Herbert Xu [Mon, 27 Feb 2023 08:25:58 +0000 (16:25 +0800)]
crypto: caam - Fix edesc/iv ordering mixup
The attempt to add DMA alignment padding by moving IV to the front
of edesc was completely broken as it didn't change the places where
edesc was freed.
It's also wrong as the IV may still share a cache-line with the
edesc.
Fix this by restoring the original layout and simply reserving
enough memmory so that the IV is on a DMA cache-line by itself.
Reported-by: Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com>
Fixes:
199354d7fb6e ("crypto: caam - Remove GFP_DMA and add DMA alignment padding")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Taehee Yoo [Fri, 10 Feb 2023 18:15:41 +0000 (18:15 +0000)]
crypto: x86/aria-avx - Do not use avx2 instructions
vpbroadcastb and vpbroadcastd are not AVX instructions.
But the aria-avx assembly code contains these instructions.
So, kernel panic will occur if the aria-avx works on AVX2 unsupported
CPU.
vbroadcastss, and vpshufb are used to avoid using vpbroadcastb in it.
Unfortunately, this change reduces performance by about 5%.
Also, vpbroadcastd is simply replaced by vmovdqa in it.
Fixes:
ba3579e6e45c ("crypto: aria-avx - add AES-NI/AVX/x86_64/GFNI assembler implementation of aria cipher")
Reported-by: Herbert Xu <herbert@gondor.apana.org.au>
Reported-by: Erhard F. <erhard_f@mailbox.org>
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Fri, 10 Feb 2023 09:40:57 +0000 (17:40 +0800)]
crypto: aspeed - Fix modular aspeed-acry
When aspeed-acry is enabled as a module it doesn't get built at
all. Fix this by adding it to obj-m.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Neal Liu <neal_liu@aspeedtech.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Weili Qian [Thu, 9 Feb 2023 12:36:17 +0000 (20:36 +0800)]
crypto: hisilicon/qm - fix coding style issues
1. Remove extra blank lines.
2. Remove extra spaces.
3. Use spaces instead of tabs around '=' and '\',
to ensure consistent coding styles.
4. Macros should be capital letters, change 'QM_SQC_VFT_NUM_MASK_v2'
to 'QM_SQC_VFT_NUM_MASK_V2'.
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Weili Qian [Thu, 9 Feb 2023 12:36:16 +0000 (20:36 +0800)]
crypto: hisilicon/qm - update comments to match function
The return values of some functions have been modified,
but the comments have not been modified together. The
comments must be updated to be consistent with the functions.
Also move comments over the codes instead of right place
to ensure consistent coding styles.
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Weili Qian [Thu, 9 Feb 2023 12:36:15 +0000 (20:36 +0800)]
crypto: hisilicon/qm - change function names
The accelerator devices support multiple interrupts.
To better reflect purpose of each interrupt function,
change function name 'qm_irq' to 'qm_eq_irq' and 'do_qm_irq'
to 'do_qm_eq_irq'.
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Weili Qian [Thu, 9 Feb 2023 12:36:14 +0000 (20:36 +0800)]
crypto: hisilicon/qm - use min() instead of min_t()
'act_q_num = min_t(int, act_q_num, max_qp_num)', the type
of 'act_q_num' and 'max_qp_num' are both 'u32', so
use min() instead of min_t().
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Weili Qian [Thu, 9 Feb 2023 12:36:13 +0000 (20:36 +0800)]
crypto: hisilicon/qm - remove some unused defines
1. Remove some macros define since it is not used.
2. Remove enum QM_HW_UNKNOWN since it is not used.
3. Remove unused member 'is_frozen' in 'hisi_qm' structure.
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Thu, 9 Feb 2023 01:16:45 +0000 (09:16 +0800)]
crypto: proc - Print fips status
As FIPS may disable algorithms it is useful to show their status
in /proc/crypto.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 6 Feb 2023 06:01:53 +0000 (14:01 +0800)]
crypto: crypto4xx - Call dma_unmap_page when done
In crypto4xx_cipher_done, we should be unmapping the dst page, not
mapping it.
This was flagged by a sparse warning about the unused addr variable.
While we're at it, also fix a sparse warning regarding the unused
ctx variable in crypto4xx_ahash_done (by actually using it).
Fixes:
049359d65527 ("crypto: amcc - Add crypt4xx driver")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Alexander Lobakin [Mon, 6 Feb 2023 05:18:50 +0000 (13:18 +0800)]
crypto: octeontx2 - Fix objects shared between several modules
cn10k_cpt.o, otx2_cptlf.o and otx2_cpt_mbox_common.o are linked
into both rvu_cptpf and rvu_cptvf modules:
> scripts/Makefile.build:252: ./drivers/crypto/marvell/octeontx2/Makefile:
> cn10k_cpt.o is added to multiple modules: rvu_cptpf rvu_cptvf
> scripts/Makefile.build:252: ./drivers/crypto/marvell/octeontx2/Makefile:
> otx2_cptlf.o is added to multiple modules: rvu_cptpf rvu_cptvf
> scripts/Makefile.build:252: ./drivers/crypto/marvell/octeontx2/Makefile:
> otx2_cpt_mbox_common.o is added to multiple modules: rvu_cptpf rvu_cptvf
Despite they're build under the same Kconfig option
(CONFIG_CRYPTO_DEV_OCTEONTX2_CPT), it's better do link the common
code into a standalone module and export the shared functions. Under
certain circumstances, this can lead to the same situation as fixed
by commit
637a642f5ca5 ("zstd: Fixing mixed module-builtin objects").
Plus, those three common object files are relatively big to duplicate
them several times.
Introduce the new module, rvu_cptcommon, to provide the common
functions to both modules.
Fixes:
19d8e8c7be15 ("crypto: octeontx2 - add virtual function driver support")
Suggested-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Alexander Lobakin <alobakin@pm.me>
Reviewed-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 6 Feb 2023 05:08:48 +0000 (13:08 +0800)]
crypto: nx - Fix sparse warnings
This driver generates a large number of sparse warnings due to
two issues.
First of all the structure nx842_devdata is defined inline causing
the __rcu tag to be added to all users of it. This easily fixed by
splitting up the struct definition.
The second issue is with kdoc markers being incomplete. The trivial
case of nx842_exec_vas has been fixed, while the other incomplete
documentation has simply been downgraded to normal C comments.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 6 Feb 2023 04:53:38 +0000 (12:53 +0800)]
crypto: ecc - Silence sparse warning
Rewrite the bitwise operations to silence the sparse warnings:
CHECK ../crypto/ecc.c
../crypto/ecc.c:1387:39: warning: dubious: !x | y
../crypto/ecc.c:1397:47: warning: dubious: !x | y
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 7 Feb 2023 08:18:36 +0000 (16:18 +0800)]
tls: Pass rec instead of aead_req into tls_encrypt_done
The function tls_encrypt_done only uses aead_req to get ahold of
the tls_rec object. So we could pass that in instead of aead_req
to simplify the code.
Suggested-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 6 Feb 2023 10:22:46 +0000 (18:22 +0800)]
crypto: api - Remove completion function scaffolding
This patch removes the temporary scaffolding now that the comletion
function signature has been converted.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 6 Feb 2023 10:22:44 +0000 (18:22 +0800)]
tls: Remove completion function scaffolding
This patch removes the temporary scaffolding now that the comletion
function signature has been converted.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 6 Feb 2023 10:22:42 +0000 (18:22 +0800)]
tipc: Remove completion function scaffolding
This patch removes the temporary scaffolding now that the comletion
function signature has been converted.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 6 Feb 2023 10:22:40 +0000 (18:22 +0800)]
net: ipv6: Remove completion function scaffolding
This patch removes the temporary scaffolding now that the comletion
function signature has been converted.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 6 Feb 2023 10:22:38 +0000 (18:22 +0800)]
net: ipv4: Remove completion function scaffolding
This patch removes the temporary scaffolding now that the comletion
function signature has been converted.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 6 Feb 2023 10:22:36 +0000 (18:22 +0800)]
net: macsec: Remove completion function scaffolding
This patch removes the temporary scaffolding now that the comletion
function signature has been converted.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 6 Feb 2023 10:22:34 +0000 (18:22 +0800)]
dm: Remove completion function scaffolding
This patch removes the temporary scaffolding now that the comletion
function signature has been converted.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Wed, 8 Feb 2023 05:58:44 +0000 (13:58 +0800)]
crypto: api - Use data directly in completion function
This patch does the final flag day conversion of all completion
functions which are now all contained in the Crypto API.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:02:50 +0000 (16:02 +0800)]
crypto: talitos - Use request_complete helpers
Use the request_complete helpers instead of calling the completion
function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:02:48 +0000 (16:02 +0800)]
crypto: sahara - Use request_complete helpers
Use the request_complete helpers instead of calling the completion
function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:02:46 +0000 (16:02 +0800)]
crypto: s5p-sss - Use request_complete helpers
Use the request_complete helpers instead of calling the completion
function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:02:44 +0000 (16:02 +0800)]
crypto: qce - Use request_complete helpers
Use the request_complete helpers instead of calling the completion
function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:02:42 +0000 (16:02 +0800)]
crypto: qat - Use request_complete helpers
Use the request_complete helpers instead of calling the completion
function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:02:40 +0000 (16:02 +0800)]
crypto: mxs-dcp - Use request_complete helpers
Use the request_complete helpers instead of calling the completion
function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:02:38 +0000 (16:02 +0800)]
crypto: octeontx2 - Use request_complete helpers
Use the request_complete helpers instead of calling the completion
