<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-toradex.git/crypto/ansi_cprng.c, branch v3.14.7</title>
<subtitle>Linux kernel for Apalis and Colibri modules</subtitle>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/'/>
<entry>
<title>crypto: ansi_cprng - Fix off by one error in non-block size request</title>
<updated>2013-09-23T20:02:23+00:00</updated>
<author>
<name>Neil Horman</name>
<email>nhorman@tuxdriver.com</email>
</author>
<published>2013-09-17T12:33:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=714b33d15130cbb5ab426456d4e3de842d6c5b8a'/>
<id>714b33d15130cbb5ab426456d4e3de842d6c5b8a</id>
<content type='text'>
Stephan Mueller reported to me recently a error in random number generation in
the ansi cprng. If several small requests are made that are less than the
instances block size, the remainder for loop code doesn't increment
rand_data_valid in the last iteration, meaning that the last bytes in the
rand_data buffer gets reused on the subsequent smaller-than-a-block request for
random data.

The fix is pretty easy, just re-code the for loop to make sure that
rand_data_valid gets incremented appropriately

Signed-off-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Reported-by: Stephan Mueller &lt;stephan.mueller@atsec.com&gt;
CC: Stephan Mueller &lt;stephan.mueller@atsec.com&gt;
CC: Petr Matousek &lt;pmatouse@redhat.com&gt;
CC: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
CC: "David S. Miller" &lt;davem@davemloft.net&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Stephan Mueller reported to me recently a error in random number generation in
the ansi cprng. If several small requests are made that are less than the
instances block size, the remainder for loop code doesn't increment
rand_data_valid in the last iteration, meaning that the last bytes in the
rand_data buffer gets reused on the subsequent smaller-than-a-block request for
random data.

The fix is pretty easy, just re-code the for loop to make sure that
rand_data_valid gets incremented appropriately

Signed-off-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Reported-by: Stephan Mueller &lt;stephan.mueller@atsec.com&gt;
CC: Stephan Mueller &lt;stephan.mueller@atsec.com&gt;
CC: Petr Matousek &lt;pmatouse@redhat.com&gt;
CC: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
CC: "David S. Miller" &lt;davem@davemloft.net&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: ansi_cprng - use crypto_[un]register_algs</title>
<updated>2012-08-01T09:47:25+00:00</updated>
<author>
<name>Jussi Kivilinna</name>
<email>jussi.kivilinna@mbnet.fi</email>
</author>
<published>2012-07-11T11:20:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=8fc229a51b0e10f4ceb794e8b99fa0a427a7ba41'/>
<id>8fc229a51b0e10f4ceb794e8b99fa0a427a7ba41</id>
<content type='text'>
Combine all crypto_alg to be registered and use new crypto_[un]register_algs
functions. This simplifies init/exit code.

Cc: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Signed-off-by: Jussi Kivilinna &lt;jussi.kivilinna@mbnet.fi&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Combine all crypto_alg to be registered and use new crypto_[un]register_algs
functions. This simplifies init/exit code.

Cc: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Signed-off-by: Jussi Kivilinna &lt;jussi.kivilinna@mbnet.fi&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: ansi_cprng - enforce key != seed in fips mode</title>
<updated>2011-11-09T04:04:06+00:00</updated>
<author>
<name>Jarod Wilson</name>
<email>jarod@redhat.com</email>
</author>
<published>2011-11-09T04:04:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=505172e11f5a0d9916e20e40d3b0a6f87d3a59b6'/>
<id>505172e11f5a0d9916e20e40d3b0a6f87d3a59b6</id>
<content type='text'>
Apparently, NIST is tightening up its requirements for FIPS validation
with respect to RNGs. Its always been required that in fips mode, the
ansi cprng not be fed key and seed material that was identical, but
they're now interpreting FIPS 140-2, section AS07.09 as requiring that
the implementation itself must enforce the requirement. Easy fix, we
just do a memcmp of key and seed in fips_cprng_reset and call it a day.

v2: Per Neil's advice, ensure slen is sufficiently long before we
compare key and seed to avoid looking at potentially unallocated mem.

