- 22 Dec, 2017 15 commits
-
-
Sabrina Dubroca authored
generic_gcmaes_decrypt needs to use generic_gcmaes_ctx, not aesni_rfc4106_gcm_ctx. This is actually harmless because the fields in struct generic_gcmaes_ctx share the layout of the same fields in aesni_rfc4106_gcm_ctx. Fixes: cce2ea8d ("crypto: aesni - add generic gcm(aes)") Cc: <stable@vger.kernel.org> Signed-off-by:
Sabrina Dubroca <sd@queasysnail.net> Reviewed-by:
Stefano Brivio <sbrivio@redhat.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
Corentin Labbe authored
This patch remove two unused variable and some dead "code" using it. Fixes: 92932d03 ("crypto: seqiv - Remove AEAD compatibility code") Signed-off-by:
Corentin Labbe <clabbe@baylibre.com> Signed-off-by:
-
Corentin Labbe authored
This patch remove two unused variable and some dead "code" using it. Fixes: 66008d42 ("crypto: echainiv - Remove AEAD compatibility code") Signed-off-by:
-
Łukasz Stelmach authored
Hardware operations like reading random numbers and setting a seed need to be conducted in a single thread. Therefore a mutex is required to prevent multiple threads (processes) from accessing the hardware at the same time. The sequence of mutex_lock() and mutex_unlock() in the exynos_rng_reseed() function enables switching between different threads waiting for the driver to generate random numbers for them. Signed-off-by:
Łukasz Stelmach <l.stelmach@samsung.com> Reviewed-by:
Krzysztof Kozlowski <krzk@kernel.org> Signed-off-by:
-
Łukasz Stelmach authored
Reseed PRNG after reading 65 kB of randomness. Although this may reduce performance, in most cases the loss is not noticeable. Also the time based threshold for reseeding is changed to one second. Reseeding is performed whenever either limit is exceeded. Reseeding of a PRNG does not increase entropy, but it helps preventing backtracking the internal state of the device from its output sequence, and hence, prevents potential attacker from predicting numbers to be generated. Signed-off-by:
Stephan Mueller <smueller@chronox.de> Reviewed-by:
-
Łukasz Stelmach authored
Use memcpy_fromio() instead of custom exynos_rng_copy_random() function to retrieve generated numbers from the registers of PRNG. Signed-off-by:
-
Łukasz Stelmach authored
Add support for PRNG in Exynos5250+ SoCs. Signed-off-by:
-
Lars Persson authored
The IV size should not include the 32 bit counter. Because we had the IV size set as 16 the transform only worked when the IV input was zero padded. Fixes: a21eb94f ("crypto: axis - add ARTPEC-6/7 crypto accelerator driver") Signed-off-by:
Lars Persson <larper@axis.com> Signed-off-by:
-
Eric Biggers authored
The comment in gf128mul_x8_ble() was copy-and-pasted from gf128mul.h and makes no sense in the new context. Remove it. Cc: Harsh Jain <harsh@chelsio.com> Signed-off-by:
Eric Biggers <ebiggers@google.com> Signed-off-by:
-
Arnd Bergmann authored
Passing the register value by reference here leads a large amount of stack being used when CONFIG_KASAN is enabled: drivers/crypto/qat/qat_common/qat_hal.c: In function 'qat_hal_exec_micro_inst.constprop': drivers/crypto/qat/qat_common/qat_hal.c:963:1: error: the frame size of 1792 bytes is larger than 1536 bytes [-Werror=frame-larger-than=] Changing the register-read function to return the value instead reduces the stack size to around 800 bytes, most of which is for the 'savuwords' array. The function now no longer returns an error code, but nothing ever evaluated that anyway. Signed-off-by:
Arnd Bergmann <arnd@arndb.de> Signed-off-by:
-
Eric Biggers authored
Since commit 499a66e6 ("crypto: null - Remove default null blkcipher"), crypto_get_default_null_skcipher2() and crypto_put_default_null_skcipher2() are the same as their non-2 equivalents. So switch callers of the "2" versions over to the original versions and remove the "2" versions. Signed-off-by:
-
Eric Biggers authored
crypto_larval_lookup() is not used outside of crypto/api.c, so unexport it and mark it 'static'. Signed-off-by:
-
Łukasz Stelmach authored
exynos-rng is one of many implementations of stdrng. With priority as low as 100 it isn't selected, if software implementations (DRBG) are available. The value 300 was selected to give the PRNG priority before software implementations, but allow them to be selected in FIPS-mode (fips=1 in the kernel command line). Signed-off-by:
-
Atul Gupta authored
fix a type cast error for queue descriptor Reported-by:
Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
Atul Gupta <atul.gupta@chelsio.com> Signed-off-by:
-
Pravin Shedge authored
These duplicate includes have been found with scripts/checkincludes.pl but they have been removed manually to avoid removing false positives. Signed-off-by:
Pravin Shedge <pravin.shedge4linux@gmail.com> Signed-off-by:
-
- 11 Dec, 2017 9 commits
-
-
Kamil Konieczny authored
Add myself as co-maintainer for Samsung Security SubSystem driver. I have added major functionality to the driver [hash acceleration], I have access to documentation and to hardware for testing, I can also dedicate some of my paid time for reviewing and verifying changes to the driver. Signed-off-by:
Kamil Konieczny <k.konieczny@partner.samsung.com> Signed-off-by:
-
Colin Ian King authored
In the case where skb->ip_summed != CHECKSUM_PARTIAL then cntrl contains garbage value and this is possibly being bit-wise or'd and stored into cpl->ctrl1. Fix this by initializing cntrl to zero. Cleans up clang warning: drivers/crypto/chelsio/chcr_ipsec.c:374:9: warning: The left expression of the compound assignment is an uninitialized value. The computed value will also be garbage Fixes: 6dad4e8a ("chcr: Add support for Inline IPSec") Signed-off-by:
Colin Ian King <colin.king@canonical.com> Signed-off-by:
-
Colin Ian King authored
Variables adap, pi and cntrl are assigned but are never read, hence they are redundant and can be removed. Cleans up various clang build warnings. Signed-off-by:
-
Colin Ian King authored
The arrays sgl_ent_len and dsgl_ent_len are local to the source and do not need to be in global scope, so make them static. Also re-format the declarations to match the following round_constant array declaration style. Cleans up sparse warnings: drivers/crypto/chelsio/chcr_algo.c:76:14: warning: symbol 'sgl_ent_len' was not declared. Should it be static? drivers/crypto/chelsio/chcr_algo.c:81:14: warning: symbol 'dsgl_ent_len' was not declared. Should it be static? Signed-off-by:
-
Colin Ian King authored
The cryptd_max_cpu_qlen module parameter is local to the source and does not need to be in global scope, so make it static. Cleans up sparse warning: crypto/cryptd.c:35:14: warning: symbol 'cryptd_max_cpu_qlen' was not declared. Should it be static? Signed-off-by:
-
Corentin LABBE authored
This patch fix the following build failure: CC [M] drivers/crypto/stm32/stm32-cryp.o In file included from drivers/crypto/stm32/stm32-cryp.c:11:0: drivers/crypto/stm32/stm32-cryp.c:1049:25: error: 'sti_dt_ids' undeclared here (not in a function) MODULE_DEVICE_TABLE(of, sti_dt_ids); Let's replace sti_dt_ids with stm32_dt_ids which is just declared before. Signed-off-by:
Corentin Labbe <clabbe.montjoie@gmail.com> Reviewed-by:
Fabien Dessenne <fabien.dessenne@st.com> Signed-off-by:
-
Horia Geantă authored
