user/sven/linux.git/crypto, branch v5.10.239 Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v5.10.239 2025-06-27T10:04:01Z crypto: xts - Only add ecb if it is not already there 2025-06-27T10:04:01Z Herbert Xu herbert@gondor.apana.org.au 2025-05-15T08:34:04Z urn:sha1:3edeae490b85814ac65b6c6b5dee4e12245bd3a7 [ Upstream commit 270b6f13454cb7f2f7058c50df64df409c5dcf55 ] Only add ecb to the cipher name if it isn't already ecb. Also use memcmp instead of strncmp since these strings are all stored in an array of length CRYPTO_MAX_ALG_NAME. Fixes: f1c131b45410 ("crypto: xts - Convert to skcipher") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: lrw - Only add ecb if it is not already there 2025-06-27T10:04:01Z Herbert Xu herbert@gondor.apana.org.au 2025-05-15T08:28:08Z urn:sha1:fee92b8dfaa1695e2d106c6c96e806fc6473a079 [ Upstream commit 3d73909bddc2ebb3224a8bc2e5ce00e9df70c15d ] Only add ecb to the cipher name if it isn't already ecb. Also use memcmp instead of strncmp since these strings are all stored in an array of length CRYPTO_MAX_ALG_NAME. Fixes: 700cb3f5fe75 ("crypto: lrw - Convert to skcipher") Reported-by: kernel test robot <oliver.sang@intel.com> Closes: https://lore.kernel.org/oe-lkp/202505151503.d8a6cf10-lkp@intel.com Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: algif_hash - fix double free in hash_accept 2025-06-04T12:37:07Z Ivan Pravdin ipravdin.official@gmail.com 2025-05-18T22:41:02Z urn:sha1:bf7bba75b91539e93615f560893a599c1e1c98bf commit b2df03ed4052e97126267e8c13ad4204ea6ba9b6 upstream. If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. However, it is also freed in af_alg_release, leading to slab-use-after-free error. Fixes: fe869cdb89c9 ("crypto: algif_hash - User-space interface for hash operations") Cc: <stable@vger.kernel.org> Signed-off-by: Ivan Pravdin <ipravdin.official@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> crypto: null - Use spin lock instead of mutex 2025-05-02T05:41:18Z Herbert Xu herbert@gondor.apana.org.au 2025-02-12T06:10:07Z urn:sha1:e307c54ac8198bf09652c72603ba6e6d97798410 [ Upstream commit dcc47a028c24e793ce6d6efebfef1a1e92f80297 ] As the null algorithm may be freed in softirq context through af_alg, use spin locks instead of mutexes to protect the default null algorithm. Reported-by: syzbot+b3e02953598f447d4d2a@syzkaller.appspotmail.com Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: testmgr - some more fixes to RSA test vectors 2025-03-13T11:47:26Z Ignat Korchagin ignat@cloudflare.com 2022-07-17T13:37:46Z urn:sha1:e4c5b0fc59976eacccc13f67b55b1354196267a6 [ Upstream commit 9d2bb9a74b2877f100637d6ab5685bcd33c69d44 ] Two more fixes: * some test vectors in commit 79e6e2f3f3ff ("crypto: testmgr - populate RSA CRT parameters in RSA test vectors") had misplaced commas, which break the test and trigger KASAN warnings at least on x86-64 * pkcs1pad test vector did not have its CRT parameters Fixes: 79e6e2f3f3ff ("crypto: testmgr - populate RSA CRT parameters in RSA test vectors") Reported-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Ignat Korchagin <ignat@cloudflare.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: testmgr - populate RSA CRT parameters in RSA test vectors 2025-03-13T11:47:26Z Ignat Korchagin ignat@cloudflare.com 2022-07-04T10:38:40Z urn:sha1:c878aed14ae24545e7038189c117fe2ffb193d2b [ Upstream commit 79e6e2f3f3ff345947075341781e900e4f70db81 ] Changes from v1: * replace some accidental spaces with tabs In commit f145d411a67e ("crypto: rsa - implement Chinese Remainder Theorem for faster private key operations") we have started to use the additional primes and coefficients for RSA private key operations. However, these additional parameters are not present (defined as 0 integers) in the RSA test vectors. Some parameters were borrowed from OpenSSL, so I was able to find the source. I could not find the public source for 1 vector though, so had to recover the parameters by implementing Appendix C from [1]. [1]: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Br1.pdf Fixes: f145d411a67e ("crypto: rsa - implement Chinese Remainder Theorem for faster private key operations") Reported-by: Tasmiya Nalatwad <tasmiya@linux.vnet.ibm.com> Signed-off-by: Ignat Korchagin <ignat@cloudflare.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: testmgr - fix version number of RSA tests 2025-03-13T11:47:25Z lei he helei.sig11@bytedance.com 2022-06-24T10:06:25Z urn:sha1:3ac082a0ebd83df876a71571f72072f253a5bd18 [ Upstream commit 0bb8f125253843c445b70fc6ef4fb21aa7b25625 ] According to PKCS#1 standard, the 'otherPrimeInfos' field contains the information for the additional primes r_3, ..., r_u, in order. It shall be omitted if the version is 0 and shall contain at least one instance of OtherPrimeInfo if the version is 1, see: https://www.rfc-editor.org/rfc/rfc3447#page-44 Replace the version number '1' with 0, otherwise, some drivers may not pass the run-time tests. Signed-off-by: lei he <helei.sig11@bytedance.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: testmgr - Fix wrong test case of RSA 2025-03-13T11:47:25Z Lei He helei.sig11@bytedance.com 2021-11-05T12:25:31Z urn:sha1:7ec888b29486c48d9763e40923fbd29a8670511b [ Upstream commit a9887010ed2da3fddaff83ceec80e2b71be8a966 ] According to the BER encoding rules, integer value should be encoded as two's complement, and if the highest bit of a positive integer is 1, should add a leading zero-octet. The kernel's built-in RSA algorithm cannot recognize negative numbers when parsing keys, so it can pass this test case. Export the key to file and run the following command to verify the fix result: openssl asn1parse -inform DER -in /path/to/key/file Signed-off-by: Lei He <helei.sig11@bytedance.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: testmgr - fix wrong key length for pkcs1pad 2025-03-13T11:47:25Z Lei He helei.sig11@bytedance.com 2021-10-22T12:44:43Z urn:sha1:87ea3e293f9585ceb731998b113943d58cdb8da1 [ Upstream commit 39ef08517082a424b5b65c3dbaa6c0fa9d3303b9 ] Fix wrong test data at testmgr.h, it seems to be caused by ignoring the last '\0' when calling sizeof. Signed-off-by: Lei He <helei.sig11@bytedance.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY 2024-12-14T18:47:45Z Yi Yang yiyang13@huawei.com 2024-10-15T02:09:35Z urn:sha1:a92ccd3618e42333ac6f150ecdac14dca298bc7a [ Upstream commit 662f2f13e66d3883b9238b0b96b17886179e60e2 ] Since commit 8f4f68e788c3 ("crypto: pcrypt - Fix hungtask for PADATA_RESET"), the pcrypt encryption and decryption operations return -EAGAIN when the CPU goes online or offline. In alg_test(), a WARN is generated when pcrypt_aead_decrypt() or pcrypt_aead_encrypt() returns -EAGAIN, the unnecessary panic will occur when panic_on_warn set 1. Fix this issue by calling crypto layer directly without parallelization in that case. Fixes: 8f4f68e788c3 ("crypto: pcrypt - Fix hungtask for PADATA_RESET") Signed-off-by: Yi Yang <yiyang13@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org>