- 02 Dec, 2022 21 commits
-
-
Herbert Xu authored
Previously we limited the maximum alignment mask to 63. This is mostly due to stack usage for shash. This patch introduces a separate limit for shash algorithms and increases the general limit to 127 which is the value that we need for DMA allocations on arm64. Signed-off-by:Herbert Xu <herbert@gondor.apana.org.au>
-
Herbert Xu authored
This patch adds helpers to access the skcipher context structure and request context structure with an added alignment for DMA access. Signed-off-by: -
Herbert Xu authored
This patch adds helpers to access the ahash context structure and request context structure with an added alignment for DMA access. Signed-off-by: -
Herbert Xu authored
This patch adds helpers to access the aead context structure and request context structure with an added alignment for DMA access. Signed-off-by: -
Herbert Xu authored
This patch adds the helpers crypto_tfm_ctx_aligned and crypto_tfm_ctx_dma. The first aligns the tfm context to the value cra_alignmask. The second sets the alignment according to dma_cache_get_alignment(); This patch also moves crypto_tfm_ctx into algapi.h. Signed-off-by: -
Herbert Xu authored
The helper crypto_tfm_ctx is only used by the Crypto API algorithm code and should really be in algapi.h. However, for historical reasons many files relied on it to be in crypto.h. This patch changes those files to use algapi.h instead in prepartion for a move. Signed-off-by: -
Shang XiaoJing authored
omap_sham_probe() calls pm_runtime_get_sync() and calls pm_runtime_put_sync() latter to put usage_counter. However, pm_runtime_get_sync() will increment usage_counter even it failed. Fix it by replacing it with pm_runtime_resume_and_get() to keep usage counter balanced. Fixes: b359f034 ("crypto: omap-sham - Convert to use pm_runtime API") Signed-off-by:
Shang XiaoJing <shangxiaojing@huawei.com> Acked-by:
Mark Greer <mgreer@animalcreek.com> Signed-off-by:
-
Joe Fradley authored
curve25519-x86_64.c fails to build when CONFIG_GCOV_KERNEL is enabled. The error is "inline assembly requires more registers than available" thrown from the `fsqr()` function. Therefore, excluding this file from GCOV profiling until this issue is resolved. Thereby allowing CONFIG_GCOV_PROFILE_ALL to be enabled for x86. Signed-off-by:
Joe Fradley <joefradley@google.com> Signed-off-by:
-
Christophe JAILLET authored
There is no real point in allocating dedicated memory for the irqs array. MAXFLOW is only 2, so it is easier to allocated the needed space directly within the 'meson_dev' structure. This saves some memory allocation and avoids an indirection when using the irqs array. Fixes: 48fe583f ("crypto: amlogic - Add crypto accelerator...") Signed-off-by:
Christophe JAILLET <christophe.jaillet@wanadoo.fr> Signed-off-by:
-
Herbert Xu authored
The value of reqsize cannot be determined in case of fallbacks. Therefore it must be stored in the tfm and not the alg object. Signed-off-by: -
Herbert Xu authored
The value of reqsize must only be changed through the helper. Signed-off-by: -
Herbert Xu authored
The value of reqsize cannot be determined in case of fallbacks. Therefore it must be stored in the tfm and not the alg object. Signed-off-by: -
Herbert Xu authored
The value of reqsize must only be changed through the helper. Signed-off-by:
Gonglei <arei.gonglei@huawei.com> Signed-off-by:
-
Herbert Xu authored
The value of reqsize must only be changed through the helper. Signed-off-by:
Gaurav Jain <gaurav.jain@nxp.com> Signed-off-by:
-
Herbert Xu authored
The value of reqsize must only be changed through the helper. Signed-off-by:
Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by:
-
Herbert Xu authored
The value of reqsize must only be changed through the helper. Signed-off-by:
Longfang Liu <liulongfang@huawei.com> Signed-off-by:
-
Herbert Xu authored
The value of reqsize should only be changed through a helper. To do so we need to first add a helper for this. Signed-off-by: -
Yushan Zhou authored
release_firmware() checks whether firmware pointer is NULL. Remove the redundant NULL check in release_tar_archive(). Signed-off-by:
Yushan Zhou <katrinzhou@tencent.com> Signed-off-by:
-
Herbert Xu authored
The value of reqsize must only be changed through the helper. Signed-off-by: -
Nikolaus Voss authored
If CAAM is not in "trusted" or "secure" state, a fixed non-volatile key is used instead of the unique device key. This is the default mode of operation without secure boot (HAB). In this scenario, CAAM encrypted blobs should be used only for testing but not in a production environment, so issue a warning. Signed-off-by:
Nikolaus Voss <nikolaus.voss@haag-streit.com> Reviewed-by:
Ahmad Fatoum <a.fatoum@pengutronix.de> Signed-off-by:
-
Wang Yufen authored
Fix to return a negative error code -EINVAL instead of 0. Fixes: 0cec19c7 ("crypto: qat - add support for compression for 4xxx") Signed-off-by:
Wang Yufen <wangyufen@huawei.com> Acked-by:
-
- 25 Nov, 2022 19 commits
-
-
Jason A. Donenfeld authored
The U2F zero apparently has a real TRNG in it with maximum quality, not one with quality of "1", which was likely a misinterpretation of the field as a boolean. So remove the assignment entirely, so that we get the default quality setting. In the u2f-zero firmware, the 0x21 RNG command used by this driver is handled as such [1]: case U2F_CUSTOM_GET_RNG: if (atecc_send_recv(ATECC_CMD_RNG,ATECC_RNG_P1,ATECC_RNG_P2, NULL, 0, appdata.tmp, sizeof(appdata.tmp), &res) == 0 ) { memmove(msg->pkt.init.payload, res.buf, 32); U2FHID_SET_LEN(msg, 32); usb_write((uint8_t*)msg, 64); } else { U2FHID_SET_LEN(msg, 0); usb_write((uint8_t*)msg, 64); } This same call to `atecc_send_recv(ATECC_CMD_RNG,ATECC_RNG_P1, ATECC_RNG_P2,...)` is then also used in the token's cryptographically critical "u2f_new_keypair" function, as its rather straightforward source of random bytes [2]: int8_t u2f_new_keypair(uint8_t * handle, uint8_t * appid, uint8_t * pubkey) { struct atecc_response res; uint8_t private_key[36]; int i; watchdog(); if (atecc_send_recv(ATECC_CMD_RNG,ATECC_RNG_P1,ATECC_RNG_P2, NULL, 0, appdata.tmp, sizeof(appdata.tmp), &res) != 0 ) { return -1; } So it seems rather plain that the ATECC RNG is considered to provide good random numbers. [1] https://github.com/conorpp/u2f-zero/blob/master/firmware/src/custom.c [2] https://github.com/conorpp/u2f-zero/blob/master/firmware/src/u2f_atecc.c Cc: Andrej Shadura <andrew.shadura@collabora.co.uk> Cc: Jiri Kosina <jkosina@suse.cz> Cc: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:Jason A. Donenfeld <Jason@zx2c4.com> Acked-by:
Andrej Shadura <andrew.shadura@collabora.co.uk> Signed-off-by:
-
Weili Qian authored
In function 'hisi_qm_resume', if the device fails to be started, directly returning error code will cause the device to be unavailable. However, the failure may be caused by device error, which will be reported to the driver, and driver can reset and restart device. Therefore, check device status instead of returning error code directly. Returns 0 if device error has occurred, otherwise returns error code. Signed-off-by:
Weili Qian <qianweili@huawei.com> Signed-off-by:
-
Weili Qian authored
