linux-toradex.git/crypto/testmgr.c, branch v4.4.151 Linux kernel for Apalis and Colibri modules crypto: testmgr - fix out of bound read in __test_aead() 2017-05-03T04:19:48+00:00 Jerome Marchand jmarchan@redhat.com 2016-02-03T12:58:12+00:00 10fc325c03d2b68bdaa4180a1d5efdbf58c49846 commit abfa7f4357e3640fdee87dfc276fd0f379fb5ae6 upstream. __test_aead() reads MAX_IVLEN bytes from template[i].iv, but the actual length of the initialisation vector can be shorter. The length of the IV is already calculated earlier in the function. Let's just reuses that. Also the IV length is currently calculated several time for no reason. Let's fix that too. This fix an out-of-bound error detected by KASan. Signed-off-by: Jerome Marchand <jmarchan@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Cc: Julia Lawall <julia.lawall@lip6.fr> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit abfa7f4357e3640fdee87dfc276fd0f379fb5ae6 upstream.

__test_aead() reads MAX_IVLEN bytes from template[i].iv, but the
actual length of the initialisation vector can be shorter.
The length of the IV is already calculated earlier in the
function. Let's just reuses that. Also the IV length is currently
calculated several time for no reason. Let's fix that too.
This fix an out-of-bound error detected by KASan.

Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
crypto: testmgr - Use kmalloc memory for RSA input 2016-05-19T00:06:45+00:00 Herbert Xu herbert@gondor.apana.org.au 2016-05-05T08:42:49+00:00 7c712000ba78d26f46d16fcc8ac3a9d827ddb242 commit df27b26f04ed388ff4cc2b5d8cfdb5d97678816f upstream. As akcipher uses an SG interface, you must not use vmalloc memory as input for it. This patch fixes testmgr to copy the vmalloc test vectors to kmalloc memory before running the test. This patch also removes a superfluous sg_virt call in do_test_rsa. Reported-by: Anatoly Pugachev <matorola@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit df27b26f04ed388ff4cc2b5d8cfdb5d97678816f upstream.

As akcipher uses an SG interface, you must not use vmalloc memory
as input for it.  This patch fixes testmgr to copy the vmalloc
test vectors to kmalloc memory before running the test.

This patch also removes a superfluous sg_virt call in do_test_rsa.

Reported-by: Anatoly Pugachev <matorola@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
crypto: keywrap - add testmgr support 2015-10-15T13:05:08+00:00 Stephan Mueller smueller@chronox.de 2015-09-21T18:59:56+00:00 353519887ca3df97c0e60be4fdf05c44e2faca22 The testmanager code for symmetric ciphers is extended to allow verification of the IV after a cipher operation. In addition, test vectors for kw(aes) for encryption and decryption are added. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
The testmanager code for symmetric ciphers is extended to allow
verification of the IV after a cipher operation.

In addition, test vectors for kw(aes) for encryption and decryption are
added.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: testmgr - test IV value after a cipher operation 2015-10-15T13:05:01+00:00 Boris BREZILLON boris.brezillon@free-electrons.com 2015-06-16T09:46:46+00:00 8a826a34a52eef9ea1cb93f49ada358fa7b0bb32 The crypto drivers are supposed to update the IV passed to the crypto request before calling the completion callback. Test for the IV value before considering the test as successful. Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
The crypto drivers are supposed to update the IV passed to the crypto
request before calling the completion callback.
Test for the IV value before considering the test as successful.

Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: akcipher - Changes to asymmetric key API 2015-10-14T14:23:16+00:00 Tadeusz Struk tadeusz.struk@intel.com 2015-10-08T16:26:55+00:00 22287b0b5988b603b5f0daa282c89aaf2b877313 Setkey function has been split into set_priv_key and set_pub_key. Akcipher requests takes sgl for src and dst instead of void *. Users of the API i.e. two existing RSA implementation and test mgr code have been updated accordingly. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
Setkey function has been split into set_priv_key and set_pub_key.
Akcipher requests takes sgl for src and dst instead of void *.
Users of the API i.e. two existing RSA implementation and
test mgr code have been updated accordingly.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: testmgr - Disable fips-allowed for authenc() and des() ciphers 2015-10-01T13:56:57+00:00 John Haxby john.haxby@oracle.com 2015-09-24T17:24:35+00:00 284a0f6e87b0721e1be8bca419893902d9cf577a No authenc() ciphers are FIPS approved, nor is ecb(des). After the end of 2015, ansi_cprng will also be non-approved. Signed-off-by: John Haxby <john.haxby@oracle.com> Acked-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
No authenc() ciphers are FIPS approved, nor is ecb(des).
After the end of 2015, ansi_cprng will also be non-approved.

Signed-off-by: John Haxby <john.haxby@oracle.com>
Acked-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: testmgr - don't copy from source IV too much 2015-09-11T14:09:43+00:00 Andrey Ryabinin aryabinin@virtuozzo.com 2015-09-10T10:11:55+00:00 84cba178a3b88efe2668a9039f70abda072faa21 While the destination buffer 'iv' is MAX_IVLEN size, the source 'template[i].iv' could be smaller, thus memcpy may read read invalid memory. Use crypto_skcipher_ivsize() to get real ivsize and pass it to memcpy. Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
While the destination buffer 'iv' is MAX_IVLEN size,
the source 'template[i].iv' could be smaller, thus
memcpy may read read invalid memory.
Use crypto_skcipher_ivsize() to get real ivsize
and pass it to memcpy.

Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: testmgr - Use new skcipher interface 2015-08-21T14:21:20+00:00 Herbert Xu herbert@gondor.apana.org.au 2015-08-20T07:21:46+00:00 12773d932fc22c60e0d5a20660d564542fab811b This patch replaces uses of blkcipher and ablkcipher with the new skcipher interface. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
This patch replaces uses of blkcipher and ablkcipher with the
new skcipher interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: cmac - allow usage in FIPS mode 2015-08-19T14:59:48+00:00 Stephan Mueller smueller@chronox.de 2015-08-19T06:42:07+00:00 8f183751a8604be5aaf0ad6dedac4890bb6fa0d5 CMAC is an approved cipher in FIPS 140-2. The patch allows the use of CMAC with TDES and AES in FIPS mode. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
CMAC is an approved cipher in FIPS 140-2. The patch allows the use
of CMAC with TDES and AES in FIPS mode.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: testmgr - Reenable authenc tests 2015-08-04T12:45:34+00:00 Herbert Xu herbert@gondor.apana.org.au 2015-07-30T09:53:23+00:00 a4198fd4b487afc60810f5a12b994721df220022 Now that all implementations of authenc have been converted we can reenable the tests. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
Now that all implementations of authenc have been converted we can
reenable the tests.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>