user/sven/linux.git/crypto, branch v6.1.151

crypto: xts - Only add ecb if it is not already there

2025-06-27T10:07:06Z

[ Upstream commit 270b6f13454cb7f2f7058c50df64df409c5dcf55 ] Only add ecb to the cipher name if it isn't already ecb. Also use memcmp instead of strncmp since these strings are all stored in an array of length CRYPTO_MAX_ALG_NAME. Fixes: f1c131b45410 ("crypto: xts - Convert to skcipher") Signed-off-by: Herbert Xu Signed-off-by: Sasha Levin

crypto: lrw - Only add ecb if it is not already there

2025-06-27T10:07:06Z

[ Upstream commit 3d73909bddc2ebb3224a8bc2e5ce00e9df70c15d ] Only add ecb to the cipher name if it isn't already ecb. Also use memcmp instead of strncmp since these strings are all stored in an array of length CRYPTO_MAX_ALG_NAME. Fixes: 700cb3f5fe75 ("crypto: lrw - Convert to skcipher") Reported-by: kernel test robot Closes: https://lore.kernel.org/oe-lkp/202505151503.d8a6cf10-lkp@intel.com Signed-off-by: Herbert Xu Signed-off-by: Sasha Levin

crypto: algif_hash - fix double free in hash_accept

2025-06-04T12:40:20Z

commit b2df03ed4052e97126267e8c13ad4204ea6ba9b6 upstream. If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. However, it is also freed in af_alg_release, leading to slab-use-after-free error. Fixes: fe869cdb89c9 ("crypto: algif_hash - User-space interface for hash operations") Cc: Signed-off-by: Ivan Pravdin Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman

crypto: lzo - Fix compression buffer overrun

2025-06-04T12:40:08Z

[ Upstream commit cc47f07234f72cbd8e2c973cdbf2a6730660a463 ] Unlike the decompression code, the compression code in LZO never checked for output overruns. It instead assumes that the caller always provides enough buffer space, disregarding the buffer length provided by the caller. Add a safe compression interface that checks for the end of buffer before each write. Use the safe interface in crypto/lzo. Signed-off-by: Herbert Xu Reviewed-by: David Sterba Signed-off-by: Herbert Xu Signed-off-by: Sasha Levin

crypto: null - Use spin lock instead of mutex

2025-05-02T05:47:01Z

[ Upstream commit dcc47a028c24e793ce6d6efebfef1a1e92f80297 ] As the null algorithm may be freed in softirq context through af_alg, use spin locks instead of mutexes to protect the default null algorithm. Reported-by: syzbot+b3e02953598f447d4d2a@syzkaller.appspotmail.com Signed-off-by: Herbert Xu Signed-off-by: Sasha Levin

crypto: api - Add crypto_clone_tfm

2024-12-14T18:53:51Z

[ Upstream commit 3c3a24cb0ae46c9c45e4ce2272f84f0504831f59 ] This patch adds the helper crypto_clone_tfm. The purpose is to allocate a tfm object with GFP_ATOMIC. As we cannot sleep, the object has to be cloned from an existing tfm object. This allows code paths that cannot otherwise allocate a crypto_tfm object to do so. Once a new tfm has been obtained its key could then be changed without impacting other users. Signed-off-by: Herbert Xu Reviewed-by: Simon Horman Signed-off-by: Herbert Xu Stable-dep-of: 1465036b10be ("llc: Improve setsockopt() handling of malformed user input") Signed-off-by: Sasha Levin

crypto: api - Add crypto_tfm_get

2024-12-14T18:53:51Z

[ Upstream commit ae131f4970f0778f35ed06aeb15bde2fbc1d9619 ] Add a crypto_tfm_get interface to allow tfm objects to be shared. They can still be freed in the usual way. This should only be done with tfm objects with no keys. You must also not modify the tfm flags in any way once it becomes shared. Signed-off-by: Herbert Xu Reviewed-by: Simon Horman Signed-off-by: Herbert Xu Stable-dep-of: 1465036b10be ("llc: Improve setsockopt() handling of malformed user input") Signed-off-by: Sasha Levin

crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY

2024-12-14T18:53:17Z

[ Upstream commit 662f2f13e66d3883b9238b0b96b17886179e60e2 ] Since commit 8f4f68e788c3 ("crypto: pcrypt - Fix hungtask for PADATA_RESET"), the pcrypt encryption and decryption operations return -EAGAIN when the CPU goes online or offline. In alg_test(), a WARN is generated when pcrypt_aead_decrypt() or pcrypt_aead_encrypt() returns -EAGAIN, the unnecessary panic will occur when panic_on_warn set 1. Fix this issue by calling crypto layer directly without parallelization in that case. Fixes: 8f4f68e788c3 ("crypto: pcrypt - Fix hungtask for PADATA_RESET") Signed-off-by: Yi Yang Signed-off-by: Herbert Xu Signed-off-by: Sasha Levin

crypto: api - Fix liveliness check in crypto_alg_tested

2024-11-17T14:07:20Z

[ Upstream commit b81e286ba154a4e0f01a94d99179a97f4ba3e396 ] As algorithm testing is carried out without holding the main crypto lock, it is always possible for the algorithm to go away during the test. So before crypto_alg_tested updates the status of the tested alg, it checks whether it's still on the list of all algorithms. This is inaccurate because it may be off the main list but still on the list of algorithms to be removed. Updating the algorithm status is safe per se as the larval still holds a reference to it. However, killing spawns of other algorithms that are of lower priority is clearly a deficiency as it adds unnecessary churn. Fix the test by checking whether the algorithm is dead. Signed-off-by: Herbert Xu Signed-off-by: Sasha Levin

crypto: simd - Do not call crypto_alloc_tfm during registration

2024-10-17T13:21:39Z

[ Upstream commit 3c44d31cb34ce4eb8311a2e73634d57702948230 ] Algorithm registration is usually carried out during module init, where as little work as possible should be carried out. The SIMD code violated this rule by allocating a tfm, this then triggers a full test of the algorithm which may dead-lock in certain cases. SIMD is only allocating the tfm to get at the alg object, which is in fact already available as it is what we are registering. Use that directly and remove the crypto_alloc_tfm call. Also remove some obsolete and unused SIMD API. Signed-off-by: Herbert Xu Signed-off-by: Sasha Levin