Herbert Xu [Mon, 10 Oct 2016 03:19:47 +0000 (11:19 +0800)]
Merge git://git./linux/kernel/git/herbert/crypto-2.6
Merge the crypto tree to pull in vmx ghash fix.
Tudor Ambarus [Fri, 30 Sep 2016 09:09:39 +0000 (12:09 +0300)]
crypto: caam - treat SGT address pointer as u64
Even for i.MX, CAAM is able to use address pointers greater than
32 bits, the address pointer field being interpreted as a double word.
Enforce u64 address pointer in the sec4_sg_entry struct.
This patch fixes the SGT address pointer endianness issue for
32bit platforms where core endianness != caam endianness.
Signed-off-by: Tudor Ambarus <tudor-dan.ambarus@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Gary R Hook [Wed, 28 Sep 2016 16:53:56 +0000 (11:53 -0500)]
crypto: ccp - Make syslog errors human-readable
Add human-readable strings to log messages about CCP errors
Signed-off-by: Gary R Hook <gary.hook@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Gary R Hook [Wed, 28 Sep 2016 16:53:47 +0000 (11:53 -0500)]
crypto: ccp - clean up data structure
Change names of data structure instances. Add const
keyword where appropriate. Add error handling path.
Signed-off-by: Gary R Hook <gary.hook@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Marcelo Cerri [Wed, 28 Sep 2016 16:42:11 +0000 (13:42 -0300)]
crypto: vmx - Ensure ghash-generic is enabled
Select CRYPTO_GHASH for vmx_crypto since p8_ghash uses it as the
fallback implementation.
Signed-off-by: Marcelo Cerri <marcelo.cerri@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Jan Stancek [Wed, 28 Sep 2016 14:38:37 +0000 (16:38 +0200)]
crypto: testmgr - add guard to dst buffer for ahash_export
Add a guard to 'state' buffer and warn if its consistency after
call to crypto_ahash_export() changes, so that any write that
goes beyond advertised statesize (and thus causing potential
memory corruption [1]) is more visible.
[1] https://marc.info/?l=linux-crypto-vger&m=
147467656516085
Signed-off-by: Jan Stancek <jstancek@redhat.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Marcelo Cerri <marcelo.cerri@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Arvind Yadav [Wed, 28 Sep 2016 10:31:42 +0000 (16:01 +0530)]
crypto: caam - Unmap region obtained by of_iomap
Free memory mapping, if probe is not successful.
Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Marcelo Cerri [Fri, 23 Sep 2016 19:31:56 +0000 (16:31 -0300)]
crypto: sha1-powerpc - little-endian support
The driver does not handle endianness properly when loading the input
data.
Signed-off-by: Marcelo Cerri <marcelo.cerri@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Ondrej Mosnáček [Fri, 23 Sep 2016 08:47:32 +0000 (10:47 +0200)]
crypto: gcm - Fix IV buffer size in crypto_gcm_setkey
The cipher block size for GCM is 16 bytes, and thus the CTR transform
used in crypto_gcm_setkey() will also expect a 16-byte IV. However,
the code currently reserves only 8 bytes for the IV, causing
an out-of-bounds access in the CTR transform. This patch fixes
the issue by setting the size of the IV buffer to 16 bytes.
Fixes:
84c911523020 ("[CRYPTO] gcm: Add support for async ciphers")
Signed-off-by: Ondrej Mosnacek <omosnacek@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Marcelo Cerri [Wed, 28 Sep 2016 16:42:10 +0000 (13:42 -0300)]
crypto: vmx - Fix memory corruption caused by p8_ghash
This patch changes the p8_ghash driver to use ghash-generic as a fixed
fallback implementation. This allows the correct value of descsize to be
defined directly in its shash_alg structure and avoids problems with
incorrect buffer sizes when its state is exported or imported.
Reported-by: Jan Stancek <jstancek@redhat.com>
Fixes:
cc333cd68dfa ("crypto: vmx - Adding GHASH routines for VMX module")
Cc: stable@vger.kernel.org
Signed-off-by: Marcelo Cerri <marcelo.cerri@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Marcelo Cerri [Wed, 28 Sep 2016 16:42:09 +0000 (13:42 -0300)]
crypto: ghash-generic - move common definitions to a new header file
Move common values and types used by ghash-generic to a new header file
so drivers can directly use ghash-generic as a fallback implementation.
Fixes:
cc333cd68dfa ("crypto: vmx - Adding GHASH routines for VMX module")
Cc: stable@vger.kernel.org
Signed-off-by: Marcelo Cerri <marcelo.cerri@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Catalin Vasile [Thu, 22 Sep 2016 08:57:58 +0000 (11:57 +0300)]
crypto: caam - fix sg dump
Ensure scatterlists have a virtual memory mapping before dumping.
Signed-off-by: Catalin Vasile <cata.vasile@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Dave Gerlach [Tue, 20 Sep 2016 15:25:40 +0000 (10:25 -0500)]
hwrng: omap - Only fail if pm_runtime_get_sync returns < 0
Currently omap-rng checks the return value of pm_runtime_get_sync and
reports failure if anything is returned, however it should be checking
if ret < 0 as pm_runtime_get_sync return 0 on success but also can return
1 if the device was already active which is not a failure case. Only
values < 0 are actual failures.
