Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=linux-4.20.y 2018-09-28T04:46:25+00:00 2018-09-28T04:46:25+00:00 Corentin Labbe clabbe@baylibre.com 2018-09-19T10:10:54+00:00 urn:sha1:cac5818c25d0423bda73e2b6997404ed0a7ed9e3 This patch implement a generic way to get statistics about all crypto usages. Signed-off-by: Corentin Labbe <clabbe@baylibre.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-09-28T04:46:09+00:00 Kees Cook keescook@chromium.org 2018-09-19T02:11:00+00:00 urn:sha1:a9cbfe4c784436368790f0c59674f99ba97ae21e Now that all the users of the VLA-generating SKCIPHER_REQUEST_ON_STACK() macro have been moved to SYNC_SKCIPHER_REQUEST_ON_STACK(), we can remove the former. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-09-28T04:46:06+00:00 Kees Cook keescook@chromium.org 2018-09-19T02:10:38+00:00 urn:sha1:b350bee5ea0f4db75d4c6191a2e95db16f40c278 In preparation for removal of VLAs due to skcipher requests on the stack via SKCIPHER_REQUEST_ON_STACK() usage, this introduces the infrastructure for the "sync skcipher" tfm, which is for handling the on-stack cases of skcipher, which are always non-ASYNC and have a known limited request size. The crypto API additions: struct crypto_sync_skcipher (wrapper for struct crypto_skcipher) crypto_alloc_sync_skcipher() crypto_free_sync_skcipher() crypto_sync_skcipher_setkey() crypto_sync_skcipher_get_flags() crypto_sync_skcipher_set_flags() crypto_sync_skcipher_clear_flags() crypto_sync_skcipher_blocksize() crypto_sync_skcipher_ivsize() crypto_sync_skcipher_reqtfm() skcipher_request_set_sync_tfm() SYNC_SKCIPHER_REQUEST_ON_STACK() (with tfm type check) Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-01-12T12:03:39+00:00 Eric Biggers ebiggers@google.com 2018-01-03T19:16:29+00:00 urn:sha1:f8d33fac84806eebd2ba31a3136066eeca19255f Similar to what was done for the hash API, update the skcipher API to track whether each transform has been keyed, and reject encryption/decryption if a key is needed but one hasn't been set. This isn't as important as the equivalent fix for the hash API because symmetric ciphers almost always require a key (the "null cipher" is the only exception), so are unlikely to be used without one. Still, tracking the key will prevent accidental unkeyed use. algif_skcipher also had to track the key anyway, so the new flag replaces that and simplifies the algif_skcipher implementation. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2016-12-30T11:52:47+00:00 Ard Biesheuvel ard.biesheuvel@linaro.org 2016-12-29T14:09:08+00:00 urn:sha1:c821f6ab2e47946f35ee2f30781c5185e5d07f65 In some cases, SIMD algorithms can only perform optimally when allowed to operate on multiple input blocks in parallel. This is especially true for bit slicing algorithms, which typically take the same amount of time processing a single block or 8 blocks in parallel. However, other SIMD algorithms may benefit as well from bigger strides. So add a walksize attribute to the skcipher algorithm definition, and wire it up to the skcipher walk API. To avoid confusion between the skcipher and AEAD attributes, rename the skcipher_walk chunksize attribute to 'stride', and set it from the walksize (in the skcipher case) or from the chunksize (in the AEAD case). Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2016-12-13T23:38:05+00:00 Stephan Mueller smueller@chronox.de 2016-10-21T02:57:27+00:00 urn:sha1:0184cfe72d2f139c4feed7f3820ba2269f5de322 Update comments to avoid any complaints from Sphinx during compilation. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Jonathan Corbet <corbet@lwn.net> 2016-07-19T07:42:42+00:00 Herbert Xu herbert@gondor.apana.org.au 2016-07-18T16:59:30+00:00 urn:sha1:5c562338dea29dc09415f39676e7107fa48ce763 This patch adds a missing comment for the base parameter in struct skcipher_alg. Reported-by: kbuild test robot <fengguang.wu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2016-07-18T09:35:46+00:00 Herbert Xu herbert@gondor.apana.org.au 2016-07-12T05:17:50+00:00 urn:sha1:3a01d0ee2b991c8c267620e63a4ab47cd8c30cc4 This patch removes the old crypto_grab_skcipher helper and replaces it with crypto_grab_skcipher2. As this is the final entry point into givcipher this patch also removes all traces of the top-level givcipher interface, including all implicit IV generators such as chainiv. The bottom-level givcipher interface remains until the drivers using it are converted. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2016-07-18T09:35:36+00:00 Herbert Xu herbert@gondor.apana.org.au 2016-07-12T05:17:31+00:00 urn:sha1:4e6c3df4d729f85997cbf276bfa8ffd8579b8e77 This patch allows skcipher algorithms and instances to be created and registered with the crypto API. They are accessible through the top-level skcipher interface, along with ablkcipher/blkcipher algorithms and instances. This patch also introduces a new parameter called chunk size which is meant for ciphers such as CTR and CTS which ostensibly can handle arbitrary lengths, but still behave like block ciphers in that you can only process a partial block at the very end. For these ciphers the block size will continue to be set to 1 as it is now while the chunk size will be set to the underlying block size. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2016-04-15T14:35:44+00:00 Eric Biggers ebiggers3@gmail.com 2016-04-02T15:54:56+00:00 urn:sha1:6eae29e7e7144d01a6d6af111d232b36cdd30f51 Signed-off-by: Eric Biggers <ebiggers3@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>