| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Even though the sun8i-ce driver implements asynchronous versions of
ecb(aes) and cbc(aes), the fallbacks it allocates are required to be
synchronous. Given that SIMD based software implementations are usually
asynchronous as well, even though they rarely complete asynchronously
(this typically only happens in cases where the request was made from
softirq context, while SIMD was already in use in the task context that
it interrupted), these implementations are disregarded, and either the
generic C version or another table based version implemented in assembler
is selected instead.
Since falling back to synchronous AES is not only a performance issue, but
potentially a security issue as well (due to the fact that table based AES
is not time invariant), let's fix this, by allocating an ordinary skcipher
as the fallback, and invoke it with the completion routine that was given
to the outer request.
Signed-off-by: Ard Biesheuvel <[email protected]>
Acked-by: Corentin Labbe <[email protected]>
Tested-by: Corentin Labbe <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Even though the sun4i driver implements asynchronous versions of ecb(aes)
and cbc(aes), the fallbacks it allocates are required to be synchronous.
Given that SIMD based software implementations are usually asynchronous
as well, even though they rarely complete asynchronously (this typically
only happens in cases where the request was made from softirq context,
while SIMD was already in use in the task context that it interrupted),
these implementations are disregarded, and either the generic C version
or another table based version implemented in assembler is selected
instead.
Since falling back to synchronous AES is not only a performance issue, but
potentially a security issue as well (due to the fact that table based AES
is not time invariant), let's fix this, by allocating an ordinary skcipher
as the fallback, and invoke it with the completion routine that was given
to the outer request.
Signed-off-by: Ard Biesheuvel <[email protected]>
Tested-by: Corentin Labbe <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Even though the omap-aes driver implements asynchronous versions of
ecb(aes), cbc(aes) and ctr(aes), the fallbacks it allocates are required
to be synchronous. Given that SIMD based software implementations are
usually asynchronous as well, even though they rarely complete
asynchronously (this typically only happens in cases where the request was
made from softirq context, while SIMD was already in use in the task
context that it interrupted), these implementations are disregarded, and
either the generic C version or another table based version implemented in
assembler is selected instead.
Since falling back to synchronous AES is not only a performance issue, but
potentially a security issue as well (due to the fact that table based AES
is not time invariant), let's fix this, by allocating an ordinary skcipher
as the fallback, and invoke it with the completion routine that was given
to the outer request.
Signed-off-by: Ard Biesheuvel <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Even though the amlogic-gxl driver implements asynchronous versions of
ecb(aes) and cbc(aes), the fallbacks it allocates are required to be
synchronous. Given that SIMD based software implementations are usually
asynchronous as well, even though they rarely complete asynchronously
(this typically only happens in cases where the request was made from
softirq context, while SIMD was already in use in the task context that
it interrupted), these implementations are disregarded, and either the
generic C version or another table based version implemented in assembler
is selected instead.
Since falling back to synchronous AES is not only a performance issue,
but potentially a security issue as well (due to the fact that table
based AES is not time invariant), let's fix this, by allocating an
ordinary skcipher as the fallback, and invoke it with the completion
routine that was given to the outer request.
Signed-off-by: Ard Biesheuvel <[email protected]>
Tested-by: Corentin Labbe <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
The AmLogic GXL crypto accelerator driver is built into the kernel if
ARCH_MESON is set. However, given the single image policy of arm64, its
defconfig enables all platforms by default, and so ARCH_MESON is usually
enabled.
This means that the AmLogic driver causes the arm64 defconfig build to
pull in a huge chunk of the crypto stack as a builtin as well, which is
undesirable, so let's make the amlogic GXL driver default to 'm' instead.
Signed-off-by: Ard Biesheuvel <[email protected]>
Tested-by: Corentin Labbe <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Modify some log output interfaces and
update author information
Signed-off-by: Longfang Liu <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Update debugfs interface parameters, and adjust the
processing logic inside the corresponding function
Signed-off-by: Longfang Liu <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Updates the initialization and reset of SEC driver's
register operation.