Fix below warnings on ARMv7 by using %zu for printing size_t values: drivers/crypto/caam/caamalg_qi.c: In function aead_edesc_alloc: drivers/crypto/caam/caamalg_qi.c:417:17: warning: format %lu expects argument of type long unsigned int, but argument 4 has type unsigned int [-Wformat=] sizeof(struct qm_sg_entry)) ^ drivers/crypto/caam/caamalg_qi.c:672:16: note: in expansion of macro CAAM_QI_MAX_AEAD_SG qm_sg_ents, CAAM_QI_MAX_AEAD_SG); ^ drivers/crypto/caam/caamalg_qi.c: In function ablkcipher_edesc_alloc: drivers/crypto/caam/caamalg_qi.c:440:17: warning: format %lu expects argument of type long unsigned int, but argument 4 has type unsigned int [-Wformat=] sizeof(struct qm_sg_entry)) ^ drivers/crypto/caam/caamalg_qi.c:909:16: note: in expansion of macro CAAM_QI_MAX_ABLKCIPHER_SG qm_sg_ents, CAAM_QI_MAX_ABLKCIPHER_SG); ^ drivers/crypto/caam/caamalg_qi.c: In function ablkcipher_giv_edesc_alloc: drivers/crypto/caam/caamalg_qi.c:440:17: warning: format %lu expects argument of type long unsigned int, but argument 4 has type unsigned int [-Wformat=] sizeof(struct qm_sg_entry)) ^ drivers/crypto/caam/caamalg_qi.c:1062:16: note: in expansion of macro CAAM_QI_MAX_ABLKCIPHER_SG qm_sg_ents, CAAM_QI_MAX_ABLKCIPHER_SG); ^ Fixes: eb9ba37d ("crypto: caam/qi - handle large number of S/Gs case") Signed-off-by:Horia Geantă <horia.geanta@nxp.com> Signed-off-by:
-
Gomonovych, Vasyl authored
Fix ptr_ret.cocci warnings: arch/arm/crypto/aes-neonbs-glue.c:184:1-3: WARNING: PTR_ERR_OR_ZERO can be used arch/arm/crypto/aes-neonbs-glue.c:261:1-3: WARNING: PTR_ERR_OR_ZERO can be used Use PTR_ERR_OR_ZERO rather than if(IS_ERR(...)) + PTR_ERR Generated by: scripts/coccinelle/api/ptr_ret.cocci Signed-off-by:
Vasyl Gomonovych <gomonovych@gmail.com> Signed-off-by:
-
Hauke Mehrtens authored
This fixes a typo in the CRYPTO_KPP dependency of CRYPTO_ECDH. Fixes: 3c4b2390 ("crypto: ecdh - Add ECDH software support") Cc: <stable@vger.kernel.org> # v4.8+ Signed-off-by:
Hauke Mehrtens <hauke@hauke-m.de> Signed-off-by:
-
- 29 Nov, 2017 16 commits
-
-
Corentin Labbe authored
When a cipher fails to register in aes_init(), the error path goes thought aes_exit() then crypto_unregister_skciphers(). Since aes_exit calls also crypto_unregister_skcipher, this triggers a refcount_t: underflow; use-after-free. Signed-off-by:
-
Eric Biggers authored
When chacha20_block() outputs the keystream block, it uses 'u32' stores directly. However, the callers (crypto/chacha20_generic.c and drivers/char/random.c) declare the keystream buffer as a 'u8' array, which is not guaranteed to have the needed alignment. Fix it by having both callers declare the keystream as a 'u32' array. For now this is preferable to switching over to the unaligned access macros because chacha20_block() is only being used in cases where we can easily control the alignment (stack buffers). Signed-off-by:
-
Eric Biggers authored
Now that the generic ChaCha20 implementation no longer needs a cra_alignmask, the x86 one doesn't either -- given that the x86 implementation doesn't need the alignment itself. Signed-off-by:
Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by:
-
Eric Biggers authored
Now that crypto_chacha20_setkey() and crypto_chacha20_init() use the unaligned access macros and crypto_xor() also accepts unaligned buffers, there is no need to have a cra_alignmask set for chacha20-generic. Signed-off-by:
-
Eric Biggers authored
The generic ChaCha20 implementation has a cra_alignmask of 3, which ensures that the key passed into crypto_chacha20_setkey() and the IV passed into crypto_chacha20_init() are 4-byte aligned. However, these functions are also called from the ARM and ARM64 implementations of ChaCha20, which intentionally do not have a cra_alignmask set. This is broken because 32-bit words are being loaded from potentially-unaligned buffers without the unaligned access macros. Fix it by using the unaligned access macros when loading the key and IV. Signed-off-by:
-
Eric Biggers authored
The four 32-bit constants for the initial state of ChaCha20 were loaded from a char array which is not guaranteed to have the needed alignment. Fix it by just assigning the constants directly instead. Signed-off-by:
-
Jon Maxwell authored
