linux/crypto, branch v3.18

Merge tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random

2014-10-24T19:33:32Z

Pull /dev/random updates from Ted Ts'o: "This adds a memzero_explicit() call which is guaranteed not to be optimized away by GCC. This is important when we are wiping cryptographically sensitive material" * tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random: crypto: memzero_explicit - make sure to clear out sensitive data random: add and use memzero_explicit() for clearing data

crypto: memzero_explicit - make sure to clear out sensitive data

2014-10-17T15:44:07Z

Recently, in commit 13aa93c70e71 ("random: add and use memzero_explicit() for clearing data"), we have found that GCC may optimize some memset() cases away when it detects a stack variable is not being used anymore and going out of scope. This can happen, for example, in cases when we are clearing out sensitive information such as keying material or any e.g. intermediate results from crypto computations, etc. With the help of Coccinelle, we can figure out and fix such occurences in the crypto subsytem as well. Julia Lawall provided the following Coccinelle program: @@ type T; identifier x; @@ T x; ... when exists when any -memset +memzero_explicit (&x, -0, ...) ... when != x when strict @@ type T; identifier x; @@ T x[...]; ... when exists when any -memset +memzero_explicit (x, -0, ...) ... when != x when strict Therefore, make use of the drop-in replacement memzero_explicit() for exactly such cases instead of using memset(). Signed-off-by: Daniel Borkmann Cc: Julia Lawall Cc: Herbert Xu Cc: Theodore Ts'o Cc: Hannes Frederic Sowa Acked-by: Hannes Frederic Sowa Acked-by: Herbert Xu Signed-off-by: Theodore Ts'o

crypto: LLVMLinux: Remove VLAIS usage from crypto/testmgr.c

2014-10-14T08:51:24Z

Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99 compliant equivalent. This patch allocates the appropriate amount of memory using a char array using the SHASH_DESC_ON_STACK macro. The new code can be compiled with both gcc and clang. Signed-off-by: Jan-Simon Möller Signed-off-by: Behan Webster Reviewed-by: Mark Charlebois Acked-by: Herbert Xu Cc: pageexec@freemail.hu

crypto: LLVMLinux: Remove VLAIS usage from crypto/hmac.c

2014-10-14T08:51:23Z

Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

2014-10-12T14:13:55Z

Pull security subsystem updates from James Morris. Mostly ima, selinux, smack and key handling updates. * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (65 commits) integrity: do zero padding of the key id KEYS: output last portion of fingerprint in /proc/keys KEYS: strip 'id:' from ca_keyid KEYS: use swapped SKID for performing partial matching KEYS: Restore partial ID matching functionality for asymmetric keys X.509: If available, use the raw subjKeyId to form the key description KEYS: handle error code encoded in pointer selinux: normalize audit log formatting selinux: cleanup error reporting in selinux_nlmsg_perm() KEYS: Check hex2bin()'s return when generating an asymmetric key ID ima: detect violations for mmaped files ima: fix race condition on ima_rdwr_violation_check and process_measurement ima: added ima_policy_flag variable ima: return an error code from ima_add_boot_aggregate() ima: provide 'ima_appraise=log' kernel option ima: move keyring initialization to ima_init() PKCS#7: Handle PKCS#7 messages that contain no X.509 certs PKCS#7: Better handling of unsupported crypto KEYS: Overhaul key identification when searching for asymmetric keys KEYS: Implement binary asymmetric key ID handling ...

Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

2014-10-08T10:44:48Z

Pull crypto update from Herbert Xu: - add multibuffer infrastructure (single_task_running scheduler helper, OKed by Peter on lkml. - add SHA1 multibuffer implementation for AVX2. - reenable "by8" AVX CTR optimisation after fixing counter overflow. - add APM X-Gene SoC RNG support. - SHA256/SHA512 now handles unaligned input correctly. - set lz4 decompressed length correctly. - fix algif socket buffer allocation failure for 64K page machines. - misc fixes * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (47 commits) crypto: sha - Handle unaligned input data in generic sha256 and sha512. Revert "crypto: aesni - disable "by8" AVX CTR optimization" crypto: aesni - remove unused defines in "by8" variant crypto: aesni - fix counter overflow handling in "by8" variant hwrng: printk replacement crypto: qat - Removed unneeded partial state crypto: qat - Fix typo in name of tasklet_struct crypto: caam - Dynamic allocation of addresses for various memory blocks in CAAM. crypto: mcryptd - Fix typos in CRYPTO_MCRYPTD description crypto: algif - avoid excessive use of socket buffer in skcipher arm64: dts: add random number generator dts node to APM X-Gene platform. Documentation: rng: Add X-Gene SoC RNG driver documentation hwrng: xgene - add support for APM X-Gene SoC RNG support crypto: mv_cesa - Add missing #define crypto: testmgr - add test for lz4 and lz4hc crypto: lz4,lz4hc - fix decompression crypto: qat - Use pci_enable_msix_exact() instead of pci_enable_msix() crypto: drbg - fix maximum value checks on 32 bit systems crypto: drbg - fix sparse warning for cpu_to_be[32|64] crypto: sha-mb - sha1_mb_alg_state can be static ...