Signed-off-by: Longfang Liu <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
As before, if a SEC queue is at the 'fake busy' status,
the request with a 'fake busy' flag will be sent into hardware
and the sending function returns busy. After the request is
finished, SEC driver's call back will identify the 'fake busy' flag,
and notifies the user that hardware is not busy now by calling
user's call back function.
Now, a request sent into busy hardware will be cached in the
SEC queue's backlog, return '-EBUSY' to user.
After the request being finished, the cached requests will
be processed in the call back function. to notify the
corresponding user that SEC queue can process more requests.
Signed-off-by: Kai Ye <[email protected]>
Reviewed-by: Longfang Liu <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
SEC debug registers aren't cleared even if its driver is removed,
so add a clearing operation in driver removing.
Signed-off-by: Kai Ye <[email protected]>
Reviewed-by: Longfang Liu <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
The arc4 algorithm requires storing state in the request context
in order to allow more than one encrypt/decrypt operation. As this
driver does not seem to do that, it means that using it for more
than one operation is broken.
Fixes: eaed71a44ad9 ("crypto: caam - add ecb(*) support")
Link: https://lore.kernel.org/linux-crypto/CAMj1kXGvMe_A_iQ43Pmygg9xaAM-RLy=_M=v+eg--8xNmv9P+w@mail.gmail.com
Link: https://lore.kernel.org/linux-crypto/[email protected]
Signed-off-by: Herbert Xu <[email protected]>
Acked-by: Ard Biesheuvel <[email protected]>
Acked-by: Horia Geantă <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
If users don't specify NUMA node, the driver will use the ZIP module near
the CPU allocating acomp. Otherwise, it uses the ZIP module according to
the requirement of users.
Cc: Zhou Wang <[email protected]>
Signed-off-by: Barry Song <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
This patch fixes a number of endianness marking issues in the ccp
driver.
Signed-off-by: Herbert Xu <[email protected]>
Acked-by: John Allen <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
features[] and id_table[] are not modified and can be made const to
allow the compiler to put them in read-only memory.
Before:
text data bss dec hex filename
11534 2056 160 13750 35b6 drivers/crypto/virtio/virtio_crypto_core.o
After:
text data bss dec hex filename
11630 1992 128 13750 35b6 drivers/crypto/virtio/virtio_crypto_core.o
Signed-off-by: Rikard Falkeborn <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Forward requests to another provider if the key length for AES-XTS is
192 bits as this is not supported by the QAT accelerators.
This fixes the following issue reported with the option
CONFIG_CRYPTO_MANAGER_EXTRA_TESTS:
alg: skcipher: qat_aes_xts setkey failed on test vector "random: len=3204 klen=48"; expected_error=0, actual_error=-22, flags=0x1
Signed-off-by: Giovanni Cabiddu <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Remove tfm field in qat_alg_skcipher_ctx structure.
This is not used.
Signed-off-by: Giovanni Cabiddu <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Validate AES-XTS key using the function xts_verify_key() to prevent
malformed keys.
Signed-off-by: Giovanni Cabiddu <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Allow AES-XTS requests that are not multiple of the block size.
If a request is smaller than the block size, return -EINVAL.
This fixes the following issue reported by the crypto testmgr self-test:
alg: skcipher: qat_aes_xts encryption failed on test vector "random: len=116 klen=64"; expected_error=0, actual_error=-22, cfg="random: inplace may_sleep use_finup src_divs=[<reimport>45.85%@+4077, <flush>54.15%@alignmask+18]"
Fixes: 96ee111a659e ("crypto: qat - return error for block...")
Signed-off-by: Giovanni Cabiddu <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
The change on the ux500 branch is needed by the regulator API.
|
|
A recent change to the Regulator consumer API (which this driver
utilises) add prototypes for the some suspend functions. These
functions require including header file include/linux/suspend.h.
The following tree of includes affecting this driver will be
present:
In file included from include/linux/elevator.h:6,
from include/linux/blkdev.h:288,
from include/linux/blk-cgroup.h:23,
from include/linux/writeback.h:14,
from include/linux/memcontrol.h:22,
from include/linux/swap.h:9,
from include/linux/suspend.h:5,
from include/linux/regulator/consumer.h:35,
from drivers/crypto/ux500/hash/hash_core.c:28:
include/linux/elevator.h pulls in include/linux/hashtable.h which
contains its own version of hash_init(). This confuses the build
system and results in the following error (amongst others):
drivers/crypto/ux500/hash/hash_core.c:1362:19: error: passing argument 1 of '__hash_init' from incompatible pointer type [-Werror=incompatible-pointer-types]
1362 | return hash_init(req);
Fix this by namespacing the local hash_init() such that the
source of confusion is removed.
Cc: Linus Walleij <[email protected]>
Cc: David S. Miller <[email protected]>
Cc: [email protected]
Signed-off-by: Lee Jones <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
This patch fixes all the sparse warnings in the octeontx driver.
Some of these are just trivial type changes.
However, some of the changes are non-trivial on little-endian hosts.
Obviously the driver appears to be broken on either LE or BE as it
was doing different things. I've taken the BE behaviour as the
correct one.
Signed-off-by: Herbert Xu <[email protected]>
|
|
PASID is defined as "int" although it's a 20-bit value and shouldn't be
negative int. To be consistent with PASID type in iommu, define PASID
as "u32".
Suggested-by: Thomas Gleixner <[email protected]>
Signed-off-by: Fenghua Yu <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Running the crypto manager self tests with
CONFIG_CRYPTO_MANAGER_EXTRA_TESTS may result in several types of errors
when using the ccp-crypto driver:
alg: skcipher: cbc-des3-ccp encryption failed on test vector 0; expected_error=0, actual_error=-5 ...
alg: skcipher: ctr-aes-ccp decryption overran dst buffer on test vector 0 ...
alg: ahash: sha224-ccp test failed (wrong result) on test vector ...
These errors are the result of improper processing of scatterlists mapped
for DMA.
Given a scatterlist in which entries are merged as part of mapping the
scatterlist for DMA, the DMA length of a merged entry will reflect the
combined length of the entries that were merged. The subsequent
scatterlist entry will contain DMA information for the scatterlist entry
after the last merged entry, but the non-DMA information will be that of
the first merged entry.
The ccp driver does not take this scatterlist merging into account. To
address this, add a second scatterlist pointer to track the current
position in the DMA mapped representation of the scatterlist. Both the DMA
representation and the original representation of the scatterlist must be
tracked as while most of the driver can use just the DMA representation,
scatterlist_map_and_copy() must use the original representation and
expects the scatterlist pointer to be accurate to the original
representation.
In order to properly walk the original scatterlist, the scatterlist must
be walked until the combined lengths of the entries seen is equal to the
DMA length of the current entry being processed in the DMA mapped
representation.
Fixes: 63b945091a070 ("crypto: ccp - CCP device driver and interface support")
Signed-off-by: John Allen <[email protected]>
Cc: [email protected]
Acked-by: Tom Lendacky <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Crypto test driver's test_ahash_speed calls crypto_ahash_update and
crypto_ahash_final APIs repeatedly for all the available test vector
buffer lengths.
if we mark the end for scatterlist based on the current vector size then
the subsequent vectors might fail if the later buffer lengths are higher.
To avoid this, in qce do not mark the end of scatterlist in update API,
the qce_ahash_async_req_handle API already takes care of this copying
right amount of buffer from the request scatter list.