Make the cryptd queue length configurable. We recently had customer where this needed to be tuned to accommodate the aesni_intel module and prevent packet drop. Signed-off-by:
Jon Maxwell <jmaxwell37@gmail.com> Signed-off-by:
-
Ard Biesheuvel authored
Most crypto drivers involving kernel mode NEON take care to put the code that actually touches the NEON register file in a separate compilation unit, to prevent the compiler from reordering code that preserves or restores the NEON context with code that may corrupt it. This is necessary because we currently have no way to express the restrictions imposed upon use of the NEON in kernel mode in a way that the compiler understands. However, in the case of aes-ce-cipher, it did not seem unreasonable to deviate from this rule, given how it does not seem possible for the compiler to reorder cross object function calls with asm blocks whose in- and output constraints reflect that it reads from and writes to memory. Now that LTO is being proposed for the arm64 kernel, it is time to revisit this. The link time optimization may replace the function calls to kernel_neon_begin() and kernel_neon_end() with instantiations of the IR that make up its implementation, allowing further reordering with the asm block. So let's clean this up, and move the asm() blocks into a separate .S file. Signed-off-by:
Nick Desaulniers <ndesaulniers@google.com> Signed-off-by:
-
Christophe Jaillet authored
'dev' is leaking in the error handling path of 'hifn_probe()'. Add a 'kfree(dev)' to match the code in 'hifn_remove()' Signed-off-by:
Christophe JAILLET <christophe.jaillet@wanadoo.fr> Reviewed-by:
PrasannaKumar Muralidharan <prasannatsmkumar@gmail.com> Signed-off-by:
-
Yang Shi authored
Preempt counter APIs have been split out, currently, hardirq.h just includes irq_enter/exit APIs which are not used by crypto at all. So, remove the unused hardirq.h. Signed-off-by:
Yang Shi <yang.s@alibaba-inc.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Cc: linux-crypto@vger.kernel.org Signed-off-by:
-
Atul Gupta authored
register xfrmdev_ops callbacks, Send IPsec tunneled data to HW for inline processing. The driver use hardware crypto accelerator to encrypt and generate ICV for the transmitted packet in Inline mode. Signed-off-by:
Harsh Jain <harsh@chelsio.com> Signed-off-by:
Ganesh Goudar <ganeshgr@chelsio.com> Signed-off-by:
-
Atul Gupta authored
Added Tx routine for ULD - define interface for ULD Tx. Export routines used for Tx data - Routines common for data transmit are used by cxgb4 and chcr drivers. - EXPORT routines enable transmit from chcr driver. Signed-off-by:
-
Gilad Ben-Yossef authored
The Arm TrustZone CryptoCell is a hardware security engine. This patch adds DT bindings for its Rich Execution Environment crypto engine. A driver supporting this device is already present in the staging tree. Signed-off-by:
Gilad Ben-Yossef <gilad@benyossef.com> Acked-by:
Rob Herring <robh@kernel.org> Signed-off-by:
-
Colin Ian King authored
The object info is being leaked on an error return path, fix this by setting ret to -ENOMEM and exiting via the request_cleanup path that will free info. Detected by CoverityScan, CID#1408439 ("Resource Leak") Fixes: c694b233 ("crypto: cavium - Add the Virtual Function driver for CPT") Signed-off-by: -
Geert Uytterhoeven authored
On 32-bit (e.g. with m68k-linux-gnu-gcc-4.1): crypto/keywrap.c: In function ‘crypto_kw_decrypt’: crypto/keywrap.c:191: warning: integer constant is too large for ‘long’ type crypto/keywrap.c: In function ‘crypto_kw_encrypt’: crypto/keywrap.c:224: warning: integer constant is too large for ‘long’ type Fixes: 9e49451d ("crypto: keywrap - simplify code") Signed-off-by:Geert Uytterhoeven <geert@linux-m68k.org> Reviewed-by:
-
Tudor-Dan Ambarus authored
Results better code readability. Signed-off-by:
Tudor Ambarus <tudor.ambarus@microchip.com> Reviewed-by:
-
