Re: [PATCH v5 00/30] crypto: DES/3DES cleanup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Aug 15, 2019 at 12:00:42PM +0300, Ard Biesheuvel wrote:
> In my effort to remove crypto_alloc_cipher() invocations from non-crypto
> code, i ran into a DES call in the CIFS driver. This is addressed in
> patch #30.
> 
> The other patches are cleanups for the quirky DES interface, and lots
> of duplication of the weak key checks etc.
> 
> Changes since v4:
> - Use dedicated inline key verification helpers for skcipher, ablkcipher and
>   aead type transforms, as requested by Herbert
> - Rebase onto cryptodev/master, and fix up the resulting fallout
> - Drop tested-by tags due to code changes
> - Rename local s390 routines as requested by Harald (and added his R-b)
> 
> Changes since v3:
> - rebase onto today's cryptodev/master
> - update safexcel patch to address code that has been added in the mean time
> - replace memzero_explicit() calls with memset() if they don't operate on
>   stack buffers
> - add T-b's from Horia and Corentin
> 
> Changes since v2:
> - fixed another couple of build errors that I missed, apologies to the
>   reviewers for failing to spot these
> - use/retain a simplified 'return verify() ?: setkey()' pattern where possible
>   (as suggested by Horia)
> - ensure that the setkey() routines using the helpers return -EINVAL on weak
>   keys when disallowed by the tfm's weak key policy
> - remove many pointless unlikely() annotations on ice-cold setkey() paths
> 
> Changes since v1/RFC:
> - fix build errors in various drivers that i failed to catch in my
>   initial testing
> - put all caam changes into the correct patch
> - fix weak key handling error flagged by the self tests, as reported
>   by Eric.
> - add ack from Harald to patch #2
> 
> The KASAN error reported by Eric failed to reproduce for me, so I
> didn't include a fix for that. Please check if it still reproduces for
> you.
> 
> Patch #1 adds new helpers to verify DES keys to crypto/internal.des.h
> 
> The next 23 patches move all existing users of DES routines to the
> new interface.
> 
> Patch #25 and #26 are preparatory patches for the new DES library
> introduced in patch #27, which replaces the various DES related
> functions exported to other drivers with a sane library interface.
> 
> Patch #28 switches the x86 asm code to the new librar interface.
> 
> Patch #29 removes code that is no longer used at this point.
> 
> Code can be found here:
> https://git.kernel.org/pub/scm/linux/kernel/git/ardb/linux.git/log/?h=des-cleanup-v5
> 
> Ard Biesheuvel (30):
>   crypto: des/3des_ede - add new helpers to verify keys
>   crypto: s390/des - switch to new verification routines
>   crypto: sparc/des - switch to new verification routines
>   crypto: atmel/des - switch to new verification routines
>   crypto: bcm/des - switch to new verification routines
>   crypto: caam/des - switch to new verification routines
>   crypto: cpt/des - switch to new verification routines
>   crypto: nitrox/des - switch to new verification routines
>   crypto: ccp/des - switch to new verification routines
>   crypto: ccree/des - switch to new verification routines
>   crypto: hifn/des - switch to new verification routines
>   crypto: hisilicon/des - switch to new verification routines
>   crypto: safexcel/des - switch to new verification routines
>   crypto: ixp4xx/des - switch to new verification routines
>   crypto: cesa/des - switch to new verification routines
>   crypto: n2/des - switch to new verification routines
>   crypto: omap/des - switch to new verification routines
>   crypto: picoxcell/des - switch to new verification routines
>   crypto: qce/des - switch to new verification routines
>   crypto: rk3288/des - switch to new verification routines
>   crypto: stm32/des - switch to new verification routines
>   crypto: sun4i/des - switch to new verification routines
>   crypto: talitos/des - switch to new verification routines
>   crypto: ux500/des - switch to new verification routines
>   crypto: 3des - move verification out of exported routine
>   crypto: des - remove unused function
>   crypto: des - split off DES library from generic DES cipher driver
>   crypto: x86/des - switch to library interface
>   crypto: des - remove now unused __des3_ede_setkey()
>   fs: cifs: move from the crypto cipher API to the new DES library
>     interface
> 
>  arch/s390/crypto/des_s390.c                   |  25 +-
>  arch/sparc/crypto/des_glue.c                  |  37 +-
>  arch/x86/crypto/des3_ede_glue.c               |  38 +-
>  crypto/Kconfig                                |   8 +-
>  crypto/des_generic.c                          | 945 +-----------------
>  drivers/crypto/Kconfig                        |  28 +-
>  drivers/crypto/atmel-tdes.c                   |  28 +-
>  drivers/crypto/bcm/cipher.c                   |  79 +-
>  drivers/crypto/caam/Kconfig                   |   2 +-
>  drivers/crypto/caam/caamalg.c                 |  49 +-
>  drivers/crypto/caam/caamalg_qi.c              |  36 +-
>  drivers/crypto/caam/caamalg_qi2.c             |  36 +-
>  drivers/crypto/caam/compat.h                  |   2 +-
>  drivers/crypto/cavium/cpt/cptvf_algs.c        |  26 +-
>  drivers/crypto/cavium/nitrox/Kconfig          |   2 +-
>  .../crypto/cavium/nitrox/nitrox_skcipher.c    |   4 +-
>  drivers/crypto/ccp/ccp-crypto-des3.c          |   7 +-
>  drivers/crypto/ccree/cc_aead.c                |  24 +-
>  drivers/crypto/ccree/cc_cipher.c              |  15 +-
>  drivers/crypto/hifn_795x.c                    |  32 +-
>  drivers/crypto/hisilicon/sec/sec_algs.c       |  18 +-
>  .../crypto/inside-secure/safexcel_cipher.c    |  26 +-
>  drivers/crypto/ixp4xx_crypto.c                |  27 +-
>  drivers/crypto/marvell/cipher.c               |  25 +-
>  drivers/crypto/n2_core.c                      |  32 +-
>  drivers/crypto/omap-des.c                     |  27 +-
>  drivers/crypto/picoxcell_crypto.c             |  24 +-
>  drivers/crypto/qce/ablkcipher.c               |  55 +-
>  drivers/crypto/rockchip/rk3288_crypto.h       |   2 +-
>  .../rockchip/rk3288_crypto_ablkcipher.c       |  21 +-
>  drivers/crypto/stm32/Kconfig                  |   2 +-
>  drivers/crypto/stm32/stm32-cryp.c             |  30 +-
>  drivers/crypto/sunxi-ss/sun4i-ss-cipher.c     |  26 +-
>  drivers/crypto/sunxi-ss/sun4i-ss.h            |   2 +-
>  drivers/crypto/talitos.c                      |  37 +-
>  drivers/crypto/ux500/Kconfig                  |   2 +-
>  drivers/crypto/ux500/cryp/cryp_core.c         |  31 +-
>  fs/cifs/Kconfig                               |   2 +-
>  fs/cifs/cifsfs.c                              |   1 -
>  fs/cifs/smbencrypt.c                          |  18 +-
>  include/crypto/des.h                          |  77 +-
>  include/crypto/internal/des.h                 | 152 +++
>  lib/crypto/Makefile                           |   3 +
>  lib/crypto/des.c                              | 902 +++++++++++++++++
>  44 files changed, 1415 insertions(+), 1550 deletions(-)
>  create mode 100644 include/crypto/internal/des.h
>  create mode 100644 lib/crypto/des.c

All applied.  Thanks.

I had to fix the ixp4xx patch to remove the key_len argument.

Cheers,
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux