git/linux-nf
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git synced 2026-04-03 23:38:12 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
2c62068ac86bdd917a12eef49ba82ec8b091208b
linux-nf/crypto
History
David Howells 2c62068ac8 x509: Separately calculate sha256 for blacklist 
Calculate the SHA256 hash for blacklisting purposes independently of the
signature hash (which may be something other than SHA256).

This is necessary because when ML-DSA is used, no digest is calculated.

Note that this represents a change of behaviour in that the hash used for
the blacklist check would previously have been whatever digest was used
for, say, RSA-based signatures.  It may be that this is inadvisable.

Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
cc: Lukas Wunner <lukas@wunner.de>
cc: Ignat Korchagin <ignat@cloudflare.com>
cc: Stephan Mueller <smueller@chronox.de>
cc: Eric Biggers <ebiggers@kernel.org>
cc: Herbert Xu <herbert@gondor.apana.org.au>
cc: keyrings@vger.kernel.org
cc: linux-crypto@vger.kernel.org
2026-01-30 11:32:23 +00:00
..
asymmetric_keys
x509: Separately calculate sha256 for blacklist
2026-01-30 11:32:23 +00:00
async_tx
lib/raid6: replace custom zero page with ZERO_PAGE
2025-07-09 22:57:54 -07:00
krb5
crypto: krb5 - Fix memory leak in krb5_test_one_prf()
2025-07-18 20:52:00 +10:00
842.c
crypto: comp - Use same definition of context alloc and free ops
2025-09-20 20:21:03 +08:00
acompress.c
crypto: api - Rename CRYPTO_ALG_REQ_CHAIN to CRYPTO_ALG_REQ_VIRT
2025-05-05 18:20:45 +08:00
adiantum.c
crypto: adiantum - Drop support for asynchronous xchacha ciphers
2026-01-12 11:07:50 -08:00
aead.c
crypto: aead - Add support for on-stack AEAD req allocation
2025-10-31 17:43:56 +08:00
aegis128-core.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
aegis128-neon-inner.c
crypto: aegis128-neon - add header for internal prototypes
2023-05-24 18:12:33 +08:00
aegis128-neon.c
crypto: aegis128-neon - Move to more abstract 'ksimd' guard API
2025-11-12 09:52:01 +01:00
aegis-neon.h
crypto: aegis128-neon - add header for internal prototypes
2023-05-24 18:12:33 +08:00
aegis.h
crypto: aegis128 - Move simd prototypes into aegis.h
2021-03-19 21:59:45 +11:00
aes_generic.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
aes_ti.c
crypto: Prepare to move crypto_tfm_ctx
2022-12-02 18:12:40 +08:00
af_alg.c
Merge tag 'net-next-6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2025-12-03 17:24:33 -08:00
ahash.c
crypto: ahash - Zero positive err value in ahash_update_finish
2025-11-24 17:53:02 +08:00
akcipher.c
crypto: api - Add support for duplicating algorithms before registration
2025-04-16 15:36:24 +08:00
algapi.c
crypto: algapi - Add driver template support to crypto_inst_setname
2025-05-19 13:48:20 +08:00
algboss.c
crypto: testmgr - replace CRYPTO_MANAGER_DISABLE_TESTS with CRYPTO_SELFTESTS
2025-05-12 13:33:14 +08:00
algif_aead.c
crypto: algif_aead - use memcpy_sglist() instead of null skcipher
2025-05-12 13:32:53 +08:00
algif_hash.c
crypto: af_alg - zero initialize memory allocated via sock_kmalloc
2025-10-17 16:03:57 +08:00
algif_rng.c
crypto: af_alg - zero initialize memory allocated via sock_kmalloc
2025-10-17 16:03:57 +08:00
algif_skcipher.c
crypto: Add missing MODULE_DESCRIPTION() macros
2024-05-31 17:34:56 +08:00
anubis.c
crypto: anubis - simplify return statement in anubis_mod_init
2025-09-20 20:21:04 +08:00
api.c
crypto: api - Redo lookup on EEXIST
2025-05-23 19:25:47 +08:00
arc4.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
aria_generic.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
authenc.c
crypto: authenc - Correctly pass EINPROGRESS back up to the caller
2025-10-17 16:03:58 +08:00
authencesn.c
crypto: authenc - use memcpy_sglist() instead of null skcipher
2025-05-12 13:32:53 +08:00
blake2b.c
crypto: blake2b - Reimplement using library API
2025-10-29 22:04:24 -07:00
blowfish_common.c
crypto: Prepare to move crypto_tfm_ctx
2022-12-02 18:12:40 +08:00
blowfish_generic.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
bpf_crypto_skcipher.c
crypto: bpf - Add MODULE_DESCRIPTION for skcipher
2025-03-02 15:19:43 +08:00
camellia_generic.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
cast5_generic.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
cast6_generic.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
cast_common.c
crypto: Add missing MODULE_DESCRIPTION() macros
2024-05-31 17:34:56 +08:00
cbc.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
ccm.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
chacha20poly1305.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
