Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.12.80 2024-08-24T13:39:15+00:00 2024-08-24T13:39:15+00:00 Herbert Xu herbert@gondor.apana.org.au 2024-08-17T06:57:40+00:00 urn:sha1:37da5d0ffa7b61f79156fbbd3369f17b9a1638bd As registration is usually carried out during module init, this is a context where as little work as possible should be carried out. Testing may trigger module loads of underlying components, which could even lead back to the module that is registering at the moment. This may lead to dead-locks outside of the Crypto API. Avoid this by not waiting for the tests to complete. They will be scheduled but completion will be asynchronous. Any users will still wait for completion. Reported-by: Russell King <linux@armlinux.org.uk> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2024-05-31T09:34:56+00:00 Herbert Xu herbert@gondor.apana.org.au 2024-05-21T02:54:50+00:00 urn:sha1:f9110822fca5b92daefc2bfae4cfcda7dcfb03c9 The boot-test-finished toggle is only necessary if algapi is built into the kernel. Do not include this code if it is a module. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2023-06-27T07:40:24+00:00 Herbert Xu herbert@gondor.apana.org.au 2023-06-26T10:33:44+00:00 urn:sha1:891ebfdfa3d08bf55ebec523c99bb68ac9c34cf7 The dst SG list needs to be set to NULL for verify calls. Do this as otherwise the underlying algorithm may fail. Furthermore the digest needs to be copied just like the source. Fixes: 6cb8815f41a9 ("crypto: sig - Add interface for sign/verify") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2023-06-23T08:15:36+00:00 Herbert Xu herbert@gondor.apana.org.au 2023-06-15T10:28:48+00:00 urn:sha1:6cb8815f41a966b217c0d9826c592254d72dcc31 Split out the sign/verify functionality from the existing akcipher interface. Most algorithms in akcipher either support encryption and decryption, or signing and verify. Only one supports both. As a signature algorithm may not support encryption at all, these two should be spearated. For now sig is simply a wrapper around akcipher as all algorithms remain unchanged. This is a first step and allows users to start allocating sig instead of akcipher. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2023-06-23T08:15:36+00:00 Herbert Xu herbert@gondor.apana.org.au 2023-06-15T09:00:51+00:00 urn:sha1:fa3b3565f3ac5a468e3efebca00e10db5db3d6bb Use it straight away in crypto_clone_cipher(), as that is not meant to sleep. Fixes: 51d8d6d0f4be ("crypto: cipher - Add crypto_clone_cipher") Signed-off-by: Dmitry Safonov <dima@arista.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2023-04-20T10:20:04+00:00 Herbert Xu herbert@gondor.apana.org.au 2023-04-13T06:24:17+00:00 urn:sha1:3c3a24cb0ae46c9c45e4ce2272f84f0504831f59 This patch adds the helper crypto_clone_tfm. The purpose is to allocate a tfm object with GFP_ATOMIC. As we cannot sleep, the object has to be cloned from an existing tfm object. This allows code paths that cannot otherwise allocate a crypto_tfm object to do so. Once a new tfm has been obtained its key could then be changed without impacting other users. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2023-04-20T10:20:04+00:00 Herbert Xu herbert@gondor.apana.org.au 2023-04-13T06:24:15+00:00 urn:sha1:ae131f4970f0778f35ed06aeb15bde2fbc1d9619 Add a crypto_tfm_get interface to allow tfm objects to be shared. They can still be freed in the usual way. This should only be done with tfm objects with no keys. You must also not modify the tfm flags in any way once it becomes shared. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2023-04-14T10:59:34+00:00 Herbert Xu herbert@gondor.apana.org.au 2023-04-03T04:48:42+00:00 urn:sha1:01f727cdc4dbecd36c6722977ff9535f16c11751 A number of low-level functions were exposed in crypto.h. Move them into algapi.h (and internal.h). Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2022-11-25T09:39:18+00:00 Eric Biggers ebiggers@google.com 2022-11-14T00:12:35+00:00 urn:sha1:06bd9c967eaac5484c31c3dc6dfbef6183819508 The crypto_boot_test_finished static key is unnecessary when self-tests are disabled in the kconfig, so optimize it out accordingly, along with the entirety of crypto_start_tests(). This mainly avoids the overhead of an unnecessary static_branch_enable() on every boot. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2021-09-24T08:03:05+00:00 Herbert Xu herbert@gondor.apana.org.au 2021-09-17T00:26:19+00:00 urn:sha1:adad556efcdd42a1d9e060cbe5f6161cccf1fa28 When complex algorithms that depend on other algorithms are built into the kernel, the order of registration must be done such that the underlying algorithms are ready before the ones on top are registered. As otherwise they would fail during the self-test which is required during registration. In the past we have used subsystem initialisation ordering to guarantee this. The number of such precedence levels are limited and they may cause ripple effects in other subsystems. This patch solves this problem by delaying all self-tests during boot-up for built-in algorithms. They will be tested either when something else in the kernel requests for them, or when we have finished registering all built-in algorithms, whichever comes earlier. Reported-by: Vladis Dronov <vdronov@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>