Re: [PATCH v5 3/8] crypto: AF_ALG: add AEAD support
On Sun, Dec 07, 2014 at 11:22:30PM +0100, Stephan Mueller wrote: +static inline bool aead_sufficient_data(struct aead_ctx *ctx) +{ + unsigned as = crypto_aead_authsize(crypto_aead_reqtfm(ctx-aead_req)); + + return (ctx-used = (ctx-aead_assoclen + ctx-enc ? : as )); Is this supposed to be return (ctx-used = (ctx-aead_assoclen + (ctx-enc ?: as))); +static int aead_recvmsg(struct kiocb *unused, struct socket *sock, + struct msghdr *msg, size_t ignored, int flags) +{ ... + err = -ENOMEM; + if (!aead_sufficient_data(ctx)) + goto unlock; You should just block if there is insufficient input. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] crypto: af_alg: fix backlog handling
On Fri, Dec 19, 2014 at 01:36:08PM +0100, Rabin Vincent wrote: If a request is backlogged, it's complete() handler will get called twice: once with -EINPROGRESS, and once with the final error code. af_alg's complete handler, unlike other users, does not handle the -EINPROGRESS but instead always completes the completion that recvmsg() is waiting on. This can lead to a return to user space while the request is still pending in the driver. If userspace closes the sockets before the requests are handled by the driver, this will lead to use-after-frees (and potential crashes) in the kernel due to the tfm having been freed. The crashes can be easily reproduced (for example) by reducing the max queue length in cryptod.c and running the following (from http://www.chronox.de/libkcapi.html) on AES-NI capable hardware: $ while true; do kcapi -x 1 -e -c '__ecb-aes-aesni' \ -k \ -p /dev/null done Signed-off-by: Rabin Vincent rabin.vinc...@axis.com Patch applied to crypto. Thanks! -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: Resend: [PATCH] CRYPTO: atmel_sha: remove unused shash fallback instance
On Fri, Dec 05, 2014 at 01:18:57AM +0100, Svenning Sørensen wrote: [Sorry about the messed up tabs and line wraps in first post; I hope I managed to tame TB this time around] CRYPTO: atmel_sha: remove unused shash fallback instance. The fallback is never used, so there is no point in having it. The cra_exit routine can also be removed, since all it did was releasing the fallback, along with the stub around cra_init, which just added an unused NULL argument. Signed-off-by: Svenning Soerensen s...@secomea.com Patch applied. -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [RESEND][PATCH] crypto: drbg - panic on continuous self test error
On Fri, Dec 05, 2014 at 10:40:21PM +0100, Stephan Mueller wrote: This patch adds a panic if the FIPS 140-2 self test error failed. Note, that entire code is only executed with fips_enabled (i.e. when the kernel is booted with fips=1. It is therefore not executed for 99.9% of all user base. As mathematically such failure cannot occur, this panic should never be triggered. But to comply with NISTs current requirements, an endless loop must be replaced with the panic. When the new version of FIPS 140 will be released, this entire continuous self test function will be ripped out as it will not be needed any more. This patch is functionally equivalent as implemented in ansi_cprng.c and drivers/char/random.c. Signed-off-by: Stephan Mueller smuel...@chronox.de Patch applied. -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: crypto: ablkcipher - fixed style errors in ablkcipher.c
On Fri, Dec 05, 2014 at 02:06:16PM +0900, Joshua I. James wrote: From: Joshua I. James jos...@cybercrimetech.com Fixed style errors reported by checkpatch. WARNING: Missing a blank line after declarations + u8 *end_page = (u8 *)(((unsigned long)(start + len - 1)) PAGE_MASK); + return max(start, end_page); WARNING: line over 80 characters + scatterwalk_start(walk-out, scatterwalk_sg_next(walk-out.sg)); WARNING: Missing a blank line after declarations + int err = ablkcipher_copy_iv(walk, tfm, alignmask); + if (err) ERROR: do not use assignment in if condition + if ((err = crypto_register_instance(tmpl, inst))) { Signed-off-by: Joshua I. James jos...@cybercrimetech.com All five patches applied. -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v5 2/8] crypto: AF_ALG: add setsockopt for auth tag size
On Sun, Dec 07, 2014 at 11:21:42PM +0100, Stephan Mueller wrote: Use setsockopt on the tfm FD to provide the authentication tag size for an AEAD cipher. This is achieved by adding a callback function which is intended to be used by the AEAD AF_ALG implementation. The optlen argument of the setsockopt specifies the authentication tag size to be used with the AEAD tfm. Signed-off-by: Stephan Mueller smuel...@chronox.de Patch applied. -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] crypto: qat - add support for cbc(aes) ablkcipher
On Mon, Dec 08, 2014 at 12:08:49PM -0800, Tadeusz Struk wrote: Add support for cbc(aes) ablkcipher. Signed-off-by: Tadeusz Struk tadeusz.st...@intel.com Acked-by: Bruce W. Allan bruce.w.al...@intel.com Both qat patches applied. -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v3] crypto: algif - Mark sgl end at the end of data
On Mon, Dec 08, 2014 at 12:03:42PM -0800, Tadeusz Struk wrote: Hi, algif_skcipher sends 127 sgl buffers for encryption regardless of how many buffers acctually have data to process, where the few first with valid len and the rest with zero len. This is not very eficient. This patch marks the last one with data as the last one to process. Changes: v2 - use data len to find the last buffer instead of nents in RX list. v3 - Mark/unmark end when data is added and sgl-cur changed. Signed-off-by: Tadeusz Struk tadeusz.st...@intel.com Patch applied. -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v5 REPOST 0/6] fix hw_random stuck
On Mon, Dec 08, 2014 at 04:50:34PM +0800, Amos Kong wrote: When I hotunplug a busy virtio-rng device or try to access hwrng attributes in non-smp guest, it gets stuck. My hotplug tests: | test 0: | hotunplug rng device from qemu monitor | | test 1: | guest) # dd if=/dev/hwrng of=/dev/null | hotunplug rng device from qemu monitor | | test 2: | guest) # dd if=/dev/random of=/dev/null | hotunplug rng device from qemu monitor | | test 4: | guest) # dd if=/dev/hwrng of=/dev/null | cat /sys/devices/virtual/misc/hw_random/rng_* | | test 5: | guest) # dd if=/dev/hwrng of=/dev/null | cancel dd process after 10 seconds | guest) # dd if=/dev/hwrng of=/dev/null | hotunplug rng device from qemu monitor | | test 6: | use a fifo as rng backend, execute test 0 ~ 5 with no input of fifo All applied. Thanks a lot! -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Using separate initcall level for crypto subsystem
Hi, we wanted to add some crypto selftests to the Bluetooth subsystem that checks our usage of the crypto handling we use for Bluetooth Low Energy Legacy Pairing and Secure Connections. Since the Crypto subsystem and Bluetooth subsystem both use subsys_initcall that goes horrible wrong when running it built-in. So I wonder if it would make sense to introduce a crypto_initcall that comes before the subsys_initcall. Any thoughts on this? Regards Marcel -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[0/5] hwrng: Fix kref warning and underlying bugs
On Mon, Dec 22, 2014 at 07:09:56PM -0800, Fengguang Wu wrote: Greetings, 0day kernel testing robot got the below dmesg and the first bad commit is Sigh, looks like more work is needed on this. Here is a series of patches that should fix this along with the underlying issue exposed by it and some other related problems. Thanks, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 1/5] hwrng: core - Use struct completion for cleanup_done
There is no point in doing a manual completion for cleanup_done when struct completion fits in perfectly. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- drivers/char/hw_random/core.c | 12 +++- include/linux/hw_random.h |3 ++- 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.c index 6ec4225..3dba2cf 100644 --- a/drivers/char/hw_random/core.c +++ b/drivers/char/hw_random/core.c @@ -60,7 +60,6 @@ static DEFINE_MUTEX(rng_mutex); static DEFINE_MUTEX(reading_mutex); static int data_avail; static u8 *rng_buffer, *rng_fillbuf; -static DECLARE_WAIT_QUEUE_HEAD(rng_done); static unsigned short current_quality; static unsigned short default_quality; /* = 0; default to off */ @@ -100,10 +99,7 @@ static inline void cleanup_rng(struct kref *kref) if (rng-cleanup) rng-cleanup(rng); - /* cleanup_done should be updated after cleanup finishes */ - smp_wmb(); - rng-cleanup_done = true; - wake_up_all(rng_done); + complete(rng-cleanup_done); } static void set_current_rng(struct hwrng *rng) @@ -498,7 +494,7 @@ int hwrng_register(struct hwrng *rng) add_early_randomness(rng); } - rng-cleanup_done = false; + init_completion(rng-cleanup_done); out_unlock: mutex_unlock(rng_mutex); @@ -532,9 +528,7 @@ void hwrng_unregister(struct hwrng *rng) } else mutex_unlock(rng_mutex); - /* Just in case rng is reading right now, wait. */ - wait_event(rng_done, rng-cleanup_done - atomic_read(rng-ref.refcount) == 0); + wait_for_completion(rng-cleanup_done); } EXPORT_SYMBOL_GPL(hwrng_unregister); diff --git a/include/linux/hw_random.h b/include/linux/hw_random.h index 7832e50..eb7b414 100644 --- a/include/linux/hw_random.h +++ b/include/linux/hw_random.h @@ -12,6 +12,7 @@ #ifndef LINUX_HWRANDOM_H_ #define LINUX_HWRANDOM_H_ +#include linux/completion.h #include linux/types.h #include linux/list.h #include linux/kref.h @@ -46,7 +47,7 @@ struct hwrng { /* internal. */ struct list_head list; struct kref ref; - bool cleanup_done; + struct completion cleanup_done; }; /** Register a new Hardware Random Number Generator driver. */ -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 3/5] hwrng: core - Do not register device opportunistically
Currently we only register the device when a valid RNG is added. However the way it's done is buggy because we test whether there is a current RNG to determine whether we need to register. As the current RNG may be missing due to a reinitialisation error this can lead to a reregistration of the device. As the device already has to handle a NULL current RNG anyway, let's just register the device always and remove the complexity. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- drivers/char/hw_random/core.c | 23 --- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.c index 42827fd..1d342f0 100644 --- a/drivers/char/hw_random/core.c +++ b/drivers/char/hw_random/core.c @@ -372,14 +372,14 @@ static DEVICE_ATTR(rng_available, S_IRUGO, NULL); -static void unregister_miscdev(void) +static void __exit unregister_miscdev(void) { device_remove_file(rng_miscdev.this_device, dev_attr_rng_available); device_remove_file(rng_miscdev.this_device, dev_attr_rng_current); misc_deregister(rng_miscdev); } -static int register_miscdev(void) +static int __init register_miscdev(void) { int err; @@ -484,12 +484,6 @@ int hwrng_register(struct hwrng *rng) if (err) goto out_unlock; set_current_rng(rng); - - err = register_miscdev(); - if (err) { - drop_current_rng(); - goto out_unlock; - } } list_add_tail(rng-list, rng_list); @@ -530,7 +524,6 @@ void hwrng_unregister(struct hwrng *rng) if (list_empty(rng_list)) { mutex_unlock(rng_mutex); - unregister_miscdev(); if (hwrng_fill) kthread_stop(hwrng_fill); } else @@ -540,16 +533,24 @@ void hwrng_unregister(struct hwrng *rng) } EXPORT_SYMBOL_GPL(hwrng_unregister); -static void __exit hwrng_exit(void) +static int __init hwrng_modinit(void) +{ + return register_miscdev(); +} + +static void __exit hwrng_modexit(void) { mutex_lock(rng_mutex); BUG_ON(current_rng); kfree(rng_buffer); kfree(rng_fillbuf); mutex_unlock(rng_mutex); + + unregister_miscdev(); } -module_exit(hwrng_exit); +module_init(hwrng_modinit); +module_exit(hwrng_modexit); MODULE_DESCRIPTION(H/W Random Number Generator (RNG) driver); MODULE_LICENSE(GPL); -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 4/5] hwrng: core - Drop current rng in set_current_rng
Rather than having callers of set_current_rng call drop_current_rng, we can do it directly in set_current_rng. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- drivers/char/hw_random/core.c |3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.c index 1d342f0..787ef42 100644 --- a/drivers/char/hw_random/core.c +++ b/drivers/char/hw_random/core.c @@ -70,6 +70,7 @@ module_param(default_quality, ushort, 0644); MODULE_PARM_DESC(default_quality, default entropy content of hwrng per mill); +static void drop_current_rng(void); static void start_khwrngd(void); static inline int rng_get_data(struct hwrng *rng, u8 *buffer, size_t size, @@ -105,6 +106,7 @@ static inline void cleanup_rng(struct kref *kref) static void set_current_rng(struct hwrng *rng) { BUG_ON(!mutex_is_locked(rng_mutex)); + drop_current_rng(); current_rng = rng; } @@ -315,7 +317,6 @@ static ssize_t hwrng_attr_current_store(struct device *dev, err = hwrng_init(rng); if (err) break; - drop_current_rng(); set_current_rng(rng); err = 0; break; -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html