Re: [PATCH] crypto: talitos - fix IPsec cipher in length

Le 16/03/2018 à 15:07, Horia Geantă a écrit : On 3/16/2018 2:42 PM, Christophe LEROY wrote: Le 16/03/2018 à 09:48, Horia Geantă a écrit : For SEC 2.x+, cipher in length must contain only the ciphertext length. In case of using hardware ICV checking, the ICV length is provided via the

[PATCH v2] crypto: talitos - fix IPsec cipher in length

For SEC 2.x+, cipher in length must contain only the ciphertext length. In case of using hardware ICV checking, the ICV length is provided via the "extent" field of the descriptor pointer. Cc: # 4.8+ Fixes: 549bd8bc5987 ("crypto: talitos - Implement AEAD for SEC1 using

[PATCH] omap-crypto - fix kernel oops and output buffer update

Hello, In omap_crypto_cleanup(),:     if (orig && (flags & OMAP_CRYPTO_COPY_MASK))         scatterwalk_map_and_copy(buf, orig, offset, len, 1); implies that scatterwalk_map_and_copy() is called if flag is set to OMAP_CRYPTO_SG_COPIED. If the output buffer crosses a page boundary, the

[PATCH v2 net-next 0/6] TLS Rx

TLS tcp socket RX implementation, to match existing TX code. This patchset completes the software TLS socket, allowing full bi-directional communication over TLS using normal socket syscalls, after the handshake has been done in userspace. Only the symmetric encryption is done in the kernel.

[PATCH v2 net-next 5/6] tls: RX path for ktls

Add rx path for tls software implementation. recvmsg, splice_read, and poll implemented. An additional sockopt TLS_RX is added, with the same interface as TLS_TX. Either TLX_RX or TLX_TX may be provided separately, or together (with two different setsockopt calls with appropriate keys).

[PATCH v14 08/10] ntb: ntb_hw_intel: use io-64-nonatomic instead of in-driver hacks

Now that ioread64 and iowrite64 are available in io-64-nonatomic, we can remove the hack at the top of ntb_hw_intel.c and replace it with an include. Signed-off-by: Logan Gunthorpe Reviewed-by: Andy Shevchenko Acked-by: Dave Jiang

[PATCH v14 00/10] Add io{read|write}64 to io-64-atomic headers

This is v14 of my cleanup series to push a number of instances of people defining their own io{read|write}64 functions into common headers seing they don't exist in non-64bit systems. This series adds inline functions to the io-64-nonatomic headers and then cleans up the drivers that defined their

[PATCH v14 10/10] ntb: ntb_hw_switchtec: Cleanup 64bit IO defines to use the common header

Clean up the ifdefs which conditionally defined the io{read|write}64 functions in favour of the new common io-64-nonatomic-lo-hi header. Per a nit from Andy Shevchenko, the include list is also made alphabetical. Signed-off-by: Logan Gunthorpe Reviewed-by: Andy Shevchenko

[PATCH v14 09/10] crypto: caam: cleanup CONFIG_64BIT ifdefs when using io{read|write}64

Clean up the extra ifdefs which defined the wr_reg64 and rd_reg64 functions in non-64bit cases in favour of the new common io-64-nonatomic-lo-hi header. To be consistent with CAAM engine HW spec: in case of 64-bit registers, irrespective of device endianness, the lower address should be read from

[PATCH v14 02/10] iomap: Add big endian sparse annotations to mmio_{read|write}XXbe()

Sparse produces a few warnings of the form: lib/iomap.c:84:9: warning: cast to restricted __be16 (The kbuild robot has recently started running such checks) The warning is not valid because the __raw_readX() and __raw_writeX() functions have an endianess determined by the semantics of whichever

[PATCH v14 01/10] iomap: Use correct endian conversion function in mmio_writeXXbe

The semantics of the iowriteXXbe() functions are to write a value in CPU endianess to an IO register that is known by the caller to be in Big Endian. The mmio_writeXXbe() macro, which is called by iowriteXXbe(), should therefore use cpu_to_beXX() instead of beXX_to_cpu(). Seeing both

[PATCH v14 05/10] powerpc: iomap.c: introduce io{read|write}64_{lo_hi|hi_lo}

These functions will be introduced into the generic iomap.c so they can deal with PIO accesses in hi-lo/lo-hi variants. Thus, the powerpc version of iomap.c will need to provide the same functions even though, in this arch, they are identical to the regular io{read|write}64 functions.

Re: [PATCH v14 02/10] iomap: Add big endian sparse annotations to mmio_{read|write}XXbe()

On Thu, Mar 22, 2018 at 11:16:55AM -0600, Logan Gunthorpe wrote: > Sparse produces a few warnings of the form: > > lib/iomap.c:84:9: warning: cast to restricted __be16 > > (The kbuild robot has recently started running such checks) Reviewed-by: Luc Van Oostenryck

Re: [PATCH 0/9] don't leak pointers to authenc keys

On Wed, Mar 21, 2018 at 07:00:48PM +0200, Tudor Ambarus wrote: > There are few places in crypto where we save pointers to the > authenc keys to a local variable of type struct crypto_authenc_keys > and we don't zeroize it after use. Fix all those cases and don't > leak pointers to the authenc

Re: [PATCH v14 02/10] iomap: Add big endian sparse annotations to mmio_{read|write}XXbe()

On 3/22/2018 11:27 AM, Luc Van Oostenryck wrote: On Thu, Mar 22, 2018 at 11:16:55AM -0600, Logan Gunthorpe wrote: Sparse produces a few warnings of the form: lib/iomap.c:84:9: warning: cast to restricted __be16 (The kbuild robot has recently started running such checks) Reviewed-by: Luc Van

[PATCH] omap-aes - fix crypto cleanup and IV reporting

Hello, omap_aes_(cbc/ctr)(encrypt/decrypt) don't return the updated IV, add the code to do just that at the end of the operation. In omap_aes_done_task(), omap_crypto_cleanup() is called with:     omap_crypto_cleanup(>out_sgl, dd->orig_out, 0, dd->total_save,        

[PATCH v2 net-next 1/6] tls: Generalize zerocopy_from_iter

Refactor zerocopy_from_iter to take arguments for pages and size, such that it can be used for both tx and rx. RX will also support zerocopy direct to output iter, as long as the full message can be copied at once (a large enough userspace buffer was provided). Signed-off-by: Dave Watson

[PATCH v2 net-next 6/6] tls: Add receive path documentation

Add documentation on rx path setup and cmsg interface. Signed-off-by: Dave Watson --- Documentation/networking/tls.txt | 66 ++-- 1 file changed, 64 insertions(+), 2 deletions(-) diff --git a/Documentation/networking/tls.txt

[PATCH v2 net-next 3/6] tls: Pass error code explicitly to tls_err_abort

Pass EBADMSG explicitly to tls_err_abort. Receive path will pass additional codes - EMSGSIZE if framing is larger than max TLS record size, EINVAL if TLS version mismatch. Signed-off-by: Dave Watson --- include/net/tls.h | 6 +++--- net/tls/tls_sw.c | 2 +- 2 files

[PATCH v2 net-next 2/6] tls: Move cipher info to a separate struct

Separate tx crypto parameters to a separate cipher_context struct. The same parameters will be used for rx using the same struct. tls_advance_record_sn is modified to only take the cipher info. Signed-off-by: Dave Watson --- include/net/tls.h | 26 +---

[PATCH v2 net-next 4/6] tls: Refactor variable names

Several config variables are prefixed with tx, drop the prefix since these will be used for both tx and rx. Signed-off-by: Dave Watson --- include/net/tls.h | 2 +- net/tls/tls_main.c | 26 +- 2 files changed, 14 insertions(+), 14 deletions(-) diff

