[PATCH 1/2] crypto: ccm - honour alignmask of subordinate MAC cipher

The CCM driver was recently updated to defer the MAC part of the algorithm to a dedicated crypto transform, and a template for instantiating such transforms was added at the same time. However, this new cbcmac template fails to take the alignmask of the encapsulated cipher into account, which may

[PATCH 2/2] crypto: ccm - drop unnecessary minimum 32-bit alignment

The CCM driver forces 32-bit alignment even if the underlying ciphers don't care about alignment. This is because crypto_xor() used to require this, but since this is no longer the case, drop the hardcoded minimum of 32 bits. Signed-off-by: Ard Biesheuvel ---

Re: [PATCH 1/2] crypto: atmel - refine Kconfig dependencies

On Mon, Feb 06, 2017 at 01:32:15PM +0100, Arnd Bergmann wrote: > With the new authenc support, we get a harmless Kconfig warning: > > warning: (CRYPTO_DEV_ATMEL_AUTHENC) selects CRYPTO_DEV_ATMEL_SHA which has > unmet direct dependencies (CRYPTO && CRYPTO_HW && ARCH_AT91) > > The problem is that

Re: linux-next: build warnings after merge of the crypto tree

On Fri, Feb 10, 2017 at 02:12:51PM +1100, Stephen Rothwell wrote: > > I am still getting these warnings ... I have seen no updates to the > crypot tree since Feb 2. Sorry Stephen. I have now applied Arnd's fixes for this problem and it should be pushed out. Cheers, -- Email: Herbert Xu

Re: [PATCH v3] crypto: aes - add generic time invariant AES cipher

On Thu, Feb 02, 2017 at 04:37:40PM +, Ard Biesheuvel wrote: > Lookup table based AES is sensitive to timing attacks, which is due to > the fact that such table lookups are data dependent, and the fact that > 8 KB worth of tables covers a significant number of cachelines on any > architecture,

Re: [PATCH v4 0/3] Add Broadcom SPU Crypto Driver

On Fri, Feb 03, 2017 at 12:55:31PM -0500, Rob Rice wrote: > Changes in v4: > - Added Rob Herring's Acked-by to patch 1/3 for bindings doc > - In response to Herbert's comment, in ahash_export() and > ahash_import(), only copy the hash state, not state params > related to cipher or aead algos.

Re: [PATCH] crypto: arm64/crc32 - merge CRC32 and PMULL instruction based drivers

On Wed, Feb 01, 2017 at 03:35:40PM +, Ard Biesheuvel wrote: > The PMULL based CRC32 implementation already contains code based on the > separate, optional CRC32 instructions to fallback to when operating on > small quantities of data. We can expose these routines directly on systems > that

Re: [PATCH] crypto: generic/aes - drop alignment requirement

On Thu, Feb 02, 2017 at 03:58:57PM +, Ard Biesheuvel wrote: > The generic AES code exposes a 32-bit align mask, which forces all > users of the code to use temporary buffers or take other measures to > ensure the alignment requirement is adhered to, even on architectures > that don't care

Re: [PATCH v3] crypto: algapi - make crypto_xor() and crypto_inc() alignment agnostic

On Sun, Feb 05, 2017 at 10:06:12AM +, Ard Biesheuvel wrote: > Instead of unconditionally forcing 4 byte alignment for all generic > chaining modes that rely on crypto_xor() or crypto_inc() (which may > result in unnecessary copying of data when the underlying hardware > can perform unaligned

Re: crypto: NULL deref in sha512_mb_mgr_get_comp_job_avx2

On Wed, Feb 01, 2017 at 10:45:02AM -0800, Tim Chen wrote: > > One theory that Mehga and I have is that perhaps the flusher > and regular computaion updates are stepping on each other. > Can you try this patch and see if it helps? Patch applied. Thanks. -- Email: Herbert Xu

Re: [PATCH v3 0/3] crypto: time invariant AES for CCM (and CMAC/XCBC)

On Fri, Feb 03, 2017 at 02:49:34PM +, Ard Biesheuvel wrote: > This series is primarily directed at improving the performance and security > of CCM on the Rasperry Pi 3. This involves splitting the MAC handling of > CCM into a separate driver so that we can efficiently replace it by something >

Re: [PATCH] hwrng: cavium: Use per device name to allow for multiple devices.

On Mon, Feb 06, 2017 at 02:28:46PM -0800, David Daney wrote: > Systems containing the Cavium HW RNG may have one device per NUMA > node. A typical configuration is a 2-node NUMA system, which results > in 2 RNG devices. The hwrng subsystem refuses (and rightly so) to > register more than one

Re: [PATCH] crypto: improve gcc optimization flags for serpent and wp512

On Fri, Feb 03, 2017 at 11:33:23PM +0100, Arnd Bergmann wrote: > An ancient gcc bug (first reported in 2003) has apparently resurfaced > on MIPS, where kernelci.org reports an overly large stack frame in the > whirlpool hash algorithm: > > crypto/wp512.c:987:1: warning: the frame size of 1112

Re: [PATCH v3 0/3] crypto: time invariant AES for CCM (and CMAC/XCBC)

On 11 February 2017 at 10:53, Herbert Xu wrote: > On Fri, Feb 03, 2017 at 02:49:34PM +, Ard Biesheuvel wrote: >> This series is primarily directed at improving the performance and security >> of CCM on the Rasperry Pi 3. This involves splitting the MAC handling of

Re: [PATCH] crypto: arm/aes-ce: assign err return conditionally

On Sat, Feb 11, 2017 at 05:39:46PM +0800, Herbert Xu wrote: > On Wed, Feb 08, 2017 at 02:36:19PM +0100, Nicholas Mc Guire wrote: > > As the err value is not used unless there was an error it can be assigned > > conditionally here. > > > > Signed-off-by: Nicholas Mc Guire > >

Re: [PATCH] crypto: arm/aes-ce: assign err return conditionally

On Wed, Feb 08, 2017 at 02:36:19PM +0100, Nicholas Mc Guire wrote: > As the err value is not used unless there was an error it can be assigned > conditionally here. > > Signed-off-by: Nicholas Mc Guire This patch just adds noise to the commit history. So I'm not going to