Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v5.10.257 2025-03-13T11:47:26+00:00 2025-03-13T11:47:26+00:00 Ignat Korchagin ignat@cloudflare.com 2022-07-17T13:37:46+00:00 urn:sha1:e4c5b0fc59976eacccc13f67b55b1354196267a6 [ Upstream commit 9d2bb9a74b2877f100637d6ab5685bcd33c69d44 ] Two more fixes: * some test vectors in commit 79e6e2f3f3ff ("crypto: testmgr - populate RSA CRT parameters in RSA test vectors") had misplaced commas, which break the test and trigger KASAN warnings at least on x86-64 * pkcs1pad test vector did not have its CRT parameters Fixes: 79e6e2f3f3ff ("crypto: testmgr - populate RSA CRT parameters in RSA test vectors") Reported-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Ignat Korchagin <ignat@cloudflare.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 2025-03-13T11:47:26+00:00 Ignat Korchagin ignat@cloudflare.com 2022-07-04T10:38:40+00:00 urn:sha1:c878aed14ae24545e7038189c117fe2ffb193d2b [ Upstream commit 79e6e2f3f3ff345947075341781e900e4f70db81 ] Changes from v1: * replace some accidental spaces with tabs In commit f145d411a67e ("crypto: rsa - implement Chinese Remainder Theorem for faster private key operations") we have started to use the additional primes and coefficients for RSA private key operations. However, these additional parameters are not present (defined as 0 integers) in the RSA test vectors. Some parameters were borrowed from OpenSSL, so I was able to find the source. I could not find the public source for 1 vector though, so had to recover the parameters by implementing Appendix C from [1]. [1]: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Br1.pdf Fixes: f145d411a67e ("crypto: rsa - implement Chinese Remainder Theorem for faster private key operations") Reported-by: Tasmiya Nalatwad <tasmiya@linux.vnet.ibm.com> Signed-off-by: Ignat Korchagin <ignat@cloudflare.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 2025-03-13T11:47:25+00:00 lei he helei.sig11@bytedance.com 2022-06-24T10:06:25+00:00 urn:sha1:3ac082a0ebd83df876a71571f72072f253a5bd18 [ Upstream commit 0bb8f125253843c445b70fc6ef4fb21aa7b25625 ] According to PKCS#1 standard, the 'otherPrimeInfos' field contains the information for the additional primes r_3, ..., r_u, in order. It shall be omitted if the version is 0 and shall contain at least one instance of OtherPrimeInfo if the version is 1, see: https://www.rfc-editor.org/rfc/rfc3447#page-44 Replace the version number '1' with 0, otherwise, some drivers may not pass the run-time tests. Signed-off-by: lei he <helei.sig11@bytedance.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 2025-03-13T11:47:25+00:00 Lei He helei.sig11@bytedance.com 2021-11-05T12:25:31+00:00 urn:sha1:7ec888b29486c48d9763e40923fbd29a8670511b [ Upstream commit a9887010ed2da3fddaff83ceec80e2b71be8a966 ] According to the BER encoding rules, integer value should be encoded as two's complement, and if the highest bit of a positive integer is 1, should add a leading zero-octet. The kernel's built-in RSA algorithm cannot recognize negative numbers when parsing keys, so it can pass this test case. Export the key to file and run the following command to verify the fix result: openssl asn1parse -inform DER -in /path/to/key/file Signed-off-by: Lei He <helei.sig11@bytedance.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 2025-03-13T11:47:25+00:00 Lei He helei.sig11@bytedance.com 2021-10-22T12:44:43+00:00 urn:sha1:87ea3e293f9585ceb731998b113943d58cdb8da1 [ Upstream commit 39ef08517082a424b5b65c3dbaa6c0fa9d3303b9 ] Fix wrong test data at testmgr.h, it seems to be caused by ignoring the last '\0' when calling sizeof. Signed-off-by: Lei He <helei.sig11@bytedance.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 2020-09-25T07:48:54+00:00 Tianjia Zhang tianjia.zhang@linux.alibaba.com 2020-09-20T16:21:00+00:00 urn:sha1:8b805b97fc1aa0de89e582b206ce2efd0df05895 Add testmgr test vectors for SM2 algorithm. These vectors come from `openssl pkeyutl -sign` and libgcrypt. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Tested-by: Xufeng Zhang <yunbo.xufeng@linux.alibaba.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2020-07-23T07:34:20+00:00 Randy Dunlap rdunlap@infradead.org 2020-07-19T18:07:50+00:00 urn:sha1:e493b31a5855e40558cd7883572e6ac904121127 Delete the doubled word "from" in multiple places. Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Cc: linux-crypto@vger.kernel.org Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2019-12-11T08:37:01+00:00 Eric Biggers ebiggers@google.com 2019-12-01T21:53:30+00:00 urn:sha1:49763fc6b1af422e742e58fd04e078ab011edd96 The whole point of using an AEAD over length-preserving encryption is that the data is authenticated. However currently the fuzz tests don't test any inauthentic inputs to verify that the data is actually being authenticated. And only two algorithms ("rfc4543(gcm(aes))" and "ccm(aes)") even have any inauthentic test vectors at all. Therefore, update the AEAD fuzz tests to sometimes generate inauthentic test vectors, either by generating a (ciphertext, AAD) pair without using the key, or by mutating an authentic pair that was generated. To avoid flakiness, only assume this works reliably if the auth tag is at least 8 bytes. Also account for the rfc4106, rfc4309, and rfc7539esp algorithms intentionally ignoring the last 8 AAD bytes, and for some algorithms doing extra checks that result in EINVAL rather than EBADMSG. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2019-11-17T01:02:43+00:00 Ard Biesheuvel ardb@kernel.org 2019-11-08T12:22:33+00:00 urn:sha1:f613457a7af085728297bef71233c37faf3c01b1 In preparation of introducing KPP implementations of Curve25519, import the set of test cases proposed by the Zinc patch set, but converted to the KPP format. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2019-11-17T01:02:42+00:00 Ard Biesheuvel ardb@kernel.org 2019-11-08T12:22:29+00:00 urn:sha1:17e1df67023a5c9ccaeb5de8bf5b88f63127ecf7 As suggested by Eric for the Blake2b implementation contributed by David, introduce a set of test vectors for Blake2s covering different digest and key sizes. blake2s-128 blake2s-160 blake2s-224 blake2s-256 --------------------------------------------------- len=0 | klen=0 klen=1 klen=16 klen=32 len=1 | klen=16 klen=32 klen=0 klen=1 len=7 | klen=32 klen=0 klen=1 klen=16 len=15 | klen=1 klen=16 klen=32 klen=0 len=64 | klen=0 klen=1 klen=16 klen=32 len=247 | klen=16 klen=32 klen=0 klen=1 len=256 | klen=32 klen=0 klen=1 klen=16 Cc: David Sterba <dsterba@suse.com> Cc: Eric Biggers <ebiggers@google.com> Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>