'QM_XEQ_DEPTH_CAP' mask value is GENMASK(31, 0) instead of GENMASK(15, 0). If the mask value is incorrect, will cause abnormal events cannot be handled. So fix it. Fixes: 129a9f34 ("crypto: hisilicon/qm - get qp num and depth from hardware registers") Signed-off-by:
-
Uwe Kleine-König authored
.probe_new() doesn't get the i2c_device_id * parameter, so determine that explicitly in the probe function. Signed-off-by:
Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Signed-off-by:
-
Uwe Kleine-König authored
.probe_new() doesn't get the i2c_device_id * parameter, so determine that explicitly in the probe function. Signed-off-by:
-
Eric Biggers authored
This reverts commit 22ca9f4a because CFI no longer breaks cross-module function address equality, so crypto_shash_alg_has_setkey() can now be an inline function like before. This commit should not be backported to kernels that don't have the new CFI implementation. Acked-by:
Peter Zijlstra (Intel) <peterz@infradead.org> Reviewed-by:
Sami Tolvanen <samitolvanen@google.com> Signed-off-by:
Eric Biggers <ebiggers@google.com> Signed-off-by:
-
Eric Biggers authored
The arm architecture doesn't support CFI yet, and even if it did, the new CFI implementation supports indirect calls to assembly functions. Therefore, there's no need to use a wrapper function for nh_neon(). Acked-by:
-
Eric Biggers authored
sm3_neon_transform() is called via indirect function calls. Therefore it needs to use SYM_TYPED_FUNC_START instead of SYM_FUNC_START to cause its type hash to be emitted when the kernel is built with CONFIG_CFI_CLANG=y. Otherwise, the code crashes with a CFI failure (if the compiler didn't happen to optimize out the indirect call). Fixes: c50d3285 ("arm64: Add types to indirect called assembly functions") Acked-by:
-
Eric Biggers authored
Since the CFI implementation now supports indirect calls to assembly functions, take advantage of that rather than use a wrapper function. Acked-by:
-
Eric Biggers authored
sm4_aesni_avx_ctr_enc_blk8(), sm4_aesni_avx_cbc_dec_blk8(), sm4_aesni_avx_cfb_dec_blk8(), sm4_aesni_avx2_ctr_enc_blk16(), sm4_aesni_avx2_cbc_dec_blk16(), and sm4_aesni_avx2_cfb_dec_blk16() are called via indirect function calls. Therefore they need to use SYM_TYPED_FUNC_START instead of SYM_FUNC_START to cause their type hashes to be emitted when the kernel is built with CONFIG_CFI_CLANG=y. Otherwise, the code crashes with a CFI failure. (Or at least that should be the case. For some reason the CFI checks in sm4_avx_cbc_decrypt(), sm4_avx_cfb_decrypt(), and sm4_avx_ctr_crypt() are not always being generated, using current tip-of-tree clang. Anyway, this patch is a good idea anyway.) Fixes: ccace936 ("x86: Add types to indirectly called assembly functions") Signed-off-by:
-
Eric Biggers authored
sm3_transform_avx() is called via indirect function calls. Therefore it needs to use SYM_TYPED_FUNC_START instead of SYM_FUNC_START to cause its type hash to be emitted when the kernel is built with CONFIG_CFI_CLANG=y. Otherwise, the code crashes with a CFI failure (if the compiler didn't happen to optimize out the indirect call). Fixes: ccace936 ("x86: Add types to indirectly called assembly functions") Acked-by:
-
Eric Biggers authored
sha512_transform_ssse3(), sha512_transform_avx(), and sha512_transform_rorx() are called via indirect function calls. Therefore they need to use SYM_TYPED_FUNC_START instead of SYM_FUNC_START to cause their type hashes to be emitted when the kernel is built with CONFIG_CFI_CLANG=y. Otherwise, the code crashes with a CFI failure (if the compiler didn't happen to optimize out the indirect calls). Fixes: ccace936 ("x86: Add types to indirectly called assembly functions") Acked-by:
-
Eric Biggers authored
sha256_transform_ssse3(), sha256_transform_avx(), sha256_transform_rorx(), and sha256_ni_transform() are called via indirect function calls. Therefore they need to use SYM_TYPED_FUNC_START instead of SYM_FUNC_START to cause their type hashes to be emitted when the kernel is built with CONFIG_CFI_CLANG=y. Otherwise, the code crashes with a CFI failure (if the compiler didn't happen to optimize out the indirect calls). Fixes: ccace936 ("x86: Add types to indirectly called assembly functions") Acked-by:
-
Eric Biggers authored
sha1_transform_ssse3(), sha1_transform_avx(), and sha1_ni_transform() (but not sha1_transform_avx2()) are called via indirect function calls. Therefore they need to use SYM_TYPED_FUNC_START instead of SYM_FUNC_START to cause their type hashes to be emitted when the kernel is built with CONFIG_CFI_CLANG=y. Otherwise, the code crashes with a CFI failure (if the compiler didn't happen to optimize out the indirect calls). Fixes: ccace936 ("x86: Add types to indirectly called assembly functions") Acked-by:
-
Eric Biggers authored
Since the CFI implementation now supports indirect calls to assembly functions, take advantage of that rather than use wrapper functions. Acked-by:
-
Eric Biggers authored
aria_aesni_avx_encrypt_16way(), aria_aesni_avx_decrypt_16way(), aria_aesni_avx_ctr_crypt_16way(), aria_aesni_avx_gfni_encrypt_16way(), aria_aesni_avx_gfni_decrypt_16way(), and aria_aesni_avx_gfni_ctr_crypt_16way() are called via indirect function calls. Therefore they need to use SYM_TYPED_FUNC_START instead of SYM_FUNC_START to cause their type hashes to be emitted when the kernel is built with CONFIG_CFI_CLANG=y. Otherwise, the code crashes with a CFI failure. Fixes: ccace936 ("x86: Add types to indirectly called assembly functions") Acked-by:
-
Eric Biggers authored
crypto_aegis128_aesni_enc(), crypto_aegis128_aesni_enc_tail(), crypto_aegis128_aesni_dec(), and crypto_aegis128_aesni_dec_tail() are called via indirect function calls. Therefore they need to use SYM_TYPED_FUNC_START instead of SYM_FUNC_START to cause their type hashes to be emitted when the kernel is built with CONFIG_CFI_CLANG=y. Otherwise, the code crashes with a CFI failure (if the compiler didn't happen to optimize out the indirect calls). Fixes: ccace936 ("x86: Add types to indirectly called assembly functions") Acked-by:
-
Daniel Jordan authored
list_for_each_entry_reverse() assumes that the iterated list is nonempty and that every list_head is embedded in the same type, but its use in padata_do_serial() breaks both rules. This doesn't cause any issues now because padata_priv and padata_list happen to have their list fields at the same offset, but we really shouldn't be relying on that. Fixes: bfde23ce ("padata: unbind parallel jobs from specific CPUs") Signed-off-by:
Daniel Jordan <daniel.m.jordan@oracle.com> Signed-off-by:
-
Daniel Jordan authored
A deadlock can happen when an overloaded system runs ->parallel() in the context of the current task: padata_do_parallel ->parallel() pcrypt_aead_enc/dec padata_do_serial spin_lock(&reorder->lock) // BHs still enabled <interrupt> ... __do_softirq ... padata_do_serial spin_lock(&reorder->lock) It's a bug for BHs to be on in _do_serial as Steffen points out, so ensure they're off in the "current task" case like they are in padata_parallel_worker to avoid this situation. Reported-by: syzbot+bc05445bc14148d51915@syzkaller.appspotmail.com Fixes: 4611ce22 ("padata: allocate work structures for parallel jobs from a pool") Signed-off-by:Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by:
-
