shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-04-03 19:53:02 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
6ebffc54843bc85ef94e15df521929bb44ddd7d4
linux/crypto
History
Vitaly Chikunov dbb97f7663 crypto: ecc - regularize scalar for scalar multiplication 
[ Upstream commit 3da2c1dfdb ]

ecc_point_mult is supposed to be used with a regularized scalar,
otherwise, it's possible to deduce the position of the top bit of the
scalar with timing attack. This is important when the scalar is a
private key.

ecc_point_mult is already using a regular algorithm (i.e. having an
operation flow independent of the input scalar) but regularization step
is not implemented.

Arrange scalar to always have fixed top bit by adding a multiple of the
curve order (n).

References:
The constant time regularization step is based on micro-ecc by Kenneth
MacKay and also referenced in the literature (Bernstein, D. J., & Lange,
T. (2017). Montgomery curves and the Montgomery ladder. (Cryptology
ePrint Archive; Vol. 2017/293). s.l.: IACR. Chapter 4.6.2.)

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Cc: kernel-hardening@lists.openwall.com
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-01-26 09:32:35 +01:00
..
asymmetric_keys
Replace magic for trusting the secondary keyring with #define
2018-08-16 09:57:20 -07:00
async_tx
async_pq: Remove VLA usage
2018-06-18 20:17:38 +05:30
842.c
crypto: acomp - add support for 842 via scomp
2016-10-25 11:08:33 +08:00
ablkcipher.c
crypto: ablkcipher - fix crash flushing dcache in error path
2018-08-03 18:06:04 +08:00
acompress.c
crypto: acomp - allow registration of multiple acomps
2017-04-21 20:30:50 +08:00
aead.c
crypto: aead - prevent using AEADs without setting key
2018-01-12 23:03:39 +11:00
aegis128.c
crypto: aead - remove useless setting of type flags
2018-07-09 00:30:26 +08:00
aegis128l.c
crypto: aead - remove useless setting of type flags
2018-07-09 00:30:26 +08:00
aegis256.c
crypto: aead - remove useless setting of type flags
2018-07-09 00:30:26 +08:00
aegis.h
crypto: aegis/generic - fix for big endian systems
2018-11-13 11:08:46 -08:00
aes_generic.c
crypto: aes-generic - drop alignment requirement
2017-02-11 17:50:43 +08:00
aes_ti.c
crypto: aes_ti - fix comment for MixColumns step
2017-06-19 14:11:53 +08:00
af_alg.c
Revert "net: simplify sock_poll_wait"
2018-11-04 14:50:51 +01:00
ahash.c
crypto: ahash - Fix early termination in hash walk
2018-03-31 01:34:19 +08:00
akcipher.c
crypto: Replaced gcc specific attributes with macros from compiler.h
2017-01-13 00:24:39 +08:00
algapi.c
crypto: api - laying defines and checks for statically allocated buffers
2018-04-21 00:58:32 +08:00
algboss.c
crypto: algboss - remove redundant setting of len to zero
2017-10-07 12:10:34 +08:00
algif_aead.c
Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL
2018-06-28 10:40:47 -07:00
algif_hash.c
net: remove sock_no_poll
2018-05-26 09:16:44 +02:00
algif_rng.c
net: remove sock_no_poll
2018-05-26 09:16:44 +02:00
algif_skcipher.c
Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL
2018-06-28 10:40:47 -07:00
ansi_cprng.c
crypto: ansi_cprng - Convert to new rng interface
2015-04-22 09:30:18 +08:00
anubis.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
api.c
evm: Don't deadlock if a crypto algorithm is unavailable