Fixes:
61dc0a446e5d ("hwrng: omap - Fix assumption that runtime_get_sync will always succeed")
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tero Kristo [Mon, 19 Sep 2016 15:22:19 +0000 (18:22 +0300)]
crypto: omap-sham - shrink the internal buffer size
The current internal buffer size is way too large for crypto core, so
shrink it to be smaller. This makes the buffer to fit into the space
reserved for the export/import buffers also.
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tero Kristo [Mon, 19 Sep 2016 15:22:18 +0000 (18:22 +0300)]
crypto: omap-sham - add support for export/import
Now that the driver has been converted to use scatterlists for data
handling, add proper implementation for the export/import stubs also.
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tero Kristo [Mon, 19 Sep 2016 15:22:17 +0000 (18:22 +0300)]
crypto: omap-sham - convert driver logic to use sgs for data xmit
Currently, the internal buffer has been used for data transmission. Change
this so that scatterlists are used instead, and change the driver to
actually use the previously introduced helper functions for scatterlist
preparation.
This patch also removes the old buffer handling code which is no longer
needed.
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tero Kristo [Mon, 19 Sep 2016 15:22:16 +0000 (18:22 +0300)]
crypto: omap-sham - change the DMA threshold value to a define
Currently the threshold value was hardcoded in the driver. Having a define
for it makes it easier to configure.
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tero Kristo [Mon, 19 Sep 2016 15:22:15 +0000 (18:22 +0300)]
crypto: omap-sham - add support functions for sg based data handling
Currently omap-sham uses a huge internal buffer for caching data, and
pushing this out to the DMA as large chunks. This, unfortunately,
doesn't work too well with the export/import functionality required
for ahash algorithms, and must be changed towards more scatterlist
centric approach.
This patch adds support functions for (mostly) scatterlist based data
handling. omap_sham_prepare_request() prepares a scatterlist for DMA
transfer to SHA crypto accelerator. This requires checking the data /
offset / length alignment of the data, splitting the data to SHA block
size granularity, and adding any remaining data back to the buffer.
With this patch, the code doesn't actually go live yet, the support code
will be taken properly into use with additional patches that modify the
SHA driver functionality itself.
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tero Kristo [Mon, 19 Sep 2016 15:22:14 +0000 (18:22 +0300)]
crypto: omap-sham - rename sgl to sgl_tmp for deprecation
The current usage of sgl will be deprecated, and will be replaced by an
array required by the sg based driver implementation. Rename the existing
variable as sgl_tmp so that it can be removed from the driver easily later.
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tero Kristo [Mon, 19 Sep 2016 15:22:13 +0000 (18:22 +0300)]
crypto: omap-sham - align algorithms on word offset
OMAP HW generally expects data for DMA to be on word boundary, so make the
SHA driver inform crypto framework of the same preference.
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tero Kristo [Mon, 19 Sep 2016 15:22:12 +0000 (18:22 +0300)]
crypto: omap-sham - add context export/import stubs
Initially these just return -ENOTSUPP to indicate that they don't
really do anything yet. Some sort of implementation is required
for the driver to at least probe.
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Baoyou Xie [Sun, 18 Sep 2016 12:52:44 +0000 (20:52 +0800)]
crypto: sun4i-ss - mark sun4i_hash() static
We get 1 warning when building kernel with W=1:
drivers/crypto/sunxi-ss/sun4i-ss-hash.c:168:5: warning: no previous prototype for 'sun4i_hash' [-Wmissing-prototypes]
In fact, this function is only used in the file in which it is
declared and don't need a declaration, but can be made static.
So this patch marks it 'static'.
Signed-off-by: Baoyou Xie <baoyou.xie@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Wei Yongjun [Sat, 17 Sep 2016 16:01:22 +0000 (16:01 +0000)]
crypto: ccp - Fix return value check in ccp_dmaengine_register()
Fix the retrn value check which testing the wrong variable
in ccp_dmaengine_register().
Fixes:
58ea8abf4904 ("crypto: ccp - Register the CCP as a DMA resource")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Acked-by: Gary R Hook <gary.hook@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Wei Yongjun [Fri, 16 Sep 2016 01:50:01 +0000 (01:50 +0000)]
hwrng: geode - fix return value check in mod_init()
In case of error, the function devm_ioremap() returns NULL pointer
not ERR_PTR(). The IS_ERR() test in the return value check should
be replaced with NULL test.
Fixes:
6e9b5e76882c ("hwrng: geode - Migrate to managed API")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Wei Yongjun [Fri, 16 Sep 2016 01:49:41 +0000 (01:49 +0000)]
hwrng: amd - Fix return value check in mod_init()
In case of error, the function devm_kzalloc() or devm_ioport_map()
return NULL pointer not ERR_PTR(). The IS_ERR() test in the return
value check should be replaced with NULL test.
Fixes:
31b2a73c9c5f ("hwrng: amd - Migrate to managed API")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Markus Elfring [Thu, 15 Sep 2016 14:00:55 +0000 (16:00 +0200)]
crypto: caam - Move common error handling code in two functions
Move statements for error handling which were identical
in two if branches to the end of these functions.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Markus Elfring [Thu, 15 Sep 2016 13:24:02 +0000 (15:24 +0200)]
crypto: caam - Delete an unnecessary initialisation in seven functions
The local variable "ret" will be set to an appropriate value a bit later.
