- 11 Dec, 2019 40 commits
-
-
Tero Kristo authored
Current buffer handling logic fails in a case where the buffer contains existing data from previous update which is divisible by block size. This results in a block size of data to be left missing from the sg list going out to the hw accelerator, ending up in stalling the crypto accelerator driver (the last request never completes fully due to missing data.) Fix this by passing the total size of the data instead of the data size of current request, and also parsing the buffer contents within the prepare request handling. Signed-off-by:
Tero Kristo <t-kristo@ti.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
Tero Kristo authored
Currently omap-aes driver does not copy end result IV out at all. This is evident with the additional checks done at the crypto test manager. Fix by copying out the IV values from HW. Signed-off-by:
-
Tero Kristo authored
Currently omap-des driver does not copy end result IV out at all. This is evident with the additional checks done at the crypto test manager. Fix by copying out the IV values from HW. Signed-off-by:
-
Tero Kristo authored
The driver removal should also cleanup the created sysfs group. If not, the driver fails the subsequent probe as the files exist already. Also, drop a completely unnecessary pointer assignment from the removal function at the same time. Signed-off-by:
-
Tero Kristo authored
The driver removal should also cleanup the created sysfs group. If not, the driver fails the subsequent probe as the files exist already. Signed-off-by:
-
Tero Kristo authored
When using huge data amount, allocating free pages fails as the kernel isn't able to process get_free_page requests larger than MAX_ORDER. Also, the DMA subsystem has an inherent limitation that data size larger than some 2MB can't be handled properly. In these cases, split up the data instead to smaller requests so that the kernel can allocate the data, and also so that the DMA driver can handle the separate SG elements. Signed-off-by:
Bin Liu <b-liu@ti.com> Signed-off-by:
-
Eric Biggers authored
The essiv and hmac templates refuse to use any hash algorithm that has a ->setkey() function, which includes not just algorithms that always need a key, but also algorithms that optionally take a key. Previously the only optionally-keyed hash algorithms in the crypto API were non-cryptographic algorithms like crc32, so this didn't really matter. But that's changed with BLAKE2 support being added. BLAKE2 should work with essiv and hmac, just like any other cryptographic hash. Fix this by allowing the use of both algorithms without a ->setkey() function and algorithms that have the OPTIONAL_KEY flag set. Signed-off-by:
Eric Biggers <ebiggers@google.com> Acked-by:
Ard Biesheuvel <ardb@kernel.org> Signed-off-by:
-
Eric Biggers authored
Due to the removal of the blkcipher and ablkcipher algorithm types, crypto_skcipher_extsize() now simply calls crypto_alg_extsize(). So remove it and just use crypto_alg_extsize(). Signed-off-by:
-
Eric Biggers authored
Due to the removal of the blkcipher and ablkcipher algorithm types, crypto_skcipher::decrypt is now redundant since it always equals crypto_skcipher_alg(tfm)->decrypt. Remove it and update crypto_skcipher_decrypt() accordingly. Signed-off-by:
-
Eric Biggers authored
Due to the removal of the blkcipher and ablkcipher algorithm types, crypto_skcipher::encrypt is now redundant since it always equals crypto_skcipher_alg(tfm)->encrypt. Remove it and update crypto_skcipher_encrypt() accordingly. Signed-off-by:
-
Eric Biggers authored
Due to the removal of the blkcipher and ablkcipher algorithm types, crypto_skcipher::setkey now always points to skcipher_setkey(). Simplify by removing this function pointer and instead just making skcipher_setkey() be crypto_skcipher_setkey() directly. Signed-off-by:
-
Eric Biggers authored
Due to the removal of the blkcipher and ablkcipher algorithm types, crypto_skcipher::keysize is now redundant since it always equals crypto_skcipher_alg(tfm)->max_keysize. Remove it and update crypto_skcipher_default_keysize() accordingly. Also rename crypto_skcipher_default_keysize() to crypto_skcipher_max_keysize() to clarify that it specifically returns the maximum key size, not some unspecified "default". Signed-off-by:
-
Eric Biggers authored
Due to the removal of the blkcipher and ablkcipher algorithm types, crypto_skcipher::ivsize is now redundant since it always equals crypto_skcipher_alg(tfm)->ivsize. Remove it and update crypto_skcipher_ivsize() accordingly. Signed-off-by:
-
Eric Biggers authored
Update a comment to refer to crypto_alloc_skcipher() rather than crypto_alloc_blkcipher() (the latter having been removed). Signed-off-by:
-
Eric Biggers authored
Another instance of CRYPTO_BLKCIPHER made it in just after it was renamed to CRYPTO_SKCIPHER. Fix it. Fixes: 416d8220 ("crypto: hisilicon - add HiSilicon SEC V2 driver") Signed-off-by:
-
