linux.git/crypto/xcbc.c, branch v5.1 Linux kernel source tree crypto: xcbc - Remove VLA usage 2018-09-04T03:35:03+00:00 Kees Cook keescook@chromium.org 2018-08-07T21:18:35+00:00 3bdd23f886c08a0d649c535e1e2cf083ec600036 In the quest to remove all stack VLA usage from the kernel[1], this uses the maximum blocksize and adds a sanity check. For xcbc, the blocksize must always be 16, so use that, since it's already being enforced during instantiation. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
In the quest to remove all stack VLA usage from the kernel[1], this uses
the maximum blocksize and adds a sanity check. For xcbc, the blocksize
must always be 16, so use that, since it's already being enforced during
instantiation.

[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: replace FSF address with web source in license notices 2017-11-29T06:33:25+00:00 Martin Kepplinger martink@posteo.de 2017-11-14T09:25:15+00:00 1af39daaad4a868a3abd220e0ec9643473398c96 A few years ago the FSF moved and "59 Temple Place" is wrong. Having this still in our source files feels old and unmaintained. Let's take the license statement serious and not confuse users. As https://www.gnu.org/licenses/gpl-howto.html suggests, we replace the postal address with "<http://www.gnu.org/licenses/>". Signed-off-by: Martin Kepplinger <martink@posteo.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
A few years ago the FSF moved and "59 Temple Place" is wrong. Having this
still in our source files feels old and unmaintained.

Let's take the license statement serious and not confuse users.

As https://www.gnu.org/licenses/gpl-howto.html suggests, we replace the
postal address with "<http://www.gnu.org/licenses/>".

Signed-off-by: Martin Kepplinger <martink@posteo.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: include crypto- module prefix in template 2014-11-26T12:06:30+00:00 Kees Cook keescook@chromium.org 2014-11-25T00:32:38+00:00 4943ba16bbc2db05115707b3ff7b4874e9e3c560 This adds the module loading prefix "crypto-" to the template lookup as well. For example, attempting to load 'vfat(blowfish)' via AF_ALG now correctly includes the "crypto-" prefix at every level, correctly rejecting "vfat": net-pf-38 algif-hash crypto-vfat(blowfish) crypto-vfat(blowfish)-all crypto-vfat Reported-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
This adds the module loading prefix "crypto-" to the template lookup
as well.

For example, attempting to load 'vfat(blowfish)' via AF_ALG now correctly
includes the "crypto-" prefix at every level, correctly rejecting "vfat":

	net-pf-38
	algif-hash
	crypto-vfat(blowfish)
	crypto-vfat(blowfish)-all
	crypto-vfat

Reported-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: add module.h to those files that are explicitly using it 2011-10-31T23:31:11+00:00 Paul Gortmaker paul.gortmaker@windriver.com 2011-05-27T18:41:48+00:00 4bb33cc8901898af80d5d4a9917067aa0839922a Part of the include cleanups means that the implicit inclusion of module.h via device.h is going away. So fix things up in advance. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> 
Part of the include cleanups means that the implicit
inclusion of module.h via device.h is going away.  So
fix things up in advance.

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
crypto: xcbc - Fix alignment calculation of xcbc_tfm_ctx 2009-08-20T07:58:04+00:00 Steffen Klassert steffen.klassert@secunet.com 2009-08-20T07:58:04+00:00 36f87a4a29cb8cd291169483079fde34bad4ef16 The alignment calculation of xcbc_tfm_ctx uses alg->cra_alignmask and not alg->cra_alignmask + 1 as it should. This led to frequent crashes during the selftest of xcbc(aes-asm) on x86_64 machines. This patch fixes this. Also we use the alignmask of xcbc and not the alignmask of the underlying algorithm for the alignmnent calculation in xcbc_create now. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
The alignment calculation of xcbc_tfm_ctx uses alg->cra_alignmask
and not alg->cra_alignmask + 1 as it should. This led to frequent
crashes during the selftest of xcbc(aes-asm) on x86_64
machines. This patch fixes this. Also we use the alignmask
of xcbc and not the alignmask of the underlying algorithm
for the alignmnent calculation in xcbc_create now.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: xcbc - Fix shash conversion 2009-07-22T06:38:10+00:00 Herbert Xu herbert@gondor.apana.org.au 2009-07-22T06:37:15+00:00 ac95301f271f32901e4007096aa3516def49eed2 Although xcbc was converted to shash, it didn't obey the new requirement that all hash state must be stored in the descriptor rather than the transform. This patch fixes this issue and also optimises away the rekeying by precomputing K2 and K3 within setkey. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
Although xcbc was converted to shash, it didn't obey the new
requirement that all hash state must be stored in the descriptor
rather than the transform.

This patch fixes this issue and also optimises away the rekeying
by precomputing K2 and K3 within setkey.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: xcbc - Use crypto_xor 2009-07-22T06:38:10+00:00 Herbert Xu herbert@gondor.apana.org.au 2009-07-22T05:04:37+00:00 b588ef6e69bfc0944a17dc673ee166a00fa23de2 This patch replaces the local xor function with the generic crypto_xor function. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
This patch replaces the local xor function with the generic
crypto_xor function.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: xcbc - Fix incorrect error value when creating instance 2009-07-15T08:53:33+00:00 Herbert Xu herbert@gondor.apana.org.au 2009-07-15T08:53:33+00:00 b5ebd44eb7559ea6135d536bafd02323d2ef0547 If shash_alloc_instance() fails, we return the wrong error value. This patch fixes it. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
If shash_alloc_instance() fails, we return the wrong error value.
This patch fixes it.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: xcbc - Switch to shash 2009-07-14T04:58:06+00:00 Herbert Xu herbert@gondor.apana.org.au 2009-07-12T04:48:32+00:00 3106caab617c75c9a47706af3a8017318207be2d This patch converts the xcbc algorithm to the new shash type. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
This patch converts the xcbc algorithm to the new shash type.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
[CRYPTO] xcbc: Fix crash when ipsec uses xcbc-mac with big data chunk 2008-04-02T06:36:09+00:00 Joy Latten latten@austin.ibm.com 2008-04-02T06:36:09+00:00 1edcf2e1ee2babb011cfca80ad9d202e9c491669 The kernel crashes when ipsec passes a udp packet of about 14XX bytes of data to aes-xcbc-mac. It seems the first xxxx bytes of the data are in first sg entry, and remaining xx bytes are in next sg entry. But we don't check next sg entry to see if we need to go look the page up. I noticed in hmac.c, we do a scatterwalk_sg_next(), to do this check and possible lookup, thus xcbc.c needs to use this routine too. A 15-hour run of an ipsec stress test sending streams of tcp and udp packets of various sizes, using this patch and aes-xcbc-mac completed successfully, so hopefully this fixes the problem. Signed-off-by: Joy Latten <latten@austin.ibm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
The kernel crashes when ipsec passes a udp packet of about 14XX bytes
of data to aes-xcbc-mac.

It seems the first xxxx bytes of the data are in first sg entry,
and remaining xx bytes are in next sg entry. But we don't 
check next sg entry to see if we need to go look the page up.

I noticed in hmac.c, we do a scatterwalk_sg_next(), to do this check
and possible lookup, thus xcbc.c needs to use this routine too.

A 15-hour run of an ipsec stress test sending streams of tcp and
udp packets of various sizes,  using this patch and 
aes-xcbc-mac completed successfully, so hopefully this fixes the
problem.
 
Signed-off-by: Joy Latten <latten@austin.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>