chacha.c
crypto: chacha - register only "-lib" drivers
2025-08-29 09:50:19 -07:00
cipher.c
module: Convert symbol namespace to string literal
2024-12-02 11:34:44 -08:00
cmac.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
compress.h
crypto: acomp - Move stream management into scomp layer
2025-03-15 16:21:22 +08:00
crc32.c
crypto/crc32[c]: register only "-lib" drivers
2025-06-30 09:31:56 -07:00
crc32c.c
crypto/crc32[c]: register only "-lib" drivers
2025-06-30 09:31:56 -07:00
cryptd.c
crypto: cryptd - WQ_PERCPU added to alloc_workqueue users
2025-09-13 12:11:06 +08:00
crypto_engine.c
crypto: engine - remove {prepare,unprepare}_crypt_hardware callbacks
2025-07-18 20:52:00 +10:00
crypto_null.c
crypto: null - use memcpy_sglist()
2025-05-12 13:32:53 +08:00
crypto_user.c
crypto: remove obsolete 'comp' compression API
2025-03-21 17:39:06 +08:00
ctr.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
cts.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
deflate.c
crypto: deflate - Use struct_size to improve deflate_alloc_stream
2025-11-06 14:31:08 +08:00
des_generic.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
df_sp80090a.c
crypto: drbg - make drbg_{ctr_bcc,kcapi_sym}() return *void*
2025-10-17 16:10:27 +08:00
dh_helper.c
crypto: dh - split out deserialization code from crypto_dh_decode()
2022-03-03 10:47:50 +12:00
dh.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
drbg.c
crypto: drbg - Delete unused ctx from struct sdesc
2025-11-24 17:43:40 +08:00
ecb.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
ecc_curve_defs.h
crypto: ecc - Add NIST P521 curve parameters
2024-04-12 15:07:52 +08:00
ecc.c
crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()
2025-02-09 18:08:12 +08:00
ecdh_helper.c
crypto: ecdh - move curve_id of ECDH from the key to algorithm name
2021-03-13 00:04:03 +11:00
ecdh.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
ecdsa-p1363.c
crypto: ecdsa - Fix NIST P521 key size reported by KEYCTL_PKEY_QUERY
2025-04-16 15:16:21 +08:00
ecdsa-x962.c
crypto: ecdsa - Fix NIST P521 key size reported by KEYCTL_PKEY_QUERY
2025-04-16 15:16:21 +08:00
ecdsa.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
ecdsasignature.asn1
crypto: ecdsa - Add support for ECDSA signature verification
2021-03-26 19:41:58 +11:00
echainiv.c
crypto: geniv - use memcpy_sglist() instead of null skcipher
2025-05-12 13:32:53 +08:00
ecrdsa_defs.h
crypto: ecc - Add nbits field to ecc_curve structure
2024-04-12 15:07:52 +08:00
ecrdsa_params.asn1
crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm
2019-04-18 22:15:02 +08:00
ecrdsa_pub_key.asn1
crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm
2019-04-18 22:15:02 +08:00
ecrdsa.c
crypto: ecdsa - Fix NIST P521 key size reported by KEYCTL_PKEY_QUERY
2025-04-16 15:16:21 +08:00
essiv.c
crypto: essiv - Check ssize for decryption and in-place encryption
2025-10-09 15:02:35 +08:00
fcrypt.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
fips.c
crypto: fips - replace simple_strtol with kstrtoint to improve fips_enable
2025-10-17 16:03:57 +08:00
gcm.c
crypto: gcm - use memcpy_sglist() instead of null skcipher
2025-05-12 13:32:53 +08:00
geniv.c
crypto: geniv - use memcpy_sglist() instead of null skcipher
2025-05-12 13:32:53 +08:00
ghash-generic.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
hash.h
crypto: remove CONFIG_CRYPTO_STATS
2024-04-02 10:49:38 +08:00
hctr2.c
crypto: hctr2 - Convert to use POLYVAL library
2025-11-11 11:03:38 -08:00
hkdf.c
crypto: hkdf - move to late_initcall
2025-06-11 10:59:45 +08:00
hmac.c
crypto: hmac - Add ahash support
2025-05-19 13:48:20 +08:00
internal.h
crypto: testmgr - replace CRYPTO_MANAGER_DISABLE_TESTS with CRYPTO_SELFTESTS
2025-05-12 13:33:14 +08:00
jitterentropy-kcapi.c
crypto: jitterentropy - Use default sha3 implementation
2025-11-05 20:30:51 -08:00
jitterentropy-testing.c
crypto: jitter - output full sample from test interface
2024-10-19 08:44:30 +08:00
jitterentropy.c
crypto: jitter - replace ARRAY_SIZE definition with header include
2025-07-18 20:52:01 +10:00
jitterentropy.h
crypto: jitter - output full sample from test interface
2024-10-19 08:44:30 +08:00
Kconfig
crypto: Add ML-DSA crypto_sig support
2026-01-21 22:32:50 +00:00
kdf_sp800108.c
crypto: testmgr - replace CRYPTO_MANAGER_DISABLE_TESTS with CRYPTO_SELFTESTS
2025-05-12 13:33:14 +08:00
khazad.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
kpp.c
crypto: api - Add support for duplicating algorithms before registration
2025-04-16 15:36:24 +08:00
krb5enc.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
