summaryrefslogtreecommitdiff
path: root/crypto
AgeCommit message (Collapse)Author
2015-02-14Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6Linus Torvalds
Pull crypto update from Herbert Xu: "Here is the crypto update for 3.20: - Added 192/256-bit key support to aesni GCM. - Added MIPS OCTEON MD5 support. - Fixed hwrng starvation and race conditions. - Added note that memzero_explicit is not a subsitute for memset. - Added user-space interface for crypto_rng. - Misc fixes" * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (71 commits) crypto: tcrypt - do not allocate iv on stack for aead speed tests crypto: testmgr - limit IV copy length in aead tests crypto: tcrypt - fix buflen reminder calculation crypto: testmgr - mark rfc4106(gcm(aes)) as fips_allowed crypto: caam - fix resource clean-up on error path for caam_jr_init crypto: caam - pair irq map and dispose in the same function crypto: ccp - terminate ccp_support array with empty element crypto: caam - remove unused local variable crypto: caam - remove dead code crypto: caam - don't emit ICV check failures to dmesg hwrng: virtio - drop extra empty line crypto: replace scatterwalk_sg_next with sg_next crypto: atmel - Free memory in error path crypto: doc - remove colons in comments crypto: seqiv - Ensure that IV size is at least 8 bytes crypto: cts - Weed out non-CBC algorithms MAINTAINERS: add linux-crypto to hw random crypto: cts - Remove bogus use of seqiv crypto: qat - don't need qat_auth_state struct crypto: algif_rng - fix sparse non static symbol warning ...
2015-02-10crypto: fix af_alg_make_sg() conversion to iov_iterLinus Torvalds
Commit 1d10eb2f156f ("crypto: switch af_alg_make_sg() to iov_iter") broke af_alg_make_sg() and skcipher_recvmsg() in the process of moving them to the iov_iter interfaces. The 'npages' calculation in the formar calculated the number of *bytes* in the pages, and in the latter case the conversion didn't re-read the value of 'ctx->used' after waiting for it to become non-zero. This reverts to the original code for both these cases. Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: David Miller <davem@davemloft.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-02-04crypto: tcrypt - do not allocate iv on stack for aead speed testsCristian Stoica
See also: 9bac019dad8098a77cce555d929f678e22111783 Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-02-04crypto: testmgr - limit IV copy length in aead testsCristian Stoica
The working copy of IV is the same size as the transformation's IV. It is not necessary to copy more than that from the template since iv_len is usually less than MAX_IVLEN and the rest of the copied data is garbage. Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-02-04crypto: tcrypt - fix buflen reminder calculationCristian Stoica
- This fixes the intent of the code to limit the last scatterlist to either a full PAGE or a fraction of it, depending on the number of pages needed by buflen and the available space advertised by XBUFLEN. The original code always sets the last scatterlist to a fraction of a PAGE because the first 'if' is never executed. - Rearrange the second part of the code to remove the conditional from the loop Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-02-04crypto: switch af_alg_make_sg() to iov_iterAl Viro
With that, all ->sendmsg() instances are converted to iov_iter primitives and are agnostic wrt the kind of iov_iter they are working with. So's the last remaining ->recvmsg() instance that wasn't kind-agnostic yet. All ->sendmsg() and ->recvmsg() advance ->msg_iter by the amount actually copied and none of them modifies the underlying iovec, etc. Cc: linux-crypto@vger.kernel.org Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2015-01-26crypto: testmgr - mark rfc4106(gcm(aes)) as fips_allowedJarod Wilson
This gcm variant is popular for ipsec use, and there are folks who would like to use it while in fips mode. Mark it with fips_allowed=1 to facilitate that. CC: LKML <linux-kernel@vger.kernel.org> CC: Stephan Mueller <smueller@atsec.com> Signed-off-by: Jarod Wilson <jarod@redhat.com> Acked-by: Stephan Mueller <smueller@atsec.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-26crypto: replace scatterwalk_sg_next with sg_nextCristian Stoica
Modify crypto drivers to use the generic SG helper since both of them are equivalent and the one from crypto is redundant. See also: 468577abe37ff7b453a9ac613e0ea155349203ae reverted in b2ab4a57b018aafbba35bff088218f5cc3d2142e Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-20crypto: seqiv - Ensure that IV size is at least 8 bytesHerbert Xu
Since seqiv is designed for IPsec we need to be able to accomodate the whole IPsec sequence number in order to ensure the uniqueness of the IV. This patch forbids any algorithm with an IV size of less than 8 from using it. This should have no impact on existing users since they all have an IV size of 8. Reported-by: Maciej ?enczykowski <zenczykowski@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Maciej ?enczykowski <zenczykowski@gmail.com>
2015-01-20crypto: cts - Weed out non-CBC algorithmsHerbert Xu
The cts algorithm as currently implemented assumes the underlying is a CBC-mode algorithm. So this patch adds a check for that to eliminate bogus combinations of cts with non-CBC modes. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-20crypto: cts - Remove bogus use of seqivHerbert Xu
The seqiv generator is completely inappropriate for cts as it's designed for IPsec algorithms. Since cts users do not actually use the IV generator we can just fall back to the default. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Maciej ?enczykowski <zenczykowski@gmail.com>
2015-01-14crypto: algif_rng - fix sparse non static symbol warningWei Yongjun
Fixes the following sparse warnings: crypto/algif_rng.c:185:13: warning: symbol 'rng_exit' was not declared. Should it be static? Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Acked-by: Stephan Mueller <smueller@chronox.de> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-13crypto: testmgr - don't use interruptible wait in testsRabin Vincent
tcrypt/testmgr uses wait_for_completion_interruptible() everywhere when it waits for a request to be completed. If it's interrupted, then the test is aborted and the request is freed. However, if any of these calls actually do get interrupted, the result will likely be a kernel crash, when the driver handles the now-freed request. Use wait_for_completion() instead. Signed-off-by: Rabin Vincent <rabin.vincent@axis.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-13crypto: add missing crypto module aliasesMathias Krause
Commit 5d26a105b5a7 ("crypto: prefix module autoloading with "crypto-"") changed the automatic module loading when requesting crypto algorithms to prefix all module requests with "crypto-". This requires all crypto modules to have a crypto specific module alias even if their file name would otherwise match the requested crypto algorithm. Even though commit 5d26a105b5a7 added those aliases for a vast amount of modules, it was missing a few. Add the required MODULE_ALIAS_CRYPTO annotations to those files to make them get loaded automatically, again. This fixes, e.g., requesting 'ecb(blowfish-generic)', which used to work with kernels v3.18 and below. Also change MODULE_ALIAS() lines to MODULE_ALIAS_CRYPTO(). The former won't work for crypto modules any more. Fixes: 5d26a105b5a7 ("crypto: prefix module autoloading with "crypto-"") Cc: Kees Cook <keescook@chromium.org> Signed-off-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-05Revert "crypto: drbg - use memzero_explicit() for clearing sensitive data"Herbert Xu
This reverts commit 421d82f5b3e75f94e31875e37d45cdf6a557c120. None of the data zeroed are on the stack so the compiler cannot optimise them away. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-29crypto: algif_rng - enable RNG interface compilationStephan Mueller
Enable compilation of the RNG AF_ALG support and provide a Kconfig option to compile the RNG AF_ALG support. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-29crypto: algif_rng - add random number generator supportStephan Mueller
This patch adds the random number generator support for AF_ALG. A random number generator's purpose is to generate data without requiring the caller to provide any data. Therefore, the AF_ALG interface handler for RNGs only implements a callback handler for recvmsg. The following parameters provided with a recvmsg are processed by the RNG callback handler: * sock - to resolve the RNG context data structure accessing the RNG instance private to the socket * len - this parameter allows userspace callers to specify how many random bytes the RNG shall produce and return. As the kernel context for the RNG allocates a buffer of 128 bytes to store random numbers before copying them to userspace, the len parameter is checked that it is not larger than 128. If a caller wants more random numbers, a new request for recvmsg shall be made. The size of 128 bytes is chose because of the following considerations: * to increase the memory footprint of the kernel too much (note, that would be 128 bytes per open socket) * 128 is divisible by any typical cryptographic block size an RNG may have * A request for random numbers typically only shall supply small amount of data like for keys or IVs that should only require one invocation of the recvmsg function. Note, during instantiation of the RNG, the code checks whether the RNG implementation requires seeding. If so, the RNG is seeded with output from get_random_bytes. A fully working example using all aspects of the RNG interface is provided at http://www.chronox.de/libkcapi.html Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-26crypto: af_alg - zeroize key dataStephan Mueller
alg_setkey should zeroize the sensitive data after use. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-24crypto: octeon - enable OCTEON MD5 module selectionAaro Koskinen
Enable user to select OCTEON MD5 module. Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-22crypto: algif - Mark sgl end at the end of dataTadeusz Struk
algif_skcipher sends 127 sgl buffers for encryption regardless of how many buffers acctually have data to process, where the few first with valid len and the rest with zero len. This is not very eficient. This patch marks the last one with data as the last one to process. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-22crypto: af_alg - add setsockopt for auth tag sizeStephan Mueller
Use setsockopt on the tfm FD to provide the authentication tag size for an AEAD cipher. This is achieved by adding a callback function which is intended to be used by the AEAD AF_ALG implementation. The optlen argument of the setsockopt specifies the authentication tag size to be used with the AEAD tfm. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-22crypto: drbg - panic on continuous self test errorStephan Mueller
This patch adds a panic if the FIPS 140-2 self test error failed. Note, that entire code is only executed with fips_enabled (i.e. when the kernel is booted with fips=1. It is therefore not executed for 99.9% of all user base. As mathematically such failure cannot occur, this panic should never be triggered. But to comply with NISTs current requirements, an endless loop must be replaced with the panic. When the new version of FIPS 140 will be released, this entire continuous self test function will be ripped out as it will not be needed any more. This patch is functionally equivalent as implemented in ansi_cprng.c and drivers/char/random.c. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-22crypto: api - fixed style erro in algapi.cJoshua I. James
Fixed style error identified by checkpatch. WARNING: Missing a blank line after declarations + int err = crypto_remove_alg(&inst->alg, &users); + BUG_ON(err); Signed-off-by: Joshua I. James <joshua@cybercrimetech.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-22crypto: ahash - fixed style error in ahash.cJoshua I. James
Fixed style error identified by checkpatch. WARNING: Missing a blank line after declarations + unsigned int unaligned = alignmask + 1 - (offset & alignmask); + if (nbytes > unaligned) Signed-off-by: Joshua I. James <joshua@cybercrimetech.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-22crypto: af_alg - fixed style error in af_alg.cJoshua I. James
Fixed style error identified by checkpatch. ERROR: space required before the open parenthesis '(' + switch(cmsg->cmsg_type) { Signed-off-by: Joshua I. James <joshua@cybercrimetech.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-22crypto: aead - fixed style error in aead.cJoshua I. James
Fixed style error identified by checkpatch. ERROR: do not use assignment in if condition + if ((err = crypto_register_instance(tmpl, inst))) { Signed-off-by: Joshua I. James <joshua@cybercrimetech.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-22crypto: ablkcipher - fixed style errors in ablkcipher.cJoshua I. James
Fixed style errors reported by checkpatch. WARNING: Missing a blank line after declarations + u8 *end_page = (u8 *)(((unsigned long)(start + len - 1)) & PAGE_MASK); + return max(start, end_page); WARNING: line over 80 characters + scatterwalk_start(&walk->out, scatterwalk_sg_next(walk->out.sg)); WARNING: Missing a blank line after declarations + int err = ablkcipher_copy_iv(walk, tfm, alignmask); + if (err) ERROR: do not use assignment in if condition + if ((err = crypto_register_instance(tmpl, inst))) { Signed-off-by: Joshua I. James <joshua@cybercrimetech.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-22crypto: af_alg - fix backlog handlingRabin Vincent
If a request is backlogged, it's complete() handler will get called twice: once with -EINPROGRESS, and once with the final error code. af_alg's complete handler, unlike other users, does not handle the -EINPROGRESS but instead always completes the completion that recvmsg() is waiting on. This can lead to a return to user space while the request is still pending in the driver. If userspace closes the sockets before the requests are handled by the driver, this will lead to use-after-frees (and potential crashes) in the kernel due to the tfm having been freed. The crashes can be easily reproduced (for example) by reducing the max queue length in cryptod.c and running the following (from http://www.chronox.de/libkcapi.html) on AES-NI capable hardware: $ while true; do kcapi -x 1 -e -c '__ecb-aes-aesni' \ -k 00000000000000000000000000000000 \ -p 00000000000000000000000000000000 >/dev/null & done Cc: stable@vger.kernel.org Signed-off-by: Rabin Vincent <rabin.vincent@axis.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-13Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6Linus Torvalds
Pull crypto update from Herbert Xu: - The crypto API is now documented :) - Disallow arbitrary module loading through crypto API. - Allow get request with empty driver name through crypto_user. - Allow speed testing of arbitrary hash functions. - Add caam support for ctr(aes), gcm(aes) and their derivatives. - nx now supports concurrent hashing properly. - Add sahara support for SHA1/256. - Add ARM64 version of CRC32. - Misc fixes. * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (77 commits) crypto: tcrypt - Allow speed testing of arbitrary hash functions crypto: af_alg - add user space interface for AEAD crypto: qat - fix problem with coalescing enable logic crypto: sahara - add support for SHA1/256 crypto: sahara - replace tasklets with kthread crypto: sahara - add support for i.MX53 crypto: sahara - fix spinlock initialization crypto: arm - replace memset by memzero_explicit crypto: powerpc - replace memset by memzero_explicit crypto: sha - replace memset by memzero_explicit crypto: sparc - replace memset by memzero_explicit crypto: algif_skcipher - initialize upon init request crypto: algif_skcipher - removed unneeded code crypto: algif_skcipher - Fixed blocking recvmsg crypto: drbg - use memzero_explicit() for clearing sensitive data crypto: drbg - use MODULE_ALIAS_CRYPTO crypto: include crypto- module prefix in template crypto: user - add MODULE_ALIAS crypto: sha-mb - remove a bogus NULL check crytpo: qat - Fix 64 bytes requests ...
2014-12-10net: introduce helper macro for_each_cmsghdrGu Zheng
Introduce helper macro for_each_cmsghdr as a wrapper of the enumerating cmsghdr from msghdr, just cleanup. Signed-off-by: Gu Zheng <guz.fnst@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-09put iov_iter into msghdrAl Viro
Note that the code _using_ ->msg_iter at that point will be very unhappy with anything other than unshifted iovec-backed iov_iter. We still need to convert users to proper primitives. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2014-12-05crypto: tcrypt - Allow speed testing of arbitrary hash functionsHerbert Xu
This patch allows the testing of arbitrary hash functions specified by the alg module parameter by using them in mode 300 (for sync hash) and mode 400 (for async hash). For example, you could do modprobe tcrypt mode=300 alg='vmac(aes)' Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-05crypto: af_alg - add user space interface for AEADStephan Mueller
AEAD requires the caller to specify the following information separate from the data stream. This information allows the AEAD interface handler to identify the AAD, ciphertext/plaintext and the authentication tag: * Associated authentication data of arbitrary length and length * Length of authentication tag for encryption Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-02crypto: algif_skcipher - initialize upon init requestStephan Mueller
When using the algif_skcipher, the following call sequence causess a re-initialization: 1. sendmsg with ALG_SET_OP and iov == NULL, iovlen == 0 (i.e initializing the cipher, but not sending data) 2. sendmsg with msg->msg-controllen == 0 and iov != NULL (using the initalized cipher handle by sending data) In step 2, the cipher operation type (encryption or decryption) is reset to always decryption, because the local variable of enc is put into ctx->enc as ctx->user is still zero. The same applies when all send data is processed and ctx->used falls to zero followed by user space to send new data. This patch changes the behavior to only reset the cipher operation type (and the IV) if such configuration request is received. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-01crypto: algif_skcipher - removed unneeded codeStruk, Tadeusz
Remover unneeded code. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-11-28crypto: algif_skcipher - Fixed blocking recvmsgHerbert Xu
As most (all?) users of algif_skcipher are single-threaded and therefore always write before reading from an algif_skcipher socket, they never block and exercise that code-path. It turns out that code path doesn't even work because we never reload ctx->used after waking up so we never even see the new data and immediately return an error (and a loud WARN_ON). This patch fixes this by always reloading ctx->used. Reported-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Stephan Mueller <smueller@chronox.de>
