Revision tags: v4.4.9 |
|
#
9e5c9fe4 |
| 03-May-2016 |
Richard W.M. Jones <rjones@redhat.com> |
crypto: testmgr - Add a flag allowing the self-tests to be disabled at runtime.
Running self-tests for a short-lived KVM VM takes 28ms on my laptop. This commit adds a flag 'cryptomgr.notests' which
crypto: testmgr - Add a flag allowing the self-tests to be disabled at runtime.
Running self-tests for a short-lived KVM VM takes 28ms on my laptop. This commit adds a flag 'cryptomgr.notests' which allows them to be disabled.
However if fips=1 as well, we ignore this flag as FIPS mode mandates that the self-tests are run.
Signed-off-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v4.4.8, v4.4.7, openbmc-20160329-2, openbmc-20160329-1, openbmc-20160321-1, v4.4.6, v4.5, v4.4.5, v4.4.4, v4.4.3, openbmc-20160222-1 |
|
#
8888690e |
| 19-Feb-2016 |
Marcus Meissner <meissner@suse.de> |
crypto: testmgr - allow rfc3686 aes-ctr variants in fips mode.
RFC 3686 CTR in various authenc methods.
rfc3686(ctr(aes)) is already marked fips compliant, so these should be fine.
Signed-off-by:
crypto: testmgr - allow rfc3686 aes-ctr variants in fips mode.
RFC 3686 CTR in various authenc methods.
rfc3686(ctr(aes)) is already marked fips compliant, so these should be fine.
Signed-off-by: Marcus Meissner <meissner@suse.de> Acked-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v4.4.2, openbmc-20160212-1, openbmc-20160210-1 |
|
#
fb16abc2 |
| 06-Feb-2016 |
Marcus Meissner <meissner@suse.de> |
crypto: testmgr - mark authenticated ctr(aes) also as FIPS able
(2nd try that adds missing , to build.)
Signed-off-by: Marcus Meissner <meissner@suse.de> Signed-off-by: Herbert Xu <herbert@gondor.a
crypto: testmgr - mark authenticated ctr(aes) also as FIPS able
(2nd try that adds missing , to build.)
Signed-off-by: Marcus Meissner <meissner@suse.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
ed1afac9 |
| 05-Feb-2016 |
Marcus Meissner <meissner@suse.de> |
crypto: testmgr - mark more algorithms as FIPS compliant
Some more authenc() wrapped algorithms are FIPS compliant, tag them as such.
Signed-off-by: Marcus Meissner <meissner@suse.de> Acked-by: Ste
crypto: testmgr - mark more algorithms as FIPS compliant
Some more authenc() wrapped algorithms are FIPS compliant, tag them as such.
Signed-off-by: Marcus Meissner <meissner@suse.de> Acked-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
abfa7f43 |
| 03-Feb-2016 |
Jerome Marchand <jmarchan@redhat.com> |
crypto: testmgr - fix out of bound read in __test_aead()
__test_aead() reads MAX_IVLEN bytes from template[i].iv, but the actual length of the initialisation vector can be shorter. The length of the
crypto: testmgr - fix out of bound read in __test_aead()
__test_aead() reads MAX_IVLEN bytes from template[i].iv, but the actual length of the initialisation vector can be shorter. The length of the IV is already calculated earlier in the function. Let's just reuses that. Also the IV length is currently calculated several time for no reason. Let's fix that too. This fix an out-of-bound error detected by KASan.
Signed-off-by: Jerome Marchand <jmarchan@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
018ba95c |
| 03-Feb-2016 |
Wang, Rui Y <rui.y.wang@intel.com> |
crypto: testmgr - Add a test case for import()/export()
Modify __test_hash() so that hash import/export can be tested from within the kernel. The test is unconditionally done when a struct hash_test
crypto: testmgr - Add a test case for import()/export()
Modify __test_hash() so that hash import/export can be tested from within the kernel. The test is unconditionally done when a struct hash_testvec has its .np > 1.
v3: make the test unconditional v2: Leverage template[i].np as suggested by Tim Chen
Signed-off-by: Rui Wang <rui.y.wang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: openbmc-20160202-2, openbmc-20160202-1, v4.4.1, openbmc-20160127-1 |
|
#
11049218 |
| 26-Jan-2016 |
Joonsoo Kim <js1304@gmail.com> |
crypto: compress - remove unused pcomp interface
It is unused now, so remove it.
