raspi/linux
1
0
Fork 1
mirror of https://github.com/raspberrypi/linux.git synced 2025-12-28 04:52:52 +00:00
Code Issues Projects Releases Wiki Activity
Files
4e8ca0d44cdecb61c02bc00e92d337ebdbd2e366
linux/crypto
History
Eric Biggers e867d75658 crypto: aes_ti - disable interrupts while accessing S-box 
[ Upstream commit 0a6a40c2a8 ]

In the "aes-fixed-time" AES implementation, disable interrupts while
accessing the S-box, in order to make cache-timing attacks more
difficult.  Previously it was possible for the CPU to be interrupted
while the S-box was loaded into L1 cache, potentially evicting the
cachelines and causing later table lookups to be time-variant.

In tests I did on x86 and ARM, this doesn't affect performance
significantly.  Responsiveness is potentially a concern, but interrupts
are only disabled for a single AES block.

Note that even after this change, the implementation still isn't
necessarily guaranteed to be constant-time; see
https://cr.yp.to/antiforgery/cachetiming-20050414.pdf for a discussion
of the many difficulties involved in writing truly constant-time AES
software.  But it's valuable to make such attacks more difficult.

Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-02-12 19:45:57 +01:00
..
asymmetric_keys
Replace magic for trusting the secondary keyring with #define
2018-09-09 19:55:54 +02:00
async_tx
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
.gitignore
crypto: rsa - add .gitignore for crypto/*.-asn1.[ch] files
2015-06-25 23:29:24 +08:00
842.c
crypto: acomp - add support for 842 via scomp
2016-10-25 11:08:33 +08:00
ablk_helper.c
crypto: ablk_helper - Fix cryptd reordering
2016-06-23 18:29:53 +08:00
ablkcipher.c
crypto: skcipher - Fix -Wstringop-truncation warnings
2018-10-03 17:00:45 -07:00
acompress.c
crypto: acomp - allow registration of multiple acomps
2017-04-21 20:30:50 +08:00
aead.c
crypto: Replaced gcc specific attributes with macros from compiler.h
2017-01-13 00:24:39 +08:00
aes_generic.c
crypto: aes-generic - drop alignment requirement
2017-02-11 17:50:43 +08:00
aes_ti.c
crypto: aes_ti - disable interrupts while accessing S-box
2019-02-12 19:45:57 +01:00
af_alg.c
crypto: af_alg - Initialize sg_num_bytes in error code path
2018-07-22 14:28:48 +02:00
ahash.c
crypto: ahash - Fix early termination in hash walk
2018-04-08 14:26:31 +02:00
akcipher.c
crypto: Replaced gcc specific attributes with macros from compiler.h
2017-01-13 00:24:39 +08:00
algapi.c
crypto: algapi - fix NULL dereference in crypto_remove_spawns()
2018-01-17 09:45:23 +01:00
algboss.c
sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h>
2017-03-02 08:42:32 +01:00
algif_aead.c
crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t
2018-03-03 10:24:29 +01:00
algif_hash.c
crypto: hash - prevent using keyed hashes without setting key
2018-02-16 20:23:00 +01:00
algif_rng.c
crypto: algif_rng - Remove obsolete const-removal cast
2015-04-22 09:30:21 +08:00
algif_skcipher.c
crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t
2018-03-03 10:24:29 +01:00
ansi_cprng.c
crypto: ansi_cprng - Convert to new rng interface
2015-04-22 09:30:18 +08:00
anubis.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
api.c
evm: Don't deadlock if a crypto algorithm is unavailable
2018-09-26 08:38:09 +02:00
arc4.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
authenc.c
crypto: authenc - fix parsing key with misaligned rta_len
2019-01-23 08:09:48 +01:00
authencesn.c
crypto: authencesn - Avoid twice completion call in decrypt path
2019-01-23 08:09:47 +01:00
blkcipher.c
crypto: skcipher - Fix -Wstringop-truncation warnings
2018-10-03 17:00:45 -07:00
blowfish_common.c
crypto: blowfish - split generic and common c code
2011-09-22 21:25:25 +10:00
blowfish_generic.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
camellia_generic.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
cast5_generic.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
cast6_generic.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
cast_common.c
crypto: make tables used from assembler __visible
2013-08-14 20:42:03 +10:00
cbc.c
crypto: cbc - Propagate NEED_FALLBACK bit
2017-03-09 18:34:39 +08:00
