- 08 Jul, 2018 13 commits
-
-
Ofer Heifetz authored
So far a single processing engine (PE) was configured and used in the Inside Secure SafeXcel cryptographic engine driver. Some versions have more than a single PE. This patch rework the driver's initialization to take this into account and to allow configuring more than one PE. Signed-off-by:
Ofer Heifetz <oferh@marvell.com> [Antoine: some reworks and commit message.] Signed-off-by:
Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
Ofer Heifetz authored
The Inside Secure SafeXcel driver currently uses 4 rings, but the eip197d engines has 8 of them. This patch updates the driver so that rings are allocated dynamically based on the number of available rings supported by a given engine. Signed-off-by:
-
Antoine Tenart authored
Add a flags field in the private structure, and a first flag for engines needing context invalidation (currently only the eip197b). The invalidation is needed when the engine includes a TRC cache, which will also be true for the upcoming addition of the eip197d engine. Suggested-by:
-
Antoine Tenart authored
EIP engines do not support the same set of algorithms. So far the supported engines in the Inside Secure SafeXcel driver support the same set of algorithms, but that won't be true for all engines. This patch adds an 'engines' field in the algorithm definitions so that they only are registered when using a compatible cryptographic engine. Signed-off-by:
-
Antoine Tenart authored
The compatibles were updated in the Inside Secure SafeXcel cryptographic driver, as the ones previously used were not specific enough. The old compatibles are still supported by the driver for backward compatibility. This patch updates the documentation accordingly. Signed-off-by:
-
Antoine Tenart authored
At first we used two compatibles in the SafeXcel driver, named after the engine revision: eip97 and eip197. However this family of engines has more precise versions and in fact we're supporting the eip97ies and eip197b. More versions will be supported in the future, such as the eip197d, and we'll need to differentiate them. This patch fixes the compatibles used in the driver, to now use precise ones. The two historical compatibles are kept for backward compatibility. Signed-off-by:
-
Antoine Tenart authored
This patch moves the firmware loaded by the Inside Secure SafeXcel driver from /lib/firmware/ to /lib/firmware/inside-secure/eip197b/. This prepares the driver for future patches which will support other revisions of the EIP197 crypto engine as they'll have their own firmwares. To keep the compatibility of what was done, the old path is still supported as a fallback for the EIP197b (currently the only one supported by the driver that loads a firmware). Signed-off-by:
-
Stephan Mueller authored
According to SP800-56A section 5.6.2.1, the public key to be processed for the DH operation shall be checked for appropriateness. The check shall covers the full verification test in case the domain parameter Q is provided as defined in SP800-56A section 5.6.2.3.1. If Q is not provided, the partial check according to SP800-56A section 5.6.2.3.2 is performed. The full verification test requires the presence of the domain parameter Q. Thus, the patch adds the support to handle Q. It is permissible to not provide the Q value as part of the domain parameters. This implies that the interface is still backwards-compatible where so far only P and G are to be provided. However, if Q is provided, it is imported. Without the test, the NIST ACVP testing fails. After adding this check, the NIST ACVP testing passes. Testing without providing the Q domain parameter has been performed to verify the interface has not changed. Signed-off-by:
Stephan Mueller <smueller@chronox.de> Signed-off-by:
-
lionel.debieve@st.com authored
Adding pm and pm_runtime support to STM32 CRC. Signed-off-by:
Lionel Debieve <lionel.debieve@st.com> Signed-off-by:
-
lionel.debieve@st.com authored
Adding pm and pm_runtime support to STM32 HASH. Signed-off-by:
-
lionel.debieve@st.com authored
Adding pm and pm_runtime support to STM32 CRYP. Signed-off-by:
-
Stafford Horne authored
As of GCC 9.0.0 the build is reporting warnings like: crypto/ablkcipher.c: In function ‘crypto_ablkcipher_report’: crypto/ablkcipher.c:374:2: warning: ‘strncpy’ specified bound 64 equals destination size [-Wstringop-truncation] strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<default>", ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ sizeof(rblkcipher.geniv)); ~~~~~~~~~~~~~~~~~~~~~~~~~ This means the strnycpy might create a non null terminated string. Fix this by explicitly performing '\0' termination. Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Max Filippov <jcmvbkbc@gmail.com> Cc: Eric Biggers <ebiggers3@gmail.com> Cc: Nick Desaulniers <nick.desaulniers@gmail.com> Signed-off-by:Stafford Horne <shorne@gmail.com> Signed-off-by:
-
Stephan Mueller authored
According to SP800-56A section 5.6.2.1, the public key to be processed for the ECDH operation shall be checked for appropriateness. When the public key is considered to be an ephemeral key, the partial validation test as defined in SP800-56A section 5.6.2.3.4 can be applied. The partial verification test requires the presence of the field elements of a and b. For the implemented NIST curves, b is defined in FIPS 186-4 appendix D.1.2. The element a is implicitly given with the Weierstrass equation given in D.1.2 where a = p - 3. Without the test, the NIST ACVP testing fails. After adding this check, the NIST ACVP testing passes. Signed-off-by:
-
- 01 Jul, 2018 7 commits
-
-
Denis Efremov authored
The function skcipher_walk_next declared as static and marked as EXPORT_SYMBOL_GPL. It's a bit confusing for internal function to be exported. The area of visibility for such function is its .c file and all other modules. Other *.c files of the same module can't use it, despite all other modules can. Relying on the fact that this is the internal function and it's not a crucial part of the API, the patch just removes the EXPORT_SYMBOL_GPL marking of skcipher_walk_next. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by:
Denis Efremov <efremov@linux.com> Signed-off-by:
-
Farhan Ali authored
Register a crypto algo with the Linux crypto layer only if the algorithm is supported by the backend virtio-crypto device. Also route crypto requests to a virtio-crypto device, only if it can support the requested service and algorithm. Signed-off-by:
Farhan Ali <alifm@linux.ibm.com> Acked-by:
Gonglei <arei.gonglei@huawei.com> Acked-by:
Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by:
-
Farhan Ali authored
Read the crypto services and algorithm masks which provides information about the services and algorithms supported by virtio-crypto backend. Signed-off-by:
-
Eric Biggers authored
Remove the original version of the VMAC template that had the nonce hardcoded to 0 and produced a digest with the wrong endianness. I'm unsure whether this had users or not (there are no explicit in-kernel references to it), but given that the hardcoded nonce made it wildly insecure unless a unique key was used for each message, let's try removing it and see if anyone complains. Leave the new "vmac64" template that requires the nonce to be explicitly specified as the first 16 bytes of data and uses the correct endianness for the digest. Signed-off-by:
Eric Biggers <ebiggers@google.com> Signed-off-by:
-
Eric Biggers authored
Currently the VMAC template uses a "nonce" hardcoded to 0, which makes it insecure unless a unique key is set for every message. Also, the endianness of the final digest is wrong: the implementation uses little endian, but the VMAC specification has it as big endian, as do other VMAC implementations such as the one in Crypto++. Add a new VMAC template where the nonce is passed as the first 16 bytes of data (similar to what is done for Poly1305's nonce), and the digest is big endian. Call it "vmac64", since the old name of simply "vmac" didn't clarify whether the implementation is of VMAC-64 or of VMAC-128 (which produce 64-bit and 128-bit digests respectively); so we fix the naming ambiguity too. Signed-off-by:
-
Eric Biggers authored
syzbot reported a crash in vmac_final() when multiple threads concurrently use the same "vmac(aes)" transform through AF_ALG. The bug is pretty fundamental: the VMAC template doesn't separate per-request state from per-tfm (per-key) state like the other hash algorithms do, but rather stores it all in the tfm context. That's wrong. Also, vmac_final() incorrectly zeroes most of the state including the derived keys and cached pseudorandom pad. Therefore, only the first VMAC invocation with a given key calculates the correct digest. Fix these bugs by splitting the per-tfm state from the per-request state and using the proper init/update/final sequencing for requests. Reproducer for the crash: #include <linux/if_alg.h> #include <sys/socket.h> #include <unistd.h> int main() { int fd; struct sockaddr_alg addr = { .salg_type = "hash", .salg_name = "vmac(aes)", }; char buf[256] = { 0 }; fd = socket(AF_ALG, SOCK_SEQPACKET, 0); bind(fd, (void *)&addr, sizeof(addr)); setsockopt(fd, SOL_ALG, ALG_SET_KEY, buf, 16); fork(); fd = accept(fd, NULL, NULL); for (;;) write(fd, buf, 256); } The immediate cause of the crash is that vmac_ctx_t.partial_size exceeds VMAC_NHBYTES, causing vmac_final() to memset() a negative length. Reported-by: syzbot+264bca3a6e8d645550d3@syzkaller.appspotmail.com Fixes: f1939f7c ("crypto: vmac - New hash algorithm for intel_txt support") Cc: <stable@vger.kernel.org> # v2.6.32+ Signed-off-by: -
Eric Biggers authored
