linux/crypto/skcipher.c, branch v6.7 Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v6.7 2023-10-20T05:39:26Z crypto: skcipher - fix weak key check for lskciphers 2023-10-20T05:39:26Z Eric Biggers ebiggers@google.com 2023-10-13T05:56:13Z urn:sha1:7ec0a09d4e84396b8c3c799b0add4399f5fdb7a6 When an algorithm of the new "lskcipher" type is exposed through the "skcipher" API, calls to crypto_skcipher_setkey() don't pass on the CRYPTO_TFM_REQ_FORBID_WEAK_KEYS flag to the lskcipher. This causes self-test failures for ecb(des), as weak keys are not rejected anymore. Fix this. Fixes: 31865c4c4db2 ("crypto: skcipher - Add lskcipher") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> crypto: skcipher - Add lskcipher 2023-09-20T05:15:29Z Herbert Xu herbert@gondor.apana.org.au 2023-09-14T08:28:24Z urn:sha1:31865c4c4db2b742fec6ccbff80483fa3e7ab9b9 Add a new API type lskcipher designed for taking straight kernel pointers instead of SG lists. Its relationship to skcipher will be analogous to that between shash and ahash. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> crypto: api - Fix CRYPTO_USER checks for report function 2023-05-02T10:22:24Z Ondrej Mosnacek omosnace@redhat.com 2023-05-02T08:02:33Z urn:sha1:b8969a1b69672b163d057e7745ebc915df689211 Checking the config via ifdef incorrectly compiles out the report functions when CRYPTO_USER is set to =m. Fix it by using IS_ENABLED() instead. Fixes: c0f9e01dd266 ("crypto: api - Check CRYPTO_USER instead of NET for report") Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> crypto: api - Check CRYPTO_USER instead of NET for report 2023-03-14T09:06:42Z Herbert Xu herbert@gondor.apana.org.au 2023-02-16T10:35:28Z urn:sha1:c0f9e01dd266b8a8f674d9f6a388972b81be1641 The report function is currently conditionalised on CONFIG_NET. As it's only used by CONFIG_CRYPTO_USER, conditionalising on that instead of CONFIG_NET makes more sense. This gets rid of a rarely used code-path. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> crypto: skcipher - Count error stats differently 2023-03-14T09:06:42Z Herbert Xu herbert@gondor.apana.org.au 2023-02-16T10:35:21Z urn:sha1:1085680bbb7a5235351937bea938c7051b443103 Move all stat code specific to skcipher into the skcipher code. While we're at it, change the stats so that bytes and counts are always incremented even in case of error. This allows the reference counting to be removed as we can now increment the counters prior to the operation. After the operation we simply increase the error count if necessary. This is safe as errors can only occur synchronously (or rather, the existing code already ignored asynchronous errors which are only visible to the callback function). Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> crypto: skcipher - Use scatterwalk (un)map interface for dst and src buffers 2023-01-13T04:11:18Z Ard Biesheuvel ardb@kernel.org 2023-01-02T10:18:46Z urn:sha1:d07bd950b91efb4d6a960347c603f8424a1125d1 The skcipher walk API implementation avoids scatterwalk_map() for mapping the source and destination buffers, and invokes kmap_atomic() directly if the buffer in question is not in low memory (which can only happen on 32-bit architectures). This avoids some overhead on 64-bit architectures, and most notably, permits the skcipher code to run with preemption enabled. Now that scatterwalk_map() has been updated to use kmap_local(), none of this is needed, so we can simply use scatterwalk_map/unmap instead. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> crypto: skcipher - Allow sync algorithms with large request contexts 2022-11-18T08:59:34Z Herbert Xu herbert@gondor.apana.org.au 2022-11-11T10:05:41Z urn:sha1:e6cb02bd0a52457e486a752da5db7b67f2540c16 Some sync algorithms may require a large amount of temporary space during its operations. There is no reason why they should be limited just because some legacy users want to place all temporary data on the stack. Such algorithms can now set a flag to indicate that they need extra request context, which will cause them to be invisible to users that go through the sync_skcipher interface. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> crypto: skcipher - in_irq() cleanup 2021-08-21T07:44:58Z Changbin Du changbin.du@gmail.com 2021-08-14T01:11:14Z urn:sha1:abfc7fad63940b8dfdfd25da6f0fa813d9561645 Replace the obsolete and ambiguos macro in_irq() with new macro in_hardirq(). Signed-off-by: Changbin Du <changbin.du@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> crypto: x86 - remove glue helper module 2021-01-14T06:10:29Z Ard Biesheuvel ardb@kernel.org 2021-01-05T16:48:08Z urn:sha1:64ca771cd6bf48bd01f630ad1440ab151d1d19d5 All dependencies on the x86 glue helper module have been replaced by local instantiations of the new ECB/CBC preprocessor helper macros, so the glue helper module can be retired. Acked-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> crypto: remove cipher routines from public crypto API 2021-01-02T21:41:35Z Ard Biesheuvel ardb@kernel.org 2020-12-11T12:27:15Z urn:sha1:0eb76ba29d16df2951d37c54ca279c4e5630b071 The cipher routines in the crypto API are mostly intended for templates implementing skcipher modes generically in software, and shouldn't be used outside of the crypto subsystem. So move the prototypes and all related definitions to a new header file under include/crypto/internal. Also, let's use the new module namespace feature to move the symbol exports into a new namespace CRYPTO_INTERNAL. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>