Re: [PATCH v2 6/9] staging: ccree: add FIPS support

On Sun, Apr 23, 2017 at 12:48 PM, Gilad Ben-Yossef wrote: > Hi, > > Thank you for the review. > > On Thu, Apr 20, 2017 at 4:39 PM, Stephan Müller wrote: > >>> +/* The function verifies that tdes keys are not weak.*/ >>> +static int

Re: [PATCH] crypto: tcrypt: Zero iv before freeing it

On Sun, Apr 23, 2017 at 09:11:04PM +0200, Stephan Müller wrote: > Am Sonntag, 23. April 2017, 18:12:04 CEST schrieb Codarren Velvindron: > > Hi Codarren, > > > Signed-off-by: Codarren Velvindron > > --- > > crypto/tcrypt.c | 2 +- > > 1 file changed, 1 insertion(+), 1

Re: [PATCH v2 6/9] staging: ccree: add FIPS support

Am Montag, 24. April 2017, 08:06:09 CEST schrieb Gilad Ben-Yossef: Hi Gilad, > > Well, it turns out there is and we do :-) > > This is from crypto/des_generic.c: > > /* > * RFC2451: > * > * For DES-EDE3, there is no known need to reject weak or > * complementation keys. Any weakness

Re: [PATCH v2 6/9] staging: ccree: add FIPS support

Am Montag, 24. April 2017, 08:16:50 CEST schrieb Stephan Müller: Hi Gilad, > > > > int __des3_ede_setkey(u32 *expkey, u32 *flags, const u8 *key, > > > > unsigned int keylen) > > > > However, this does not check that k1 == k3. In this case DES3 > > becomes 2DES (2-keys

Re: [PATCH] crypto: ecc : Wipe memory for p on errors.

On Sun, Apr 23, 2017 at 09:14:18PM +0200, Stephan Müller wrote: > Am Samstag, 22. April 2017, 13:31:34 CEST schrieb Loganaden Velvindron: > > Hi Loganaden, > > > - kfree(p); > > + kzfree(p); > > Why do you think this is necessary? p is not filled in this function as this > function only

Re: [PATCH v2 6/9] staging: ccree: add FIPS support

On Mon, Apr 24, 2017 at 9:16 AM, Stephan Müller wrote: > Am Montag, 24. April 2017, 08:06:09 CEST schrieb Gilad Ben-Yossef: > > Hi Gilad, >> >> Well, it turns out there is and we do :-) >> >> This is from crypto/des_generic.c: >> >> /* >> * RFC2451: >> * >> * For

Re: [PATCH v2 6/9] staging: ccree: add FIPS support

Am Montag, 24. April 2017, 09:04:13 CEST schrieb Gilad Ben-Yossef: Hi Gilad, > > Thanks you for the clarification. As I think is obvious by now I am > not a FIPS expert by any stretch. > > Isn't the requirements on DRBG or KDF invocations pertain to key > generation only? > What happens if you

Re: [PATCH v2 6/9] staging: ccree: add FIPS support

Am Montag, 24. April 2017, 09:07:45 CEST schrieb Gilad Ben-Yossef: Hi Gilad, > I guess we could change the function to indicate that a key is valid > for decryption but not encryption > and have the implementation limiting based on that if there is an > interest in SP800-131A compliance. I

Re: [PATCH 3/6] ima: Simplify policy_func_show.

Am Freitag, 21. April 2017, 09:57:56 BRT schrieb Mimi Zohar: > On Thu, 2017-04-20 at 17:40 -0300, Thiago Jung Bauermann wrote: > > @@ -949,49 +936,16 @@ void ima_policy_stop(struct seq_file *m, void *v) > > > > #define pt(token) policy_tokens[token + Opt_err].pattern > > #define mt(token)

[PATCH v3 3/3] MAINTAINERS: add a maintainer for the Inside Secure crypto driver

A new cryptographic engine driver was added in drivers/crypto/inside-secure. Add myself as a maintainer for this driver. Signed-off-by: Antoine Tenart --- MAINTAINERS | 6 ++ 1 file changed, 6 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index

Re: [PATCH v2] crypto: arm64/sha: Add constant operand modifier to ASM_EXPORT

On Tue, Apr 18, 2017 at 10:34:01AM -0700, Matthias Kaehlcke wrote: > El Tue, Apr 18, 2017 at 04:35:02PM +0100 Ard Biesheuvel ha dit: > > > On 18 April 2017 at 15:47, Paul Gortmaker > > wrote: > > > On Wed, Apr 5, 2017 at 2:34 PM, Matthias Kaehlcke

Re: [PATCH] crypto: algif_aead - Require setkey before accept(2)

Am Montag, 24. April 2017, 10:43:24 CEST schrieb Herbert Xu: Hi Herbert, > On Fri, Apr 21, 2017 at 06:35:07PM +0200, Stephan Müller wrote: > > After checking again, IMHO that is no unreleated cleanup or even a cleanup > > at all. > > > > void *private used to be struct crypto_aead and is now

Re: [Patch V5 1/7] crypto: Multi-buffer encryption infrastructure support

On Thu, Apr 20, 2017 at 01:50:34PM -0700, Megha Dey wrote: > > +static int simd_skcipher_decrypt_mb(struct skcipher_request *req) > +{ > + struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); > + struct simd_skcipher_ctx_mb *ctx = crypto_skcipher_ctx(tfm); > + struct

RE: [PATCH v3 2/3] crypto: inside-secure: add SafeXcel EIP197 crypto engine driver

[...] > + priv->clk = of_clk_get(dev->of_node, 0); > + if (!IS_ERR(priv->clk)) { > + ret = clk_prepare_enable(priv->clk); > + if (ret) { > + dev_err(dev, "unable to enable clk (%d)\n", ret); > + return ret; > + }

Re: [PATCH v3 2/3] crypto: inside-secure: add SafeXcel EIP197 crypto engine driver

Hi Igal, On Mon, Apr 24, 2017 at 08:50:32AM +, Igal Liberman wrote: > [...] > > > + priv->clk = of_clk_get(dev->of_node, 0); > > + if (!IS_ERR(priv->clk)) { > > + ret = clk_prepare_enable(priv->clk); > > + if (ret) { > > + dev_err(dev, "unable to

Re: [PATCH] crypto: algif_aead - Require setkey before accept(2)

On Mon, Apr 24, 2017 at 11:01:50AM +0200, Stephan Müller wrote: > > Shall I send an updated patch with aead_sock_destruct cleared? Yes please. Thanks, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key:

[PATCH v2] crypto: algif_aead - Require setkey before accept(2)

Am Montag, 24. April 2017, 11:03:13 CEST schrieb Herbert Xu: Hi Herbert, > On Mon, Apr 24, 2017 at 11:01:50AM +0200, Stephan Müller wrote: > > Shall I send an updated patch with aead_sock_destruct cleared? > > Yes please. Please find attached v2 with the discussed change. ---8<--- Some

Re: [PATCH v2] crypto: arm64/sha: Add constant operand modifier to ASM_EXPORT

On 24 April 2017 at 09:00, Herbert Xu wrote: > On Tue, Apr 18, 2017 at 10:34:01AM -0700, Matthias Kaehlcke wrote: >> El Tue, Apr 18, 2017 at 04:35:02PM +0100 Ard Biesheuvel ha dit: >> >> > On 18 April 2017 at 15:47, Paul Gortmaker >> >

[PATCH v3 2/3] crypto: inside-secure: add SafeXcel EIP197 crypto engine driver

Add support for Inside Secure SafeXcel EIP197 cryptographic engine, which can be found on Marvell Armada 7k and 8k boards. This driver currently implements: ecb(aes), cbc(aes), sha1, sha224, sha256 and hmac(sah1) algorithms. Two firmwares are needed for this engine to work. Their are mostly used

[PATCH v3 1/3] Documentation/bindings: Document the SafeXel cryptographic engine driver

The Inside Secure Safexcel cryptographic engine is found on some Marvell SoCs (7k/8k). Document the bindings used by its driver. Signed-off-by: Antoine Tenart --- .../bindings/crypto/inside-secure-safexcel.txt | 27 ++ 1 file changed,

[PATCH v3 0/3] arm64: marvell: add cryptographic engine support for 7k/8k

Hi all, This series adds support for the Inside Secure SafeXcel EIP197 cryptographic engine which can be found on Marvell Armada 7k and 8k boards. A new cryptographic engine driver is added, as well as the relevant device tree definition for the Armada 7040 DB and 8040 DB boards. This driver

Re: [PATCH v2] crypto: arm64/sha: Add constant operand modifier to ASM_EXPORT

On Mon, Apr 24, 2017 at 09:04:19AM +0100, Ard Biesheuvel wrote: > > Yes please. OK, patch reverted. Thanks, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH] crypto: algif_aead - Require setkey before accept(2)

On Fri, Apr 21, 2017 at 06:35:07PM +0200, Stephan Müller wrote: > > After checking again, IMHO that is no unreleated cleanup or even a cleanup at > all. > > void *private used to be struct crypto_aead and is now struct aead_tfm. > struct > crypto_aead is found in private->aead. Hence, the

Re: [PATCH 5/7] IB/hfi1: use pcie_flr instead of duplicating it

On 04/24/2017 10:35 AM, Christoph Hellwig wrote: On Mon, Apr 24, 2017 at 02:16:31PM +, Byczkowski, Jakub wrote: Tested-by: Jakub Byczkowski Are you (and Doug) ok with queueing this up in the PCI tree? We are fine however Doug wants to handle it. -Denny

Re: [PATCH v2] crypto: algif_aead - Require setkey before accept(2)

On Mon, Apr 24, 2017 at 11:15:23AM +0200, Stephan Müller wrote: > Am Montag, 24. April 2017, 11:03:13 CEST schrieb Herbert Xu: > > Hi Herbert, > > > On Mon, Apr 24, 2017 at 11:01:50AM +0200, Stephan Müller wrote: > > > Shall I send an updated patch with aead_sock_destruct cleared? > > > > Yes

Re: [PATCH v2] crypto: algif_aead - Require setkey before accept(2)

Am Montag, 24. April 2017, 12:22:39 CEST schrieb Herbert Xu: Hi Herbert, > Patch applied. Thanks. Thank you. The patch regarding the memory management of algif_aead is affected by this change as well. Shall I roll a new version of that patch for algif_aead or do you want me to wait for

Re: [PATCH] crypto: crypto4xx: rename ce_ring_contol to ce_ring_control

On Fri, Apr 21, 2017 at 12:13:49PM +0100, Colin King wrote: > From: Colin Ian King > > trivial spelling mistake, missing r, rename to ce_ring_control > > Signed-off-by: Colin Ian King Patch applied. Thanks. -- Email: Herbert Xu

Re: [PATCH v2 1/2] crypto: scomp - allow registration of multiple scomps

On Fri, Apr 21, 2017 at 09:54:29PM +0100, Giovanni Cabiddu wrote: > Add crypto_register_scomps and crypto_unregister_scomps to allow > the registration of multiple implementations with one call. > > Signed-off-by: Giovanni Cabiddu All applied. Thanks. -- Email:

Re: [PATCH 2/3] crypto: cavium: Remove the individual encrypt/decrypt function for each algorithm

On Fri, Apr 21, 2017 at 11:16:05AM +, George Cherian wrote: > > -int cvm_aes_encrypt_cbc(struct ablkcipher_request *req) > +static inline u32 cvm_cipher_type(const char *name) > { > - return cvm_enc_dec(req, true, AES_CBC); > -} > > -int cvm_aes_decrypt_cbc(struct ablkcipher_request

Re: [PATCH] crypto: Allow ecb(cipher_null) in FIPS mode

Milan Broz wrote: > The cipher_null is not a real cipher, FIPS mode should not restrict its use. > > It is used for several tests (for example in cryptsetup testsuite) and also > temporarily for reencryption of not yet encrypted device in > cryptsetup-reencrypt tool. > >

Re: [PATCH v3 2/3] crypto: inside-secure: add SafeXcel EIP197 crypto engine driver