2018-07-18 07:27:22 -04:00
arc4.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
authenc.c
crypto: authenc - fix parsing key with misaligned rta_len
2019-01-22 21:40:32 +01:00
authencesn.c
crypto: authencesn - Avoid twice completion call in decrypt path
2019-01-22 21:40:31 +01:00
blkcipher.c
crypto: blkcipher - fix crash flushing dcache in error path
2018-08-03 18:06:04 +08:00
blowfish_common.c
crypto: blowfish - split generic and common c code
2011-09-22 21:25:25 +10:00
blowfish_generic.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
camellia_generic.c
crypto: replace FSF address with web source in license notices
2017-11-29 17:33:25 +11:00
cast5_generic.c
crypto: replace FSF address with web source in license notices
2017-11-29 17:33:25 +11:00
cast6_generic.c
crypto: replace FSF address with web source in license notices
2017-11-29 17:33:25 +11:00
cast_common.c
crypto: make tables used from assembler __visible
2013-08-14 20:42:03 +10:00
cbc.c
crypto: do not free algorithm before using
2018-12-13 09:16:21 +01:00
ccm.c
crypto: ccm - preserve the IV buffer
2017-11-03 21:35:35 +08:00
cfb.c
crypto: cfb - fix decryption
2019-01-09 17:38:45 +01:00
chacha20_generic.c
crypto: chacha20 - Fix keystream alignment for chacha20_block()
2017-11-29 17:33:33 +11:00
chacha20poly1305.c
crypto: chacha20poly1305 - validate the digest size
2017-12-22 19:02:33 +11:00
cipher.c
crypto: remove several VLAs
2018-04-21 00:58:34 +08:00
cmac.c
crypto: algapi - make crypto_xor() and crypto_inc() alignment agnostic
2017-02-11 17:52:28 +08:00
compress.c
crypto: api - Remove no-op exit_ops code
2016-10-21 11:03:42 +08:00
crc32_generic.c
crypto: crc32-generic - remove __crc32_le()
2018-05-27 00:12:09 +08:00
crc32c_generic.c
crypto: crc32c-generic - remove cra_alignmask
2018-05-27 00:12:08 +08:00
crct10dif_common.c
crypto: crct10dif - Add fallback for broken initrds
2013-09-12 15:31:34 +10:00
crct10dif_generic.c
crypto: squash lines for simple wrapper functions
2016-09-13 20:27:26 +08:00
cryptd.c
crypto: hash - annotate algorithms taking optional key
2018-01-12 23:03:35 +11:00
crypto_engine.c
crypto: engine - Permit to enqueue all async requests
2018-02-15 23:26:50 +08:00
crypto_null.c
crypto: shash - remove useless setting of type flags
2018-07-09 00:30:24 +08:00
crypto_user.c
crypto: user - fix leaking uninitialized memory to userspace
2018-11-21 09:19:24 +01:00
crypto_wq.c
crypto: crypto_wq - Fix late crypto work queue initialization
2014-03-21 21:54:28 +08:00
ctr.c
crypto: remove several VLAs
2018-04-21 00:58:34 +08:00
cts.c
crypto: remove several VLAs
2018-04-21 00:58:34 +08:00
deflate.c
crypto: scomp - add support for deflate rfc1950 (zlib)
2017-04-24 18:11:08 +08:00
des_generic.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
dh_helper.c
crypto: dh - make crypto_dh_encode_key() make robust
2018-08-03 18:06:06 +08:00
dh.c
crypto: dh - fix memory leak
2018-07-20 13:51:21 +08:00
drbg.c
crypto: drbg - in-place cipher operation for CTR
2018-08-03 18:05:48 +08:00
ecb.c
crypto: include crypto- module prefix in template
2014-11-26 20:06:30 +08:00
ecc_curve_defs.h
crypto: ecdh - fix typo of P-192 b value
2018-07-20 13:51:22 +08:00
ecc.c
crypto: ecc - regularize scalar for scalar multiplication
2019-01-26 09:32:35 +01:00
ecc.h
crypto: ecc - Actually remove stack VLA usage
