BMC/Intel-BMC/linux.git/crypto, branch dev-4.7Intel OpenBMC Linux kernel source tree (mirror)https://git.radix-linux.su/BMC/Intel-BMC/linux.git/atom?h=dev-4.72016-10-22T10:06:49+00:00crypto: ghash-generic - move common definitions to a new header file2016-10-22T10:06:49+00:00Marcelo Cerrimarcelo.cerri@canonical.com2016-09-28T16:42:09+00:00urn:sha1:826ed40808d591456d94b39498c43b0c8bf88bb7
commit a397ba829d7f8aff4c90af3704573a28ccd61a59 upstream.
Move common values and types used by ghash-generic to a new header file
so drivers can directly use ghash-generic as a fallback implementation.
Fixes: cc333cd68dfa ("crypto: vmx - Adding GHASH routines for VMX module")
Signed-off-by: Marcelo Cerri <marcelo.cerri@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
async_pq_val: fix DMA memory leak2016-10-22T10:06:48+00:00Justin Maggardjmaggard10@gmail.com2016-10-04T20:17:58+00:00urn:sha1:2ea1e5b248e29791ec72a5cf9eb6b28fe315ee76
commit c84750906b4818d4929fbf73a4ae6c113b94f52b upstream.
Add missing dmaengine_unmap_put(), so we don't OOM during RAID6 sync.
Fixes: 1786b943dad0 ("async_pq_val: convert to dmaengine_unmap_data")
Signed-off-by: Justin Maggard <jmaggard@netgear.com>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
crypto: echainiv - Replace chaining with multiplication2016-09-30T08:12:43+00:00Herbert Xuherbert@gondor.apana.org.au2016-09-07T10:42:08+00:00urn:sha1:77ead6507c98f793af265d09aa68533c59b8126d
commit 53a5d5ddccf849dbc27a8c1bba0b43c3a45fb792 upstream.
The current implementation uses a global per-cpu array to store
data which are used to derive the next IV. This is insecure as
the attacker may change the stored data.
This patch removes all traces of chaining and replaces it with
multiplication of the salt and the sequence number.
Fixes: a10f554fa7e0 ("crypto: echainiv - Add encrypted chain IV...")
Reported-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
crypto: skcipher - Fix blkcipher walk OOM crash2016-09-30T08:12:43+00:00Herbert Xuherbert@gondor.apana.org.au2016-09-13T06:43:29+00:00urn:sha1:aa3520cf8c14a61e315b7e43756464e45dcc7ed1
commit acdb04d0b36769b3e05990c488dc74d8b7ac8060 upstream.
When we need to allocate a temporary blkcipher_walk_next and it
fails, the code is supposed to take the slow path of processing
the data block by block. However, due to an unrelated change
we instead end up dereferencing the NULL pointer.
This patch fixes it by moving the unrelated bsize setting out
of the way so that we enter the slow path as inteded.
Fixes: 7607bd8ff03b ("[CRYPTO] blkcipher: Added blkcipher_walk_virt_block")
Reported-by: xiakaixu <xiakaixu@huawei.com>
Reported-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
crypto: cryptd - initialize child shash_desc on import2016-09-24T08:09:34+00:00Ard Biesheuvelard.biesheuvel@linaro.org2016-09-01T13:25:43+00:00urn:sha1:4faef745435f28cd519b9b3e345b199e3d0611cf
commit 0bd2223594a4dcddc1e34b15774a3a4776f7749e upstream.
When calling .import() on a cryptd ahash_request, the structure members
that describe the child transform in the shash_desc need to be initialized
like they are when calling .init()
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
crypto: scatterwalk - Fix test in scatterwalk_done2016-08-16T07:35:00+00:00Herbert Xuherbert@gondor.apana.org.au2016-07-12T05:17:57+00:00urn:sha1:1539c4d5d3df046cb36c3fed2ea435c34abc4e05
commit 5f070e81bee35f1b7bd1477bb223a873ff657803 upstream.
When there is more data to be processed, the current test in
scatterwalk_done may prevent us from calling pagedone even when
we should.
In particular, if we're on an SG entry spanning multiple pages
where the last page is not a full page, we will incorrectly skip
calling pagedone on the second last page.
This patch fixes this by adding a separate test for whether we've
reached the end of a page.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
crypto: gcm - Filter out async ghash if necessary2016-08-16T07:35:00+00:00Herbert Xuherbert@gondor.apana.org.au2016-06-15T14:27:05+00:00urn:sha1:cab0805d7cf18537660ad51b6b9d991263676921
commit b30bdfa86431afbafe15284a3ad5ac19b49b88e3 upstream.
As it is if you ask for a sync gcm you may actually end up with
an async one because it does not filter out async implementations
of ghash.
This patch fixes this by adding the necessary filter when looking
for ghash.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.62016-07-23T03:20:55+00:00Linus Torvaldstorvalds@linux-foundation.org2016-07-23T03:20:55+00:00urn:sha1:48d4ca5639507b8c37e3bd5711e70aedb05dee2c
Pull crypto fixes from Herbert Xu:
"This fixes a sporadic build failure in the qat driver as well as a
memory corruption bug in rsa-pkcs1pad"
* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: rsa-pkcs1pad - fix rsa-pkcs1pad request struct
crypto: qat - make qat_asym_algs.o depend on asn1 headers
crypto: rsa-pkcs1pad - fix rsa-pkcs1pad request struct2016-07-22T09:58:21+00:00Herbert Xuherbert@gondor.apana.org.au2016-07-22T09:58:21+00:00urn:sha1:87dcdebd6beb54f183ae874664ba47bf071ebf95
To allow for child request context the struct akcipher_request child_req
needs to be at the end of the structure.
Cc: stable@vger.kernel.org
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
KEYS: Fix for erroneous trust of incorrectly signed X.509 certs2016-07-18T02:19:47+00:00Mat Martineaumathew.j.martineau@linux.intel.com2016-07-17T23:10:55+00:00urn:sha1:acddc72015e5bc8f640b02d38b36afd7841c9c14
Arbitrary X.509 certificates without authority key identifiers (AKIs)
can be added to "trusted" keyrings, including IMA or EVM certs loaded
from the filesystem. Signature verification is currently bypassed for
certs without AKIs.
Trusted keys were recently refactored, and this bug is not present in
4.6.
restrict_link_by_signature should return -ENOKEY (no matching parent
certificate found) if the certificate being evaluated has no AKIs,
instead of bypassing signature checks and returning 0 (new certificate
accepted).
Reported-by: Petko Manolov <petkan@mip-labs.com>
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>