Signed-off-by: Joonsoo Kim <iamjoonsoo.kim@lge.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
Revision tags: openbmc-20160120-1, v4.4 |
|
#
eac6d408 |
| 05-Jan-2016 |
Stephan Mueller <smueller@chronox.de> |
crypto: ansi_cprng - ANSI X9.31 DRNG is not allowed in FIPS 140-2
As per update of the FIPS 140-2 Annex C supported by SP800-131A, the ANSI X9.31 DRNG is not an allowed cipher in FIPS mode any more.
crypto: ansi_cprng - ANSI X9.31 DRNG is not allowed in FIPS 140-2
As per update of the FIPS 140-2 Annex C supported by SP800-131A, the ANSI X9.31 DRNG is not an allowed cipher in FIPS mode any more.
CC: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: openbmc-20151217-1, openbmc-20151210-1, openbmc-20151202-1, openbmc-20151123-1, openbmc-20151118-1, openbmc-20151104-1, v4.3, openbmc-20151102-1, openbmc-20151028-1 |
|
#
35351988 |
| 21-Sep-2015 |
Stephan Mueller <smueller@chronox.de> |
crypto: keywrap - add testmgr support
The testmanager code for symmetric ciphers is extended to allow verification of the IV after a cipher operation.
In addition, test vectors for kw(aes) for encr
crypto: keywrap - add testmgr support
The testmanager code for symmetric ciphers is extended to allow verification of the IV after a cipher operation.
In addition, test vectors for kw(aes) for encryption and decryption are added.
Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v4.3-rc1, v4.2, v4.2-rc8, v4.2-rc7, v4.2-rc6, v4.2-rc5, v4.2-rc4, v4.2-rc3, v4.2-rc2, v4.2-rc1, v4.1 |
|
#
8a826a34 |
| 16-Jun-2015 |
Boris BREZILLON <boris.brezillon@free-electrons.com> |
crypto: testmgr - test IV value after a cipher operation
The crypto drivers are supposed to update the IV passed to the crypto request before calling the completion callback. Test for the IV value b
crypto: testmgr - test IV value after a cipher operation
The crypto drivers are supposed to update the IV passed to the crypto request before calling the completion callback. Test for the IV value before considering the test as successful.
Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
22287b0b |
| 08-Oct-2015 |
Tadeusz Struk <tadeusz.struk@intel.com> |
crypto: akcipher - Changes to asymmetric key API
Setkey function has been split into set_priv_key and set_pub_key. Akcipher requests takes sgl for src and dst instead of void *. Users of the API i.e
crypto: akcipher - Changes to asymmetric key API
Setkey function has been split into set_priv_key and set_pub_key. Akcipher requests takes sgl for src and dst instead of void *. Users of the API i.e. two existing RSA implementation and test mgr code have been updated accordingly.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
284a0f6e |
| 24-Sep-2015 |
John Haxby <john.haxby@oracle.com> |
crypto: testmgr - Disable fips-allowed for authenc() and des() ciphers
No authenc() ciphers are FIPS approved, nor is ecb(des). After the end of 2015, ansi_cprng will also be non-approved.
Signed-o
crypto: testmgr - Disable fips-allowed for authenc() and des() ciphers
No authenc() ciphers are FIPS approved, nor is ecb(des). After the end of 2015, ansi_cprng will also be non-approved.
Signed-off-by: John Haxby <john.haxby@oracle.com> Acked-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
84cba178 |
| 10-Sep-2015 |
Andrey Ryabinin <aryabinin@virtuozzo.com> |
crypto: testmgr - don't copy from source IV too much
While the destination buffer 'iv' is MAX_IVLEN size, the source 'template[i].iv' could be smaller, thus memcpy may read read invalid memory. Use
crypto: testmgr - don't copy from source IV too much
While the destination buffer 'iv' is MAX_IVLEN size, the source 'template[i].iv' could be smaller, thus memcpy may read read invalid memory. Use crypto_skcipher_ivsize() to get real ivsize and pass it to memcpy.
