Several hardware related cipher implementations are implemented as
follows: a helper cipher implementation is registered with the
kernel crypto API.
Such helper ciphers are never intended to be called by normal users. In
some cases, calling them via the normal crypto API may even cause
failures
Flag all AES-NI Camellia helper ciphers as internal ciphers to
prevent them from being called by normal users.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
arch/x86/crypto/camellia_aesni_avx2_glue.c | 15 ++-
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git
Flag all Serpent AVX helper ciphers as internal ciphers to prevent
them from being called by normal users.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
arch/x86/crypto/serpent_avx_glue.c | 15 ++-
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git
Flag all Serpent AVX2 helper ciphers as internal ciphers to prevent
them from being called by normal users.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
arch/x86/crypto/serpent_avx2_glue.c | 15 ++-
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git
With ciphers that now cannot be accessed via the kernel crypto API,
callers shall be able to identify the ciphers that are not callable. The
/proc/crypto file is added a boolean field identifying that such
internal ciphers.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/proc.c | 3
Flag all AVX Camellia helper ciphers as internal ciphers to prevent
them from being called by normal users.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
arch/x86/crypto/camellia_aesni_avx_glue.c | 15 ++-
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git
Hi,
Based on the discussion in the thread [1], a flag is added to the
kernel crypto API to allow ciphers to be marked as internal.
The patch set is tested in FIPS and non-FIPS mode. In addition,
the enforcement that the helper cipher of __driver-gcm-aes-aesni
cannot be loaded, but the wrapper of
Flag all Serpent SSE2 helper ciphers as internal ciphers to prevent
them from being called by normal users.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
arch/x86/crypto/serpent_sse2_glue.c | 15 ++-
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git
Flag all AES-NI helper ciphers as internal ciphers to prevent them from
being called by normal users.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
arch/x86/crypto/aesni-intel_glue.c | 19 ---
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git
Flag all CAST6 helper ciphers as internal ciphers to prevent them
from being called by normal users.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
arch/x86/crypto/cast6_avx_glue.c | 15 ++-
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git
Flag all ARMv8 AES helper ciphers as internal ciphers to prevent
them from being called by normal users.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
arch/arm/crypto/aes-ce-glue.c | 12
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git
Flag all CAST5 helper ciphers as internal ciphers to prevent them
from being called by normal users.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
arch/x86/crypto/cast5_avx_glue.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git
Flag all Twofish AVX helper ciphers as internal ciphers to prevent
them from being called by normal users.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
arch/x86/crypto/twofish_avx_glue.c | 15 ++-
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git
Flag all 64 bit ARMv8 AES helper ciphers as internal ciphers to
prevent them from being called by normal users.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
arch/arm64/crypto/aes-glue.c | 12
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git
Flag all GHASH ARMv8 vmull.p64 helper ciphers as internal ciphers
to prevent them from being called by normal users.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
arch/arm/crypto/ghash-ce-glue.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
Am Donnerstag, 19. März 2015, 18:16:30 schrieb Herbert Xu:
Hi Herbert,
On Thu, Mar 19, 2015 at 07:57:36AM +0100, Stephan Mueller wrote:
diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c
index db201bca..2cd83ad 100644
--- a/crypto/ablkcipher.c
+++ b/crypto/ablkcipher.c
@@ -688,7 +688,7
On Thu, Mar 19, 2015 at 08:23:58AM +0100, Stephan Mueller wrote:
How can you distinguish between calls coming from crypto_*_spawn (which
we need to allow) and calls that come from the normal API calls (which
we should block?
crypto_*_spawn should not be the place where you make the call on
On Thu, Mar 19, 2015 at 07:57:36AM +0100, Stephan Mueller wrote:
diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c
index db201bca..2cd83ad 100644
--- a/crypto/ablkcipher.c
+++ b/crypto/ablkcipher.c
@@ -688,7 +688,7 @@ struct crypto_ablkcipher *crypto_alloc_ablkcipher(const
char
Flag all NEON bit sliced AES helper ciphers as internal ciphers to
prevent them from being called by normal users.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
arch/arm/crypto/aesbs-glue.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git
Convert pr_info() and pr_err() log messages to dev_info() and dev_err(),
respectively, where able. This adds the module name and PCI B:D:F to
indicate which QAT device generated the log message. The QAT: is removed
from these log messages as that is now unnecessary. A few of these log
messages
This define is a duplicate of the one in ./include/linux/pci_ids.h
Signed-off-by: Bruce Allan bruce.w.al...@intel.com
---
drivers/crypto/qat/qat_common/adf_accel_devices.h |1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/crypto/qat/qat_common/adf_accel_devices.h
Signed-off-by: Bruce Allan bruce.w.al...@intel.com
---
drivers/crypto/qat/qat_common/adf_cfg_strings.h |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/qat/qat_common/adf_cfg_strings.h
b/drivers/crypto/qat/qat_common/adf_cfg_strings.h
index c7ac758..0d1a77e
On Thu, Mar 19, 2015 at 10:43:16AM -0700, Tadeusz Struk wrote:
On 03/19/2015 09:20 AM, Al Viro wrote:
is completely pointless. Just have sock_read_iter() and sock_write_iter()
check if your new methods are present and use those if those are.
Ok, that will work for me too.
What's
After the iocb parameter has been removed from sendmsg() and recvmsg() ops
the socket layer, and the network stack no longer support async operations.
This patch set adds support for asynchronous operations on sockets back.
Changes in v3:
* As sugested by Al Viro instead of adding new functions
Add support for async operations.
Signed-off-by: Tadeusz Struk tadeusz.st...@intel.com
---
include/linux/socket.h |1 +
net/compat.c |2 ++
net/socket.c |8 ++--
3 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/include/linux/socket.h
From: Tadeusz Struk tadeusz.st...@intel.com
The way the algif_skcipher works currently is that on sendmsg/sendpage it
builds an sgl for the input data and then on read/recvmsg it sends the job
for encryption putting the user to sleep till the data is processed.
This way it can only handle one job
From: Tadeusz Struk tadeusz.st...@intel.com
Allow to link af_alg sgls.
Signed-off-by: Tadeusz Struk tadeusz.st...@intel.com
---
crypto/af_alg.c | 18 +-
include/crypto/if_alg.h |4 +++-
2 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/crypto/af_alg.c
On Thu, Mar 19, 2015 at 12:31:19PM -0700, Tadeusz Struk wrote:
After the iocb parameter has been removed from sendmsg() and recvmsg() ops
the socket layer, and the network stack no longer support async operations.
This patch set adds support for asynchronous operations on sockets back.
On 03/19/2015 09:20 AM, Al Viro wrote:
is completely pointless. Just have sock_read_iter() and sock_write_iter()
check if your new methods are present and use those if those are.
Ok, that will work for me too.
What's more, I'm not at all sure that you want to pass iocb that way -
On Thu, 19 Mar 2015 17:56:57 +0200
Horia Geantă horia.gea...@freescale.com wrote:
On 3/18/2015 12:03 AM, Kim Phillips wrote:
On Tue, 17 Mar 2015 19:58:55 +0200
Horia Geantă horia.gea...@freescale.com wrote:
On 3/17/2015 2:19 AM, Kim Phillips wrote:
On Mon, 16 Mar 2015 12:02:51 +0200
On Wed, Mar 18, 2015 at 06:47:25PM +0100, Daniel Borkmann wrote:
From: mancha security manc...@zoho.com
OPTIMIZER_HIDE_VAR(), as defined when using gcc, is insufficient to
ensure protection from dead store optimization.
Patch applied. Thanks!
--
Email: Herbert Xu
On Mon, Mar 16, 2015 at 09:15:14AM -0700, Tadeusz Struk wrote:
Add support for async operations.
NAK. For the same reason as the last time -
+static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
+ unsigned long nr_segs, loff_t loff);
+static
On 3/18/2015 12:03 AM, Kim Phillips wrote:
On Tue, 17 Mar 2015 19:58:55 +0200
Horia Geantă horia.gea...@freescale.com wrote:
On 3/17/2015 2:19 AM, Kim Phillips wrote:
On Mon, 16 Mar 2015 12:02:51 +0200
Horia Geantă horia.gea...@freescale.com wrote:
On 3/4/2015 2:23 AM, Kim Phillips wrote:
* Pavel Machek pa...@ucw.cz [150228 08:45]:
On Thu 2015-02-26 14:49:57, Pali Rohár wrote:
Harmattan system on Nokia N9 and N950 devices uses omap crypto support.
Bootloader on those devices is known that it enables HW crypto support.
This patch just include omap36xx.dtsi directly, so aes
The Kconfig entry for CRYPTO_DEV_IMGTEC_HASH incorrectly selects
CRYPTO_SHA224, which does not exist (and is covered by CRYPTO_SHA256
which covers both 224 and 256). Remove it.
Also correct typo CRYPTO_ALG_API to be CRYPTO_ALGPI.
Reported-by: Valentin Rothberg valentinrothb...@gmail.com
35 matches
Mail list logo