Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.6.131 2024-07-05T07:33:52+00:00 2024-07-05T07:33:52+00:00 Joachim Vandersmissen git@jvdsn.com 2024-03-28T16:24:30+00:00 urn:sha1:80575b252ab0358b7e93895b2a510beb3cb3f975 [ Upstream commit 73e5984e540a76a2ee1868b91590c922da8c24c9 ] private_key is overwritten with the key parameter passed in by the caller (if present), or alternatively a newly generated private key. However, it is possible that the caller provides a key (or the newly generated key) which is shorter than the previous key. In that scenario, some key material from the previous key would not be overwritten. The easiest solution is to explicitly zeroize the entire private_key array first. Note that this patch slightly changes the behavior of this function: previously, if the ecc_gen_privkey failed, the old private_key would remain. Now, the private_key is always zeroized. This behavior is consistent with the case where params.key is set and ecc_is_key_valid fails. Signed-off-by: Joachim Vandersmissen <git@jvdsn.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 2022-09-24T08:14:43+00:00 Xiu Jianfeng xiujianfeng@huawei.com 2022-09-15T03:36:15+00:00 urn:sha1:33837be33367172d66d1f2bd6964cc41448e6e7c Add missing __init/__exit annotations to init/exit funcs. Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2021-10-29T13:04:03+00:00 Daniele Alessandrelli daniele.alessandrelli@intel.com 2021-10-20T10:35:35+00:00 urn:sha1:a745d3ace3fd65ada44d61dafa64a2a69679ac35 Move ecc.h header file to 'include/crypto/internal' so that it can be easily imported from everywhere in the kernel tree. This change is done to allow crypto device drivers to re-use the symbols exported by 'crypto/ecc.c', thus avoiding code duplication. Signed-off-by: Daniele Alessandrelli <daniele.alessandrelli@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2021-05-28T07:11:47+00:00 Hui Tang tanghui20@huawei.com 2021-05-22T02:44:30+00:00 urn:sha1:8154132521e9cd6d28a7e9778c4ae23b716994bf Add ecdh_nist_p384_init_tfm and register and unregister P384 tfm. Signed-off-by: Hui Tang <tanghui20@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2021-05-28T07:11:47+00:00 Hui Tang tanghui20@huawei.com 2021-05-22T02:44:29+00:00 urn:sha1:8fd28fa5046b377039d5bbc0ab2f625dec703980 NIST P192 is not unregistered if failed to register NIST P256, actually it need to unregister the algorithms already registered. Signed-off-by: Hui Tang <tanghui20@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2021-05-28T07:11:47+00:00 Hui Tang tanghui20@huawei.com 2021-05-22T02:44:28+00:00 urn:sha1:6889fc2104e5d20899b91e61daf07a7524b2010d Add a comment that p192 will fail to register in FIPS mode. Fix ecdh-nist-p192's entry in testmgr by removing the ifdefs and not setting fips_allowed. Signed-off-by: Hui Tang <tanghui20@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2021-05-21T08:17:29+00:00 Hui Tang tanghui20@huawei.com 2021-05-10T08:59:47+00:00 urn:sha1:c5ae16f5c6b91dc78a08885a753489d608de4abd Currently, 'cra_driver_name' cannot be used to specify ecdh algorithm with a special curve, so extending it with curve name. Although using 'cra_name' can also specify a special curve, but ecdh generic driver cannot be specified when vendor hardware accelerator has registered. Fixes: 6763f5ea2d9a ("crypto: ecdh - move curve_id of ECDH from ...") Signed-off-by: Hui Tang <tanghui20@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2021-03-12T13:04:03+00:00 Meng Yu yumeng18@huawei.com 2021-03-04T06:35:46+00:00 urn:sha1:6763f5ea2d9ac9b5a34a374ee637b5e4f1f525dd 1. crypto and crypto/atmel-ecc: Move curve id of ECDH from the key into the algorithm name instead in crypto and atmel-ecc, so ECDH algorithm name change form 'ecdh' to 'ecdh-nist-pxxx', and we cannot use 'curve_id' in 'struct ecdh'; 2. crypto/testmgr and net/bluetooth: Modify 'testmgr.c', 'testmgr.h' and 'net/bluetooth' to adapt the modification. Signed-off-by: Meng Yu <yumeng18@huawei.com> Reviewed-by: Zaibo Xu <xuzaibo@huawei.com> Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2021-01-02T21:35:35+00:00 Ard Biesheuvel ardb@kernel.org 2021-01-02T13:59:09+00:00 urn:sha1:0aa171e9b267ce7c52d3a3df7bc9c1fc0203dec5 Pavel reports that commit 17858b140bf4 ("crypto: ecdh - avoid unaligned accesses in ecdh_set_secret()") fixes one problem but introduces another: the unconditional memcpy() introduced by that commit may overflow the target buffer if the source data is invalid, which could be the result of intentional tampering. So check params.key_size explicitly against the size of the target buffer before validating the key further. Fixes: 17858b140bf4 ("crypto: ecdh - avoid unaligned accesses in ecdh_set_secret()") Reported-by: Pavel Machek <pavel@denx.de> Cc: <stable@vger.kernel.org> Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2020-12-04T07:13:13+00:00 Ard Biesheuvel ardb@kernel.org 2020-11-24T10:47:19+00:00 urn:sha1:17858b140bf49961b71d4e73f1c3ea9bc8e7dda0 ecdh_set_secret() casts a void* pointer to a const u64* in order to feed it into ecc_is_key_valid(). This is not generally permitted by the C standard, and leads to actual misalignment faults on ARMv6 cores. In some cases, these are fixed up in software, but this still leads to performance hits that are entirely avoidable. So let's copy the key into the ctx buffer first, which we will do anyway in the common case, and which guarantees correct alignment. Cc: <stable@vger.kernel.org> Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>