CC: Stephan Mueller &lt;smueller@atsec.com&gt;
CC: Steve Grubb &lt;sgrubb@redhat.com&gt;
Signed-off-by: Jarod Wilson &lt;jarod@redhat.com&gt;
Acked-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Apparently, NIST is tightening up its requirements for FIPS validation
with respect to RNGs. Its always been required that in fips mode, the
ansi cprng not be fed key and seed material that was identical, but
they're now interpreting FIPS 140-2, section AS07.09 as requiring that
the implementation itself must enforce the requirement. Easy fix, we
just do a memcmp of key and seed in fips_cprng_reset and call it a day.

v2: Per Neil's advice, ensure slen is sufficiently long before we
compare key and seed to avoid looking at potentially unallocated mem.

CC: Stephan Mueller &lt;smueller@atsec.com&gt;
CC: Steve Grubb &lt;sgrubb@redhat.com&gt;
Signed-off-by: Jarod Wilson &lt;jarod@redhat.com&gt;
Acked-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Fix common misspellings</title>
<updated>2011-03-31T14:26:23+00:00</updated>
<author>
<name>Lucas De Marchi</name>
<email>lucas.demarchi@profusion.mobi</email>
</author>
<published>2011-03-31T01:57:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=25985edcedea6396277003854657b5f3cb31a628'/>
<id>25985edcedea6396277003854657b5f3cb31a628</id>
<content type='text'>
Fixes generated by 'codespell' and manually reviewed.

Signed-off-by: Lucas De Marchi &lt;lucas.demarchi@profusion.mobi&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Fixes generated by 'codespell' and manually reviewed.

Signed-off-by: Lucas De Marchi &lt;lucas.demarchi@profusion.mobi&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: ansi_cprng - Move FIPS functions under CONFIG_CRYPTO_FIPS</title>
<updated>2009-11-23T12:25:50+00:00</updated>
<author>
<name>Jaswinder Singh Rajput</name>
<email>jaswinderrajput@gmail.com</email>
</author>
<published>2009-11-23T12:25:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=2f32bfd834d5d7eb230bcbf39aaacccd2a01d767'/>
<id>2f32bfd834d5d7eb230bcbf39aaacccd2a01d767</id>
<content type='text'>
fips_cprng_get_random and fips_cprng_reset is used only by
CONFIG_CRYPTO_FIPS. This also fixes compilation warnings:

 crypto/ansi_cprng.c:360: warning: ‘fips_cprng_get_random’ defined but not used
 crypto/ansi_cprng.c:393: warning: ‘fips_cprng_reset’ defined but not used

Signed-off-by: Jaswinder Singh Rajput &lt;jaswinderrajput@gmail.com&gt;
Acked-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
fips_cprng_get_random and fips_cprng_reset is used only by
CONFIG_CRYPTO_FIPS. This also fixes compilation warnings:

 crypto/ansi_cprng.c:360: warning: ‘fips_cprng_get_random’ defined but not used
 crypto/ansi_cprng.c:393: warning: ‘fips_cprng_reset’ defined but not used

Signed-off-by: Jaswinder Singh Rajput &lt;jaswinderrajput@gmail.com&gt;
Acked-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: ansi_cprng - Fix test in get_prng_bytes</title>
<updated>2009-10-27T10:51:33+00:00</updated>
<author>
<name>Roel Kluin</name>
<email>roel.kluin@gmail.com</email>
</author>
<published>2009-10-27T10:51:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=2024e7d6804b3f6251b28126eceb7f6bf2e3a4e8'/>
<id>2024e7d6804b3f6251b28126eceb7f6bf2e3a4e8</id>
<content type='text'>
size_t nbytes cannot be less than 0 and the test was redundant.

Signed-off-by: Roel Kluin &lt;roel.kluin@gmail.com&gt;
Acked-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
size_t nbytes cannot be less than 0 and the test was redundant.

Signed-off-by: Roel Kluin &lt;roel.kluin@gmail.com&gt;
Acked-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: ansi_cprng - Add FIPS wrapper</title>
<updated>2009-10-19T02:57:02+00:00</updated>
<author>
<name>Neil Horman</name>
<email>nhorman@tuxdriver.com</email>
</author>
<published>2009-10-19T02:57:02+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=667b6294bf088445996c8395b723ae9c9467e72b'/>
<id>667b6294bf088445996c8395b723ae9c9467e72b</id>
<content type='text'>
Patch to add fips(ansi_cprng) alg, which is ansi_cprng plus a continuous test

Signed-off-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Acked-by: Jarod Wilson &lt;jarod@redhat.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Patch to add fips(ansi_cprng) alg, which is ansi_cprng plus a continuous test

Signed-off-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Acked-by: Jarod Wilson &lt;jarod@redhat.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: ansi_cprng - Fix module initialization</title>
<updated>2009-08-29T07:36:25+00:00</updated>
<author>
<name>Steffen Klassert</name>
<email>steffen.klassert@secunet.com</email>
</author>
<published>2009-08-29T07:36:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=a367b17f34e1280270a6b577c11d5ecff093f9ae'/>
<id>a367b17f34e1280270a6b577c11d5ecff093f9ae</id>
<content type='text'>
Return the value we got from crypto_register_alg() instead of
returning 0 in any case.

Signed-off-by: Steffen Klassert &lt;steffen.klassert@secunet.com&gt;
Acked-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Return the value we got from crypto_register_alg() instead of
returning 0 in any case.

Signed-off-by: Steffen Klassert &lt;steffen.klassert@secunet.com&gt;
Acked-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: ansi_prng - alloc cipher just in init</title>
<updated>2009-07-03T04:10:47+00:00</updated>
<author>
<name>Sebastian Andrzej Siewior</name>
<email>sebastian@breakpoint.cc</email>
</author>
<published>2009-07-03T04:10:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=fd09d7facb7cf3a884979eb5f843338ce1ce9b43'/>
<id>fd09d7facb7cf3a884979eb5f843338ce1ce9b43</id>
<content type='text'>
As reported by Eric Sesterhenn the re-allocation of the cipher in reset leads
to:
|BUG: sleeping function called from invalid context at kernel/rwsem.c:21
|in_atomic(): 1, irqs_disabled(): 0, pid: 4926, name: modprobe
|INFO: lockdep is turned off.
|Pid: 4926, comm: modprobe Tainted: G   M 2.6.31-rc1-22297-g5298976 #24
|Call Trace:
| [&lt;c011dd93&gt;] __might_sleep+0xf9/0x101
| [&lt;c0777aa0&gt;] down_read+0x16/0x68
| [&lt;c048bf04&gt;] crypto_alg_lookup+0x16/0x34
| [&lt;c048bf52&gt;] crypto_larval_lookup+0x30/0xf9
| [&lt;c048c038&gt;] crypto_alg_mod_lookup+0x1d/0x62
| [&lt;c048c13e&gt;] crypto_alloc_base+0x1e/0x64
| [&lt;c04bf991&gt;] reset_prng_context+0xab/0x13f
| [&lt;c04e5cfc&gt;] ? __spin_lock_init+0x27/0x51
| [&lt;c04bfce1&gt;] cprng_init+0x2a/0x42
| [&lt;c048bb4c&gt;] __crypto_alloc_tfm+0xfa/0x128
| [&lt;c048c153&gt;] crypto_alloc_base+0x33/0x64
| [&lt;c04933c9&gt;] alg_test_cprng+0x30/0x1f4
| [&lt;c0493329&gt;] alg_test+0x12f/0x19f
| [&lt;c0177f1f&gt;] ? __alloc_pages_nodemask+0x14d/0x481
| [&lt;d09219e2&gt;] do_test+0xf9d/0x163f [tcrypt]
| [&lt;d0920de6&gt;] do_test+0x3a1/0x163f [tcrypt]
| [&lt;d0926035&gt;] tcrypt_mod_init+0x35/0x7c [tcrypt]
| [&lt;c010113c&gt;] _stext+0x54/0x12c
| [&lt;d0926000&gt;] ? tcrypt_mod_init+0x0/0x7c [tcrypt]
| [&lt;c01398a3&gt;] ? up_read+0x16/0x2b
| [&lt;c0139fc4&gt;] ? __blocking_notifier_call_chain+0x40/0x4c
| [&lt;c014ee8d&gt;] sys_init_module+0xa9/0x1bf
| [&lt;c010292b&gt;] sysenter_do_call+0x12/0x32

because a spin lock is held and crypto_alloc_base() may sleep.
There is no reason to re-allocate the cipher, the state is resetted in
-&gt;setkey(). This patches makes the cipher allocation a one time thing and
moves it to init.