Thus omit the explicit initialisation at the beginning.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Markus Elfring [Thu, 15 Sep 2016 12:56:12 +0000 (14:56 +0200)]
crypto: caam - Return a value directly in caam_hash_cra_init()
* Return a value at the end without storing it in an intermediate variable.
* Delete the local variable "ret" which became unnecessary with
this refactoring.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Markus Elfring [Thu, 15 Sep 2016 12:43:38 +0000 (14:43 +0200)]
crypto: caam - Rename a jump label in five functions
Adjust jump labels according to the current Linux coding style convention.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Markus Elfring [Thu, 15 Sep 2016 11:54:49 +0000 (13:54 +0200)]
crypto: caam - Rename jump labels in ahash_setkey()
Adjust jump labels according to the current Linux coding style convention.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Markus Elfring [Thu, 15 Sep 2016 09:20:09 +0000 (11:20 +0200)]
crypto: caam - Use kmalloc_array() in ahash_setkey()
* A multiplication for the size determination of a memory allocation
indicated that an array data structure should be processed.
Thus use the corresponding function "kmalloc_array".
This issue was detected by using the Coccinelle software.
* Replace the specification of a data type by a pointer dereference
to make the corresponding size determination a bit safer according to
the Linux coding style convention.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Wei Yongjun [Thu, 15 Sep 2016 03:28:04 +0000 (03:28 +0000)]
crypto: ccp - use kmem_cache_zalloc instead of kmem_cache_alloc/memset
Using kmem_cache_zalloc() instead of kmem_cache_alloc() and memset().
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Acked-by: Gary R Hook <gary.hook@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Wei Yongjun [Thu, 15 Sep 2016 03:27:32 +0000 (03:27 +0000)]
crypto: omap-aes - fix error return code in omap_aes_probe()
Fix to return error code -ENOMEM from the crypto_engine_alloc_init()
error handling case instead of 0, as done elsewhere in this function.
Fixes:
0529900a01cb ("crypto: omap-aes - Support crypto engine framework")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Wei Yongjun [Thu, 15 Sep 2016 03:27:15 +0000 (03:27 +0000)]
crypto: omap-des - fix error return code in omap_des_probe()
Fix to return error code -ENOMEM from the crypto_engine_alloc_init()
error handling case instead of 0, as done elsewhere in this function.
Fixes:
f1b77aaca85a ("crypto: omap-des - Integrate with the crypto
engine framework")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Thu, 22 Sep 2016 09:04:57 +0000 (17:04 +0800)]
crypto: rsa-pkcs1pad - Handle leading zero for decryption
As the software RSA implementation now produces fixed-length
output, we need to eliminate leading zeros in the calling code
instead.
This patch does just that for pkcs1pad decryption while signature
verification was fixed in an earlier patch.
Fixes:
9b45b7bba3d2 ("crypto: rsa - Generate fixed-length output")
Reported-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 20 Sep 2016 12:35:55 +0000 (20:35 +0800)]
KEYS: Fix skcipher IV clobbering
The IV must not be modified by the skcipher operation so we need
to duplicate it.
Fixes:
c3917fd9dfbc ("KEYS: Use skcipher")
Cc: stable@vger.kernel.org
Reported-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Masahiro Yamada [Mon, 12 Sep 2016 19:27:54 +0000 (04:27 +0900)]
crypto: squash lines for simple wrapper functions
Remove unneeded variables and assignments.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
PrasannaKumar Muralidharan [Sun, 11 Sep 2016 15:24:26 +0000 (20:54 +0530)]
hwrng: geode - Use linux/io.h instead of asm/io.h
Fix checkpatch.pl warning by changing from asm/io.h to linux/io.h. In
the mean time arrange the includes in alphabetical order.
Signed-off-by: PrasannaKumar Muralidharan <prasannatsmkumar@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
PrasannaKumar Muralidharan [Sun, 11 Sep 2016 15:23:21 +0000 (20:53 +0530)]
hwrng: geode - Migrate to managed API
Use devm_ioremap and devm_hwrng_register instead of ioremap and
hwrng_register. This removes error handling code. Also moved code around
by removing goto statements. This improves code readability.
Signed-off-by: PrasannaKumar Muralidharan <prasannatsmkumar@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Wei Yongjun [Sat, 10 Sep 2016 12:03:42 +0000 (12:03 +0000)]
hwrng: st - Fix missing clk_disable_unprepare() on error in st_rng_probe()
Fix the missing clk_disable_unprepare() before return
from st_rng_probe() in the error handling case.
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Acked-by: Patrice Chotard <patrice.chotard@st.com>
Acked-by: Peter Griffin <peter.griffin@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
PrasannaKumar Muralidharan [Fri, 9 Sep 2016 07:58:23 +0000 (13:28 +0530)]
hwrng: amd - Migrate to managed API
Managed API eliminates error handling code, thus reduces several lines
of code.
Signed-off-by: PrasannaKumar Muralidharan <prasannatsmkumar@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
PrasannaKumar Muralidharan [Wed, 7 Sep 2016 14:48:02 +0000 (20:18 +0530)]
hwrng: core - Allocate memory during module init
In core rng_buffer and rng_fillbuf is allocated in hwrng_register only
once and it is freed during module exit. This patch moves allocating
rng_buffer and rng_fillbuf from hwrng_register to rng core's init. This
avoids checking whether rng_buffer and rng_fillbuf was allocated from
every hwrng_register call. Also moving them to module init makes it
explicit that it is freed in module exit.