ccm.c
crypto: ccm - preserve the IV buffer
2017-11-03 21:35:35 +08:00
chacha20_generic.c
crypto: chacha20 - fix handling of chunked input
2017-08-22 14:45:47 +08:00
chacha20poly1305.c
crypto: chacha20poly1305 - validate the digest size
2018-01-10 09:31:18 +01:00
cipher.c
crypto: api - Remove no-op exit_ops code
2016-10-21 11:03:42 +08:00
cmac.c
crypto: algapi - make crypto_xor() and crypto_inc() alignment agnostic
2017-02-11 17:52:28 +08:00
compress.c
crypto: api - Remove no-op exit_ops code
2016-10-21 11:03:42 +08:00
crc32_generic.c
crypto: hash - annotate algorithms taking optional key
2018-02-16 20:23:00 +01:00
crc32c_generic.c
crypto: hash - annotate algorithms taking optional key
2018-02-16 20:23:00 +01:00
crct10dif_common.c
crypto: crct10dif - Add fallback for broken initrds
2013-09-12 15:31:34 +10:00
crct10dif_generic.c
crypto: squash lines for simple wrapper functions
2016-09-13 20:27:26 +08:00
cryptd.c
crypto: hash - annotate algorithms taking optional key
2018-02-16 20:23:00 +01:00
crypto_engine.c
crypto: engine - replace pr_xxx by dev_xxx
2017-06-19 14:19:54 +08:00
crypto_null.c
crypto: null - Remove default null blkcipher
2016-07-18 17:35:44 +08:00
crypto_user.c
crypto: user - fix leaking uninitialized memory to userspace
2018-11-21 09:24:15 +01:00
crypto_wq.c
crypto: crypto_wq - Fix late crypto work queue initialization
2014-03-21 21:54:28 +08:00
ctr.c
crypto: algapi - make crypto_xor() take separate dst and src arguments
2017-08-04 09:27:15 +08:00
cts.c
crypto: algapi - make crypto_xor() and crypto_inc() alignment agnostic
2017-02-11 17:52:28 +08:00
deflate.c
crypto: scomp - add support for deflate rfc1950 (zlib)
2017-04-24 18:11:08 +08:00
des_generic.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
dh_helper.c
crypto: dh - Don't permit 'key' or 'g' size longer than 'p'
2017-11-21 09:49:21 +01:00
dh.c
crypto: dh - Fix double free of ctx->p
2017-11-21 09:49:20 +01:00
drbg.c
crypto: drbg - set freed buffers to NULL
2018-05-01 12:58:23 -07:00
ecb.c
crypto: include crypto- module prefix in template
2014-11-26 20:06:30 +08:00
ecc_curve_defs.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ecc.c
crypto: ecc - Fix NULL pointer deref. on no default_rng
2018-03-19 08:42:49 +01:00
ecc.h
crypto: ecdh - add privkey generation support
2017-06-10 12:04:35 +08:00
ecdh_helper.c
crypto: kpp, (ec)dh - fix typos
2017-06-10 12:04:25 +08:00
ecdh.c
crypto: ecdh - fix concurrency on shared secret and pubkey
2017-08-03 13:47:22 +08:00
echainiv.c
crypto: echainiv - Replace chaining with multiplication
2016-09-13 18:44:57 +08:00
fcrypt.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
fips.c
crypto: fips - Move fips_enabled sysctl into fips.c
2015-04-23 14:18:09 +08:00
gcm.c
crypto: gcm - wait for crypto op not signal safe
2017-05-23 12:45:11 +08:00
gf128mul.c
crypto: gf128mul - define gf128mul_x_* in gf128mul.h
2017-04-05 21:58:35 +08:00
ghash-generic.c
crypto: ghash-generic - move common definitions to a new header file
2016-10-02 22:26:40 +08:00
hash_info.c
keys, trusted: select hash algorithm for TPM2 chips
2015-12-20 15:27:12 +02:00
hmac.c
crypto: hmac - require that the underlying hash algorithm is unkeyed
2017-12-20 10:10:17 +01:00
internal.h
crypto: api - Remove no-op exit_ops code
2016-10-21 11:03:42 +08:00
jitterentropy-kcapi.c
crypto: jitterentropy - drop duplicate header module.h
2016-11-17 23:34:52 +08:00
jitterentropy.c
crypto: jitterentropy - Delete unnecessary checks before the function call "kzfree"
2015-06-25 23:18:33 +08:00
Kconfig
crypto: aes_ti - disable interrupts while accessing S-box
2019-02-12 19:45:57 +01:00
keywrap.c
crypto: keywrap - memzero the correct memory
2016-02-01 22:27:05 +08:00
khazad.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
kpp.c
crypto: Replaced gcc specific attributes with macros from compiler.h
2017-01-13 00:24:39 +08:00
lrw.c
crypto: lrw - Fix out-of bounds access on counter overflow
2018-11-13 11:15:07 -08:00
lz4.c
crypto: lz4 - fixed decompress function to return error code
2017-04-10 19:17:27 +08:00
lz4hc.c
crypto: lz4 - fixed decompress function to return error code
2017-04-10 19:17:27 +08:00
lzo.c
treewide: use kv[mz]alloc* rather than opencoded variants
2017-05-08 17:15:13 -07:00
Makefile
crypto: aes-generic - fix aes-generic regression on powerpc
2018-09-19 22:43:37 +02:00
mcryptd.c
crypto: hash - annotate algorithms taking optional key
2018-02-16 20:23:00 +01:00
md4.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
md5.c
md5: remove from lib and only live in crypto
2017-03-24 22:02:56 +08:00
memneq.c
crypto: memneq - fix for archs without efficient unaligned access
2013-12-09 20:09:12 +08:00
michael_mic.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
pcbc.c
crypto: algapi - make crypto_xor() take separate dst and src arguments
2017-08-04 09:27:15 +08:00
pcrypt.c
crypto: pcrypt - fix freeing pcrypt instances
2018-01-10 09:31:18 +01:00
poly1305_generic.c
crypto: poly1305 - remove ->setkey() method
2018-02-16 20:23:00 +01:00
proc.c
crypto: fips - Move fips_enabled sysctl into fips.c
2015-04-23 14:18:09 +08:00
ripemd.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
rmd128.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
rmd160.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
rmd256.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
rmd320.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
rng.c
crypto: rng - ensure that the RNG is ready before using
2017-07-28 17:56:00 +08:00
rsa_helper.c
crypto: rsa - fix buffer overread when stripping leading zeroes
2017-12-20 10:10:17 +01:00
rsa-pkcs1pad.c
crypto: rsa-pkcs1pad - use constant time memory comparison for MACs
2017-06-20 11:21:19 +08:00
rsa.c
crypto: rsa - comply with crypto_akcipher_maxsize()
2017-06-10 12:04:30 +08:00
rsaprivkey.asn1
crypto: rsa - Store rest of the private key components
2016-07-05 23:05:26 +08:00
rsapubkey.asn1
crypto: akcipher - Changes to asymmetric key API
2015-10-14 22:23:16 +08:00
salsa20_generic.c
crypto: salsa20 - fix blkcipher_walk API usage
2017-12-20 10:10:17 +01:00
scatterwalk.c
crypto: scatterwalk - Remove unnecessary aliasing check in map_and_copy
2016-11-22 15:02:25 +08:00
scompress.c
crypto: scompress - defer allocation of scratch buffer to first use
2017-08-03 13:52:44 +08:00
seed.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
seqiv.c
crypto: algapi - make crypto_xor() and crypto_inc() alignment agnostic
2017-02-11 17:52:28 +08:00
serpent_generic.c
crypto: serpent - improve __serpent_setkey with UBSAN
2017-08-09 20:17:54 +08:00
sha1_generic.c
crypto: hash - add zero length message hash for shax and md5
2015-12-22 20:43:35 +08:00
sha3_generic.c
crypto: sha3-generic - fixes for alignment and big endian operation
2018-02-03 17:38:51 +01:00
sha256_generic.c
crypto: hash - add zero length message hash for shax and md5
2015-12-22 20:43:35 +08:00
sha512_generic.c
crypto: sha512-generic - move to generic glue implementation
2015-04-10 21:39:41 +08:00
shash.c
crypto: hash - prevent using keyed hashes without setting key
2018-02-16 20:23:00 +01:00
simd.c
crypto: simd - correctly take reqsize of wrapped skcipher into account
2018-12-01 09:42:53 +01:00
skcipher.c
crypto: skcipher - fix crash flushing dcache in error path
2018-08-17 21:01:10 +02:00
tcrypt.c
crypto: tcrypt - fix ghash-generic speed test
2018-11-13 11:15:07 -08:00
tcrypt.h
crypto: tcrypt - Add ChaCha20/Poly1305 speed tests
2015-07-17 21:20:20 +08:00
tea.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
testmgr.c
crypto: testmgr - Reenable sha1/aes in FIPS mode
2017-06-28 22:18:58 +08:00
testmgr.h
crypto: testmgr - Fix incorrect values in PKCS#1 test vector
2018-04-08 14:26:31 +02:00
tgr192.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
twofish_common.c
crypto: twofish-x86_64-3way - add lrw support
2011-11-09 11:53:32 +08:00
twofish_generic.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
vmac.c
crypto: vmac - separate tfm and request context
2018-08-17 21:01:10 +02:00
wp512.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
xcbc.c
crypto: include crypto- module prefix in template
2014-11-26 20:06:30 +08:00
xor.c
kmemcheck: stop using GFP_NOTRACK and SLAB_NOTRACK
2018-02-22 15:42:23 +01:00
xts.c
crypto: xts - Fix an error handling path in 'create()'
2017-10-07 12:04:31 +08:00