1. 08 May, 2020 16 commits
  2. 30 Apr, 2020 11 commits
  3. 24 Apr, 2020 6 commits
    • Tang Bin's avatar
      crypto: bcm - Delete redundant variable definition · 9c3d6497
      Tang Bin authored
      The variable "i" is redundant to be assigned a value
      of zero,because it's assigned in the for loop, so remove
      redundant one here.
      Signed-off-by: default avatarShengju Zhang <zhangshengju@cmss.chinamobile.com>
      Signed-off-by: default avatarTang Bin <tangbin@cmss.chinamobile.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      9c3d6497
    • Stephan Müller's avatar
      crypto: drbg - always seeded with SP800-90B compliant noise source · 97f2650e
      Stephan Müller authored
      As the Jitter RNG provides an SP800-90B compliant noise source, use this
      noise source always for the (re)seeding of the DRBG.
      
      To make sure the DRBG is always properly seeded, the reseed threshold
      is reduced to 1<<20 generate operations.
      
      The Jitter RNG may report health test failures. Such health test
      failures are treated as transient as follows. The DRBG will not reseed
      from the Jitter RNG (but from get_random_bytes) in case of a health
      test failure. Though, it produces the requested random number.
      
      The Jitter RNG has a failure counter where at most 1024 consecutive
      resets due to a health test failure are considered as a transient error.
      If more consecutive resets are required, the Jitter RNG will return
      a permanent error which is returned to the caller by the DRBG. With this
      approach, the worst case reseed threshold is significantly lower than
      mandated by SP800-90A in order to seed with an SP800-90B noise source:
      the DRBG has a reseed threshold of 2^20 * 1024 = 2^30 generate requests.
      
      Yet, in case of a transient Jitter RNG health test failure, the DRBG is
      seeded with the data obtained from get_random_bytes.
      
      However, if the Jitter RNG fails during the initial seeding operation
      even due to a health test error, the DRBG will send an error to the
      caller because at that time, the DRBG has received no seed that is
      SP800-90B compliant.
      Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      97f2650e
    • Stephan Müller's avatar
      crypto: jitter - SP800-90B compliance · 764428fe
      Stephan Müller authored
      SP800-90B specifies various requirements for the noise source(s) that
      may seed any DRNG including SP800-90A DRBGs. In November 2020,
      SP800-90B will be mandated for all noise sources that provide entropy
      to DRBGs as part of a FIPS 140-[2|3] validation or other evaluation
      types. Without SP800-90B compliance, a noise source is defined to always
      deliver zero bits of entropy.
      
      This patch ports the SP800-90B compliance from the user space Jitter RNG
      version 2.2.0.
      
      The following changes are applied:
      
      - addition of (an enhanced version of) the repetitive count test (RCT)
        from SP800-90B section 4.4.1 - the enhancement is due to the fact of
        using the stuck test as input to the RCT.
      
      - addition of the adaptive proportion test (APT) from SP800-90B section
        4.4.2
      
      - update of the power-on self test to perform a test measurement of 1024
        noise samples compliant to SP800-90B section 4.3
      
      - remove of the continuous random number generator test which is
        replaced by APT and RCT
      
      Health test failures due to the SP800-90B operation are only enforced in
      FIPS mode. If a runtime health test failure is detected, the Jitter RNG
      is reset. If more than 1024 resets in a row are performed, a permanent
      error is returned to the caller.
      Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      764428fe
    • Colin Ian King's avatar
      crypto: algif_rng - remove redundant assignment to variable err · 63e05f32
      Colin Ian King authored
      The variable err is being initialized with a value that is never read
      and it is being updated later with a new value.  The initialization is
      redundant and can be removed.
      
      Addresses-Coverity: ("Unused value")
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      63e05f32
    • Colin Ian King's avatar
      crypto: chelsio - remove redundant assignment to variable error · 8a656a48
      Colin Ian King authored
      The variable error is being initialized with a value that is never read
      and it is being updated later with a new value.  The initialization is
      redundant and can be removed.
      
