Using non-constant time memcmp() makes the verification of the authentication
tag in the decrypt path vulnerable to timing attacks. Fix this by using
crypto_memneq() instead.
Signed-off-by: David Gstir <da...@sigma-star.at>
---
drivers/crypto/talitos.c | 2 +-
1 file changed, 1 insertion
Using non-constant time memcmp() makes the verification of the authentication
tag in the decrypt path vulnerable to timing attacks. Fix this by using
crypto_memneq() instead.
Signed-off-by: David Gstir <da...@sigma-star.at>
---
drivers/crypto/nx/nx-aes-ccm.c | 2 +-
drivers/crypto/nx/
PrasannaKumar,
> On 06.01.2017, at 10:40, PrasannaKumar Muralidharan
> wrote:
>
>>> I narrowed it down to commit 6e9b5e76882c ("hwrng: geode - Migrate to
>>> managed API") which seems to introduce this. It looks to me like some issue
>>> between devres, the Geode
Hi!
I recently tested kernel v4.9 on my AMD Geode platform and noticed that its AES
hardware driver triggers this warning on initialization:
[1.265708] [ cut here ]
[1.267932] WARNING: CPU: 0 PID: 1 at drivers/base/dd.c:344
driver_probe_device+0x5d/0x1ad
[
r.kernel.org> # 4.8+
Signed-off-by: David Gstir <da...@sigma-star.at>
---
drivers/crypto/caam/caamalg.c | 20 ++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c
index 398807d1b77e..c45b5bf65254
Herbert,
> On 20 Jun 2017, at 03:28, Herbert Xu wrote:
>
> On Mon, Jun 19, 2017 at 10:31:27AM +, Horia Geantă wrote:
>>
>> IIUC, IV update is required only in case of CBC.
>> Since this callback is used also for CTR, we should avoid the copy:
>> if
flags. In most cases we will still use GFP_KERNEL if the flags
CRYPTO_TFM_REQ_MAY_SLEEP or CRYPTO_TFM_REQ_MAY_BACKLOG are set for the
cipher request.
Signed-off-by: David Gstir <da...@sigma-star.at>
---
drivers/crypto/caam/caamalg.c | 29 +
1 file changed, 21 inse
Hi!
While testing fscrypt's filename encryption, I noticed that the implementation
of cts(cbc(aes)) is broken when the CAAM hardware crypto driver is enabled.
Some digging showed that the refactoring of crypto/cts.c in v4.8
(commit 0605c41cc53ca) exposed some problems with CAAM's aes-cbc
) when the CAAM driver is enabled.
This patch fixes the CAAM driver to properly set the IV after the
{en,de}crypt operation of ablkcipher finishes.
Signed-off-by: David Gstir <da...@sigma-star.at>
---
drivers/crypto/caam/caamalg.c | 26 --
1 file changed, 24 inse
Friendly ping. Any feedback on that?
Thanks,
David
> On 2 Jun 2017, at 14:24, David Gstir <da...@sigma-star.at> wrote:
>
> Hi!
>
> While testing fscrypt's filename encryption, I noticed that the implementation
> of cts(cbc(aes)) is broken when the CAAM hardware crypto d
Horia,
> On 16 Jun 2017, at 23:01, Horia Geantă wrote:
>
> On 6/16/2017 11:00 AM, Herbert Xu wrote:
>> On Fri, Jun 16, 2017 at 07:57:00AM +, Horia Geantă wrote:
>>>
>>> Commit 0605c41cc53ca ("crypto: cts - Convert to skcipher") appends
>>> CRYPTO_TFM_REQ_MAY_BACKLOG
Horia,
> On 28 Jun 2017, at 10:32, Horia Geantă wrote:
>
>>> + sg_pcopy_to_buffer(req->dst, nents, req->info, ivsize,
>>> + req->nbytes - ivsize);
>>
>> scatterwalk_map_and_copy() should be used instead.
>>
> David, IIUC this is the only change
> On 08.12.2017, at 03:51, Jason A. Donenfeld wrote:
>
> Hi Eric,
>
> Nice to see more use of ChaCha20. However...
>
> Can we skip over the "sort of worse than XTS, but not having _real_
> authentication sucks anyway in either case, so whatever" and move
> directly to, "linux
13 matches
Mail list logo