Change in v2:
Fix memory leak when register_miscdev fails.
Signed-off-by: PrasannaKumar Muralidharan <prasannatsmkumar@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Giovanni Cabiddu [Tue, 6 Sep 2016 10:18:51 +0000 (11:18 +0100)]
crypto: qat - fix leak on error path
Fix a memory leak in an error path in uc loader.
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
PrasannaKumar Muralidharan [Tue, 6 Sep 2016 08:28:39 +0000 (13:58 +0530)]
hwrng: pasemi - Use linux/io.h instead of asm/io.h
Checkpatch.pl warns about usage of asm/io.h. Use linux/io.h instead.
Signed-off-by: PrasannaKumar Muralidharan <prasannatsmkumar@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tero Kristo [Thu, 4 Aug 2016 10:28:46 +0000 (13:28 +0300)]
crypto: omap-des - fix crypto engine initialization order
The crypto engine must be initialized before registering algorithms,
otherwise the test manager will crash as it attempts to execute
tests for the algos while they are being registered.
Fixes:
f1b77aaca85a ("crypto: omap-des - Integrate with the crypto engine framework")
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tero Kristo [Thu, 4 Aug 2016 10:28:45 +0000 (13:28 +0300)]
crypto: omap-aes - fix crypto engine initialization order
The crypto engine must be initialized before registering algorithms,
otherwise the test manager will crash as it attempts to execute
tests for the algos while they are being registered.
Fixes:
0529900a01cb ("crypto: omap-aes - Support crypto engine framework")
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Lokesh Vutla [Thu, 4 Aug 2016 10:28:44 +0000 (13:28 +0300)]
crypto: omap-aes - Add fallback support
As setting up the DMA operations is quite costly, add software fallback
support for requests smaller than 200 bytes. This change gives some 10%
extra performance in ipsec use case.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
[t-kristo@ti.com: udpated against latest upstream, to use skcipher mainly]
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Lokesh Vutla [Thu, 4 Aug 2016 10:28:43 +0000 (13:28 +0300)]
crypto: omap-aes - Add support for multiple cores
Some SoCs like omap4/omap5/dra7 contain multiple AES crypto accelerator
cores. Adapt the driver to support this. The driver picks the last used
device from a list of AES devices.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
[t-kristo@ti.com: forward ported to 4.7 kernel]
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tero Kristo [Thu, 4 Aug 2016 10:28:42 +0000 (13:28 +0300)]
crypto: omap-aes - use runtime_pm autosuspend for clock handling
Calling runtime PM API at the cra_init/exit is bad for power management
purposes, as the lifetime for a CRA can be very long. Instead, use
pm_runtime autosuspend approach for handling the device clocks. Clocks
are enabled when they are actually required, and autosuspend disables
these if they have not been used for a sufficiently long time period.
By default, the timeout value is 1 second.
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tero Kristo [Thu, 4 Aug 2016 10:28:40 +0000 (13:28 +0300)]
crypto: omap-sham - fix SW fallback HMAC handling for omap2/omap3
If software fallback is used on older hardware accelerator setup (OMAP2/
OMAP3), the first block of data must be purged from the buffer. The
first block contains the pre-generated ipad value required by the HW,
but the software fallback algorithm generates its own, causing wrong
results.
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tero Kristo [Thu, 4 Aug 2016 10:28:39 +0000 (13:28 +0300)]
crypto: omap-sham - fix software fallback handling
If we have processed any data with the hardware accelerator (digcnt > 0),
we must complete the entire hash by using it. This is because the current
hash value can't be imported to the software fallback algorithm. Otherwise
we end up with wrong hash results.
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tero Kristo [Thu, 4 Aug 2016 10:28:36 +0000 (13:28 +0300)]
crypto: omap-sham - avoid executing tasklet where not needed
Some of the call paths of OMAP SHA driver can avoid executing the next
step of the crypto queue under tasklet; instead, execute the next step
directly via function call. This avoids a costly round-trip via the
scheduler giving a slight performance boost.
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Ard Biesheuvel [Tue, 13 Sep 2016 08:48:53 +0000 (09:48 +0100)]
crypto: arm64/aes-ctr - fix NULL dereference in tail processing
The AES-CTR glue code avoids calling into the blkcipher API for the
tail portion of the walk, by comparing the remainder of walk.nbytes
modulo AES_BLOCK_SIZE with the residual nbytes, and jumping straight
into the tail processing block if they are equal. This tail processing
block checks whether nbytes != 0, and does nothing otherwise.
However, in case of an allocation failure in the blkcipher layer, we
may enter this code with walk.nbytes == 0, while nbytes > 0. In this
case, we should not dereference the source and destination pointers,
since they may be NULL. So instead of checking for nbytes != 0, check
for (walk.nbytes % AES_BLOCK_SIZE) != 0, which implies the former in
non-error conditions.
Fixes:
49788fe2a128 ("arm64/crypto: AES-ECB/CBC/CTR/XTS using ARMv8 NEON and Crypto Extensions")
Cc: stable@vger.kernel.org
Reported-by: xiakaixu <xiakaixu@huawei.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Ard Biesheuvel [Tue, 13 Sep 2016 08:48:52 +0000 (09:48 +0100)]
crypto: arm/aes-ctr - fix NULL dereference in tail processing
The AES-CTR glue code avoids calling into the blkcipher API for the
tail portion of the walk, by comparing the remainder of walk.nbytes
modulo AES_BLOCK_SIZE with the residual nbytes, and jumping straight
into the tail processing block if they are equal. This tail processing
block checks whether nbytes != 0, and does nothing otherwise.
