Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.6.132 2024-07-11T10:49:04+00:00 2024-07-11T10:49:04+00:00 Hailey Mothershead hailmo@amazon.com 2024-04-15T22:19:15+00:00 urn:sha1:b502d4a08875ea2b4ea5d5b28dc7c991c8b90cfb [ Upstream commit 23e4099bdc3c8381992f9eb975c79196d6755210 ] I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using kfree_sensitive for buffers that previously held the private key. Signed-off-by: Hailey Mothershead <hailmo@amazon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 2023-05-02T10:22:24+00:00 Ondrej Mosnacek omosnace@redhat.com 2023-05-02T08:02:33+00:00 urn:sha1:b8969a1b69672b163d057e7745ebc915df689211 Checking the config via ifdef incorrectly compiles out the report functions when CRYPTO_USER is set to =m. Fix it by using IS_ENABLED() instead. Fixes: c0f9e01dd266 ("crypto: api - Check CRYPTO_USER instead of NET for report") Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2023-03-14T09:06:42+00:00 Herbert Xu herbert@gondor.apana.org.au 2023-02-16T10:35:28+00:00 urn:sha1:c0f9e01dd266b8a8f674d9f6a388972b81be1641 The report function is currently conditionalised on CONFIG_NET. As it's only used by CONFIG_CRYPTO_USER, conditionalising on that instead of CONFIG_NET makes more sense. This gets rid of a rarely used code-path. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2023-03-14T09:06:41+00:00 Herbert Xu herbert@gondor.apana.org.au 2023-02-16T10:35:11+00:00 urn:sha1:0df4adf8682a017e43579ac8c9ec1a31c538e940 Move all stat code specific to aead into the aead code. While we're at it, change the stats so that bytes and counts are always incremented even in case of error. This allows the reference counting to be removed as we can now increment the counters prior to the operation. After the operation we simply increase the error count if necessary. This is safe as errors can only occur synchronously (or rather, the existing code already ignored asynchronous errors which are only visible to the callback function). Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2020-01-09T03:30:58+00:00 Eric Biggers ebiggers@google.com 2020-01-03T04:04:40+00:00 urn:sha1:d4fdc2dfaa755e0bf22de6a2774cac2e5ae45cf4 All instances need to have a ->free() method, but people could forget to set it and then not notice if the instance is never unregistered. To help detect this bug earlier, don't allow an instance without a ->free() method to be registered, and complain loudly if someone tries to do it. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2020-01-09T03:30:58+00:00 Eric Biggers ebiggers@google.com 2020-01-03T04:04:39+00:00 urn:sha1:a24a1fd731274ebbca873000e2c7fbe8224ae4c8 Now that all templates provide a ->create() method which creates an instance, installs a strongly-typed ->free() method directly to it, and registers it, the older ->alloc() and ->free() methods in 'struct crypto_template' are no longer used. Remove them. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2020-01-09T03:30:54+00:00 Eric Biggers ebiggers@google.com 2020-01-03T03:58:48+00:00 urn:sha1:de95c9574108ec304083ed574304ab3b60b4167c Currently, crypto_spawn::inst is first used temporarily to pass the instance to crypto_grab_spawn(). Then crypto_init_spawn() overwrites it with crypto_spawn::next, which shares the same union. Finally, crypto_spawn::inst is set again when the instance is registered. Make this less convoluted by just passing the instance as an argument to crypto_grab_spawn() instead. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2020-01-09T03:30:54+00:00 Eric Biggers ebiggers@google.com 2020-01-03T03:58:46+00:00 urn:sha1:cd900f0cacd7601dabdd028e8cbdbf2a7041cee2 Initializing a crypto_aead_spawn currently requires: 1. Set spawn->base.inst to point to the instance. 2. Call crypto_grab_aead(). But there's no reason for these steps to be separate, and in fact this unneeded complication has caused at least one bug, the one fixed by commit 6db43410179b ("crypto: adiantum - initialize crypto_spawn::inst") So just make crypto_grab_aead() take the instance as an argument. To keep the function calls from getting too unwieldy due to this extra argument, also introduce a 'mask' variable into the affected places which weren't already using one. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2019-11-17T01:02:38+00:00 Herbert Xu herbert@gondor.apana.org.au 2019-11-08T10:41:58+00:00 urn:sha1:20cc01baa33463e9e8b202b0cbaeafbac0f9202c If aead is built as a module along with cryptomgr, it creates a dependency loop due to the dependency chain aead => crypto_null => cryptomgr => aead. This is due to the presence of the AEAD geniv code. This code is not really part of the AEAD API but simply support code for IV generators such as seqiv. This patch moves the geniv code into its own module thus breaking the dependency loop. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2019-08-15T11:52:14+00:00 Pascal van Leeuwen pascalvanl@gmail.com 2019-08-09T15:51:07+00:00 urn:sha1:a62084d299d950f2ad0649caf9a9b9a431346996 Return -EINVAL on an attempt to set the authsize to 0 with an auth. algorithm with a non-zero digestsize (i.e. anything but digest_null) as authenticating the data and then throwing away the result does not make any sense at all. The digestsize zero exception is for use with digest_null for testing purposes only. Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>