aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/cts.c
Commit message (Collapse)AuthorAge
* crypto: cts - Weed out non-CBC algorithmsHerbert Xu2015-01-19
| | | | | | | | The cts algorithm as currently implemented assumes the underlying is a CBC-mode algorithm. So this patch adds a check for that to eliminate bogus combinations of cts with non-CBC modes. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: cts - Remove bogus use of seqivHerbert Xu2015-01-19
| | | | | | | | | The seqiv generator is completely inappropriate for cts as it's designed for IPsec algorithms. Since cts users do not actually use the IV generator we can just fall back to the default. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Maciej ?enczykowski <zenczykowski@gmail.com>
* crypto: include crypto- module prefix in templateKees Cook2014-11-26
| | | | | | | | | | | | | | | | | | | This adds the module loading prefix "crypto-" to the template lookup as well. For example, attempting to load 'vfat(blowfish)' via AF_ALG now correctly includes the "crypto-" prefix at every level, correctly rejecting "vfat": net-pf-38 algif-hash crypto-vfat(blowfish) crypto-vfat(blowfish)-all crypto-vfat Reported-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: memzero_explicit - make sure to clear out sensitive dataDaniel Borkmann2014-10-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Recently, in commit 13aa93c70e71 ("random: add and use memzero_explicit() for clearing data"), we have found that GCC may optimize some memset() cases away when it detects a stack variable is not being used anymore and going out of scope. This can happen, for example, in cases when we are clearing out sensitive information such as keying material or any e.g. intermediate results from crypto computations, etc. With the help of Coccinelle, we can figure out and fix such occurences in the crypto subsytem as well. Julia Lawall provided the following Coccinelle program: @@ type T; identifier x; @@ T x; ... when exists when any -memset +memzero_explicit (&x, -0, ...) ... when != x when strict @@ type T; identifier x; @@ T x[...]; ... when exists when any -memset +memzero_explicit (x, -0, ...) ... when != x when strict Therefore, make use of the drop-in replacement memzero_explicit() for exactly such cases instead of using memset(). Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Cc: Julia Lawall <julia.lawall@lip6.fr> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: Theodore Ts'o <tytso@mit.edu> Cc: Hannes Frederic Sowa <hannes@stressinduktion.org> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
* crypto: use ERR_CASTJulia Lawall2013-02-04
| | | | | | | | | | | | | | | | | | | | Replace PTR_ERR followed by ERR_PTR by ERR_CAST, to be more concise. The semantic patch that makes this change is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ expression err,x; @@ - err = PTR_ERR(x); if (IS_ERR(x)) - return ERR_PTR(err); + return ERR_CAST(x); // </smpl> Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* [CRYPTO] cts: Init SG tablesAlexey Dobriyan2008-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Steps to reproduce: modprobe tcrypt # with CONFIG_DEBUG_SG=y testing cts(cbc(aes)) encryption test 1 (128 bit key): ------------[ cut here ]------------ kernel BUG at include/linux/scatterlist.h:65! invalid opcode: 0000 [1] PREEMPT SMP DEBUG_PAGEALLOC CPU 0 Modules linked in: tea xts twofish twofish_common tcrypt(+) [maaaany] Pid: 16151, comm: modprobe Not tainted 2.6.26-rc4-fat #7 RIP: 0010:[<ffffffffa0bf032e>] [<ffffffffa0bf032e>] :cts:cts_cbc_encrypt+0x151/0x355 RSP: 0018:ffff81016f497a88 EFLAGS: 00010286 RAX: ffffe20009535d58 RBX: ffff81016f497af0 RCX: 0000000087654321 RDX: ffff8100010d4f28 RSI: ffff81016f497ee8 RDI: ffff81016f497ac0 RBP: ffff81016f497c38 R08: 0000000000000000 R09: 0000000000000011 R10: ffffffff00000008 R11: ffff8100010d4f28 R12: ffff81016f497ac0 R13: ffff81016f497b30 R14: 0000000000000010 R15: 0000000000000010 FS: 00007fac6fa276f0(0000) GS:ffffffff8060e000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 00007f12ca7cc000 CR3: 000000016f441000 CR4: 00000000000026e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400 Process modprobe (pid: 16151, threadinfo ffff81016f496000, task ffff8101755b4ae0) Stack: 0000000000000001 ffff81016f496000 ffffffff80719f78 0000000000000001 0000000000000001 ffffffff8020c87c ffff81016f99c918 20646c756f772049 65687420656b696c 0000000000000020 0000000000000000 0000000033341102 Call Trace: [<ffffffff8020c87c>] ? restore_args+0x0/0x30 [<ffffffffa04aa311>] ? :aes_generic:crypto_aes_expand_key+0x311/0x369 [<ffffffff802ab453>] ? check_object+0x15a/0x213 [<ffffffff802aad22>] ? init_object+0x6e/0x76 [<ffffffff802ac3ae>] ? __slab_free+0xfc/0x371 [<ffffffffa0bf05ed>] :cts:crypto_cts_encrypt+0xbb/0xca [<ffffffffa07108de>] ? :crypto_blkcipher:setkey+0xc7/0xec [<ffffffffa07110b8>] :crypto_blkcipher:async_encrypt+0x38/0x3a [<ffffffffa2ce9341>] :tcrypt:test_cipher+0x261/0x7c6 [<ffffffffa2cfd9df>] :tcrypt:tcrypt_mod_init+0x9df/0x1b30 [<ffffffff80261e35>] sys_init_module+0x9e/0x1b2 [<ffffffff8020c15a>] system_call_after_swapgs+0x8a/0x8f Code: 45 c0 e8 aa 24 63 df 48 c1 e8 0c 48 b9 00 00 00 00 00 e2 ff ff 48 8b 55 88 48 6b c0 68 48 01 c8 b9 21 43 65 87 48 39 4d 80 74 04 <0f> 0b eb fe f6 c2 01 74 04 0f 0b eb fe 83 e2 03 4c 89 ef 44 89 RIP [<ffffffffa0bf032e>] :cts:cts_cbc_encrypt+0x151/0x355 RSP <ffff81016f497a88> ---[ end trace e8bahiarjand37fd ]--- Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* [CRYPTO] cts: Add CTS mode required for Kerberos AES supportKevin Coffman2008-04-20
Implement CTS wrapper for CBC mode required for support of AES encryption support for Kerberos (rfc3962). Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>