However, in case of an allocation failure in the blkcipher layer, we
may enter this code with walk.nbytes == 0, while nbytes > 0. In this
case, we should not dereference the source and destination pointers,
since they may be NULL. So instead of checking for nbytes != 0, check
for (walk.nbytes % AES_BLOCK_SIZE) != 0, which implies the former in
non-error conditions.
Fixes:
86464859cc77 ("crypto: arm - AES in ECB/CBC/CTR/XTS modes using ARMv8 Crypto Extensions")
Cc: stable@vger.kernel.org
Reported-by: xiakaixu <xiakaixu@huawei.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 13 Sep 2016 06:43:29 +0000 (14:43 +0800)]
crypto: skcipher - Fix blkcipher walk OOM crash
When we need to allocate a temporary blkcipher_walk_next and it
fails, the code is supposed to take the slow path of processing
the data block by block. However, due to an unrelated change
we instead end up dereferencing the NULL pointer.
This patch fixes it by moving the unrelated bsize setting out
of the way so that we enter the slow path as inteded.
Fixes:
7607bd8ff03b ("[CRYPTO] blkcipher: Added blkcipher_walk_virt_block")
Cc: stable@vger.kernel.org
Reported-by: xiakaixu <xiakaixu@huawei.com>
Reported-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Herbert Xu [Wed, 7 Sep 2016 10:42:08 +0000 (18:42 +0800)]
crypto: echainiv - Replace chaining with multiplication
The current implementation uses a global per-cpu array to store
data which are used to derive the next IV. This is insecure as
the attacker may change the stored data.
This patch removes all traces of chaining and replaces it with
multiplication of the salt and the sequence number.
Fixes:
a10f554fa7e0 ("crypto: echainiv - Add encrypted chain IV...")
Cc: stable@vger.kernel.org
Reported-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Ard Biesheuvel [Mon, 5 Sep 2016 11:58:44 +0000 (12:58 +0100)]
crypto: arm/ghash - change internal cra_name to "__ghash"
The fact that the internal synchrous hash implementation is called
"ghash" like the publicly visible one is causing the testmgr code
to misidentify it as an algorithm that requires testing at boottime.
So rename it to "__ghash" to prevent this.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 5 Sep 2016 09:12:57 +0000 (17:12 +0800)]
PCI: Fix cavium quirk compile failure with PCI_ATS off
The newly added quirk_cavium_sriov_rnm_link doesn't compile if
PCI_ATS is off. This patch adds a check for PCI_ATS.
Fixes:
21b5b8eebbae ("PCI: quirk fixup for cavium invalid sriov...")
Reported-by: kbuild test robot <fengguang.wu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
PrasannaKumar Muralidharan [Sun, 4 Sep 2016 18:13:08 +0000 (23:43 +0530)]
hwrng: pasemi - Migrate to managed API
Use devm_ioremap and devm_hwrng_register instead of ioremap and
hwrng_register. This removes unregistering and error handling code.
Changes in v2:
Remove hardcoded resource size in ioremap, use resource struct obtained
by calling platform_get_resource.
Removing hardcoded resource size was suggested by LABBE Corentin.
CC: Darren Stevens <darren@stevens-zone.net>
Suggested-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: PrasannaKumar Muralidharan <prasannatsmkumar@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Arnd Bergmann [Fri, 2 Sep 2016 23:26:40 +0000 (01:26 +0200)]
crypto: mv_cesa - remove NO_IRQ reference
Drivers should not use NO_IRQ, as we are trying to get rid of that.
In this case, the call to irq_of_parse_and_map() is both wrong
(as it returns '0' on failure, not NO_IRQ) and unnecessary
(as platform_get_irq() does the same thing)
This removes the call to irq_of_parse_and_map() and checks for
the error code correctly.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Quentin Lambert [Fri, 2 Sep 2016 09:48:53 +0000 (11:48 +0200)]
crypto: ccp - add missing release in ccp_dmaengine_register
ccp_dmaengine_register used to return with an error code before
releasing all resource. This patch adds a jump to the appropriate label
ensuring that the resources are properly released before returning.
This issue was found with Hector.
Signed-off-by: Quentin Lambert <lambert.quentin@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Ard Biesheuvel [Thu, 1 Sep 2016 13:25:42 +0000 (14:25 +0100)]
crypto: arm/ghash-ce - add missing async import/export
Since commit
8996eafdcbad ("crypto: ahash - ensure statesize is non-zero"),
all ahash drivers are required to implement import()/export(), and must have
a non-zero statesize. Fix this for the ARM Crypto Extensions GHASH
implementation.
Fixes:
8996eafdcbad ("crypto: ahash - ensure statesize is non-zero")
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Ard Biesheuvel [Thu, 1 Sep 2016 13:25:41 +0000 (14:25 +0100)]
crypto: arm/sha1-neon - add support for building in Thumb2 mode
The ARMv7 NEON module is explicitly built in ARM mode, which is not
supported by the Thumb2 kernel. So remove the explicit override, and
leave it up to the build environment to decide whether the core SHA1
routines are assembled as ARM or as Thumb2 code.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Thu, 1 Sep 2016 09:16:44 +0000 (17:16 +0800)]
crypto: algif_hash - Handle NULL hashes correctly
Right now attempting to read an empty hash simply returns zeroed
bytes, this patch corrects this by calling the digest function
using an empty input.
Reported-by: Russell King - ARM Linux <linux@armlinux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Catalin Vasile [Wed, 31 Aug 2016 12:57:55 +0000 (15:57 +0300)]
crypto: caam - fix rfc3686(ctr(aes)) IV load
-nonce is being loaded using append_load_imm_u32() instead of
append_load_as_imm() (nonce is a byte array / stream, not a 4-byte
variable)
-counter is not being added in big endian format, as mandatated by
RFC3686 and expected by the crypto engine
Signed-off-by: Catalin Vasile <cata.vasile@nxp.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin LABBE [Wed, 31 Aug 2016 12:02:58 +0000 (14:02 +0200)]
crypto: engine - permit to enqueue ashash_request
The current crypto engine allow only ablkcipher_request to be enqueued.
Thus denying any use of it for hardware that also handle hash algo.
This patch modify the API for allowing to enqueue ciphers and hash.
Since omap-aes/omap-des are the only users, this patch also convert them
to the new cryptoengine API.
Signed-off-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin LABBE [Wed, 31 Aug 2016 12:02:57 +0000 (14:02 +0200)]
crypto: engine - move crypto engine to its own header
This patch move the whole crypto engine API to its own header
crypto/engine.h.
Signed-off-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Maksim Lukoshkov [Tue, 30 Aug 2016 17:56:00 +0000 (18:56 +0100)]
crypto: qat - fix incorrect accelerator mask for C3X devices
Fix incorrect value of ADF_C3XXX_ACCELERATORS_MASK.
Signed-off-by: Maksim Lukoshkov <maksim.lukoshkov@intel.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Arvind Yadav [Mon, 29 Aug 2016 17:10:16 +0000 (22:40 +0530)]
hwrng: bcm2835 - handle of_iomap failures
Check return value of of_iomap and handle errors correctly.
Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Acked-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Ard Biesheuvel [Thu, 1 Sep 2016 13:25:43 +0000 (14:25 +0100)]
crypto: cryptd - initialize child shash_desc on import
When calling .import() on a cryptd ahash_request, the structure members
that describe the child transform in the shash_desc need to be initialized
like they are when calling .init()
Cc: stable@vger.kernel.org
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stephan Mueller [Thu, 25 Aug 2016 13:15:01 +0000 (15:15 +0200)]
crypto: FIPS - allow tests to be disabled in FIPS mode
In FIPS mode, additional restrictions may apply. If these restrictions
are violated, the kernel will panic(). This patch allows test vectors
for symmetric ciphers to be marked as to be skipped in FIPS mode.
Together with the patch, the XTS test vectors where the AES key is
identical to the tweak key is disabled in FIPS mode. This test vector
violates the FIPS requirement that both keys must be different.
Reported-by: Tapas Sarangi <TSarangi@trustwave.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Maksim Lukoshkov [Mon, 29 Aug 2016 12:28:31 +0000 (13:28 +0100)]
crypto: qat - fix constants table DMA
Copy const_tab array into DMA-able memory (accesible by qat hw).
Signed-off-by: Maksim Lukoshkov <maksim.lukoshkov@intel.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
PrasannaKumar Muralidharan [Sun, 28 Aug 2016 08:49:12 +0000 (14:19 +0530)]
hwrng: tx4939 - Use devm_hwrng_register instead of hwrng_register
By using devm_hwrng_register instead of hwrng_register the .remove
callback in platform_driver can be removed. This reduces a few lines in
code.
Signed-off-by: PrasannaKumar Muralidharan <prasannatsmkumar@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
PrasannaKumar Muralidharan [Fri, 26 Aug 2016 18:32:04 +0000 (00:02 +0530)]
hwrng: Remove check for max less than 4 bytes
HW RNG core never asks for data less than 4 bytes. The check whether max
is less than 4 bytes is unnecessary. Remove the check.
Signed-off-by: PrasannaKumar Muralidharan <prasannatsmkumar@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Fri, 26 Aug 2016 15:19:39 +0000 (23:19 +0800)]
crypto: xor - Fix warning when XOR_SELECT_TEMPLATE is unset
This patch fixes an unused label warning triggered when the macro
XOR_SELECT_TEMPLATE is not set.
Fixes:
39457acda913 ("crypto: xor - skip speed test if the xor...")
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Suggested-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin LABBE [Fri, 26 Aug 2016 11:11:36 +0000 (13:11 +0200)]
hwrng: amd - Convert to new hwrng read() API
This patch convert the hwrng interface used by amd768-rng to its new API
by replacing data_read()/data_present() by read().
Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin LABBE [Fri, 26 Aug 2016 11:11:35 +0000 (13:11 +0200)]
hwrng: amd - Access hardware via ioread32/iowrite32
Instead of accessing hw directly via pmbase, it's better to
access after ioport_map() via ioread32/iowrite32.
Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin LABBE [Fri, 26 Aug 2016 11:11:34 +0000 (13:11 +0200)]
hwrng: amd - Replace global variable with private struct
Instead of having two global variable, it's better to use a
private struct. This will permit to remove amd_pdev variable
Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin LABBE [Fri, 26 Aug 2016 11:11:33 +0000 (13:11 +0200)]
hwrng: amd - release_region must be called after hwrng_unregister
The driver release the memory region before being sure that nobody use
it.