The VMAC template assumes the block cipher has a 128-bit block size, but it failed to check for that. Thus it was possible to instantiate it using a 64-bit block size cipher, e.g. "vmac(cast5)", causing uninitialized memory to be used. Add the needed check when instantiating the template. Fixes: f1939f7c ("crypto: vmac - New hash algorithm for intel_txt support") Cc: <stable@vger.kernel.org> # v2.6.32+ Signed-off-by:
-
- 22 Jun, 2018 15 commits
-
-
Tudor-Dan Ambarus authored
Remove it because when using a slow console, it can affect the speed of crypto operations. Similar to 'commit 730f23b6 ("crypto: vmx - Remove overly verbose printk from AES XTS init")'. Signed-off-by:
Tudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by:
-
Tudor-Dan Ambarus authored
Remove the limitation of single element scatterlists. ECDH with multi-element scatterlists is needed by TPM. Similar to 'commit 95ec01ba ("crypto: ecdh - fix to allow multi segment scatterlists")'. Signed-off-by:
-
Colin Ian King authored
The structure algs is local to the source and does not need to be in global scope, so make it static. Cleans up sparse warning: drivers/crypto/cavium/cpt/cptvf_algs.c:354:19: warning: symbol 'algs' was not declared. Should it be static? Signed-off-by:
Colin Ian King <colin.king@canonical.com> Signed-off-by:
-
Colin Ian King authored
Trival fix to correct the indentation of a single statement Signed-off-by:
-
Antoine Tenart authored
This patch adds the authenc(hmac(sha384),cbc(aes)) algorithm support to the Inside Secure SafeXcel driver. Signed-off-by:
-
Antoine Tenart authored
This patch adds the hmac(sha384) algorithm support to the Inside Secure SafeXcel driver. Signed-off-by:
-
Antoine Tenart authored
This patch adds the sha384 algorithm support to the Inside Secure SafeXcel driver. Signed-off-by:
-
Antoine Tenart authored
This patch adds the sha384 pre-computed 0-length hash so that device drivers can use it when an hardware engine does not support computing a hash from a 0 length input. Signed-off-by:
-
Antoine Tenart authored
This patch adds the authenc(hmac(sha512),cbc(aes)) algorithm support to the Inside Secure SafeXcel driver. Signed-off-by:
-
Antoine Tenart authored
This patch adds the hmac(sha512) algorithm support to the Inside Secure SafeXcel driver. Signed-off-by:
-
Antoine Tenart authored
This patch adds the sha512 algorithm support to the Inside Secure SafeXcel driver. Signed-off-by:
-
Antoine Tenart authored
This patch adds the sha512 pre-computed 0-length hash so that device drivers can use it when an hardware engine does not support computing a hash from a 0 length input. Signed-off-by:
-
Antoine Tenart authored
A counter is given to the engine when finishing hash computation. It currently uses the blocksize while it counts the number of 64 bytes blocks given to the engine. This works well for all algorithms so far, as SHA1, SHA224 and SHA256 all have a blocksize of 64 bytes, but others algorithms such as SHA512 wouldn't work. Signed-off-by:
-
Antoine Tenart authored
This patch reworks the way invalidation request handlers handle the result descriptor errors, to use the common error handling function. This improves the drivers in terms of readability and maintainability. Suggested-by:
-
Ofer Heifetz authored
The token size was increased for AEAD support. Occasional authentication fails arise since the result descriptor overflows. This is because the token size and the engine minimal thresholds must be in sync. Signed-off-by:
-
- 16 Jun, 2018 5 commits
-
-
Linus Torvalds authored
-
git://git.kernel.dk/linux-blockLinus Torvalds authored
Pull block fixes from Jens Axboe: "A collection of fixes that should go into -rc1. This contains: - bsg_open vs bsg_unregister race fix (Anatoliy) - NVMe pull request from Christoph, with fixes for regressions in this window, FC connect/reconnect path code unification, and a trace point addition. - timeout fix (Christoph) - remove a few unused functions (Christoph) - blk-mq tag_set reinit fix (Roman)" * tag 'for-linus-20180616' of git://git.kernel.dk/linux-block: bsg: fix race of bsg_open and bsg_unregister block: remov blk_queue_invalidate_tags nvme-fabrics: fix and refine state checks in __nvmf_check_ready nvme-fabrics: handle the admin-only case properly in nvmf_check_ready nvme-fabrics: refactor queue ready check blk-mq: remove blk_mq_tagset_iter nvme: remove nvme_reinit_tagset nvme-fc: fix nulling of queue data on reconnect nvme-fc: remove reinit_request routine blk-mq: don't time out requests again that are in the timeout handler nvme-fc: change controllers first connect to use reconnect path nvme: don't rely on the changed namespace list log nvmet: free smart-log buffer after use nvme-rdma: fix error flow during mapping request data nvme: add bio remapping tracepoint nvme: fix NULL pointer dereference in nvme_init_subsystem blk-mq: reinit q->tag_set_list entry only after grace period -