Signed-off-by: Sivaprakash Murugesan <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
crypto testmgr deliberately corrupts the request context while passing
vectors to the import. This is to make sure that drivers do not rely on
request but they take all the necessary input from io vec passed to it.
qce casts the request context from request parameter, since it is corrupted
the sub squent hash request fails and qce hangs.
To avoid this re-initialize request context on import. The qce import
API alreasy takes care of taking the input vectors from passed io vec.
Signed-off-by: Sivaprakash Murugesan <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
crypto test module passes zero length vectors as test input to sha-1 and
sha-256. To provide correct output for these vectors, hash zero support
has been added as in other crypto drivers.
Signed-off-by: Sivaprakash Murugesan <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
pm_runtime_get_sync() increments the runtime PM usage counter even
the call returns an error code. Thus a corresponding decrement is
needed on the error handling path to keep the counter balanced.
Fix this by adding the missed function call.
Signed-off-by: Dinghao Liu <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Remove yet another unused field left over from times gone by.
Signed-off-by: Gilad Ben-Yossef <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
The ESSIV support in ccree was added before the kernel
generic support and using a slightly different API.
Brings the ccree essiv interface into compliance with
kernel crypto api one.
Since CryptoCell only support 256 bit AES key for ESSIV,
also use a fallback if requested a smaller key size.
Signed-off-by: Gilad Ben-Yossef <[email protected]>
Cc: Ard Biesheuvel <[email protected]>
Cc: Libo Wang <[email protected]>
Cc: Markus Elfring <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Fix a small resource leak on the error path of cipher processing.
Signed-off-by: Gilad Ben-Yossef <[email protected]>
Fixes: 63ee04c8b491e ("crypto: ccree - add skcipher support")
Cc: Markus Elfring <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
ahash_finup_no_ctx() returns -ENOMEM in most error cases,
and this is fine for almost all of them.
However, the return code provided by dpaa2_caam_enqueue()
(e.g. -EIO or -EBUSY) shouldn't be overridden by -ENOMEM.
Signed-off-by: Horia Geantă <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
The variable err is being initialized with a value that is never read
and it is being updated later with a new value. The initialization is
redundant and can be removed.
Addresses-Coverity: ("Unused value")
Signed-off-by: Colin Ian King <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
The variable ret is being assigned with a value that is never read
and it is being updated later with a new value. The assignment is
redundant and can be removed.
Addresses-Coverity: ("Unused value")
Signed-off-by: Colin Ian King <[email protected]>
Acked-by: Tom Lendacky <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
There is this call chain:
sec_alg_skcipher_encrypt -> sec_alg_skcipher_crypto ->
sec_alg_alloc_and_calc_split_sizes -> kcalloc
where we call sleeping allocator function even if CRYPTO_TFM_REQ_MAY_SLEEP
was not specified.
Signed-off-by: Mikulas Patocka <[email protected]>
Cc: [email protected] # v4.19+
Fixes: 915e4e8413da ("crypto: hisilicon - SEC security accelerator driver")
Acked-by: Jonathan Cameron <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
There is this call chain:
cvm_encrypt -> cvm_enc_dec -> cptvf_do_request -> process_request -> kzalloc
where we call sleeping allocator function even if CRYPTO_TFM_REQ_MAY_SLEEP
was not specified.
Signed-off-by: Mikulas Patocka <[email protected]>
Cc: [email protected] # v4.11+
Fixes: c694b233295b ("crypto: cavium - Add the Virtual Function driver for CPT")
Signed-off-by: Herbert Xu <[email protected]>
|
|
This patch fixes sparse endianness warnings as well as compiler
warnings on 64-bit hosts.
Signed-off-by: Herbert Xu <[email protected]>
Reviewed-by: Tero Kristo <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
This patch fixes sparse endianness warnings as well as compiler
warnings on 64-bit hosts.