lrw.c
crypto: lrw - Only add ecb if it is not already there
2025-05-19 13:48:20 +08:00
lskcipher.c
crypto: api - Add support for duplicating algorithms before registration
2025-04-16 15:36:24 +08:00
lz4.c
crypto: comp - Use same definition of context alloc and free ops
2025-09-20 20:21:03 +08:00
lz4hc.c
crypto: comp - Use same definition of context alloc and free ops
2025-09-20 20:21:03 +08:00
lzo-rle.c
crypto: comp - Use same definition of context alloc and free ops
2025-09-20 20:21:03 +08:00
lzo.c
crypto: comp - Use same definition of context alloc and free ops
2025-09-20 20:21:03 +08:00
Makefile
crypto: Add ML-DSA crypto_sig support
2026-01-21 22:32:50 +00:00
md4.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
md5.c
crypto: md5 - Implement export_core() and import_core()
2025-09-08 09:47:38 -07:00
michael_mic.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
mldsa.c
crypto: Add ML-DSA crypto_sig support
2026-01-21 22:32:50 +00:00
pcbc.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
pcrypt.c
crypto: pcrypt - Optimize pcrypt_aead_init_tfm()
2025-06-13 17:26:17 +08:00
proc.c
crypto: remove obsolete 'comp' compression API
2025-03-21 17:39:06 +08:00
ripemd.h
crypto: rmd320 - remove RIPE-MD 320 hash algorithm
2021-01-29 16:07:04 +11:00
rmd160.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
rng.c
crypto: rng - Ensure set_ent is always present
2025-10-06 10:17:07 +08:00
rsa_helper.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
rsa-pkcs1pad.c
crypto: rsassa-pkcs1 - Migrate to sig_alg backend
2024-10-05 13:22:04 +08:00
rsa.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
rsaprivkey.asn1
treewide: Add SPDX identifier to IETF ASN.1 modules
2023-10-27 18:04:28 +08:00
rsapubkey.asn1
treewide: Add SPDX identifier to IETF ASN.1 modules
2023-10-27 18:04:28 +08:00
rsassa-pkcs1.c
crypto: ecdsa - Fix NIST P521 key size reported by KEYCTL_PKEY_QUERY
2025-04-16 15:16:21 +08:00
scatterwalk.c
Revert "crypto: scatterwalk - Move skcipher walk and use it for memcpy_sglist"
2025-11-22 10:04:50 +08:00
scompress.c
crypto: remove nth_page() usage within SG entry
2025-09-21 14:22:09 -07:00
seed.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
seqiv.c
crypto: seqiv - Do not use req->iv after crypto_aead_encrypt
2025-12-19 14:47:06 +08:00
serpent_generic.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
sha1.c
crypto: sha1 - Implement export_core() and import_core()
2025-09-02 19:02:35 -07:00
sha3.c
crypto: sha3 - Reimplement using library API
2025-11-05 20:30:51 -08:00
sha256.c
crypto: sha256 - Implement export_core() and import_core()
2025-09-02 19:02:37 -07:00
sha512.c
crypto: sha512 - Implement export_core() and import_core()
2025-09-02 19:02:39 -07:00
shash.c
crypto: shash - Fix buffer overrun in import function
2025-05-27 13:43:32 +08:00
sig.c
crypto: api - Add support for duplicating algorithms before registration
2025-04-16 15:36:24 +08:00
simd.c
crypto: simd - Do not call crypto_alloc_tfm during registration
2024-08-24 21:39:15 +08:00
skcipher.c
Revert "crypto: scatterwalk - Move skcipher walk and use it for memcpy_sglist"
2025-11-22 10:04:50 +08:00
skcipher.h
crypto: remove CONFIG_CRYPTO_STATS
2024-04-02 10:49:38 +08:00
sm3_generic.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
sm4_generic.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
sm4.c
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
streebog_generic.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
tcrypt.c
Merge tag 'v6.19-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
2025-12-03 11:28:38 -08:00
tcrypt.h
crypto: tcrypt - Remove unused poly1305 support
2025-11-22 10:04:50 +08:00
tea.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
testmgr.c
crypto: testmgr - Remove nhpoly1305 tests
2026-01-12 11:07:50 -08:00
testmgr.h
crypto: testmgr - Remove nhpoly1305 tests
2026-01-12 11:07:50 -08:00
twofish_common.c
crypto: Prepare to move crypto_tfm_ctx
2022-12-02 18:12:40 +08:00
twofish_generic.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
wp512.c
crypto: wp512 - Use API partial block handling
2025-06-23 16:56:56 +08:00
xcbc.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
xctr.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
xor.c
crypto: xor - fix template benchmarking
2024-08-02 20:53:25 +08:00
xts.c
crypto: xts - Only add ecb if it is not already there
2025-05-19 13:48:20 +08:00
xxhash_generic.c
Revert "crypto: run initcalls for generic implementations earlier"
2025-05-05 18:20:44 +08:00
zstd.c
crypto: zstd - fix double-free in per-CPU stream cleanup
2025-12-01 18:05:07 +08:00