Hosts the 0x221E linux distro kernel. https://universe.0xinfinity.dev/distro/kernel/atom?h=linux-5.1.y 2019-02-22T04:47:26Z 2019-02-22T04:47:26Z Gustavo A. R. Silva gustavo@embeddedor.com 2019-02-11T18:31:31Z urn:sha1:b5be853181a8d4a6e20f2073ccd273d6280cad88 Add missing break statement in order to prevent the code from falling through to case S_DIN_to_DES. This bug was found thanks to the ongoing efforts to enable -Wimplicit-fallthrough. Fixes: 63ee04c8b491 ("crypto: ccree - add skcipher support") Cc: stable@vger.kernel.org Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2019-01-25T10:41:52Z Eric Biggers ebiggers@google.com 2019-01-19T06:48:00Z urn:sha1:231baecdef7a906579925ccf1bd45aa734f32320 CRYPTO_TFM_REQ_WEAK_KEY confuses newcomers to the crypto API because it sounds like it is requesting a weak key. Actually, it is requesting that weak keys be forbidden (for algorithms that have the notion of "weak keys"; currently only DES and XTS do). Also it is only one letter away from CRYPTO_TFM_RES_WEAK_KEY, with which it can be easily confused. (This in fact happened in the UX500 driver, though just in some debugging messages.) Therefore, make the intent clear by renaming it to CRYPTO_TFM_REQ_FORBID_WEAK_KEYS. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2019-01-25T10:41:51Z Gilad Ben-Yossef gilad@benyossef.com 2019-01-15T13:43:17Z urn:sha1:2b5ac17463dcb2411fed506edcf259a89bb538ba For decryption in CBC mode we need to save the last ciphertext block for use as the next IV. However, we were trying to do this also with zero sized ciphertext resulting in a panic. Fix this by only doing the copy if the ciphertext length is at least of IV size. Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> Cc: stable@vger.kernel.org Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2019-01-25T10:41:51Z Gilad Ben-Yossef gilad@benyossef.com 2019-01-15T13:43:15Z urn:sha1:c139c72e2beb3e3db5148910b3962b7322e24374 We were copying the last ciphertext block into the IV field for CBC before removing the DMA mapping of the output buffer with the result of the buffer sometime being out-of-sync cache wise and were getting intermittent cases of bad output IV. Fix it by moving the DMA buffer unmapping before the copy. Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> Fixes: 00904aa0cd59 ("crypto: ccree - fix iv handling") Cc: <stable@vger.kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-12-07T06:14:59Z Gilad Ben-Yossef gilad@benyossef.com 2018-11-13T09:40:35Z urn:sha1:1c876a90e25398a7396ff4de9074ab530e7892b4 Add support for Arm TrustZone CryptoCell 703. The 703 is a variant of the CryptoCell 713 that supports only algorithms certified by the Chinesse Office of the State Commercial Cryptography Administration (OSCCA). Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-11-09T09:36:49Z Gilad Ben-Yossef gilad@benyossef.com 2018-10-29T09:50:14Z urn:sha1:9b8d51f812ce5c8bfffe440391fe85f6e5349f07 Add support for SM4 cipher in CryptoCell 713. Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-08-03T10:06:05Z Gilad Ben-Yossef gilad@benyossef.com 2018-07-24T14:12:46Z urn:sha1:f53ad3e1b35a558528f6d0041568016d1f623a9d The ccree driver had a sanity check that we are not asked to encrypt an XTS buffer bigger than a sane sector size since XTS IV needs to include the sector number in the IV so this is not expected in any real use case. Unfortunately, this breaks cryptsetup benchmark test which has a synthetic performance test using 64k buffer of data with the same IV. Remove the sanity check and allow the user to hang themselves and/or run benchmarks if they so wish. Reported-by: Geert Uytterhoeven <geert+renesas@glider.be> Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-08-03T10:06:05Z Gilad Ben-Yossef gilad@benyossef.com 2018-07-24T14:12:45Z urn:sha1:e30368f3f3ee72e20aa4b1fdb6ec2c5ddcd7e2d1 In certain error path req_ctx->iv was being freed despite not being allocated because it was not initialized to NULL. Rather than play whack a mole with the structure various field, zero it before use. This fixes a kernel panic that may occur if an invalid buffer size was requested triggering the bug above. Fixes: 63ee04c8b491 ("crypto: ccree - add skcipher support") Reported-by: Geert Uytterhoeven <geert+renesas@glider.be> Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-08-03T10:06:05Z Gilad Ben-Yossef gilad@benyossef.com 2018-07-24T14:12:44Z urn:sha1:f5c19df90ae7fc21d3dcf50af9d6b456aa6b3351 IV generation is not available via the skcipher interface. Remove the left over support of it from the ablkcipher days. Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-08-03T10:06:05Z Gilad Ben-Yossef gilad@benyossef.com 2018-07-24T14:12:43Z urn:sha1:76c9e53e633c8584f752effc4412d395ccf90547 Drop the explicit setting of CRYPTO_ALG_TYPE_AEAD or CRYPTO_ALG_TYPE_SKCIPHER flags during alg registration as they are set anyway by the framework. Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>