Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v4.19.226 2018-04-20T16:58:32Z 2018-04-20T16:58:32Z Salvatore Mesoraca s.mesoraca16@gmail.com 2018-04-09T13:54:46Z urn:sha1:13c935bb09948aef0202574ee12bb089459eb43b In preparation for the removal of VLAs[1] from crypto code. We create 2 new compile-time constants: all ciphers implemented in Linux have a block size less than or equal to 16 bytes and the most demanding hw require 16 bytes alignment for the block buffer. We also enforce these limits in crypto_check_alg when a new cipher is registered. [1] http://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Salvatore Mesoraca <s.mesoraca16@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-03-30T17:32:57Z Herbert Xu herbert@gondor.apana.org.au 2018-03-19T23:41:00Z urn:sha1:4989d4f07a8e738b33a79099ddbdd8e125a4da1b The lookup function in crypto_type was only used for the implicit IV generators which have been completely removed from the crypto API. This patch removes the lookup function as it is now useless. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2017-08-04T01:27:15Z Ard Biesheuvel ard.biesheuvel@linaro.org 2017-07-24T10:28:04Z urn:sha1:45fe93dff2fb58b22de04c729f8447ba0f773d93 There are quite a number of occurrences in the kernel of the pattern if (dst != src) memcpy(dst, src, walk.total % AES_BLOCK_SIZE); crypto_xor(dst, final, walk.total % AES_BLOCK_SIZE); or crypto_xor(keystream, src, nbytes); memcpy(dst, keystream, nbytes); where crypto_xor() is preceded or followed by a memcpy() invocation that is only there because crypto_xor() uses its output parameter as one of the inputs. To avoid having to add new instances of this pattern in the arm64 code, which will be refactored to implement non-SIMD fallbacks, add an alternative implementation called crypto_xor_cpy(), taking separate input and output arguments. This removes the need for the separate memcpy(). Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2017-08-04T01:27:05Z Ard Biesheuvel ard.biesheuvel@linaro.org 2017-07-24T10:28:03Z urn:sha1:a7c391f04fe3259fb0417d71fec78ae28f25780e In preparation of introducing crypto_xor_cpy(), which will use separate operands for input and output, modify the __crypto_xor() implementation, which it will share with the existing crypto_xor(), which provides the actual functionality when not using the inline version. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2017-02-27T10:09:39Z Herbert Xu herbert@gondor.apana.org.au 2017-02-26T04:22:35Z urn:sha1:016df0abc56ec06d0c63c5318ef53e40738dea8b This patch adds crypto_requires_off which is an extension of crypto_requires_sync for similar bits such as NEED_FALLBACK. Cc: stable@vger.kernel.org #4.10 Suggested-by: Marcelo Cerri <marcelo.cerri@canonical.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2017-02-11T09:52:28Z Ard Biesheuvel ard.biesheuvel@linaro.org 2017-02-05T10:06:12Z urn:sha1:db91af0fbe20474cec33263e28d15f5e6b45ebc9 Instead of unconditionally forcing 4 byte alignment for all generic chaining modes that rely on crypto_xor() or crypto_inc() (which may result in unnecessary copying of data when the underlying hardware can perform unaligned accesses efficiently), make those functions deal with unaligned input explicitly, but only if the Kconfig symbol HAVE_EFFICIENT_UNALIGNED_ACCESS is set. This will allow us to drop the alignmasks from the CBC, CMAC, CTR, CTS, PCBC and SEQIV drivers. For crypto_inc(), this simply involves making the 4-byte stride conditional on HAVE_EFFICIENT_UNALIGNED_ACCESS being set, given that it typically operates on 16 byte buffers. For crypto_xor(), an algorithm is implemented that simply runs through the input using the largest strides possible if unaligned accesses are allowed. If they are not, an optimal sequence of memory accesses is emitted that takes the relative alignment of the input buffers into account, e.g., if the relative misalignment of dst and src is 4 bytes, the entire xor operation will be completed using 4 byte loads and stores (modulo unaligned bits at the start and end). Note that all expressions involving misalign are simply eliminated by the compiler when HAVE_EFFICIENT_UNALIGNED_ACCESS is defined. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2016-09-07T13:08:26Z Corentin LABBE clabbe.montjoie@gmail.com 2016-08-31T12:02:57Z urn:sha1:2589ad84047f1dbed741b48785680b152db2e5db This patch move the whole crypto engine API to its own header crypto/engine.h. Signed-off-by: Corentin Labbe <clabbe.montjoie@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2016-07-18T09:35:49Z Herbert Xu herbert@gondor.apana.org.au 2016-07-12T05:17:56Z urn:sha1:4140139734459db4dffc50dad7b9e21ed79a8dd9 When hard preemption is enabled there is no need to explicitly call crypto_yield. This patch eliminates it if that is the case. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2016-07-01T15:45:11Z Herbert Xu herbert@gondor.apana.org.au 2016-06-29T10:04:13Z urn:sha1:32f27c745c26ff4b6351bce265cba049a2c74de5 This patch adds the helper crypto_inst_setname because the current helper crypto_alloc_instance2 is no longer useful given that we now look up the algorithm after we allocate the instance object. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2016-02-06T07:33:20Z Herbert Xu herbert@gondor.apana.org.au 2016-02-01T13:36:54Z urn:sha1:896545098777564212b9e91af4c973f094649aa7 This patch removes all traces of the crypto_hash interface, now that everyone has switched over to shash or ahash. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>