| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The CRYPTO_TFM_RES_* flags were apparently meant as a way to make the
->setkey() functions provide more information about errors. But these
flags weren't actually being used or tested, and in many cases they
weren't being set correctly anyway. So they've now been removed.
Also, if someone ever actually needs to start better distinguishing
->setkey() errors (which is somewhat unlikely, as this has been unneeded
for a long time), we'd be much better off just defining different return
values, like -EINVAL if the key is invalid for the algorithm vs.
-EKEYREJECTED if the key was rejected by a policy like "no weak keys".
That would be much simpler, less error-prone, and easier to test.
So just remove CRYPTO_TFM_RES_MASK and all the unneeded logic that
propagates these flags around.
Signed-off-by: Eric Biggers <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
The CRYPTO_TFM_RES_BAD_KEY_LEN flag was apparently meant as a way to
make the ->setkey() functions provide more information about errors.
However, no one actually checks for this flag, which makes it pointless.
Also, many algorithms fail to set this flag when given a bad length key.
Reviewing just the generic implementations, this is the case for
aes-fixed-time, cbcmac, echainiv, nhpoly1305, pcrypt, rfc3686, rfc4309,
rfc7539, rfc7539esp, salsa20, seqiv, and xcbc. But there are probably
many more in arch/*/crypto/ and drivers/crypto/.
Some algorithms can even set this flag when the key is the correct
length. For example, authenc and authencesn set it when the key payload
is malformed in any way (not just a bad length), the atmel-sha and ccree
drivers can set it if a memory allocation fails, and the chelsio driver
sets it for bad auth tag lengths, not just bad key lengths.
So even if someone actually wanted to start checking this flag (which
seems unlikely, since it's been unused for a long time), there would be
a lot of work needed to get it working correctly. But it would probably
be much better to go back to the drawing board and just define different
return values, like -EINVAL if the key is invalid for the algorithm vs.
-EKEYREJECTED if the key was rejected by a policy like "no weak keys".
That would be much simpler, less error-prone, and easier to test.
So just remove this flag.
Signed-off-by: Eric Biggers <[email protected]>
Reviewed-by: Horia Geantă <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
The geode AES driver is heavily broken because it stores per-request
state in the transform context. So it will crash or produce the wrong
result if used by any of the many places in the kernel that issue
concurrent requests for the same transform object.
This driver is also implemented using the deprecated blkcipher API,
which makes it difficult to fix, and puts it among the drivers
preventing that API from being removed.
Convert this driver to use the skcipher API, and change it to not store
per-request state in the transform context.
Fixes: 9fe757b0cfce ("[PATCH] crypto: Add support for the Geode LX AES hardware")
Signed-off-by: Eric Biggers <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Commit 79c65d179a40e145 ("crypto: cbc - Convert to skcipher") updated
the generic CBC template wrapper from a blkcipher to a skcipher algo,
to get away from the deprecated blkcipher interface. However, as a side
effect, drivers that instantiate CBC transforms using the blkcipher as
a fallback no longer work, since skciphers can wrap blkciphers but not
the other way around. This broke the geode-aes driver.
So let's fix it by moving to the sync skcipher interface when allocating
the fallback. At the same time, align with the generic API for ECB and
CBC by rejecting inputs that are not a multiple of the AES block size.
Fixes: 79c65d179a40e145 ("crypto: cbc - Convert to skcipher")
Cc: <[email protected]> # v4.20+ ONLY
Signed-off-by: Ard Biesheuvel <[email protected]>
Signed-off-by: Florian Bezdeka <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify
it under the terms of the gnu general public license as published by
the free software foundation either version 2 of the license or at
your option any later version
extracted by the scancode license scanner the SPDX license identifier
GPL-2.0-or-later
has been chosen to replace the boilerplate/reference in 3029 file(s).
Signed-off-by: Thomas Gleixner <[email protected]>
Reviewed-by: Allison Randal <[email protected]>
Cc: [email protected]
Link: https://lkml.kernel.org/r/[email protected]
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
'cipher' algorithms (single block ciphers) are always synchronous, so
passing CRYPTO_ALG_ASYNC in the mask to crypto_alloc_cipher() has no
effect. Many users therefore already don't pass it, but some still do.
This inconsistency can cause confusion, especially since the way the
'mask' argument works is somewhat counterintuitive.
Thus, just remove the unneeded CRYPTO_ALG_ASYNC flags.
This patch shouldn't change any actual behavior.
Signed-off-by: Eric Biggers <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
fixed WARNING: Block comments should align the * on each line
fixed WARNINGs: Missing a blank line after declarations
fixed ERROR: space prohibited before that ',' (ctx:WxE)
Signed-off-by: Chris Gorman <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Use a standard accessor instead of directly digging into a structure.
Signed-off-by: Marek Vasut <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Signed-off-by: Marek Vasut <[email protected]>
Cc: Benjamin Herrenschmidt <[email protected]>
Cc: Dmitry Kasatkin <[email protected]>
Cc: Eric Bénard <[email protected]>
Cc: Jussi Kivilinna <[email protected]>
Cc: Kent Yoder <[email protected]>
Cc: Michal Ludvig <[email protected]>
Cc: Varun Wadekar <[email protected]>
Cc: Vladimir Zapolskiy <[email protected]>
Cc: [email protected]
Signed-off-by: Herbert Xu <[email protected]>
|
|
The AES IV length is always 128bits, just use the define from aes.h
Signed-off-by: Marek Vasut <[email protected]>
Cc: Benjamin Herrenschmidt <[email protected]>
Cc: Dmitry Kasatkin <[email protected]>
Cc: Eric Bénard <[email protected]>
Cc: Jussi Kivilinna <[email protected]>
Cc: Kent Yoder <[email protected]>
Cc: Michal Ludvig <[email protected]>
Cc: Varun Wadekar <[email protected]>
Cc: Vladimir Zapolskiy <[email protected]>
Cc: [email protected]
Signed-off-by: Herbert Xu <[email protected]>
|
|
This is actually defined in include/crypto/aes.h , no need to have
a a different symbol for the same thing twice.
Signed-off-by: Marek Vasut <[email protected]>
Cc: Benjamin Herrenschmidt <[email protected]>
Cc: Dmitry Kasatkin <[email protected]>
Cc: Eric Bénard <[email protected]>
Cc: Jussi Kivilinna <[email protected]>
Cc: Kent Yoder <[email protected]>
Cc: Michal Ludvig <[email protected]>
Cc: Varun Wadekar <[email protected]>
Cc: Vladimir Zapolskiy <[email protected]>
Cc: [email protected]
Signed-off-by: Herbert Xu <[email protected]>
|
|
CONFIG_HOTPLUG is going away as an option. As a result, the __dev*
markings need to be removed.
This change removes the use of __devinit, __devexit_p, __devinitdata,
and __devexit from these drivers.
Based on patches originally written by Bill Pemberton, but redone by me
in order to handle some of the coding style issues better, by hand.
Cc: Bill Pemberton <[email protected]>
Cc: Herbert Xu <[email protected]>
Cc: "David S. Miller" <[email protected]>
Cc: Kent Yoder <[email protected]>
Cc: Jamie Iles <[email protected]>
Cc: Kim Phillips <[email protected]>
Cc: Shengzhou Liu <[email protected]>
Cc: Alex Porosanu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
module_pci_driver makes the code simpler by eliminating
module_init and module_exit calls.
Signed-off-by: Sachin Kamat <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Initialization of cra_list is currently mixed, most ciphers initialize this
field and most shashes do not. Initialization however is not needed at all
since cra_list is initialized/overwritten in __crypto_register_alg() with
list_add(). Therefore perform cleanup to remove all unneeded initializations
of this field in 'crypto/drivers/'.
Cc: Benjamin Herrenschmidt <[email protected]>
Cc: [email protected]
Cc: Michal Ludvig <[email protected]>
Cc: Dmitry Kasatkin <[email protected]>
Cc: Varun Wadekar <[email protected]>
Cc: Eric Bénard <[email protected]>
Signed-off-by: Jussi Kivilinna <[email protected]>
Acked-by: Kent Yoder <[email protected]>
Acked-by: Vladimir Zapolskiy <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
The added CRYPTO_ALG_KERN_DRIVER_ONLY indicates whether a cipher
is only available via a kernel driver. If the cipher implementation
might be available by using an instruction set or by porting the
kernel code, then it must not be set.
Signed-off-by: Nikos Mavrogiannopoulos <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
is used)
This patch converts pci_table entries, where .subvendor=PCI_ANY_ID and
.subdevice=PCI_ANY_ID, .class=0 and .class_mask=0, to use the
PCI_VDEVICE macro, and thus improves readability.
Signed-off-by: Peter Huewe <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
This fixes some code style issues like:
- Use #include <linux/io.h> instead of <asm/io.h> and #include
<linux/delay.h> instead of <asm/delay.h>
- Use "foo *bar" instead of "foo * bar"
- Add a space after the for or while sentence and before the open
parenthesis '('
- Don't use assignments in a if condition
Signed-off-by: Chihau Chau <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
a crypto_cipher cip member was set where a crypto_cipher blk members
should have been.