This patch made hwrng_unregister ran before any release was done.
Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin LABBE [Fri, 26 Aug 2016 11:11:32 +0000 (13:11 +0200)]
hwrng: amd - Remove asm/io.h
checkpatch complains about <asm/io.h> used instead of linux/io.h.
In fact it is not needed.
This patch remove it, and in the process, alphabetize the other headers.
Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin LABBE [Fri, 26 Aug 2016 11:11:31 +0000 (13:11 +0200)]
hwrng: amd - Be consitent with the driver name
The driver name is displayed each time differently.
This patch make use of the same name everywhere.
Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin LABBE [Fri, 26 Aug 2016 11:11:30 +0000 (13:11 +0200)]
hwrng: amd - use the BIT macro
This patch add usage of the BIT() macro
Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin LABBE [Fri, 26 Aug 2016 11:11:29 +0000 (13:11 +0200)]
hwrng: amd - Fix style problem with blank line
Some blank line are unncessary, and one is missing after declaration.
This patch fix thoses style problems.
Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Baoyou Xie [Fri, 26 Aug 2016 09:56:24 +0000 (17:56 +0800)]
crypto: caam - add missing header dependencies
We get 1 warning when biuld kernel with W=1:
drivers/crypto/caam/ctrl.c:398:5: warning: no previous prototype for 'caam_get_era' [-Wmissing-prototypes]
In fact, this function is declared in drivers/crypto/caam/ctrl.h,
so this patch add missing header dependencies.
Signed-off-by: Baoyou Xie <baoyou.xie@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Omer Khaliq [Tue, 23 Aug 2016 23:27:15 +0000 (16:27 -0700)]
hwrng: cavium - Add Cavium HWRNG driver for ThunderX SoC.
The Cavium ThunderX SoC has a hardware random number generator.
This driver provides support using the HWRNG framework.
Signed-off-by: Omer Khaliq <okhaliq@caviumnetworks.com>
Signed-off-by: Ananth Jasty <Ananth.Jasty@cavium.com>
Acked-by: David Daney <david.daney@cavium.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Ananth Jasty [Tue, 23 Aug 2016 23:27:14 +0000 (16:27 -0700)]
PCI: quirk fixup for cavium invalid sriov link value.
Cavium cn88xx hardware presents an incorrect SR-IOV Function
Dependency Link, add a fixup quirk for the affected devices.
Acked-by: David Daney <david.daney@cavium.com>
Signed-off-by: Ananth Jasty <Ananth.Jasty@cavium.com>
Signed-off-by: Omer Khaliq <okhaliq@caviumnetworks.com>
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Horia Geantă [Mon, 29 Aug 2016 11:52:14 +0000 (14:52 +0300)]
crypto: caam - fix IV loading for authenc (giv)decryption
For algorithms that implement IV generators before the crypto ops,
the IV needed for decryption is initially located in req->src
scatterlist, not in req->iv.
Avoid copying the IV into req->iv by modifying the (givdecrypt)
descriptors to load it directly from req->src.
aead_givdecrypt() is no longer needed and goes away.
Cc: <stable@vger.kernel.org> # 4.3+
Fixes:
479bcc7c5b9e ("crypto: caam - Convert authenc to new AEAD interface")
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Thu, 25 Aug 2016 08:49:51 +0000 (16:49 +0800)]
crypto: cryptd - Use correct tfm object for AEAD tracking
The AEAD code path incorrectly uses the child tfm to track the
cryptd refcnt, and then potentially frees the child tfm.
Fixes:
81760ea6a95a ("crypto: cryptd - Add helpers to check...")
Reported-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Sudip Mukherjee [Tue, 23 Aug 2016 14:58:54 +0000 (20:28 +0530)]
crypto: rockchip - use devm_add_action_or_reset()
If devm_add_action() fails we are explicitly calling the cleanup to free
the resources allocated. Lets use the helper devm_add_action_or_reset()
and return directly in case of error, as we know that the cleanup function
has been already called by the helper if there was any error.
Signed-off-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk>
Reviewed-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stephan Mueller [Tue, 23 Aug 2016 08:09:32 +0000 (10:09 +0200)]
crypto: rsa - allow keys >= 2048 bits in FIPS mode
With a public notification, NIST now allows the use of RSA keys with a
modulus >= 2048 bits. The new rule allows any modulus size >= 2048 bits
provided that either 2048 or 3072 bits are supported at least so that
the entire RSA implementation can be CAVS tested.
This patch fixes the inability to boot the kernel in FIPS mode, because
certs/x509.genkey defines a 4096 bit RSA key per default. This key causes
the RSA signature verification to fail in FIPS mode without the patch
below.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Fabio Estevam [Mon, 22 Aug 2016 02:37:27 +0000 (23:37 -0300)]
crypto: mxc-scc - check clk_prepare_enable() error
clk_prepare_enable() may fail, so we should better check its return
value and propagate it in the case of failure.
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
PrasannaKumar Muralidharan [Sat, 20 Aug 2016 16:01:06 +0000 (21:31 +0530)]
hwrng: omap3-rom - Remove obsoleted functions
Remove omap3_rom_rng_data_present method as it was returning 1 always.
Use .read callback instead of .data_read callback. This avoids use of
obsolete callbacks.
This patch is not tested with hardware as I don't have access to it.