Signed-off-by: Herbert Xu <[email protected]>
Reviewed-by: Tero Kristo <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Use strscpy to fix the warning
warning: 'strncpy' specified bound 64 equals destination size
Reported-by: kernel test robot <[email protected]>
Signed-off-by: Zhangfei Gao <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto fixes from Herbert Xu:
- NULL dereference in octeontx
- PM reference imbalance in ks-sa
- deadlock in crypto manager
- memory leak in drbg
- missing socket limit check on receive SG list size in algif_skcipher
- typos in caam
- warnings in ccp and hisilicon
* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: drbg - always try to free Jitter RNG instance
crypto: marvell/octeontx - Fix a potential NULL dereference
crypto: algboss - don't wait during notifier callback
crypto: caam - fix typos
crypto: ccp - Fix sparse warnings in sev-dev
crypto: hisilicon - Cap block size at 2^31
crypto: algif_skcipher - Cap recv SG list at ctx->used
hwrng: ks-sa - Fix runtime PM imbalance on error
|
|
This patch fixes all the sparse warnings in the octeontx driver.
Some of these are just trivial type changes.
However, some of the changes are non-trivial on little-endian hosts.
Obviously the driver appears to be broken on either LE or BE as it
was doing different things. I've taken the BE behaviour as the
correct one.
Reported-by: kernel test robot <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
The function handle_imx6_err005766 needs to take an __iomem argument
as otherwise sparse will generate two warnings.
Fixes: 33d69455e402 ("crypto: caam - limit AXI pipeline to a...")
Signed-off-by: Herbert Xu <[email protected]>
Reviewed-by: Iuliana Prodan <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Replace timeout logic in adf_put_admin_msg_sync() with existing macro
readl_poll_timeout().
Signed-off-by: Wojciech Ziemba <[email protected]>
Signed-off-by: Giovanni Cabiddu <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Update the logic that sends admin messages to be able to target a subset
of Acceleration Engines (AEs) in the device.
In future not all admin messages need to be sent to all the AEs.
Signed-off-by: Wojciech Ziemba <[email protected]>
Signed-off-by: Giovanni Cabiddu <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
This patch tidies up the definition of init/admin request and response
messages by removing the icp_qat_fw_init_admin_resp_pars structure
and embedding it into icp_qat_fw_init_admin_resp.
Signed-off-by: Wojciech Ziemba <[email protected]>
Signed-off-by: Giovanni Cabiddu <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
The variable ret is being assigned a value that is never read, the
error exit path via label 'unmap' returns -ENOMEM anyhow, so assigning
ret with -ENOMEM is redundamt.
Addresses-Coverity: ("Unused value")
Signed-off-by: Colin Ian King <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
As stress-ng running SEC engine on the Ubuntu OS,
we found that SEC only supports two threads each with one TFM
based on the default module parameter 'ctx_q_num'.
If running more threads, stress-ng will fail since it cannot
get more TFMs.
In order to fix this, we adjusted the default values
of the module parameters to support more TFMs.
Signed-off-by: Longfang Liu <[email protected]>
Signed-off-by: Zaibo Xu <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Remove packed attribute in adf_etr_bank_data and adf_etr_ring_data.
Fields in these structures are reordered in order to avoid holes.
Signed-off-by: Giovanni Cabiddu <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Kernel source code should not contain stdint.h types.
This patch replaces uintXX_t types with kernel space ABI types.
Signed-off-by: Wojciech Ziemba <[email protected]>
Signed-off-by: Giovanni Cabiddu <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Kernel source code should not include stdint.h types.
This patch replaces uintXX_t types with respective ones defined in kernel
headers.
Signed-off-by: Wojciech Ziemba <[email protected]>
Signed-off-by: Giovanni Cabiddu <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Add support for dpseci_reset() command for DPSECI objects.
For DPSECI DPAA2 objects with version lower than v5.4 reset command
was broken in MC f/w.
Signed-off-by: Andrei Botila <[email protected]>
Reviewed-by: Horia Geantă <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|