2014-11-27crypto: drbg - use memzero_explicit() for clearing sensitive dataNickolaus Woodruff
Compiler dead store optimization can sometimes remove final calls to memset() used to clear sensitive data at the end of a function. Replace trailing memset() calls with memzero_explicit() to preclude unwanted removal. Signed-off-by: Nickolaus Woodruff <nickolauswoodruff@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-11-26crypto: drbg - use MODULE_ALIAS_CRYPTOStephan Mueller
Use the crypto- prefix for the DRBG implementations. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-11-26crypto: include crypto- module prefix in templateKees Cook
This adds the module loading prefix "crypto-" to the template lookup as well. For example, attempting to load 'vfat(blowfish)' via AF_ALG now correctly includes the "crypto-" prefix at every level, correctly rejecting "vfat": net-pf-38 algif-hash crypto-vfat(blowfish) crypto-vfat(blowfish)-all crypto-vfat Reported-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-11-26crypto: user - add MODULE_ALIASStephan Mueller
To allow automatic loading of the crypto_user kernel module, the netlink MODULE_ALIAS is added. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-11-25crypto: algif - add and use sock_kzfree_s() instead of memzero_explicit()Daniel Borkmann
Commit e1bd95bf7c25 ("crypto: algif - zeroize IV buffer") and 2a6af25befd0 ("crypto: algif - zeroize message digest buffer") added memzero_explicit() calls on buffers that are later on passed back to sock_kfree_s(). This is a discussed follow-up that, instead, extends the sock API and adds sock_kzfree_s(), which internally uses kzfree() instead of kfree() for passing the buffers back to slab. Having sock_kzfree_s() allows to keep the changes more minimal by just having a drop-in replacement instead of adding memzero_explicit() calls everywhere before sock_kfree_s(). In kzfree(), the compiler is not allowed to optimize the memset() away and thus there's no need for memzero_explicit(). Both, sock_kfree_s() and sock_kzfree_s() are wrappers for __sock_kfree_s() and call into kfree() resp. kzfree(); here, __sock_kfree_s() needs to be explicitly inlined as we want the compiler to optimize the call and condition away and thus it produces e.g. on x86_64 the _same_ assembler output for sock_kfree_s() before and after, and thus also allows for avoiding code duplication. Cc: David S. Miller <davem@davemloft.net> Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-11-24crypto: prefix module autoloading with "crypto-"Kees Cook
This prefixes all crypto module loading with "crypto-" so we never run the risk of exposing module auto-loading to userspace via a crypto API, as demonstrated by Mathias Krause: https://lkml.org/lkml/2013/3/4/70 Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-11-24crypto: user - Allow get request with empty driver nameHerbert Xu
Currently all get requests with an empty driver name fail with EINVAL. Since most users actually want to supply an empty driver name this patch removes this check. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-11-24new helper: memcpy_to_msg()Al Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2014-11-24new helper: memcpy_from_msg()Al Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2014-11-12crypto: algif - zeroize IV bufferStephan Mueller
Zeroize the buffer holding the IV used for the completed cipher operation before the buffer is released by the skcipher AF_ALG interface handler. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-11-12crypto: algif - zeroize message digest bufferStephan Mueller
Zeroize the buffer holding the message digest calculated for the consumer before the buffer is released by the hash AF_ALG interface handler. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-11-12Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linuxHerbert Xu
Merging 3.18-rc4 in order to pick up the memzero_explicit helper.
2014-11-10crypto: drbg - add MODULE_ALIAS for all DRBG typesStephan Mueller
The kernel module drbg.ko is currently not loaded automatically when a DRBG is requested by a consumer. This is due to missing MODULE_ALIAS flags for each of the implemented DRBG types. This patch adds aliases for each of the 22 defined DRBGs. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-10-24Merge tag 'random_for_linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random Pull /dev/random updates from Ted Ts'o: "This adds a memzero_explicit() call which is guaranteed not to be optimized away by GCC. This is important when we are wiping cryptographically sensitive material" * tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random: crypto: memzero_explicit - make sure to clear out sensitive data random: add and use memzero_explicit() for clearing data