Signed-off-by: Roel Kluin <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
The fallback code in cipher mode touch the union fallback.blk instead
of fallback.cip. This is wrong because we use the cipher and not the
blockcipher. This did not show any side effects yet because both types /
structs contain the same element right now.
Signed-off-by: Roel Kluin <[email protected]>
Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
This patch adds __dev{init,exit} annotations.
Signed-off-by: Adrian Bunk <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
crypto_blkcipher_decrypt is wrong because it does not care about
the IV.
Signed-off-by: Sebastian Siewior <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
There is no reason to keep the IV in the private structre. Instead keep
just a pointer to make the patch smaller :)
This also remove a few memcpy()s
Signed-off-by: Sebastian Siewior <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
The Geode AES crypto engine supports only 128 bit long key. This
patch adds fallback for other key sizes which are required by the
AES standard.
Signed-off-by: Sebastian Siewior <[email protected]>
Acked-by: Jordan Crouse <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
This patch moves macros in geode-aes.c into geode-aes.h.
Signed-off-by: Sebastian Siewior <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
The code waits in a busy loop until the hardware finishes the encryption
or decryption process. This wants a cpu_relax() :)
The busy loop finishes either if the encryption is done or if the counter
is zero. If the latter is true than the hardware failed. Since this
should not happen, leave sith a BUG().
Signed-off-by: Sebastian Siewior <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
It is enough if the IV is copied before and after the while loop.
With DM-Crypt is seems not be required to save the IV after encrytion
because a new one is used in the request (dunno about other users).
It is not save to load the IV within while loop and not save afterwards
because we mill end up with the wrong IV if the request goes consists
of more than one page.
Signed-off-by: Sebastian Siewior <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
This three defines are used in all AES related hardware.
Signed-off-by: Sebastian Siewior <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
alias isn't required because the module provides PCI ids.
Signed-off-by: Sebastian Siewior <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Currently the Geode AES module fails to encrypt or decrypt if
the coherent bits are not set what is currently the case if the
encryption does not occur inplace. However, the encryption works
on my Geode machine _only_ if the coherent bits are always set.
Signed-off-by: Sebastian Siewior <[email protected]>
Acked-by: Jordan Crouse <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Loading the crypto algorithm by the alias instead of by module directly
has the advantage that all possible implementations of this algorithm
are loaded automatically and the crypto API can choose the best one
depending on its priority.
Additionally it ensures that the generic implementation as well as the
HW driver (if available) is loaded in case the HW driver needs the
generic version as fallback in corner cases.
Signed-off-by: Sebastian Siewior <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Allow in-place crypto operations. Also remove the coherent user flag
(we use it automagically now), and by default use the user written
key rather then the HW hidden key - this makes crypto just work without
any special considerations, and thats OK, since its our only usage
model.
Signed-off-by: Jordan Crouse <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Signed-off-by: Alexey Dobriyan <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
After Al Viro (finally) succeeded in removing the sched.h #include in module.h
recently, it makes sense again to remove other superfluous sched.h includes.
There are quite a lot of files which include it but don't actually need
anything defined in there. Presumably these includes were once needed for
macros that used to live in sched.h, but moved to other header files in the
course of cleaning it up.
To ease the pain, this time I did not fiddle with any header files and only
removed #includes from .c-files, which tend to cause less trouble.
Compile tested against 2.6.20-rc2 and 2.6.20-rc2-mm2 (with offsets) on alpha,
arm, i386, ia64, mips, powerpc, and x86_64 with allnoconfig, defconfig,
allmodconfig, and allyesconfig as well as a few randconfigs on x86_64 and all
configs in arch/arm/configs on arm. I also checked that no new warnings were
introduced by the patch (actually, some warnings are removed that were emitted
by unnecessarily included header files).
Signed-off-by: Tim Schmielau <[email protected]>
Acked-by: Russell King <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
Replace uses of the obsolete pci_module_init function.
Signed-off-by: Richard Knutsson <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
On Tue, Nov 14, 2006 at 01:41:25AM -0800, Andrew Morton wrote:
>...
> Changes since 2.6.19-rc5-mm2:
>...
> git-cryptodev.patch
>...
> git trees
>...
This patch makes the needlessly global geode_aes_crypt() static.
Signed-off-by: Adrian Bunk <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Add a driver to support the AES hardware on the Geode LX processor.
Signed-off-by: Jordan Crouse <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|