- 18 Sep, 2020 21 commits
-
-
Longfang Liu authored
In order to pass kernel CRYPTO test, SEC module parameter 'pf_q_num' needs to be set as greater than 1. Signed-off-by: Longfang Liu <liulongfang@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Longfang Liu authored
In order to pass kernel CRYPTO test, HPRE module parameter 'pf_q_num' needs to be set as greater than 1. Signed-off-by: Longfang Liu <liulongfang@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Longfang Liu authored
At present, as HPRE/SEC/ZIP modules' parameter 'pf_q_num' is 1, kernel CRYPTO test will fail on the algorithms from the modules, since 'QP' hardware resources are not enough for CRYPTO TFM. To fix this, the minimum value of 'pf_q_num' should be 2. Signed-off-by: Longfang Liu <liulongfang@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Giovanni Cabiddu authored
Build pci_device_id structure using the PCI_VDEVICE macro. This removes any references to the ADF_SYSTEM_DEVICE macro. Suggested-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by: Fiona Trahe <fiona.trahe@intel.com> Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Giovanni Cabiddu authored
Replace device ids defined in the QAT drivers with the ones in include/linux/pci_ids.h. Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by: Fiona Trahe <fiona.trahe@intel.com> Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Dan Carpenter authored
The pm_runtime_get_sync() function returns either 0 or 1 on success but this code treats a return of 1 as a failure. Fixes: 7694b6ca ("crypto: sa2ul - Add crypto driver") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Pascal van Leeuwen authored
On systems with coherence issues, packet processed could succeed while it should have failed, e.g. because of an authentication fail. This is because the driver would read stale status information that had all error bits initialised to zero = no error. Since this is potential a security risk, we want to prevent it from being a possibility at all. So initialize all error bits to error state, so that reading stale status information will always result in errors. Signed-off-by: Pascal van Leeuwen <pvanleeuwen@rambus.com> Acked-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Herbert Xu authored
This patch also fixes the incorrect endianness markings in the sun4i-ss driver. It should have no effect in the genereated code. Instead of using cpu_to_Xe32 followed by a memcpy, this patch converts the final hash write to use put_unaligned_X instead. Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com> Acked-by: Corentin Labbe <clabbe.montjoie@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Yang Shen authored
1.Unified alignment styles 2.Remove unnecessary goto branch 3.Remove address printf Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Yang Shen authored
Supplement some comments. Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Yang Shen authored
Some macros which are defined in 'zip.h' are related to the struct 'hisi_zip_sqe' and are only used in 'zip_crypto.c'. So move them from 'zip.h' to 'zip_crypto.c'. Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Yang Shen authored
Fix some code for PClint warning: Warning - Suspicious Cast Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Yang Shen authored
Add print for some error branches. Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Yang Shen authored
Macros 'QPC_COMP', 'QPC_DECOMP' and 'HZIP_CTX_Q_NUM' are relative and incremental. So, use an enum instead. Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Yang Shen authored
Replace 'sprintf' with 'scnprintf' to avoid overrun. Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Shukun Tan authored
Update debugfs interface parameters Signed-off-by: Shukun Tan <tanshukun1@huawei.com> Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Yang Shen authored
1.Add prefix 'HZIP' for some macros 2.Add prefix 'hisi_zip' for some functions Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Yang Shen authored
1.Remove the macro 'HZIP_VF_NUM'. 2.Remove 'list' of the struct 'hisi_zip' Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Tero Kristo authored
Running export/import for hashes in peculiar order (mostly done by openssl) can mess up the internal book keeping of the OMAP SHA core. Fix by forcibly writing the correct DIGCNT back to hardware. This issue was noticed while transitioning to openssl 1.1 support. Fixes: 0d373d60 ("crypto: omap-sham - Add OMAP4/AM33XX SHAM Support") Signed-off-by: Tero Kristo <t-kristo@ti.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Tero Kristo authored
Convert the omap-sham driver to use crypto engine for queue handling, instead of using local implementation. Signed-off-by: Tero Kristo <t-kristo@ti.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Herbert Xu authored
The sa2ul driver uses crypto_authenc_extractkeys and therefore must select CRYPTO_AUTHENC. Fixes: 7694b6ca ("crypto: sa2ul - Add crypto driver") Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Reviewed-by: Keerthy <j-keerthy@ti.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
- 11 Sep, 2020 19 commits
-
-
Herbert Xu authored
This patch fixes a couple of sparse endianness warnings in the ux500 driver. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Giovanni Cabiddu authored
Use pci_name() when creating debugfs entries in order to include PCI domain in the path. Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Krzysztof Kozlowski authored