git://linuxtv.org/mchehab/experimentalLinus Torvalds authored
Pull documentation fixes from Mauro Carvalho Chehab: "This solves a series of broken links for files under Documentation, and improves a script meant to detect such broken links (see scripts/documentation-file-ref-check). The changes on this series are: - can.rst: fix a footnote reference; - crypto_engine.rst: Fix two parsing warnings; - Fix a lot of broken references to Documentation/*; - improve the scripts/documentation-file-ref-check script, in order to help detecting/fixing broken references, preventing false-positives. After this patch series, only 33 broken references to doc files are detected by scripts/documentation-file-ref-check" * tag 'docs-broken-links' of git://linuxtv.org/mchehab/experimental: (26 commits) fix a series of Documentation/ broken file name references Documentation: rstFlatTable.py: fix a broken reference ABI: sysfs-devices-system-cpu: remove a broken reference devicetree: fix a series of wrong file references devicetree: fix name of pinctrl-bindings.txt devicetree: fix some bindings file names MAINTAINERS: fix location of DT npcm files MAINTAINERS: fix location of some display DT bindings kernel-parameters.txt: fix pointers to sound parameters bindings: nvmem/zii: Fix location of nvmem.txt docs: Fix more broken references scripts/documentation-file-ref-check: check tools/*/Documentation scripts/documentation-file-ref-check: get rid of false-positives scripts/documentation-file-ref-check: hint: dash or underline scripts/documentation-file-ref-check: add a fix logic for DT scripts/documentation-file-ref-check: accept more wildcards at filenames scripts/documentation-file-ref-check: fix help message media: max2175: fix location of driver's companion documentation media: v4l: fix broken video4linux docs locations media: dvb: point to the location of the old README.dvb-usb file ... -
git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fsLinus Torvalds authored
Pull fsnotify updates from Jan Kara: "fsnotify cleanups unifying handling of different watch types. This is the shortened fsnotify series from Amir with the last five patches pulled out. Amir has modified those patches to not change struct inode but obviously it's too late for those to go into this merge window" * tag 'fsnotify_for_v4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: fsnotify: add fsnotify_add_inode_mark() wrappers fanotify: generalize fanotify_should_send_event() fsnotify: generalize send_to_group() fsnotify: generalize iteration of marks by object type fsnotify: introduce marks iteration helpers fsnotify: remove redundant arguments to handle_event() fsnotify: use type id to identify connector object type
-
git://github.com/bzolnier/linuxLinus Torvalds authored
Pull fbdev updates from Bartlomiej Zolnierkiewicz: "There is nothing really major here, few small fixes, some cleanups and dead drivers removal: - mark omapfb drivers as orphans in MAINTAINERS file (Tomi Valkeinen) - add missing module license tags to omap/omapfb driver (Arnd Bergmann) - add missing GPIOLIB dependendy to omap2/omapfb driver (Arnd Bergmann) - convert savagefb, aty128fb & radeonfb drivers to use msleep & co. (Jia-Ju Bai) - allow COMPILE_TEST build for viafb driver (media part was reviewed by media subsystem Maintainer) - remove unused MERAM support from sh_mobile_lcdcfb and shmob-drm drivers (drm parts were acked by shmob-drm driver Maintainer) - remove unused auo_k190xfb drivers - misc cleanups (Souptick Joarder, Wolfram Sang, Markus Elfring, Andy Shevchenko, Colin Ian King)" * tag 'fbdev-v4.18' of git://github.com/bzolnier/linux: (26 commits) fb_omap2: add gpiolib dependency video/omap: add module license tags MAINTAINERS: make omapfb orphan video: fbdev: pxafb: match_string() conversion fixup video: fbdev: nvidia: fix spelling mistake: "scaleing" -> "scaling" video: fbdev: fix spelling mistake: "frambuffer" -> "framebuffer" video: fbdev: pxafb: Convert to use match_string() helper video: fbdev: via: allow COMPILE_TEST build video: fbdev: remove unused sh_mobile_meram driver drm: shmobile: remove unused MERAM support video: fbdev: sh_mobile_lcdcfb: remove unused MERAM support video: fbdev: remove unused auo_k190xfb drivers video: omap: Improve a size determination in omapfb_do_probe() video: sm501fb: Improve a size determination in sm501fb_probe() video: fbdev-MMP: Improve a size determination in path_init() video: fbdev-MMP: Delete an error message for a failed memory allocation in two functions video: auo_k190x: Delete an error message for a failed memory allocation in auok190x_common_probe() video: sh_mobile_lcdcfb: Delete an error message for a failed memory allocation in two functions video: sh_mobile_meram: Delete an error message for a failed memory allocation in sh_mobile_meram_probe() video: fbdev: sh_mobile_meram: Drop SUPERH platform dependency ...
-
