend fails on a system in fips mode because md5 is used for the e820
> > integrity check and is not available. Use crc32 instead.
> >
> > This patch chan
On Thu, Apr 08, 2021 at 09:15:06AM -0400, Chris von Recklinghausen wrote:
> Suspend fails on a system in fips mode because md5 is used for the e820
> integrity check and is not available. Use crc32 instead.
>
> This patch changes the integrity check algorithm from md5 to
> crc32. This integrity ch
On Thu, 2021-04-08 at 08:26 -0700, Eric Biggers wrote:
> On Thu, Apr 08, 2021 at 03:32:38PM +0200, Rafael J. Wysocki wrote:
> > On Thu, Apr 8, 2021 at 3:15 PM Chris von Recklinghausen
> > wrote:
> > > Suspend fails on a system in fips mode because md5 is used for the e820
> > > integrity check and
On 4/8/21 11:30 AM, Eric Biggers wrote:
On Thu, Apr 08, 2021 at 09:15:06AM -0400, Chris von Recklinghausen wrote:
Suspend fails on a system in fips mode because md5 is used for the e820
integrity check and is not available. Use crc32 instead.
This patch changes the integrity check algorithm fro
On Thu, Apr 8, 2021 at 5:26 PM Eric Biggers wrote:
>
> On Thu, Apr 08, 2021 at 03:32:38PM +0200, Rafael J. Wysocki wrote:
> > On Thu, Apr 8, 2021 at 3:15 PM Chris von Recklinghausen
> > wrote:
> > >
> > > Suspend fails on a system in fips mode because md5 is used for the e820
> > > integrity chec
On Mon, Apr 05, 2021 at 16:14 UTC, Greg KH wrote:
> On Mon, Apr 05, 2021 at 01:55:15PM +, Jianmin Wang wrote:
> > There is same problem found in linux 4.19.y as upstream commit. The
> > changes of crypto_user_* and cryptouser.h files from upstream patch are
> > merged into
> > crypto/crypto_
On Thu, Apr 8, 2021 at 7:55 AM Simo Sorce wrote:
> > I'm not sure this makes so much sense to do _in wireguard_. If you
> > feel like the FIPS-allergic part is actually blake, 25519, chacha, and
> > poly1305, then wouldn't it make most sense to disable _those_ modules
> > instead? And then the var
On Thu, 2021-04-08 at 15:55 -0600, Jason A. Donenfeld wrote:
> On Thu, Apr 8, 2021 at 7:55 AM Simo Sorce wrote:
> > > I'm not sure this makes so much sense to do _in wireguard_. If you
> > > feel like the FIPS-allergic part is actually blake, 25519, chacha, and
> > > poly1305, then wouldn't it mak
On Thu, Apr 08, 2021 at 11:53:59AM -0400, Chris von Recklinghausen wrote:
> On 4/8/21 11:30 AM, Eric Biggers wrote:
> > On Thu, Apr 08, 2021 at 09:15:06AM -0400, Chris von Recklinghausen wrote:
> > > Suspend fails on a system in fips mode because md5 is used for the e820
> > > integrity check and i
On Thu, Apr 08, 2021 at 08:11:34AM -0700, Eric Biggers wrote:
> On Thu, Apr 08, 2021 at 07:58:08PM +0800, Hangbin Liu wrote:
> > On Thu, Apr 08, 2021 at 09:06:52AM +0800, Hangbin Liu wrote:
> > > > Also, couldn't you just consider WireGuard to be outside your FIPS
> > > > module
> > > > boundary,
On Thu, Apr 08, 2021 at 03:55:59PM -0600, Jason A. Donenfeld wrote:
> On Thu, Apr 8, 2021 at 7:55 AM Simo Sorce wrote:
> > > I'm not sure this makes so much sense to do _in wireguard_. If you
> > > feel like the FIPS-allergic part is actually blake, 25519, chacha, and
> > > poly1305, then wouldn't
Hi Hangbin,
On Thu, Apr 8, 2021 at 8:41 PM Hangbin Liu wrote:
> I agree that the best way is to disable the crypto modules in FIPS mode.
