1. Release Notes for Unbreakable Enterprise Kernel Release 4 Update 6
  2. New Features and Changes
  3. Crypto API Improvements

Crypto API Improvements

The following Crypto API improvements have been made in this update:

  • Bug fixes

    Several bug fixes have been applied to provide greater security.

  • ccp driver added

    The ccp driver provides support for the AMD Cryptographic Coprocessor (CCP). The AMD CCP provides hardware encryption, hashing, and other related operations. The driver version that is provided is 1.1.0. In addition, several upstream patches have been applied to resolve initial bugs that were found with this driver.

  • Hash handling fixes

    Fixes have been applied to various components within the Crypto API to better handle NULL hashes. In particular, a fix has been applied to the algif_hash API to fix a crash that was caused in the digest operation when a NULL hash was used with the shash algorithm.

    A fix has also been applied to fix an ahash EINPROGRESS notification callback loop that could cause a denial of service.

  • Jitter Entropy RNG added

    The Jitter Entropy Random Number Generator (RNG) collects entropy through CPU timing differences to the Linux kernel. This feature is available by default through the algif_rng interface. Generated numbers can be added back to the kernel through the /dev/random file, which then makes these numbers available to other /dev/random users. The result is that the operating system now has more sources of entropy available.

  • testmgr bug fix for out-of-bounds access

    The testmgr code that is used to test software implementations was generating an out-of-bounds access error when running some esp aead tests. This issue was due to the limited IV size of the aes_gcm_enc/dec test templates and the way in which the testmgr code handled the input from memcpy. To prevent this error from occurring, the array was increased to an appropriate size.