2018-04-21 00:58:29 +08:00
ecdh_helper.c
crypto: ecdh - return unsigned value for crypto_ecdh_key_len()
2017-10-12 22:55:00 +08:00
ecdh.c
crypto: ecc - Actually remove stack VLA usage
2018-04-21 00:58:29 +08:00
echainiv.c
crypto: echainiv - Remove unused alg/spawn variable
2017-12-22 19:52:45 +11:00
fcrypt.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
fips.c
crypto: fips - Move fips_enabled sysctl into fips.c
2015-04-23 14:18:09 +08:00
gcm.c
crypto: null - Get rid of crypto_{get,put}_default_null_skcipher2()
2017-12-22 19:29:08 +11:00
gf128mul.c
crypto: gf128mul - remove incorrect comment
2017-12-22 19:52:40 +11:00
ghash-generic.c
crypto: shash - remove useless setting of type flags
2018-07-09 00:30:24 +08:00
hash_info.c
keys, trusted: select hash algorithm for TPM2 chips
2015-12-20 15:27:12 +02:00
hmac.c
crypto: hmac - require that the underlying hash algorithm is unkeyed
2017-11-29 13:39:15 +11:00
internal.h
crypto: api - Make crypto_alg_lookup static
2018-03-31 01:32:58 +08:00
jitterentropy-kcapi.c
crypto: jitterentropy - drop duplicate header module.h
2016-11-17 23:34:52 +08:00
jitterentropy.c
crypto: jitterentropy - Delete unnecessary checks before the function call "kzfree"
2015-06-25 23:18:33 +08:00
Kconfig
crypto: speck - remove Speck
2018-11-13 11:08:46 -08:00
keywrap.c
crypto: keywrap - Add missing ULL suffixes for 64-bit constants
2017-11-29 17:33:26 +11:00
khazad.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
kpp.c
crypto: Replaced gcc specific attributes with macros from compiler.h
2017-01-13 00:24:39 +08:00
lrw.c
crypto: lrw - Fix out-of bounds access on counter overflow
2018-11-13 11:08:45 -08:00
lz4.c
crypto: lz4 - fixed decompress function to return error code
2017-04-10 19:17:27 +08:00
lz4hc.c
crypto: lz4 - fixed decompress function to return error code
2017-04-10 19:17:27 +08:00
lzo.c
treewide: use kv[mz]alloc* rather than opencoded variants
2017-05-08 17:15:13 -07:00
Makefile
crypto: speck - remove Speck
2018-11-13 11:08:46 -08:00
mcryptd.c
crypto: mcryptd - remove pointless wrapper functions
2018-02-15 23:26:45 +08:00
md4.c
crypto: shash - remove useless setting of type flags
2018-07-09 00:30:24 +08:00
md5.c
crypto: shash - remove useless setting of type flags
2018-07-09 00:30:24 +08:00
memneq.c
crypto: memneq - fix for archs without efficient unaligned access
2013-12-09 20:09:12 +08:00
michael_mic.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
morus640.c
crypto: morus/generic - fix for big endian systems
2018-11-13 11:08:45 -08:00
morus1280.c
crypto: morus/generic - fix for big endian systems
2018-11-13 11:08:45 -08:00
pcbc.c
crypto: do not free algorithm before using
2018-12-13 09:16:21 +01:00
pcrypt.c
crypto: pcrypt - fix freeing pcrypt instances
2017-12-22 19:02:47 +11:00
poly1305_generic.c
crypto: shash - remove useless setting of type flags
2018-07-09 00:30:24 +08:00
proc.c
proc: introduce proc_create_seq{,_data}
2018-05-16 07:23:35 +02:00
ripemd.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
rmd128.c
crypto: shash - remove useless setting of type flags
2018-07-09 00:30:24 +08:00
rmd160.c
crypto: shash - remove useless setting of type flags
2018-07-09 00:30:24 +08:00
rmd256.c
crypto: rmd256 - use swap macro in rmd256_transform
2018-07-27 19:28:36 +08:00
rmd320.c