Signed-off-by: PrasannaKumar Muralidharan <prasannatsmkumar@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Wei Yongjun [Sat, 20 Aug 2016 15:06:51 +0000 (15:06 +0000)]
crypto: drbg - fix error return code
Fix to return a negative error code from the error handling
case instead of 0.
Signed-off-by: Wei Yongjun <weiyj.lk@gmail.com>
Acked-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Wei Yongjun [Sat, 20 Aug 2016 10:48:53 +0000 (10:48 +0000)]
crypto: sun4i-ss - fix missing unlock on error in sun4i_hash()
Add the missing unlock before return from function sun4i_hash()
in the error handling case.
Fixes:
477d9b2e591b ("crypto: sun4i-ss - unify update/final function")
Signed-off-by: Wei Yongjun <weiyj.lk@gmail.com>
Acked-by: Corentin LABBE <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Martin Schwidefsky [Fri, 19 Aug 2016 12:19:30 +0000 (14:19 +0200)]
crypto: xor - skip speed test if the xor function is selected automatically
If the architecture selected the xor function with XOR_SELECT_TEMPLATE
the speed result of the do_xor_speed benchmark is of limited value.
The speed measurement increases the bootup time a little, which can
makes a difference for kernels used in container like virtual machines.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Daniel Thompson [Thu, 18 Aug 2016 12:37:21 +0000 (13:37 +0100)]
hwrng: core - Improve description of the ->read() interface
Currently, very few RNG drivers support single byte reads using the
->read() interface. Of the 14 drivers in drivers/char/hw_random that
support this interface only three of these actually support max == 1.
The other behaviours vary between return 0, return 2, return 4 and return
-EIO).
This is not a problem in practice because the core hw_random code never
performs a read shorter than 16 bytes. The documentation for this function
already contrains the alignment of the buffer pointer, so let's also
guarantee that the buffer is at least as large as its alignment.
This constraint is intended to be the weakest guarantee neccessary to
allow driver writers to safely simplify their code.
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Eric Biggers [Wed, 17 Aug 2016 22:47:11 +0000 (15:47 -0700)]
crypto: doc - fix documentation for bulk registration functions
Update the documentation for crypto_register_algs() and
crypto_unregister_algs() to match the actual behavior.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Li Zhong [Wed, 24 Aug 2016 07:34:40 +0000 (15:34 +0800)]
crypto: vmx - fix null dereference in p8_aes_xts_crypt
walk.iv is not assigned a value in blkcipher_walk_init. It makes iv uninitialized.
It is possibly a null value(as shown below), which is then used by aes_p8_encrypt.
This patch moves iv = walk.iv after blkcipher_walk_virt, in which walk.iv is set.
[17856.268050] Unable to handle kernel paging request for data at address 0x00000000
[17856.268212] Faulting instruction address: 0xd000000002ff04bc
7:mon> t
[link register ]
d000000002ff47b8 p8_aes_xts_crypt+0x168/0x2a0 [vmx_crypto] (938)
[
c000000013b77960]
d000000002ff4794 p8_aes_xts_crypt+0x144/0x2a0 [vmx_crypto] (unreliable)
[
c000000013b77a70]
c000000000544d64 skcipher_decrypt_blkcipher+0x64/0x80
[
c000000013b77ac0]
d000000003c0175c crypt_convert+0x53c/0x620 [dm_crypt]
[
c000000013b77ba0]
d000000003c043fc kcryptd_crypt+0x3cc/0x440 [dm_crypt]
[
c000000013b77c50]
c0000000000f3070 process_one_work+0x1e0/0x590
[
c000000013b77ce0]
c0000000000f34c8 worker_thread+0xa8/0x660
[
c000000013b77d80]
c0000000000fc0b0 kthread+0x110/0x130
[
c000000013b77e30]
c0000000000098f0 ret_from_kernel_thread+0x5c/0x6c
Signed-off-by: Li Zhong <zhong@linux.vnet.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Giovanni Cabiddu [Thu, 18 Aug 2016 18:53:36 +0000 (19:53 +0100)]
crypto: qat - fix aes-xts key sizes
Increase value of supported key sizes for qat_aes_xts.
aes-xts keys consists of keys of equal size concatenated.
Fixes:
def14bfaf30d ("crypto: qat - add support for ctr(aes) and xts(aes)")
Cc: stable@vger.kernel.org
Reported-by: Wenqian Yu <wenqian.yu@intel.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Fabian Frederick [Tue, 16 Aug 2016 19:49:45 +0000 (21:49 +0200)]
hwrng: mxc-rnga - Fix Kconfig dependency
We can directly depend on SOC_IMX31 since commit
c9ee94965dce
("ARM: imx: deconstruct mxc_rnga initialization")
Since that commit, CONFIG_HW_RANDOM_MXC_RNGA could not be switched on
with unknown symbol ARCH_HAS_RNGA and mxc-rnga.o can't be generated with
ARCH=arm make M=drivers/char/hw_random
Previously, HW_RANDOM_MXC_RNGA required ARCH_HAS_RNGA
which was based on IMX_HAVE_PLATFORM_MXC_RNGA && ARCH_MXC.
IMX_HAVE_PLATFORM_MXC_RNGA was based on SOC_IMX31.
Fixes:
c9ee94965dce ("ARM: imx: deconstruct mxc_rnga initialization")
Signed-off-by: Fabian Frederick <fabf@skynet.be>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>