> But the code in lib/crypto looks not the same with crypto/. For modules
> in crypto, there is an alg_test() to check if the crytpo is FIPS allowed
> when do r
NIAP PP_OS certification requests that the OS shall validate the
CodeSigning extended key usage extension field for integrity
verifiction of exectable code:
https://www.niap-ccevs.org/MMO/PP/-442-/
FIA_X509_EXT.1.1
This patchset adds the logic for parsing the codeSigning EKU extension
This patch adds the logic for parsing the CodeSign extended key usage
extension in X.509. The parsing result will be set to the eku flag
which is carried by public key. It can be used in the PKCS#7
verification.
Signed-off-by: "Lee, Chun-Yi"
---
crypto/asymmetric_keys/x509_cert_parser.c | 24 +++
This patch adds the logic for checking the CodeSigning extended
key usage when verifying signature of kernel module or
kexec PE binary in PKCS#7.
Signed-off-by: "Lee, Chun-Yi"
---
certs/system_keyring.c | 2 +-
crypto/asymmetric_keys/Kconfig | 9 +
crypto/asymmetric
Add codeSigning EKU to the X.509 key generation config for the build time
autogenerated kernel key.
Signed-off-by: "Lee, Chun-Yi"
---
certs/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/certs/Makefile b/certs/Makefile
index f4c25b67aad9..1ef4d6ca43b7 100644
--- a/certs/Makefile
++
Add an openssl command option example for generating CodeSign extended
key usage in X.509 when CONFIG_CHECK_CODESIGN_EKU is enabled.
Signed-off-by: "Lee, Chun-Yi"
---
Documentation/admin-guide/module-signing.rst | 6 ++
1 file changed, 6 insertions(+)
diff --git a/Documentation/admin-guide/
On Thu, Apr 08, 2021 at 08:44:35PM -0600, Jason A. Donenfeld wrote:
> Since it's just a normal module library, you can simply do this in the
> module_init function, rather than deep within registration
> abstractions.
I did a try but looks it's not that simple. Not sure if it's because wireguard
c
On Fri, Apr 09, 2021 at 10:49:07AM +0800, Hangbin Liu wrote:
> On Thu, Apr 08, 2021 at 08:44:35PM -0600, Jason A. Donenfeld wrote:
> > Since it's just a normal module library, you can simply do this in the
> > module_init function, rather than deep within registration
> > abstractions.
>
> I did a
On Fri, 9 Apr 2021 at 05:03, Jason A. Donenfeld wrote:
>
> On Fri, Apr 09, 2021 at 10:49:07AM +0800, Hangbin Liu wrote:
> > On Thu, Apr 08, 2021 at 08:44:35PM -0600, Jason A. Donenfeld wrote:
> > > Since it's just a normal module library, you can simply do this in the
> > > module_init function, r
pm_runtime_get_sync will increment pm usage counter even it failed.
Forgetting to putting operation will result in reference leak here.
Fix it by replacing it with pm_runtime_resume_and_get to keep usage
counter balanced.
Reported-by: Hulk Robot
Signed-off-by: Ye Weihua
---
drivers/char/hw_rand
On Fri, 9 Apr 2021 at 08:11, Ye Weihua wrote:
>
> pm_runtime_get_sync will increment pm usage counter even it failed.
> Forgetting to putting operation will result in reference leak here.
> Fix it by replacing it with pm_runtime_resume_and_get to keep usage
> counter balanced.
>
> Reported-by: Hul
On Thu, Apr 08, 2021 at 07:11:48PM +, Jianmin Wang wrote:
> On Mon, Apr 05, 2021 at 16:14 UTC, Greg KH wrote:
> > On Mon, Apr 05, 2021 at 01:55:15PM +, Jianmin Wang wrote:
> > > There is same problem found in linux 4.19.y as upstream commit. The
> > > changes of crypto_user_* and cryptouse
67 matches
Mail list logo