[PATCH v14 04/10] powerpc: io.h: move iomap.h include so that it can use readq/writeq defs

Subsequent patches in this series makes use of the readq and writeq defines in iomap.h. However, as is, they get missed on the powerpc platform seeing the include comes before the define. This patch moves the include down to fix this. Signed-off-by: Logan Gunthorpe Acked-by:

[PATCH v14 07/10] io-64-nonatomic: add io{read|write}64[be]{_lo_hi|_hi_lo} macros

This patch adds generic io{read|write}64[be]{_lo_hi|_hi_lo} macros if they are not already defined by the architecture. (As they are provided by the generic iomap library). The patch also points io{read|write}64[be] to the variant specified by the header name. This is because new drivers are

Re: [PATCH v6 02/12] PKCS#7: Introduce pkcs7_get_message_sig() and verify_pkcs7_message_sig()

Hi Thiago, On Fri, 2018-03-16 at 17:38 -0300, Thiago Jung Bauermann wrote: > IMA will need to know the key that signed a given PKCS#7 message, so add > pkcs7_get_message_sig(). > > It will also need to verify an already parsed PKCS#7 message. For this > purpose, add verify_pkcs7_message_sig()

Re: [PATCH 7/9] crypto: picoxcell - don't leak pointers to authenc keys

On Wed, Mar 21, 2018 at 07:00:55PM +0200, Tudor Ambarus wrote: > Signed-off-by: Tudor Ambarus Reviewed-by: Jamie Iles > --- > drivers/crypto/picoxcell_crypto.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git

Re: [PATCH 1/1] lz4: Implement lz4 with dynamic offset length.

Hi Maninder, Thank you for the patch! Yet something to improve: [auto build test ERROR on linus/master] [also build test ERROR on v4.16-rc6] [cannot apply to next-20180322] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https

Re: [PATCH v6 03/12] PKCS#7: Introduce pkcs7_get_digest()

On Fri, 2018-03-16 at 17:38 -0300, Thiago Jung Bauermann wrote: > IMA will need to access the digest of the PKCS7 message (as calculated by > the kernel) before the signature is verified, so introduce > pkcs7_get_digest() for that purpose. > > Also, modify pkcs7_digest() to detect when the digest

Re: [PATCH 1/1] lz4: Implement lz4 with dynamic offset length.

Hi Maninder, Thank you for the patch! Yet something to improve: [auto build test ERROR on linus/master] [also build test ERROR on v4.16-rc6] [cannot apply to next-20180322] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https

Re: [RFC PATCH] crypto: pcrypt - forbid recursive instantiation

On Sat, Mar 10, 2018 at 03:22:31PM -0800, Eric Biggers wrote: > From: Eric Biggers > > If the pcrypt template is used multiple times in an algorithm, then a > deadlock occurs because all pcrypt instances share the same > padata_instance, which completes requests in the order

crypto: lrw - Free rctx->ext with kzfree

The buffer rctx->ext contains potentially sensitive data and should be freed with kzfree. Cc: Fixes: 700cb3f5fe75 ("crypto: lrw - Convert to skcipher") Reported-by: Dan Carpenter Signed-off-by: Herbert Xu diff

Re: [PATCH 1/5 v4] add compression algorithm zBeWalgo

Hi Philippe, > Actually to be consistent if you want to use GPL-2-0 (and not "or > later") you should use: > > 1. at the top, for a c. file: > // SPDX-License-Identifier: GPL-2.0 > > or for a .h file: > /* SPDX-License-Identifier: GPL-2.0 */ > > The doc explains it all. Including the comment

Re: [PATCH 9/9] crypto: talitos - don't leak pointers to authenc keys

Le 21/03/2018 à 18:00, Tudor Ambarus a écrit : Signed-off-by: Tudor Ambarus Reviewed-by: Christophe Leroy --- drivers/crypto/talitos.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/crypto/talitos.c