summaryrefslogtreecommitdiffstats
path: root/crypto/xcbc.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* crypto: xcbc - Remove VLA usageKees Cook2018-09-041-3/+5
| | | | | | | | | | | | In the quest to remove all stack VLA usage from the kernel[1], this uses the maximum blocksize and adds a sanity check. For xcbc, the blocksize must always be 16, so use that, since it's already being enforced during instantiation. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: replace FSF address with web source in license noticesMartin Kepplinger2017-11-291-2/+1
| | | | | | | | | | | | | A few years ago the FSF moved and "59 Temple Place" is wrong. Having this still in our source files feels old and unmaintained. Let's take the license statement serious and not confuse users. As https://www.gnu.org/licenses/gpl-howto.html suggests, we replace the postal address with "<http://www.gnu.org/licenses/>". Signed-off-by: Martin Kepplinger <martink@posteo.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: include crypto- module prefix in templateKees Cook2014-11-261-0/+1
| | | | | | | | | | | | | | | | | | | This adds the module loading prefix "crypto-" to the template lookup as well. For example, attempting to load 'vfat(blowfish)' via AF_ALG now correctly includes the "crypto-" prefix at every level, correctly rejecting "vfat": net-pf-38 algif-hash crypto-vfat(blowfish) crypto-vfat(blowfish)-all crypto-vfat Reported-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: add module.h to those files that are explicitly using itPaul Gortmaker2011-11-011-0/+1
| | | | | | | | Part of the include cleanups means that the implicit inclusion of module.h via device.h is going away. So fix things up in advance. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
* crypto: xcbc - Fix alignment calculation of xcbc_tfm_ctxSteffen Klassert2009-08-201-3/+5
| | | | | | | | | | | | The alignment calculation of xcbc_tfm_ctx uses alg->cra_alignmask and not alg->cra_alignmask + 1 as it should. This led to frequent crashes during the selftest of xcbc(aes-asm) on x86_64 machines. This patch fixes this. Also we use the alignmask of xcbc and not the alignmask of the underlying algorithm for the alignmnent calculation in xcbc_create now. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: xcbc - Fix shash conversionHerbert Xu2009-07-221-91/+73
| | | | | | | | | | | Although xcbc was converted to shash, it didn't obey the new requirement that all hash state must be stored in the descriptor rather than the transform. This patch fixes this issue and also optimises away the rekeying by precomputing K2 and K3 within setkey. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: xcbc - Use crypto_xorHerbert Xu2009-07-221-16/+6
| | | | | | | This patch replaces the local xor function with the generic crypto_xor function. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: xcbc - Fix incorrect error value when creating instanceHerbert Xu2009-07-151-0/+1
| | | | | | | If shash_alloc_instance() fails, we return the wrong error value. This patch fixes it. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: xcbc - Switch to shashHerbert Xu2009-07-141-148/+87
| | | | | | This patch converts the xcbc algorithm to the new shash type. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* [CRYPTO] xcbc: Fix crash when ipsec uses xcbc-mac with big data chunkJoy Latten2008-04-021-8/+9
| | | | | | | | | | | | | | | | | | | | The kernel crashes when ipsec passes a udp packet of about 14XX bytes of data to aes-xcbc-mac. It seems the first xxxx bytes of the data are in first sg entry, and remaining xx bytes are in next sg entry. But we don't check next sg entry to see if we need to go look the page up. I noticed in hmac.c, we do a scatterwalk_sg_next(), to do this check and possible lookup, thus xcbc.c needs to use this routine too. A 15-hour run of an ipsec stress test sending streams of tcp and udp packets of various sizes, using this patch and aes-xcbc-mac completed successfully, so hopefully this fixes the problem. Signed-off-by: Joy Latten <latten@austin.ibm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* [CRYPTO] xcbc: Fix crash with IPsecJoy Latten2008-03-061-1/+5