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
12773d93 |
| 20-Aug-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: testmgr - Use new skcipher interface
This patch replaces uses of blkcipher and ablkcipher with the new skcipher interface.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
8f183751 |
| 19-Aug-2015 |
Stephan Mueller <smueller@chronox.de> |
crypto: cmac - allow usage in FIPS mode
CMAC is an approved cipher in FIPS 140-2. The patch allows the use of CMAC with TDES and AES in FIPS mode.
Signed-off-by: Stephan Mueller <smueller@chronox.d
crypto: cmac - allow usage in FIPS mode
CMAC is an approved cipher in FIPS 140-2. The patch allows the use of CMAC with TDES and AES in FIPS mode.
Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
a4198fd4 |
| 30-Jul-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: testmgr - Reenable authenc tests
Now that all implementations of authenc have been converted we can reenable the tests.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
7079ce62 |
| 30-Jul-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: testmgr - Disable authenc test and convert test vectors
This patch disables the authenc tests while the conversion to the new IV calling convention takes place. It also replaces the authenc
crypto: testmgr - Disable authenc test and convert test vectors
This patch disables the authenc tests while the conversion to the new IV calling convention takes place. It also replaces the authenc test vectors with ones that will work with the new IV convention.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
544c436a |
| 14-Jul-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: testmgr - Reenable rfc4309 test
Now that all implementations of rfc4309 have been converted we can reenable the test.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
0bc5a6c5 |
| 14-Jul-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: testmgr - Disable rfc4309 test and convert test vectors
This patch disables the rfc4309 test while the conversion to the new seqiv calling convention takes place. It also replaces the rfc43
crypto: testmgr - Disable rfc4309 test and convert test vectors
This patch disables the rfc4309 test while the conversion to the new seqiv calling convention takes place. It also replaces the rfc4309 test vectors with ones that will work with the new IV convention.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
3f31a740 |
| 08-Jul-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: testmgr - Reenable rfc4106 test
Now that all implementations of rfc4106 have been converted we can reenable the test.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
85375446 |
| 08-Jul-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: testmgr - Disable rfc4106 test and convert test vectors
This patch disables the rfc4106 test while the conversion to the new seqiv calling convention takes place. It also converts the rfc41
crypto: testmgr - Disable rfc4106 test and convert test vectors
This patch disables the rfc4106 test while the conversion to the new seqiv calling convention takes place. It also converts the rfc4106 test vectors to the new format.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
9d77b6c2 |
| 24-Jun-2015 |
Tadeusz Struk <tadeusz.struk@intel.com> |
crypto: testmgr - don't print info about missing test for gcm-aes-aesni
Don't print info about missing test for the internal helper __driver-gcm-aes-aesni
changes in v2: - marked test as fips allo
crypto: testmgr - don't print info about missing test for gcm-aes-aesni
Don't print info about missing test for the internal helper __driver-gcm-aes-aesni
changes in v2: - marked test as fips allowed
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
946cc463 |
| 16-Jun-2015 |
Tadeusz Struk <tadeusz.struk@intel.com> |
crypto: testmgr - add tests vectors for RSA
New test vectors for RSA algorithm.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
bb68745e |
| 16-Jun-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
Revert "crypto: testmgr - Disable rfc4543 test"
This reverts commit 9b9f9296a7b73fbafe0a0a6f2494eaadd97f9f73 as all in-kernel implementations of GCM have been converted to the new AEAD interface, me
Revert "crypto: testmgr - Disable rfc4543 test"
This reverts commit 9b9f9296a7b73fbafe0a0a6f2494eaadd97f9f73 as all in-kernel implementations of GCM have been converted to the new AEAD interface, meaning that they should now pass the updated rfc4543 test.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
14f34061 |
| 16-Jun-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: testmgr - Disable rfc4543 test
Because the old rfc4543 implementation always injected an IV into the AD, while the new one does not, we have to disable the test while it is converted over to
crypto: testmgr - Disable rfc4543 test
Because the old rfc4543 implementation always injected an IV into the AD, while the new one does not, we have to disable the test while it is converted over to the new AEAD interface.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|