crypto: rmd320 - use swap macro in rmd320_transform
2018-07-27 19:28:36 +08:00
rng.c
crypto: rng - ensure that the RNG is ready before using
2017-07-28 17:56:00 +08:00
rsa_helper.c
kbuild: rename *-asn1.[ch] to *.asn1.[ch]
2018-04-07 19:04:02 +09:00
rsa-pkcs1pad.c
crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in pkcs1pad_encrypt_sign_complete
2018-02-15 23:26:47 +08:00
rsa.c
crypto: rsa - Remove unneeded error assignment
2018-04-21 00:58:37 +08:00
rsaprivkey.asn1
crypto: rsa - Store rest of the private key components
2016-07-05 23:05:26 +08:00
rsapubkey.asn1
crypto: akcipher - Changes to asymmetric key API
2015-10-14 22:23:16 +08:00
salsa20_generic.c
crypto: salsa20 - Revert "crypto: salsa20 - export generic helpers"
2018-05-31 00:13:57 +08:00
scatterwalk.c
crypto: scatterwalk - remove 'chain' argument from scatterwalk_crypto_chain()
2018-08-03 18:06:03 +08:00
scompress.c
crypto: scompress - use sgl_alloc() and sgl_free()
2018-01-06 09:18:00 -07:00
seed.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
seqiv.c
crypto: seqiv - Remove unused alg/spawn variable
2017-12-22 19:52:45 +11:00
serpent_generic.c
crypto: serpent - improve __serpent_setkey with UBSAN
2017-08-09 20:17:54 +08:00
sha1_generic.c
crypto: shash - remove useless setting of type flags
2018-07-09 00:30:24 +08:00
sha3_generic.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux
2018-08-03 17:55:12 +08:00
sha256_generic.c
crypto: shash - remove useless setting of type flags
2018-07-09 00:30:24 +08:00
sha512_generic.c
crypto: shash - remove useless setting of type flags
2018-07-09 00:30:24 +08:00
shash.c
crypto: hash - prevent using keyed hashes without setting key
2018-01-12 23:03:37 +11:00
simd.c
crypto: simd - correctly take reqsize of wrapped skcipher into account
2018-12-01 09:37:32 +01:00
skcipher.c
crypto: skcipher - fix crash flushing dcache in error path
2018-08-03 18:06:04 +08:00
sm3_generic.c
crypto: sm3 - fix undefined shift by >= width of value
2019-01-22 21:40:31 +01:00
sm4_generic.c
crypto: sm4 - export encrypt/decrypt routines to other drivers
2018-05-05 14:52:51 +08:00
tcrypt.c
crypto: testmgr - add AES-CFB tests
2019-01-09 17:38:44 +01:00
tcrypt.h
crypto: tcrypt - Add ChaCha20/Poly1305 speed tests
2015-07-17 21:20:20 +08:00
tea.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
testmgr.c
crypto: testmgr - add AES-CFB tests
2019-01-09 17:38:44 +01:00
testmgr.h
crypto: testmgr - add AES-CFB tests
2019-01-09 17:38:44 +01:00
tgr192.c
crypto: shash - remove useless setting of type flags
2018-07-09 00:30:24 +08:00
twofish_common.c
crypto: replace FSF address with web source in license notices
2017-11-29 17:33:25 +11:00
twofish_generic.c
crypto: replace FSF address with web source in license notices
2017-11-29 17:33:25 +11:00
vmac.c
crypto: vmac - remove insecure version with hardcoded nonce
2018-07-01 21:00:44 +08:00
wp512.c
crypto: shash - remove useless setting of type flags
2018-07-09 00:30:24 +08:00
xcbc.c
crypto: replace FSF address with web source in license notices
2017-11-29 17:33:25 +11:00
xor.c
kmemcheck: stop using GFP_NOTRACK and SLAB_NOTRACK
2017-11-15 18:21:04 -08:00
xts.c
crypto: scatterwalk - remove 'chain' argument from scatterwalk_crypto_chain()
2018-08-03 18:06:03 +08:00
zstd.c
crypto: zstd - Add zstd support
2018-04-21 00:58:30 +08:00