Merge branch 'for-linus' of git://ftp.arm.linux.org.uk/~rmk/linux-arm

2014-10-08T09:30:03Z

Pull ARM updates from Russell King: "Included in these updates are: - Performance optimisation to avoid writing the control register at every exception. - Use static inline instead of extern inline in ftrace code. - Crypto ARM assembly updates for big endian - Alignment of initrd/.init memory to page sizes when freeing to ensure that we fully free the regions - Add gcov support - A couple of preparatory patches for VDSO support: use _install_special_mapping, and randomize the sigpage placement above stack. - Add L2 ePAPR DT cache properties so that DT can specify the cache geometry. - Preparatory patch for FIQ (NMI) kernel C code for things like spinlock lockup debug. Following on from this are a couple of my patches cleaning up show_regs() and removing an unused (probably since 1.x days) do_unexp_fiq() function. - Use pr_warn() rather than pr_warning(). - A number of cleanups (smp, footbridge, return_address)" * 'for-linus' of git://ftp.arm.linux.org.uk/~rmk/linux-arm: (21 commits) ARM: 8167/1: extend the reserved memory for initrd to be page aligned ARM: 8168/1: extend __init_end to a page align address ARM: 8169/1: l2c: parse cache properties from ePAPR definitions ARM: 8160/1: drop warning about return_address not using unwind tables ARM: 8161/1: footbridge: select machine dir based on ARCH_FOOTBRIDGE ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h ARM: 8155/1: place sigpage at a random offset above stack ARM: 8154/1: use _install_special_mapping for sigpage ARM: 8153/1: Enable gcov support on the ARM architecture ARM: Avoid writing to control register on every exception ARM: 8152/1: Convert pr_warning to pr_warn ARM: remove unused do_unexp_fiq() function ARM: remove extraneous newline in show_regs() ARM: 8150/3: fiq: Replace default FIQ handler ARM: 8140/1: ep93xx: Enable DEBUG_LL_UART_PL01X ARM: 8139/1: versatile: Enable DEBUG_LL_UART_PL01X ARM: 8138/1: drop ISAR0 workaround for B15 ARM: 8136/1: sa1100: add Micro ASIC platform device ARM: 8131/1: arm/smp: Absorb boot_secondary() ARM: 8126/1: crypto: enable NEON SHA-384/SHA-512 for big endian ...

Merge tag 'dmaengine-3.17' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/dmaengine

2014-10-08T00:39:25Z

Pull dmaengine updates from Dan Williams: "Even though this has fixes marked for -stable, given the size and the needed conflict resolutions this is 3.18-rc1/merge-window material. These patches have been languishing in my tree for a long while. The fact that I do not have the time to do proper/prompt maintenance of this tree is a primary factor in the decision to step down as dmaengine maintainer. That and the fact that the bulk of drivers/dma/ activity is going through Vinod these days. The net_dma removal has not been in -next. It has developed simple conflicts against mainline and net-next (for-3.18). Continuing thanks to Vinod for staying on top of drivers/dma/. Summary: 1/ Step down as dmaengine maintainer see commit 08223d80df38 "dmaengine maintainer update" 2/ Removal of net_dma, as it has been marked 'broken' since 3.13 (commit 77873803363c "net_dma: mark broken"), without reports of performance regression. 3/ Miscellaneous fixes" * tag 'dmaengine-3.17' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/dmaengine: net: make tcp_cleanup_rbuf private net_dma: revert 'copied_early' net_dma: simple removal dmaengine maintainer update dmatest: prevent memory leakage on error path in thread ioat: Use time_before_jiffies() dmaengine: fix xor sources continuation dma: mv_xor: Rename __mv_xor_slot_cleanup() to mv_xor_slot_cleanup() dma: mv_xor: Remove all callers of mv_xor_slot_cleanup() dma: mv_xor: Remove unneeded mv_xor_clean_completed_slots() call ioat: Use pci_enable_msix_exact() instead of pci_enable_msix() drivers: dma: Include appropriate header file in dca.c drivers: dma: Mark functions as static in dma_v3.c dma: mv_xor: Add DMA API error checks ioat/dca: Use dev_is_pci() to check whether it is pci device

KEYS: output last portion of fingerprint in /proc/keys

2014-10-06T16:33:27Z

Previous version of KEYS used to output last 4 bytes of fingerprint. Now it outputs 8 last bytes of raw subject, which does not make any visual meaning at all. This patch restores old behavior. Signed-off-by: Dmitry Kasatkin Signed-off-by: David Howells

KEYS: strip 'id:' from ca_keyid

2014-10-06T16:33:27Z

The 'id:' prefix must be stripped for asymmetric_key_hex_to_key_id() to be able to process ca_keyid. Signed-off-by: Dmitry Kasatkin Signed-off-by: David Howells