Reported-by: Eric Sesterhenn &lt;eric.sesterhenn@lsexperts.de&gt;
Signed-off-by: Sebastian Andrzej Siewior &lt;sebastian@breakpoint.cc&gt;
Acked-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
As reported by Eric Sesterhenn the re-allocation of the cipher in reset leads
to:
|BUG: sleeping function called from invalid context at kernel/rwsem.c:21
|in_atomic(): 1, irqs_disabled(): 0, pid: 4926, name: modprobe
|INFO: lockdep is turned off.
|Pid: 4926, comm: modprobe Tainted: G   M 2.6.31-rc1-22297-g5298976 #24
|Call Trace:
| [&lt;c011dd93&gt;] __might_sleep+0xf9/0x101
| [&lt;c0777aa0&gt;] down_read+0x16/0x68
| [&lt;c048bf04&gt;] crypto_alg_lookup+0x16/0x34
| [&lt;c048bf52&gt;] crypto_larval_lookup+0x30/0xf9
| [&lt;c048c038&gt;] crypto_alg_mod_lookup+0x1d/0x62
| [&lt;c048c13e&gt;] crypto_alloc_base+0x1e/0x64
| [&lt;c04bf991&gt;] reset_prng_context+0xab/0x13f
| [&lt;c04e5cfc&gt;] ? __spin_lock_init+0x27/0x51
| [&lt;c04bfce1&gt;] cprng_init+0x2a/0x42
| [&lt;c048bb4c&gt;] __crypto_alloc_tfm+0xfa/0x128
| [&lt;c048c153&gt;] crypto_alloc_base+0x33/0x64
| [&lt;c04933c9&gt;] alg_test_cprng+0x30/0x1f4
| [&lt;c0493329&gt;] alg_test+0x12f/0x19f
| [&lt;c0177f1f&gt;] ? __alloc_pages_nodemask+0x14d/0x481
| [&lt;d09219e2&gt;] do_test+0xf9d/0x163f [tcrypt]
| [&lt;d0920de6&gt;] do_test+0x3a1/0x163f [tcrypt]
| [&lt;d0926035&gt;] tcrypt_mod_init+0x35/0x7c [tcrypt]
| [&lt;c010113c&gt;] _stext+0x54/0x12c
| [&lt;d0926000&gt;] ? tcrypt_mod_init+0x0/0x7c [tcrypt]
| [&lt;c01398a3&gt;] ? up_read+0x16/0x2b
| [&lt;c0139fc4&gt;] ? __blocking_notifier_call_chain+0x40/0x4c
| [&lt;c014ee8d&gt;] sys_init_module+0xa9/0x1bf
| [&lt;c010292b&gt;] sysenter_do_call+0x12/0x32

because a spin lock is held and crypto_alloc_base() may sleep.
There is no reason to re-allocate the cipher, the state is resetted in
-&gt;setkey(). This patches makes the cipher allocation a one time thing and
moves it to init.

Reported-by: Eric Sesterhenn &lt;eric.sesterhenn@lsexperts.de&gt;
Signed-off-by: Sebastian Andrzej Siewior &lt;sebastian@breakpoint.cc&gt;
Acked-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: ansi_prng - Use just a BH lock</title>
<updated>2009-07-03T04:09:41+00:00</updated>
<author>
<name>Sebastian Andrzej Siewior</name>
<email>sebastian@breakpoint.cc</email>
</author>
<published>2009-07-03T04:09:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=ed94070058033a3c99fe62c90d00c39dc443c679'/>
<id>ed94070058033a3c99fe62c90d00c39dc443c679</id>
<content type='text'>
The current code uses a mix of sping_lock() &amp; spin_lock_irqsave(). This can
lead to deadlock with the correct timming &amp; cprng_get_random() + cprng_reset()
sequence.
I've converted them to bottom half locks since all three user grab just a BH
lock so this runs probably in softirq :)

Signed-off-by: Sebastian Andrzej Siewior &lt;sebastian@breakpoint.cc&gt;
Acked-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The current code uses a mix of sping_lock() &amp; spin_lock_irqsave(). This can
lead to deadlock with the correct timming &amp; cprng_get_random() + cprng_reset()
sequence.
I've converted them to bottom half locks since all three user grab just a BH
lock so this runs probably in softirq :)

Signed-off-by: Sebastian Andrzej Siewior &lt;sebastian@breakpoint.cc&gt;
Acked-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
</feed>