Herbert Xu authored
We should not be modifying the original request's MAY_SLEEP flag upon completion. It makes no sense to do so anyway. Reported-by:
Eric Biggers <ebiggers@kernel.org> Fixes: 5068c7a8 ("crypto: pcrypt - Add pcrypt crypto...") Signed-off-by:
-
Ard Biesheuvel authored
The SIMD based GHASH implementation for arm64 is typically much faster than the generic one, and doesn't use any lookup tables, so it is clearly preferred when available. So bump the priority to reflect that. Fixes: 5a22b198 ("crypto: arm64/ghash - register PMULL variants ...") Signed-off-by:
-
Sami Tolvanen authored
Instead of casting pointers to callback functions, add C wrappers to avoid type mismatch failures with Control-Flow Integrity (CFI) checking. Signed-off-by:
Sami Tolvanen <samitolvanen@google.com> Reviewed-by:
-
Ard Biesheuvel authored
AMD Seattle incorporates a non-PCI version of the v3 CCP crypto accelerator, and this version was left behind when the maximum RSA modulus size was parameterized in order to support v5 hardware which supports larger moduli than v3 hardware does. Due to this oversight, RSA acceleration no longer works at all on these systems. Fix this by setting the .rsamax property to the appropriate value for v3 platform hardware. Fixes: e28c190d ("csrypto: ccp - Expand RSA support for a v5 ccp") Cc: Gary R Hook <gary.hook@amd.com> Signed-off-by:
Gary R Hook <gary.hook@amd.com> Signed-off-by:
-
Gilad Ben-Yossef authored
Fix brown paper bag bug of not releasing backlog list item buffer when backlog was consumed causing a memory leak when backlog is used. Signed-off-by:
Gilad Ben-Yossef <gilad@benyossef.com> Cc: stable@vger.kernel.org # v4.19+ Signed-off-by:
-
Hadar Gat authored
Fix some typos in error message text. Signed-off-by:
Hadar Gat <hadar.gat@arm.com> Signed-off-by:
-
Hadar Gat authored
Fix some typos in code comments. Signed-off-by:
-
Gilad Ben-Yossef authored
The define of CC_DEV_SHA_MAX is not needed since we moved to runtime detection of capabilities. Remove it. Signed-off-by:
-
Kees Cook authored
The crypto glue performed function prototype casting via macros to make indirect calls to assembly routines. Instead of performing casts at the call sites (which trips Control Flow Integrity prototype checking), switch each prototype to a common standard set of arguments which allows the removal of the existing macros. In order to keep pointer math unchanged, internal casting between u128 pointers and u8 pointers is added. Co-developed-by:
João Moreira <joao.moreira@intel.com> Signed-off-by:
Kees Cook <keescook@chromium.org> Reviewed-by:
-
Iuliana Prodan authored
In commit 'a1cf573e ("crypto: caam - select DMA address size at runtime")' CAAM pointer size (caam_ptr_size) is changed from sizeof(dma_addr_t) to runtime value computed from MCFGR register. Therefore, do not reset MCFGR[PS]. Fixes: a1cf573e ("crypto: caam - select DMA address size at runtime") Signed-off-by:
Iuliana Prodan <iuliana.prodan@nxp.com> Cc: <stable@vger.kernel.org> Cc: Andrey Smirnov <andrew.smirnov@gmail.com> Cc: Alison Wang <alison.wang@nxp.com> Reviewed-by:
Horia Geantă <horia.geanta@nxp.com> Signed-off-by:
-
Herbert Xu authored
If the pcrypt template is used multiple times in an algorithm, then a deadlock occurs because all pcrypt instances share the same padata_instance, which completes requests in the order submitted. That is, the inner pcrypt request waits for the outer pcrypt request while the outer request is already waiting for the inner. This patch fixes this by allocating a set of queues for each pcrypt instance instead of using two global queues. In order to maintain the existing user-space interface, the pinst structure remains global so any sysfs modifications will apply to every pcrypt instance. Note that when an update occurs we have to allocate memory for every pcrypt instance. Should one of the allocations fail we will abort the update without rolling back changes already made. The new per-instance data structure is called padata_shell and is essentially a wrapper around parallel_data. Reproducer: #include <linux/if_alg.h> #include <sys/socket.h> #include <unistd.h> int main() { struct sockaddr_alg addr = { .salg_type = "aead", .salg_name = "pcrypt(pcrypt(rfc4106-gcm-aesni))" }; int algfd, reqfd; char buf[32] = { 0 }; algfd = socket(AF_ALG, SOCK_SEQPACKET, 0); bind(algfd, (void *)&addr, sizeof(addr)); setsockopt(algfd, SOL_ALG, ALG_SET_KEY, buf, 20); reqfd = accept(algfd, 0, 0); write(reqfd, buf, 32); read(reqfd, buf, 16); } Reported-by: syzbot+56c7151cad94eec37c521f0e47d2eee53f9361c4@syzkaller.appspotmail.com Fixes: 5068c7a8 ("crypto: pcrypt - Add pcrypt crypto parallelization wrapper") Signed-off-by: -
Peter Ujfalusi authored
The driver no longer boots in legacy mode, only via DT. This makes the dma_request_slave_channel_compat() redundant. If ever the filter function would be executed it will return false as the dma_slave is not really initialized. Switch to use dma_request_chan() which would allow legacy boot if ever needed again by configuring dma_slave_map for the DMA driver. At the same time skip allocating memory for dma_slave as it is not used anymore. Signed-off-by:
Peter Ujfalusi <peter.ujfalusi@ti.com> Signed-off-by:
-
Peter Ujfalusi authored
The driver no longer boots in legacy mode, only via DT. This makes the dma_request_slave_channel_compat() redundant. If ever the filter function would be executed it will return false as the dma_slave is not really initialized. Switch to use dma_request_chan() which would allow legacy boot if ever needed again by configuring dma_slave_map for the DMA driver. At the same time skip allocating memory for dma_slave as it is not used anymore. Signed-off-by:
-
Peter Ujfalusi authored
The driver no longer boots in legacy mode, only via DT. This makes the dma_request_slave_channel_compat() redundant. If ever the filter function would be executed it will return false as the dma_slave is not really initialized. Switch to use dma_request_chan() which would allow legacy boot if ever needed again by configuring dma_slave_map for the DMA driver. At the same time skip allocating memory for dma_slave as it is not used anymore. Signed-off-by:
-
Krzysztof Kozlowski authored
Adjust indentation from spaces to tab (+optional two spaces) as in coding style with command like: $ sed -e 's/^ /\t/' -i */Kconfig Signed-off-by:
Krzysztof Kozlowski <krzk@kernel.org> Reviewed-by:
-
Corentin Labbe authored
The A33 SS has a difference with all other SS, it give SHA1 digest directly in BE. So this patch adds variant support in sun4i-ss. Fixes: 6298e948 ("crypto: sunxi-ss - Add Allwinner Security System crypto accelerator") Signed-off-by:
Corentin Labbe <clabbe.montjoie@gmail.com> Acked-by:
Maxime Ripard <mripard@kernel.org> Signed-off-by:
-
Kamil Konieczny authored
Update my e-mail address to @samsung.com in maintainers. Add also map in .mailmap to new e-mail. Signed-off-by:
Kamil Konieczny <k.konieczny@samsung.com> Signed-off-by:
-
Stefan Wahren authored
BCM2711 features a RNG200 hardware random number generator block. So make the driver available. Signed-off-by:
Stefan Wahren <wahrenst@gmx.net> Signed-off-by:
Stephen Brennan <stephen@brennan.io> Reviewed-by:
Matthias Brugger <mbrugger@suse.com> Reviewed-by:
Florian Fainelli <f.fainelli@gmail.com> Signed-off-by:
-
Stefan Wahren authored
The BCM2711 has a RNG200 block, so document its compatible string. Signed-off-by:
Rob Herring <robh@kernel.org> Signed-off-by:
-
Herbert Xu authored
The function padata_remove_cpu was supposed to have been removed along with padata_add_cpu but somehow it remained behind. Let's kill it now as it doesn't even have a prototype anymore. Fixes: 815613da ("kernel/padata.c: removed unused code") Signed-off-by:
Daniel Jordan <daniel.m.jordan@oracle.com> Signed-off-by:
-
Herbert Xu authored
On module unload of pcrypt we must unregister the crypto algorithms first and then tear down the padata structure. As otherwise the crypto algorithms are still alive and can be used while the padata structure is being freed. Fixes: 5068c7a8 ("crypto: pcrypt - Add pcrypt crypto...") Cc: <stable@vger.kernel.org> Signed-off-by:
-
Zhou Wang authored
As we already merge hardware sgl into hisi_qm module, remove useless MODULE macros. Fixes: 48c1cd40 (crypto: hisilicon - merge sgl support to hisi_qm module) Signed-off-by:
Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by:
-
Jonathan Cameron authored
We can configure sgl offset fields in ZIP sqe to let ZIP engine read/write sgl data with skipped data. Hence no need to splite the sgl. Fixes: 62c455ca (crypto: hisilicon - add HiSilicon ZIP accelerator support) Signed-off-by:
Jonathan Cameron <Jonathan.Cameron@huawei.com> Signed-off-by:
-
Jonathan Cameron authored
We fill the hardware scatter gather list assuming it will need the same number of elements at the original scatterlist. If an IOMMU is involved, then it may well need fewer. The return value of dma_map_sg tells us how many. Probably never caused visible problems as the hardware won't get to the elements that are incorrect before it finds enough space. Fixes: dfed0098 (crypto: hisilicon - add hardware SGL support) Signed-off-by:
-
Herbert Xu authored
The function padata_flush_queues is fundamentally broken because it cannot force padata users to complete the request that is underway. IOW padata has to passively wait for the completion of any outstanding work. As it stands flushing is used in two places. Its use in padata_stop is simply unnecessary because nothing depends on the queues to be flushed afterwards. The other use in padata_replace is more substantial as we depend on it to free the old pd structure. This patch instead uses the pd->refcnt to dynamically free the pd structure once all requests are complete. Fixes: 2b73b07a ("padata: Flush the padata queues actively") Cc: <stable@vger.kernel.org> Signed-off-by:
-
