| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <21952258.n2qYaab1Is@tachyon.chronox.de> Date: Thu, 19 Mar 2015 07:55:08 +0100 From: Stephan Mueller <smueller@...onox.de> To: 'Herbert Xu <herbert@...dor.apana.org.au> Cc: linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org Subject: [PATCH 00/16] crypto: restrict usage of helper ciphers Hi, Based on the discussion in the thread [1], a flag is added to the kernel crypto API to allow ciphers to be marked as internal. The patch set is tested in FIPS and non-FIPS mode. In addition, the enforcement that the helper cipher of __driver-gcm-aes-aesni cannot be loaded, but the wrapper of rfc4106-gcm-aesni can be used is tested to demonstrate that the patch works. The testing also shows that of__driver-gcm-aes-aesni is subject to the testmgr self test an can therefore be used in FIPS mode. All cipher implementation whose definition has a cra_priority of 0 are marked as internal ciphers to prevent them from being called by users. The testing also includes the invocation of normal crypto operations from user space via AF_ALG and libkcapi showing that all of them work unaffected. [1] http://comments.gmane.org/gmane.linux.kernel.cryptoapi/13705 Stephan Mueller (16): crypto: prevent helper ciphers from being used crypto: /proc/crypto: identify internal ciphers crypto: mark AES-NI helper ciphers crypto: mark AES-NI Camellia helper ciphers crypto: mark CAST5 helper ciphers crypto: mark AVX Camellia helper ciphers crypto: mark CAST6 helper ciphers crypto: mark ghash clmulni helper ciphers crypto: mark Serpent AVX2 helper ciphers crypto: mark Serpent AVX helper ciphers crypto: mark Serpent SSE2 helper ciphers crypto: mark Twofish AVX helper ciphers crypto: mark NEON bit sliced AES helper ciphers crypto: mark ARMv8 AES helper ciphers crypto: mark GHASH ARMv8 vmull.p64 helper ciphers crypto: mark 64 bit ARMv8 AES helper ciphers arch/arm/crypto/aes-ce-glue.c | 12 ++++++++---- arch/arm/crypto/aesbs-glue.c | 9 ++++++--- arch/arm/crypto/ghash-ce-glue.c | 2 +- arch/arm64/crypto/aes-glue.c | 12 ++++++++---- arch/x86/crypto/aesni-intel_glue.c | 19 ++++++++++++------- arch/x86/crypto/camellia_aesni_avx2_glue.c | 15 ++++++++++----- arch/x86/crypto/camellia_aesni_avx_glue.c | 15 ++++++++++----- arch/x86/crypto/cast5_avx_glue.c | 9 ++++++--- arch/x86/crypto/cast6_avx_glue.c | 15 ++++++++++----- arch/x86/crypto/ghash-clmulni-intel_glue.c | 3 ++- arch/x86/crypto/serpent_avx2_glue.c | 15 ++++++++++----- arch/x86/crypto/serpent_avx_glue.c | 15 ++++++++++----- arch/x86/crypto/serpent_sse2_glue.c | 15 ++++++++++----- arch/x86/crypto/twofish_avx_glue.c | 15 ++++++++++----- crypto/ablkcipher.c | 2 +- crypto/aead.c | 2 +- crypto/api.c | 21 ++++++++++++++++++++- crypto/internal.h | 2 ++ crypto/proc.c | 3 +++ include/linux/crypto.h | 6 ++++++ 20 files changed, 146 insertions(+), 61 deletions(-) -- 2.1.0 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists