Re: [kernel-hardening] [PATCH] random: warn when kernel uses unseeded randomness

"Jason A. Donenfeld" writes: > This enables an important dmesg notification about when drivers have > used the crng without it being seeded first. Prior, these errors would > occur silently, and so there hasn't been a great way of diagnosing these > types of bugs for obscure

Re: [PATCH v9 1/2] crypto: skcipher AF_ALG - overhaul memory management

Am Dienstag, 20. Juni 2017, 05:10:42 CEST schrieb Herbert Xu: Hi Herbert, > > + int err = _skcipher_recvmsg(sock, msg, ignored, flags); > > + > > + /* > > +* This error covers -EIOCBQUEUED which implies that we can > > +* only handle one AIO request.

Re: [PATCH] crypto: sun4i-ss: support the Security System PRNG

On Tue, Jun 20, 2017 at 01:45:36PM +0200, Corentin Labbe wrote: > On Tue, Jun 20, 2017 at 11:59:47AM +0200, Maxime Ripard wrote: > > Hi, > > > > On Tue, Jun 20, 2017 at 10:58:19AM +0200, Corentin Labbe wrote: > > > The Security System have a PRNG, this patch add support for it via > > >

[PATCH v10 0/2] crypto: AF_ALG memory management fix

Hi Herbert, Changes v10: - remove hunk in *_poll - *recvmsg: only return error in case of -EIOCBQUEUED and -EBADMSG -- for any other processing error during recvmsg, the processed number of bytes are returned and the processing is terminated With the changes, you will see a lot of code

[PATCH v10 1/2] crypto: skcipher AF_ALG - overhaul memory management

The updated memory management is described in the top part of the code. As one benefit of the changed memory management, the AIO and synchronous operation is now implemented in one common function. The AF_ALG operation uses the async kernel crypto API interface for each cipher operation. Thus, the

[PATCH v10 2/2] crypto: aead AF_ALG - overhaul memory management

The updated memory management is described in the top part of the code. As one benefit of the changed memory management, the AIO and synchronous operation is now implemented in one common function. The AF_ALG operation uses the async kernel crypto API interface for each cipher operation. Thus, the

[PATCH 0/4] Enable full RSA support on CCPs

The following series enables RSA operations on version 5 devices, adds a set-reqsize function (to provide uniformity with other cipher APIs), implements akcipher enablement in the crypto layer, and makes a tweak for expanded v5 device capabilities. --- Gary R Hook (4): crypto: ccp - Fix

[PATCH 3/4] crypto: ccp - Add support for RSA on the CCP

Wire up the v3 CCP as a cipher provider. Signed-off-by: Gary R Hook --- drivers/crypto/ccp/Makefile |1 drivers/crypto/ccp/ccp-crypto-main.c | 21 ++ drivers/crypto/ccp/ccp-crypto-rsa.c | 286 ++

[PATCH 4/4] crypto: ccp - Expand RSA support for a v5 ccp

A V5 device can accommodate larger keys, as well as read the keys directly from memory instead of requiring them to be in a local storage block. Signed-off-by: Gary R Hook --- drivers/crypto/ccp/ccp-crypto-rsa.c |5 - drivers/crypto/ccp/ccp-crypto.h |1 +

[PATCH 1/4] crypto: ccp - Fix base RSA function for version 5 CCPs

Version 5 devices have requirements for buffer lengths, as well as parameter format (e.g. bits vs. bytes). Fix the base CCP driver code to meet requirements all supported versions. Signed-off-by: Gary R Hook --- drivers/crypto/ccp/ccp-dev-v5.c | 10 ++--

[PATCH 2/4] crypto: Add akcipher_set_reqsize() function

Signed-off-by: Gary R Hook --- include/crypto/internal/akcipher.h |6 ++ 1 file changed, 6 insertions(+) diff --git a/include/crypto/internal/akcipher.h b/include/crypto/internal/akcipher.h index 479a0078f0f7..805686ba2be4 100644 ---

[RESEND,PATCH v4 2/5] crypto : stm32 - Add STM32F4 CRC32 support

This patch adds CRC (CRC32 Crypto) support for STM32F4 series. As an hardware limitation polynomial and key setting are not supported. They are fixed as 0x4C11DB7 (poly) and 0x (key). CRC32C Castagnoli algorithm is not used. Signed-off-by: Cosar Dindar

[RESEND,PATCH v4 1/5] dt-bindings : Document the STM32F4 CRC32 binding

Add device tree binding for STM32F4. Signed-off-by: Cosar Dindar --- Changes in V4: - Edited binding explanations. Documentation/devicetree/bindings/crypto/st,stm32-crc.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git

[PATCH] crypto: ccp - Provide a roll-back method for debugfs setup

Signed-off-by: Gary R Hook --- drivers/crypto/ccp/ccp-debugfs.c | 18 +- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/ccp/ccp-debugfs.c b/drivers/crypto/ccp/ccp-debugfs.c index 3cd6c83754e0..99aba1622613 100644 ---

Re: [PATCH] crypto: sun4i-ss: support the Security System PRNG

On Wed, Jun 21, 2017 at 08:48:55AM +0200, Maxime Ripard wrote: > On Tue, Jun 20, 2017 at 01:45:36PM +0200, Corentin Labbe wrote: > > On Tue, Jun 20, 2017 at 11:59:47AM +0200, Maxime Ripard wrote: > > > Hi, > > > > > > On Tue, Jun 20, 2017 at 10:58:19AM +0200, Corentin Labbe wrote: > > > > The

Re: [kernel-hardening] [PATCH] random: warn when kernel uses unseeded randomness

Hi Ted, On Wed, Jun 21, 2017 at 10:38 PM, Theodore Ts'o wrote: > I agree completely with all of this. The following patch replaces the > current topmost patch on the random.git tree: > For developers who want to work on improving this situation, > CONFIG_WARN_UNSEEDED_RANDOM has

AW: Wir geben jährlich Darlehen für 2% Zinsen aus

Wir vergeben Kredite mit einem Zinssatz von jährlich 2%. Die Bearbeitung des Antrags erfolgt rasch, wir verlangen keine Gebühren, was sie beantragen werden wir annehmen. Wir bewilligen Kredite von bis zu 40 Millionen Euro und von mindestens 15.000 Euro. Sie können einen geschäftlichen oder

[RESEND,PATCH v4 0/5] Add support for the STM32F4 CRC32

This patch series add hardware CRC32 ("Ethernet") calculation support for STMicroelectronics STM32F429. Polynomial and key setting are not supported, key is fixed as 0x4C11DB7 and poly is 0x. Module is tested on STM32F429-disco board with crypto testmgr using cases within the key

Re: [PATCH] random: silence compiler warnings and fix race

On Tue, Jun 20, 2017 at 7:38 PM, Theodore Ts'o wrote: > On Tue, Jun 20, 2017 at 11:49:07AM +0200, Jason A. Donenfeld wrote: >> ... >>> I more or less agree with you that we should just turn this on for all >>> users and they'll just have to live with the spam and report odd >>>

XFRM Stats

Hi Crypto/Xfrm Team, I was wondering if there has been any discussion in the past about adding stats in Xfrm to count the packets going in/out of this sub-system? Right now we only have error stats. thanks --Raj

Re: [kernel-hardening] [PATCH] random: warn when kernel uses unseeded randomness

On Wed, Jun 21, 2017 at 04:06:49PM +1000, Michael Ellerman wrote: > All the distro kernels I'm aware of have DEBUG_KERNEL=y. > > Where all includes at least RHEL, SLES, Fedora, Ubuntu & Debian. > > So it's still essentially default y. > > Emitting *one* warning by default would be reasonable.

Re: [PATCH v2 6/6] ima: Support module-style appended signatures for appraisal

Hello Mimi, Thanks for your review, and for queuing the other patches in this series. Mimi Zohar writes: > On Wed, 2017-06-07 at 22:49 -0300, Thiago Jung Bauermann wrote: >> This patch introduces the modsig keyword to the IMA policy syntax to >> specify that a given

[PATCH v6 2/2] crypto: Multikey template for essiv

Just for reference and to get the performance numbers. Not for merging. Depends on the following patches by Gilad: MAINTAINERS: add Gilad BY as maintainer for ccree staging: ccree: add devicetree bindings staging: ccree: add TODO list staging: add ccree crypto driver A multi key template

[PATCH v6 0/2] IV Generation algorithms for dm-crypt

=== dm-crypt optimization for larger block sizes === Currently, the iv generation algorithms are implemented in dm-crypt.c. The goal is to move

Re: [PATCH 3/4] crypto: ccp - Add support for RSA on the CCP

Am Donnerstag, 22. Juni 2017, 00:48:01 CEST schrieb Gary R Hook: Hi Gary, > Wire up the v3 CCP as a cipher provider. > > Signed-off-by: Gary R Hook > --- > drivers/crypto/ccp/Makefile |1 > drivers/crypto/ccp/ccp-crypto-main.c | 21 ++ >

Re: XFRM Stats

Raj Ammanur wrote: > Hi Crypto/Xfrm Team, > > I was wondering if there has been any discussion in the past > about adding stats in Xfrm to count the packets going in/out of > this sub-system? Right now we only have error stats. Have you looked at ip -s x s? Cheers, --

[PATCH v6 1/2] crypto: Add IV generation algorithms

Just for reference. Not for merging. Currently, the iv generation algorithms are implemented in dm-crypt.c. The goal is to move these algorithms from the dm layer to the kernel crypto layer by implementing them as template ciphers so they can be implemented in hardware for performance. As part of

Re: XFRM Stats

oops yes, completely forgot the lifetime stats. Thanks Herbert. I will check this out, but after a rekey, are the stats still preserved? thanks --Raj On Wed, Jun 21, 2017 at 7:42 PM, Herbert Xu wrote: > Raj Ammanur wrote: >> Hi Crypto/Xfrm

Re: [PATCH v2 6/6] ima: Support module-style appended signatures for appraisal

On Wed, 2017-06-21 at 14:45 -0300, Thiago Jung Bauermann wrote: > Hello Mimi, > > Thanks for your review, and for queuing the other patches in this series. > > Mimi Zohar writes: > > On Wed, 2017-06-07 at 22:49 -0300, Thiago Jung Bauermann wrote: > >> This patch

Re: [RFC PATCH] gcm - fix setkey cache coherence issues

On Wed, Jun 21, 2017 at 05:29:21PM +0300, Radu Solea wrote: > Generic GCM is likely to end up using a hardware accelerator to do > part of the job. Allocating hash, iv and result in a contiguous memory > area increases the risk of dma mapping multiple ranges on the same > cacheline. Also having

[RFC PATCH] gcm - fix setkey cache coherence issues

Generic GCM is likely to end up using a hardware accelerator to do part of the job. Allocating hash, iv and result in a contiguous memory area increases the risk of dma mapping multiple ranges on the same cacheline. Also having dma and cpu written data on the same cacheline will cause coherence