function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:02:35 +0000 (16:02 +0800)]
crypto: octeontx - Use request_complete helpers
Use the request_complete helpers instead of calling the completion
function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:02:33 +0000 (16:02 +0800)]
crypto: marvell/cesa - Use request_complete helpers
Use the request_complete helpers instead of calling the completion
function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:02:31 +0000 (16:02 +0800)]
crypto: ixp4xx - Use request_complete helpers
Use the request_complete helpers instead of calling the completion
function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:02:29 +0000 (16:02 +0800)]
crypto: safexcel - Use request_complete helpers
Use the request_complete helpers instead of calling the completion
function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:02:27 +0000 (16:02 +0800)]
crypto: img-hash - Use request_complete helpers
Use the request_complete helpers instead of calling the completion
function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:02:25 +0000 (16:02 +0800)]
crypto: hisilicon - Use request_complete helpers
Use the request_complete helpers instead of calling the completion
function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:02:23 +0000 (16:02 +0800)]
crypto: hifn_795x - Use request_complete helpers
Use the request_complete helpers instead of calling the completion
function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:02:21 +0000 (16:02 +0800)]
crypto: chelsio - Use request_complete helpers
Use the request_complete helpers instead of calling the completion
function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:02:19 +0000 (16:02 +0800)]
crypto: ccp - Use request_complete helpers
Use the request_complete helpers instead of calling the completion
function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:02:17 +0000 (16:02 +0800)]
crypto: nitrox - Use request_complete helpers
Use the request_complete helpers instead of calling the completion
function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:02:15 +0000 (16:02 +0800)]
crypto: cpt - Use request_complete helpers
Use the request_complete helpers instead of calling the completion
function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:02:12 +0000 (16:02 +0800)]
crypto: bcm - Use request_complete helpers
Use the request_complete helpers instead of calling the completion
function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:02:10 +0000 (16:02 +0800)]
crypto: artpec6 - Use request_complete helpers
Use the request_complete helpers instead of calling the completion
function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Jesper Nilsson <jesper.nilsson@axis.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:02:08 +0000 (16:02 +0800)]
crypto: atmel - Use request_complete helpers
Use the request_complete helpers instead of calling the completion
function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Wed, 8 Feb 2023 05:56:00 +0000 (13:56 +0800)]
crypto: cryptd - Use request_complete helpers
Use the request_complete helpers instead of calling the completion
function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:02:04 +0000 (16:02 +0800)]
crypto: rsa-pkcs1pad - Use akcipher_request_complete
Use the akcipher_request_complete helper instead of calling the
completion function directly. In fact the previous code was buggy
in that EINPROGRESS was never passed back to the original caller.
Fixes:
3d5b1ecdea6f ("crypto: rsa - RSA padding algorithm")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:02:02 +0000 (16:02 +0800)]
crypto: engine - Use crypto_request_complete
Use the crypto_request_complete helper instead of calling the
completion function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:02:00 +0000 (16:02 +0800)]
crypto: skcipher - Use crypto_request_complete
Use the crypto_request_complete helper instead of calling the
completion function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:01:58 +0000 (16:01 +0800)]
crypto: kpp - Use crypto_request_complete
Use the crypto_request_complete helper instead of calling the
completion function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Fri, 10 Feb 2023 12:20:20 +0000 (20:20 +0800)]
crypto: hash - Use crypto_request_complete
Use the crypto_request_complete helper instead of calling the
completion function directly.
This patch also removes the voodoo programming previously used
for unaligned ahash operations and replaces it with a sub-request.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:01:53 +0000 (16:01 +0800)]
crypto: akcipher - Use crypto_request_complete
Use the crypto_request_complete helper instead of calling the
completion function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:01:51 +0000 (16:01 +0800)]
crypto: aead - Use crypto_request_complete
Use the crypto_request_complete helper instead of calling the
completion function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:01:49 +0000 (16:01 +0800)]
crypto: acompress - Use crypto_request_complete
Use the crypto_request_complete helper instead of calling the
completion function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Wed, 8 Feb 2023 05:53:24 +0000 (13:53 +0800)]
crypto: cryptd - Use subreq for AEAD
AEAD reuses the existing request object for its child. This is
error-prone and unnecessary. This patch adds a subrequest object
just like we do for skcipher and hash.
This patch also restores the original completion function as we
do for skcipher/hash.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 6 Feb 2023 10:22:29 +0000 (18:22 +0800)]
KEYS: DH: Use crypto_wait_req
This patch replaces the custom crypto completion function with
crypto_req_done.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 6 Feb 2023 10:22:27 +0000 (18:22 +0800)]
tls: Only use data field in crypto completion function
The crypto_async_request passed to the completion is not guaranteed
to be the original request object. Only the data field can be relied
upon.
Fix this by storing the socket pointer with the AEAD request.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 6 Feb 2023 10:22:25 +0000 (18:22 +0800)]
tipc: Add scaffolding to change completion function signature
This patch adds temporary scaffolding so that the Crypto API
completion function can take a void * instead of crypto_async_request.
Once affected users have been converted this can be removed.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 6 Feb 2023 10:22:23 +0000 (18:22 +0800)]
net: ipv6: Add scaffolding to change completion function signature
This patch adds temporary scaffolding so that the Crypto API
completion function can take a void * instead of crypto_async_request.
Once affected users have been converted this can be removed.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 6 Feb 2023 10:22:21 +0000 (18:22 +0800)]
net: ipv4: Add scaffolding to change completion function signature
This patch adds temporary scaffolding so that the Crypto API
completion function can take a void * instead of crypto_async_request.
Once affected users have been converted this can be removed.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 6 Feb 2023 10:22:19 +0000 (18:22 +0800)]
Bluetooth: Use crypto_wait_req
This patch replaces the custom crypto completion function with
crypto_req_done.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 6 Feb 2023 10:22:17 +0000 (18:22 +0800)]
fs: ecryptfs: Use crypto_wait_req
This patch replaces the custom crypto completion function with
crypto_req_done.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 6 Feb 2023 10:22:15 +0000 (18:22 +0800)]
net: macsec: Add scaffolding to change completion function signature
This patch adds temporary scaffolding so that the Crypto API
completion function can take a void * instead of crypto_async_request.
Once affected users have been converted this can be removed.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 6 Feb 2023 10:22:12 +0000 (18:22 +0800)]
dm: Add scaffolding to change completion function signature
This patch adds temporary scaffolding so that the Crypto API
completion function can take a void * instead of crypto_async_request.
Once affected users have been converted this can be removed.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 08:01:45 +0000 (16:01 +0800)]
crypto: api - Add scaffolding to change completion function signature
The crypto completion function currently takes a pointer to a
struct crypto_async_request object. However, in reality the API
does not allow the use of any part of the object apart from the
data field. For example, ahash/shash will create a fake object
on the stack to pass along a different data field.
This leads to potential bugs where the user may try to dereference
or otherwise use the crypto_async_request object.
This patch adds some temporary scaffolding so that the completion
function can take a void * instead. Once affected users have been
converted this can be removed.
The helper crypto_request_complete will remain even after the
conversion is complete. It should be used instead of calling
the completion function directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Christophe JAILLET [Sat, 4 Feb 2023 20:54:08 +0000 (21:54 +0100)]
crypto: virtio/akcipher - Do not use GFP_ATOMIC when not needed
There is no need to use GFP_ATOMIC here. GFP_KERNEL is already used for
another memory allocation just the line after.
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Neal Liu [Fri, 3 Feb 2023 03:35:12 +0000 (11:35 +0800)]
crypto: aspeed - fix type warnings
This patch fixes following warnings:
1. sparse: incorrect type in assignment (different base types)
Fix: change to __le32 type.
2. sparse: cast removes address space '__iomem' of expression
Fix: use readb to avoid dereferencing the memory.
Signed-off-by: Neal Liu <neal_liu@aspeedtech.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Zhang Yiqun [Thu, 2 Feb 2023 08:38:05 +0000 (16:38 +0800)]
crypto: testmgr - add diff-splits of src/dst into default cipher config
This type of request is often happened in AF_ALG cases.
So add this vector in default cipher config array.
Signed-off-by: Zhang Yiqun <zhangyiqun@phytium.com.cn>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Thu, 2 Feb 2023 08:33:47 +0000 (16:33 +0800)]
crypto: arm64/sm4-gcm - Fix possible crash in GCM cryption
An often overlooked aspect of the skcipher walker API is that an
error is not just indicated by a non-zero return value, but by the
fact that walk->nbytes is zero.
Thus it is an error to call skcipher_walk_done after getting back
walk->nbytes == 0 from the previous interaction with the walker.
This is because when walk->nbytes is zero the walker is left in
an undefined state and any further calls to it may try to free
uninitialised stack memory.
The sm4 arm64 ccm code gets this wrong and ends up calling
skcipher_walk_done even when walk->nbytes is zero.
This patch rewrites the loop in a form that resembles other callers.
Reported-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Fixes:
ae1b83c7d572 ("crypto: arm64/sm4 - add CE implementation for GCM mode")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Giovanni Cabiddu [Wed, 1 Feb 2023 17:04:41 +0000 (17:04 +0000)]
crypto: qat - drop log level of msg in get_instance_node()
The functions qat_crypto_get_instance_node() and
qat_compression_get_instance_node() allow to get a QAT instance (ring
pair) on a device close to the node specified as input parameter.
When this is not possible, and a QAT device is available in the system,
these function return an instance on a remote node and they print a
message reporting that it is not possible to find a device on the specified
node. This is interpreted by people as an error rather than an info.
The print "Could not find a device on node" indicates that a kernel
application is running on a core in a socket that does not have a QAT
device directly attached to it and performance might suffer.
Due to the nature of the message, this can be considered as a debug
message, therefore drop the severity to debug and report it only once
to avoid flooding.
Suggested-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Fiona Trahe <fiona.trahe@intel.com>
Reviewed-by: Vladis Dronov <vdronov@redhat.com>
Tested-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Giovanni Cabiddu [Wed, 1 Feb 2023 15:59:44 +0000 (15:59 +0000)]
crypto: qat - fix out-of-bounds read
When preparing an AER-CTR request, the driver copies the key provided by
the user into a data structure that is accessible by the firmware.
If the target device is QAT GEN4, the key size is rounded up by 16 since
a rounded up size is expected by the device.
If the key size is rounded up before the copy, the size used for copying
the key might be bigger than the size of the region containing the key,
causing an out-of-bounds read.
Fix by doing the copy first and then update the keylen.
This is to fix the following warning reported by KASAN:
[ 138.150574] BUG: KASAN: global-out-of-bounds in qat_alg_skcipher_init_com.isra.0+0x197/0x250 [intel_qat]
[ 138.150641] Read of size 32 at addr
ffffffff88c402c0 by task cryptomgr_test/2340
[ 138.150651] CPU: 15 PID: 2340 Comm: cryptomgr_test Not tainted 6.2.0-rc1+ #45
[ 138.150659] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.86B.0087.D13.
2208261706 08/26/2022
[ 138.150663] Call Trace:
[ 138.150668] <TASK>
[ 138.150922] kasan_check_range+0x13a/0x1c0
[ 138.150931] memcpy+0x1f/0x60
[ 138.150940] qat_alg_skcipher_init_com.isra.0+0x197/0x250 [intel_qat]
[ 138.151006] qat_alg_skcipher_init_sessions+0xc1/0x240 [intel_qat]
[ 138.151073] crypto_skcipher_setkey+0x82/0x160
[ 138.151085] ? prepare_keybuf+0xa2/0xd0
[ 138.151095] test_skcipher_vec_cfg+0x2b8/0x800
Fixes:
67916c951689 ("crypto: qat - add AES-CTR support for QAT GEN4 devices")
Cc: <stable@vger.kernel.org>
Reported-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Fiona Trahe <fiona.trahe@intel.com>
Reviewed-by: Vladis Dronov <vdronov@redhat.com>
Tested-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tianjia Zhang [Wed, 1 Feb 2023 12:32:07 +0000 (20:32 +0800)]
crypto: arm64/sm4-ccm - Rewrite skcipher walker loop
The fact that an error in the skcipher walker API are indicated
not only by a non-zero return value, but also by the fact that
walk->nbytes is zero, causes the layout of the skcipher walker
loop to be sufficiently different from the usual layout, which
is not a problem in itself, but it is likely to cause reading
confusion and difficulty in code maintenance.
This patch rewrites skcipher walker loop, and separates the
last chunk cryption from the loop to avoid wrong calls to the
skcipher walker API. In addition to following the usual convention
of checking walk->nbytes, it also makes the loop execute logic
clearer and easier to understand.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Uwe Kleine-König [Tue, 31 Jan 2023 08:13:51 +0000 (09:13 +0100)]
crypto: atmel - Drop unused id parameter from atmel_i2c_probe()
id is unused in atmel_i2c_probe() and the callers have extra efforts to
determine the right parameter. So drop the parameter simplifying both
atmel_i2c_probe() and its callers.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Reviewed-by: Tudor Ambarus <tudor.ambarus@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 31 Jan 2023 05:44:05 +0000 (13:44 +0800)]
crypto: safexcel - Use crypto_wait_req
This patch replaces the custom crypto completion function with
crypto_req_done.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Peter Lafreniere [Tue, 31 Jan 2023 01:28:40 +0000 (20:28 -0500)]
crypto: x86/blowfish - Eliminate use of SYM_TYPED_FUNC_START in asm
Now that we use the ECB/CBC macros, none of the asm functions in
blowfish-x86_64 are called indirectly. So we can safely use
SYM_FUNC_START instead of SYM_TYPED_FUNC_START with no effect, allowing
us to remove an include.
Signed-off-by: Peter Lafreniere <peter@n8pjl.ca>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Peter Lafreniere [Tue, 31 Jan 2023 01:27:57 +0000 (20:27 -0500)]
crypto: x86/blowfish - Convert to use ECB/CBC helpers
We can simplify the blowfish-x86_64 glue code by using the preexisting
ECB/CBC helper macros. Additionally, this allows for easier reuse of asm
functions in later x86 implementations of blowfish.
This involves:
1 - Modifying blowfish_dec_blk_4way() to xor outputs when a flag is
passed.
2 - Renaming blowfish_dec_blk_4way() to __blowfish_dec_blk_4way().
3 - Creating two wrapper functions around __blowfish_dec_blk_4way() for
use in the ECB/CBC macros.
4 - Removing the custom ecb_encrypt() and cbc_encrypt() routines in
favor of macro-based routines.
Signed-off-by: Peter Lafreniere <peter@n8pjl.ca>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Peter Lafreniere [Tue, 31 Jan 2023 01:27:14 +0000 (20:27 -0500)]
crypto: x86/blowfish - Remove unused encode parameter
The blowfish-x86_64 encryption functions have an unused argument. Remove
it.
This involves:
1 - Removing xor_block() macros.
2 - Removing handling of fourth argument from __blowfish_enc_blk{,_4way}()
functions.
3 - Renaming __blowfish_enc_blk{,_4way}() to blowfish_enc_blk{,_4way}().
4 - Removing the blowfish_enc_blk{,_4way}() wrappers from
blowfish_glue.c
5 - Temporarily using SYM_TYPED_FUNC_START for now indirectly-callable
encode functions.
Signed-off-by: Peter Lafreniere <peter@n8pjl.ca>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 30 Jan 2023 08:58:51 +0000 (16:58 +0800)]
crypto: arm64/aes-ccm - Rewrite skcipher walker loop
An often overlooked aspect of the skcipher walker API is that an
error is not just indicated by a non-zero return value, but by the
fact that walk->nbytes is zero.
Thus it is an error to call skcipher_walk_done after getting back
walk->nbytes == 0 from the previous interaction with the walker.
This is because when walk->nbytes is zero the walker is left in
an undefined state and any further calls to it may try to free
uninitialised stack memory.
The arm64 ccm code has to deal with zero-length messages, and
it needs to process data even when walk->nbytes == 0 is returned.
It doesn't have this bug because there is an explicit check for
walk->nbytes != 0 prior to the skcipher_walk_done call.
However, the loop is still sufficiently different from the usual
layout and it appears to have been copied into other code which
then ended up with this bug. This patch rewrites it to follow the
usual convention of checking walk->nbytes.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Lukas Bulwahn [Mon, 30 Jan 2023 07:31:09 +0000 (08:31 +0100)]
MAINTAINERS: repair file entry for STARFIVE TRNG DRIVER
Commit
c388f458bc34 ("hwrng: starfive - Add TRNG driver for StarFive SoC")
adds the STARFIVE TRNG DRIVER section to MAINTAINERS, but refers to the
non-existing file drivers/char/hw_random/starfive-trng.c rather than to the
actually added file drivers/char/hw_random/jh7110-trng.c in this commit.
Hence, ./scripts/get_maintainer.pl --self-test=patterns complains about a
broken reference.
Repair this file entry in STARFIVE TRNG DRIVER.
Fixes:
c388f458bc34 ("hwrng: starfive - Add TRNG driver for StarFive SoC")
Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com>
Acked-by: Jia Jie Ho <jiajie.ho@starfivetech.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Meadhbh [Thu, 19 Jan 2023 08:05:08 +0000 (09:05 +0100)]
Documentation: qat: change kernel version
Change kernel version from 5.20 to 6.0, as 5.20 is not a release.
Signed-off-by: Meadhbh Fitzpatrick <meadhbh.fitzpatrick@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Fri, 27 Jan 2023 11:03:21 +0000 (19:03 +0800)]
hwrng: starfive - Enable compile testing
Enable compile testing for jh7110. Also remove the dependency on
HW_RANDOM.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Conor Dooley <conor.dooley@microchip.com>
Reviewed-by: Jia Jie Ho <jiajie.ho@starfivetech.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Linus Walleij [Wed, 25 Jan 2023 00:23:11 +0000 (01:23 +0100)]
crypto: ux500/hash - delete driver
It turns out we can just modify the newer STM32 HASH driver
to be used with Ux500 and now that we have done that, delete
the old and sparsely maintained Ux500 HASH driver.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Linus Walleij [Wed, 25 Jan 2023 00:23:10 +0000 (01:23 +0100)]
crypto: stm32/hash - Support Ux500 hash
The Ux500 has a hash block which is an ancestor to the STM32
hash block. With some minor code path additions we can
support also this variant in the STM32 driver. Differences:
- Ux500 only supports SHA1 and SHA256 (+/- MAC) so we split
up the algorithm registration per-algorithm and register
each algorithm along with its MAC variant separately.
- Ux500 does not have an interrupt to indicate that hash
calculation is complete, so we add code paths to handle
polling for completion if the interrupt is missing in the
device tree.
- Ux500 is lacking the SR status register, to check if an
operating is complete, we need to poll the HASH_STR_DCAL
bit in the HASH_STR register instead.
- Ux500 had the resulting hash at address offset 0x0c and
8 32bit registers ahead. We account for this with a special
code path when reading out the hash digest.
- Ux500 need a special bit set in the control register before
performing the final hash calculation on an empty message.
- Ux500 hashes on empty messages will be performed if the
above bit is set, but are incorrect. For this reason we
just make an inline synchronous hash using a fallback
hash.
Tested on the Ux500 Golden device with the extended tests.
Acked-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Linus Walleij [Wed, 25 Jan 2023 00:23:09 +0000 (01:23 +0100)]
crypto: stm32/hash - Wait for idle before final CPU xmit
When calculating the hash using the CPU, right before the final
hash calculation, heavy testing on Ux500 reveals that it is wise
to wait for the hardware to go idle before calculating the
final hash.
The default test vectors mostly worked fine, but when I used the
extensive tests and stress the hardware I ran into this problem.
Acked-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Linus Walleij [Wed, 25 Jan 2023 00:23:08 +0000 (01:23 +0100)]
crypto: stm32/hash - Use existing busy poll function
When exporting state we are waiting indefinitely in the same
was as the ordinary stm32_hash_wait_busy() poll-for-completion
function but without a timeout, which means we could hang in
an eternal loop. Fix this by waiting for completion like the
rest of the code.
Acked-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Linus Walleij [Wed, 25 Jan 2023 00:23:07 +0000 (01:23 +0100)]
crypto: stm32/hash - Simplify code
We are passing (rctx->flags & HASH_FLAGS_FINUP) as indicator
for the final request but we already know this to be true since
we are in the (final) arm of an if-statement set from the same
flag. Just open-code it as true.
Acked-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Linus Walleij [Wed, 25 Jan 2023 00:23:06 +0000 (01:23 +0100)]
dt-bindings: crypto: Let STM32 define Ux500 HASH
This adds device tree bindings for the Ux500 HASH block
as a compatible in the STM32 HASH bindings.
The Ux500 HASH binding has been used for ages in the kernel
device tree for Ux500 but was never documented, so fill in
the gap by making it a sibling of the STM32 HASH block,
which is what it is.
The relationship to the existing STM32 HASH block is pretty
obvious when looking at the register map, and I have written
patches to reuse the STM32 HASH driver on the Ux500.
The main difference from the outside is that the Ux500 HASH
lacks the interrupt line, so some special if-clauses are
needed to accomodate this in the binding.
Reviewed-by: Rob Herring <robh@kernel.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 24 Jan 2023 09:11:11 +0000 (17:11 +0800)]
crypto: marvell/cesa - Use crypto_wait_req
This patch replaces the custom crypto completion function with
crypto_req_done.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 24 Jan 2023 08:28:39 +0000 (16:28 +0800)]
crypto: img-hash - Fix sparse endianness warning
Use cpu_to_be32 instead of be32_to_cpu in img_hash_read_result_queue
to silence sparse. The generated code should be identical.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tom Lendacky [Mon, 23 Jan 2023 22:53:08 +0000 (16:53 -0600)]
crypto: ccp - Flush the SEV-ES TMR memory before giving it to firmware
Perform a cache flush on the SEV-ES TMR memory after allocation to prevent
any possibility of the firmware encountering an error should dirty cache
lines be present. Use clflush_cache_range() to flush the SEV-ES TMR memory.
Fixes:
97f9ac3db661 ("crypto: ccp - Add support for SEV-ES to the PSP driver")
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Lucas Segarra Fernandez [Mon, 23 Jan 2023 10:42:22 +0000 (11:42 +0100)]
crypto: qat - add qat_zlib_deflate
The ZLIB format (RFC 1950) is made of deflate compressed data surrounded
by a header and a footer. The QAT accelerators support only the deflate
algorithm, therefore the header and the footer need to be inserted in
software.
This adds logic in the QAT driver to support the ZLIB format. In
particular:
* Generalize the function qat_comp_alg_compress_decompress() to allow
skipping an initial region (header) of the source and/or destination
scatter lists.
* Add logic to register the qat_zlib_deflate algorithm into the acomp
framework.
* For ZLIB compression, skip the initial portion of the destination
buffer before sending the job to the QAT accelerator and insert the
ZLIB header and footer in the callback, after the QAT request has
been processed.
* For ZLIB decompression, parse the header in the input buffer
provided by the user and verify its validity before attempting the
decompression of the buffer with QAT. Then submit the buffer to QAT
for decompression. In the callback verify the correctness of the
footer by comparing the value of the ADLER produced by QAT with the
one in the destination buffer.
Signed-off-by: Lucas Segarra Fernandez <lucas.segarra.fernandez@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Lucas Segarra Fernandez [Mon, 23 Jan 2023 10:42:21 +0000 (11:42 +0100)]
crypto: qat - extend buffer list logic interface
Extend qat_bl_sgl_to_bufl() to allow skipping the mapping of a region
of the source and the destination scatter lists starting from byte
zero.
This is to support the ZLIB format (RFC 1950) in the qat driver.
The ZLIB format is made of deflate compressed data surrounded by a
header and a footer. The QAT accelerators support only the deflate
algorithm, therefore the header should not be mapped since it is
inserted in software.
Signed-off-by: Lucas Segarra Fernandez <lucas.segarra.fernandez@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 23 Jan 2023 10:08:56 +0000 (18:08 +0800)]
Revert "crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in pkcs1pad_encrypt_sign_complete"
This reverts commit
1ca2809897155f1adc43e4859b4a3582e235c09a.
While the akcipher API as a whole is designed to be called only
from thread context, its completion path is still called from
softirq context as usual. Therefore we must not use GFP_KERNEL
on that path.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Peter Lafreniere [Sat, 21 Jan 2023 18:34:50 +0000 (13:34 -0500)]
crypto: x86 - exit fpu context earlier in ECB/CBC macros
Currently the ecb/cbc macros hold fpu context unnecessarily when using
scalar cipher routines (e.g. when handling odd sizes of blocks per walk).
Change the macros to drop fpu context as soon as the fpu is out of use.
No performance impact found (on Intel Haswell).
Signed-off-by: Peter Lafreniere <peter@n8pjl.ca>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Sun, 22 Jan 2023 08:56:02 +0000 (16:56 +0800)]
crypto: engine - Fix excess parameter doc warning
The engine parameter should not be marked for kernel doc as it
triggers a warning.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Sun, 22 Jan 2023 08:07:37 +0000 (16:07 +0800)]
crypto: xts - Handle EBUSY correctly
As it is xts only handles the special return value of EINPROGRESS,
which means that in all other cases it will free data related to the
request.
However, as the caller of xts may specify MAY_BACKLOG, we also need
to expect EBUSY and treat it in the same way. Otherwise backlogged
requests will trigger a use-after-free.
Fixes:
8083b1bf8163 ("crypto: xts - add support for ciphertext stealing")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Sun, 22 Jan 2023 07:32:03 +0000 (15:32 +0800)]
crypto: caam - Use ahash_request_complete
Instead of calling the base completion function directly, use the
correct ahash helper which is ahash_request_complete.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Gaurav Jain <gaurav.jain@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Thu, 19 Jan 2023 10:36:58 +0000 (18:36 +0800)]
crypto: bcm - Use subrequest for fallback
Instead of doing saving and restoring on the AEAD request object
for fallback processing, use a subrequest instead.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Thu, 19 Jan 2023 09:01:39 +0000 (17:01 +0800)]
crypto: cryptd - Remove unnecessary skcipher_request_zero
Previously the child skcipher request was stored on the stack and
therefore needed to be zeroed. As it is now dynamically allocated
we no longer need to do so.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
ye xingchen [Thu, 19 Jan 2023 07:36:49 +0000 (15:36 +0800)]
crypto: aspeed - Use devm_platform_get_and_ioremap_resource()
Convert platform_get_resource(), devm_ioremap_resource() to a single
call to devm_platform_get_and_ioremap_resource(), as this is exactly
what this function does.
Signed-off-by: ye xingchen <ye.xingchen@zte.com.cn>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Yang Yingliang [Thu, 19 Jan 2023 01:48:59 +0000 (09:48 +0800)]
crypto: aspeed - change aspeed_acry_akcipher_algs to static
aspeed_acry_akcipher_algs is only used in aspeed-acry.c now,
change it to static.
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Acked-by: Andrew Jeffery <andrew@aj.id.au>
Reviewed-by: Neal Liu <neal_liu@aspeedtech.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Vladis Dronov [Tue, 17 Jan 2023 17:20:06 +0000 (18:20 +0100)]
crypto: testmgr - disallow certain DRBG hash functions in FIPS mode
According to FIPS 140-3 IG, section D.R "Hash Functions Acceptable for
Use in the SP 800-90A DRBGs", modules certified after May 16th, 2023
must not support the use of: SHA-224, SHA-384, SHA512-224, SHA512-256,
SHA3-224, SHA3-384. Disallow HMAC and HASH DRBGs using SHA-384 in FIPS
mode.
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Reviewed-by: Stephan Müller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>