Am Montag, 24. April 2017, 09:54:06 CEST schrieb Antoine Tenart: Hi Antoine, > +struct safexcel_cipher_ctx { > + struct safexcel_context base; > + struct safexcel_crypto_priv *priv; > + > + enum safexcel_cipher_direction direction; > + u32 mode; > + > + __le32 key[8]; Can

RE: [PATCH 5/7] IB/hfi1: use pcie_flr instead of duplicating it

Tested-by: Jakub Byczkowski -Original Message- From: linux-rdma-ow...@vger.kernel.org [mailto:linux-rdma-ow...@vger.kernel.org] On Behalf Of Christoph Hellwig Sent: Friday, April 14, 2017 9:11 PM To: Bjorn Helgaas ; Cabiddu, Giovanni

[PATCH 1/9] crypto: add hmac IPAD/OPAD constant

Many HMAC users directly use directly 0x36/0x5c values. It's better with crypto to use a name instead of directly some crypto constant. This patch simply add HMAC_IPAD_VALUE/HMAC_OPAD_VALUE defines. Signed-off-by: Corentin Labbe --- crypto/hmac.c | 4 ++--

Re: [PATCH 5/7] IB/hfi1: use pcie_flr instead of duplicating it

On Mon, Apr 24, 2017 at 02:16:31PM +, Byczkowski, Jakub wrote: > Tested-by: Jakub Byczkowski Are you (and Doug) ok with queueing this up in the PCI tree?

[PATCH 9/9] crypto: ccp - Use IPAD/OPAD constant

This patch simply replace all occurrence of HMAC IPAD/OPAD value by their define. Signed-off-by: Corentin Labbe --- drivers/crypto/ccp/ccp-crypto-sha.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/ccp/ccp-crypto-sha.c

[PATCH 6/9] crypto: omap-sham - Use IPAD/OPAD constant

This patch simply replace all occurrence of HMAC IPAD/OPAD value by their define. Signed-off-by: Corentin Labbe --- drivers/crypto/omap-sham.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/omap-sham.c

[PATCH 4/9] crypto: marvell - Use IPAD/OPAD constant

This patch simply replace all occurrence of HMAC IPAD/OPAD value by their define. Signed-off-by: Corentin Labbe --- drivers/crypto/marvell/hash.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/marvell/hash.c

[PATCH 8/9] crypto: mediatek - Use IPAD/OPAD constant

This patch simply replace all occurrence of HMAC IPAD/OPAD value by their define. Signed-off-by: Corentin Labbe --- drivers/crypto/mediatek/mtk-sha.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/mediatek/mtk-sha.c

[PATCH 3/9] crypto: ixp4xx - Use IPAD/OPAD constant

This patch simply replace all occurrence of HMAC IPAD/OPAD value by their define. Signed-off-by: Corentin Labbe --- drivers/crypto/ixp4xx_crypto.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/crypto/ixp4xx_crypto.c b/drivers/crypto/ixp4xx_crypto.c

[PATCH 5/9] crypto: mv_cesa - Use IPAD/OPAD constant

This patch simply replace all occurrence of HMAC IPAD/OPAD value by their define. Signed-off-by: Corentin Labbe --- drivers/crypto/mv_cesa.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/mv_cesa.c b/drivers/crypto/mv_cesa.c

[PATCH 7/9] crypto: qat - Use IPAD/OPAD constant

This patch simply replace all occurrence of HMAC IPAD/OPAD value by their define. Signed-off-by: Corentin Labbe --- drivers/crypto/qat/qat_common/qat_algs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git

[PATCH 2/9] crypto: brcm - Use IPAD/OPAD constant

This patch simply replace all occurrence of HMAC IPAD/OPAD value by their define. Signed-off-by: Corentin Labbe --- drivers/crypto/bcm/cipher.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/bcm/cipher.c

Re: [PATCH 7/7] liquidio: use pcie_flr instead of duplicating it

From: Christoph Hellwig Date: Fri, 14 Apr 2017 21:11:31 +0200 > Signed-off-by: Christoph Hellwig > --- > drivers/net/ethernet/cavium/liquidio/lio_vf_main.c | 15 +-- > 1 file changed, 1 insertion(+), 14 deletions(-) > > diff --git