      Addresses-Coverity: ("Unused value")
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      8a656a48
    • Mark Brown's avatar
      crypto: arm64 - Consistently enable extension · 3ca73b70
      Mark Brown authored
      Currently most of the crypto files enable the crypto extension using the
      .arch directive but crct10dif-ce-core.S uses .cpu instead. Move that over
      to .arch for consistency.
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      Acked-by: default avatarArd Biesheuvel <ardb@kernel.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      3ca73b70
  4. 22 Apr, 2020 2 commits
  5. 20 Apr, 2020 2 commits
  6. 16 Apr, 2020 3 commits
    • Christophe JAILLET's avatar
      crypto: marvell/octeontx - Add missing '\n' in log messages · 0a8f5989
      Christophe JAILLET authored
      Message logged by 'dev_xxx()' or 'pr_xxx()' should end with a '\n'.
      
      While at it, I've introduced a few pr_cont that looked logical to me.
      
      Fixes: 10b4f094 ("crypto: marvell - add the Virtual Function driver for CPT")
      Fixes: d9110b0b ("crypto: marvell - add support for OCTEON TX CPT engine")
      Signed-off-by: default avatarChristophe JAILLET <christophe.jaillet@wanadoo.fr>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      0a8f5989
    • Herbert Xu's avatar
      crypto: api - Fix use-after-free and race in crypto_spawn_alg · 6603523b
      Herbert Xu authored
      There are two problems in crypto_spawn_alg.  First of all it may
      return spawn->alg even if spawn->dead is set.  This results in a
      double-free as detected by syzbot.
      
      Secondly the setting of the DYING flag is racy because we hold
      the read-lock instead of the write-lock.  We should instead call
      crypto_shoot_alg in a safe manner by gaining a refcount, dropping
      the lock, and then releasing the refcount.
      
      This patch fixes both problems.
      
      Reported-by: syzbot+fc0674cde00b66844470@syzkaller.appspotmail.com
      Fixes: 4f87ee11 ("crypto: api - Do not zap spawn->alg")
      Fixes: 73669cc5 ("crypto: api - Fix race condition in...")
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      6603523b
    • Arnd Bergmann's avatar
      crypto: ccp -- don't "select" CONFIG_DMADEVICES · eebac678
      Arnd Bergmann authored
      DMADEVICES is the top-level option for the slave DMA
      subsystem, and should not be selected by device drivers,
      as this can cause circular dependencies such as:
      
      drivers/net/ethernet/freescale/Kconfig:6:error: recursive dependency detected!
      drivers/net/ethernet/freescale/Kconfig:6:	symbol NET_VENDOR_FREESCALE depends on PPC_BESTCOMM
      drivers/dma/bestcomm/Kconfig:6:	symbol PPC_BESTCOMM depends on DMADEVICES
      drivers/dma/Kconfig:6:	symbol DMADEVICES is selected by CRYPTO_DEV_SP_CCP
      drivers/crypto/ccp/Kconfig:10:	symbol CRYPTO_DEV_SP_CCP depends on CRYPTO
      crypto/Kconfig:16:	symbol CRYPTO is selected by LIBCRC32C
      lib/Kconfig:222:	symbol LIBCRC32C is selected by LIQUIDIO
      drivers/net/ethernet/cavium/Kconfig:65:	symbol LIQUIDIO depends on PTP_1588_CLOCK
      drivers/ptp/Kconfig:8:	symbol PTP_1588_CLOCK is implied by FEC
      drivers/net/ethernet/freescale/Kconfig:23:	symbol FEC depends on NET_VENDOR_FREESCALE
      
      The LIQUIDIO driver causing this problem is addressed in a
      separate patch, but this change is needed to prevent it from
      happening again.
      
      Using "depends on DMADEVICES" is what we do for all other
      implementations of slave DMA controllers as well.
      
      Fixes: b3c2fee5 ("crypto: ccp - Ensure all dependencies are specified")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Acked-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      eebac678