| | | | | | | | | | | | | | | | | When using aes-xcbc-mac for authentication in IPsec, the kernel crashes. It seems this algorithm doesn't account for the space IPsec may make in scatterlist for authtag. Thus when crypto_xcbc_digest_update2() gets called, nbytes may be less than sg[i].length. Since nbytes is an unsigned number, it wraps at the end of the loop allowing us to go back into loop and causing crash in memcpy. I used update function in digest.c to model this fix. Please let me know if it looks ok. Signed-off-by: Joy Latten <latten@austin.ibm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* Convert ERR_PTR(PTR_ERR(p)) instances to ERR_CAST(p)David Howells2008-02-071-1/+1
| | | | | | | | | | Convert instances of ERR_PTR(PTR_ERR(p)) to ERR_CAST(p) using: perl -spi -e 's/ERR_PTR[(]PTR_ERR[(](.*)[)][)]/ERR_CAST(\1)/' `grep -rl 'ERR_PTR[(]*PTR_ERR' fs crypto net security` Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* [CRYPTO] xcbc: Remove bogus hash/cipher testHerbert Xu2008-01-101-4/+1
| | | | | | | | | | When setting the digest size xcbc tests to see if the underlying algorithm is a hash. This is silly because we don't allow it to be a hash and we've specifically requested for a cipher. This patch removes the bogus test. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* [CRYPTO] xcbc: Fix algorithm leak when block size check failsHerbert Xu2008-01-101-1/+2
| | | | | | | | | | When the underlying algorithm has a block size other than 16 we abort without freeing it. In fact, we try to return the algorithm itself as an error! This patch plugs the leak and makes it return -EINVAL instead. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* [CRYPTO] scatterwalk: Move scatterwalk.h to linux/cryptoHerbert Xu2008-01-101-1/+1
| | | | | | | | The scatterwalk infrastructure is used by algorithms so it needs to move out of crypto for future users that may live in drivers/crypto or asm/*/crypto. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* [SG] Update crypto/ to sg helpersJens Axboe2007-10-221-1/+1
| | | | Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
* [CRYPTO] templates: Pass type/mask when creating instancesHerbert Xu2007-05-021-3/+9
| | | | | | | | | | | | | This patch passes the type/mask along when constructing instances of templates. This is in preparation for templates that may support multiple types of instances depending on what is requested. For example, the planned software async crypto driver will use this construct. For the moment this allows us to check whether the instance constructed is of the correct type and avoid returning success if the type does not match. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* [CRYPTO] xcbc: Use new cipher interfaceHerbert Xu2007-02-061-14/+16
| | | | | | This patch changes xcbc to use the new cipher encryt_one interface. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* [CRYPTO] api: Add type-safe spawnsHerbert Xu2007-02-061-4/+5
| | | | | | This patch allows spawns of specific types (e.g., cipher) to be allocated. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* [CRYPTO] all: Check for usage in hard IRQ contextHerbert Xu2007-02-061-4/+17
| | | | | | | | | | Using blkcipher/hash crypto operations in hard IRQ context can lead to random memory corruption due to the reuse of kmap_atomic slots. Since crypto operations were never meant to be used in hard IRQ contexts, this patch checks for such usage and returns an error before kmap_atomic is performed. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* [CRYPTO] xcbc: Make needlessly global code staticAdrian Bunk2006-12-071-6/+8
| | | | | | | | | | | | | | | | On Tue, Nov 14, 2006 at 01:41:25AM -0800, Andrew Morton wrote: >... > Changes since 2.6.19-rc5-mm2: >... > git-cryptodev.patch >... > git trees >... This patch makes some needlessly global code static. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* [CRYPTO] xcbc: New algorithmKazunori MIYAZAWA2006-12-071-0/+346
This is core code of XCBC. XCBC is an algorithm that forms a MAC algorithm out of a cipher algorithm. For example, AES-XCBC-MAC is a MAC algorithm based on the AES cipher algorithm. Signed-off-by: Kazunori MIYAZAWA <miyazawa@linux-ipv6.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>