Pass the error directly from devm_clk_get() to describe the real reason, instead of fixed ENOENT. Do not print error messages on deferred probe. Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org> Reviewed-by: Kamil Konieczny <k.konieczny@samsung.com> Acked-by: Kamil Konieczny <k.konieczny@samsung.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Krzysztof Kozlowski authored
Add missing and fix existing kerneldoc to silence W=1 warnings: drivers/crypto/s5p-sss.c:333: warning: Function parameter or member 'pclk' not described in 's5p_aes_dev' drivers/crypto/s5p-sss.c:373: warning: Function parameter or member 'sgl' not described in 's5p_hash_reqctx' drivers/crypto/s5p-sss.c:373: warning: Function parameter or member 'buffer' not described in 's5p_hash_reqctx' drivers/crypto/s5p-sss.c:1143: warning: Function parameter or member 'new_len' not described in 's5p_hash_prepare_sgs' drivers/crypto/s5p-sss.c:1143: warning: Excess function parameter 'nbytes' description in 's5p_hash_prepare_sgs' Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org> Reviewed-by: Kamil Konieczny <k.konieczny@samsung.com> Acked-by: Kamil Konieczny <k.konieczny@samsung.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Xu Wang authored
Because clk_disable_unprepare already checked NULL clock parameter, so the additional checks are unnecessary, just remove them. Signed-off-by: Xu Wang <vulab@iscas.ac.cn> Reviewed-by: Krzysztof Kozlowski <krzk@kernel.org> Acked-by: Kamil Konieczny <k.konieczny@samsung.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Atte Tommiska authored
Xiphera XIP8001B is an FPGA-based True Random Number Generator Intellectual Property (IP) Core which can be instantiated in multiple FPGA families. This driver adds Linux support for it through the hwrng interface. Signed-off-by: Atte Tommiska <atte.tommiska@xiphera.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Atte Tommiska authored
Document the device tree bindings of Xiphera's XIP8001B-trng IP. Signed-off-by: Atte Tommiska <atte.tommiska@xiphera.com> Reviewed-by: Rob Herring <robh@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Atte Tommiska authored
Xiphera is an FPGA-based cryptographic solutions provider based in Finland. Website of the company: https://xiphera.com/Signed-off-by: Atte Tommiska <atte.tommiska@xiphera.com> Acked-by: Rob Herring <robh@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Herbert Xu authored
Now that crypto/cbc.h is only used by the generic cbc template, we can merge it back into the CBC code. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Herbert Xu authored
Since commit b56f5cbc ("crypto: arm/aes-neonbs - resolve fallback cipher at runtime") the CBC encryption path in aes-neonbs is now identical to that obtained through the cbc template. This means that it can simply call the generic cbc template instead of doing its own thing. This patch removes the custom encryption path and simply invokes the generic cbc template. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Ard Biesheuvel authored
Cryptographic algorithms may have a lifespan that is significantly shorter than Linux's, and so we need to start phasing out algorithms that are known to be broken, and are no longer fit for general use. RC4 (or arc4) is a good example here: there are a few areas where its use is still somewhat acceptable, e.g., for interoperability with legacy wifi hardware that can only use WEP or TKIP data encryption, but that should not imply that, for instance, use of RC4 based EAP-TLS by the WPA supplicant for negotiating TKIP keys is equally acceptable, or that RC4 should remain available as a general purpose cryptographic transform for all in-kernel and user space clients. Now that all in-kernel users that need to retain support have moved to the arc4 library interface, and the known users of ecb(arc4) via the socket API (iwd [0] and libell [1][2]) have been updated to switch to a local implementation, we can take the next step, and mark the ecb(arc4) skcipher as obsolete, and only provide it if the socket API is enabled in the first place, as well as provide the option to disable all algorithms that have been marked as obsolete. [0] https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=1db8a85a60c64523 [1] https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=53482ce421b727c2 [2] https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=7f6a137809d42f6bSigned-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Ard Biesheuvel authored
Drop some bogus Kconfig selects that are not entirely accurate, and unnecessary to begin with, since the same Kconfig options also select LIB80211 features that already imply the selected functionality (AES for CCMP, ARC4 and ECB for TKIP) Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Ard Biesheuvel authored
Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Ard Biesheuvel authored
Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Ard Biesheuvel authored
The RC4-HMAC-MD5 KerberosV algorithm is based on RFC 4757 [0], which was specifically issued for interoperability with Windows 2000, but was never intended to receive the same level of support. The RFC says The IETF Kerberos community supports publishing this specification as an informational document in order to describe this widely implemented technology. However, while these encryption types provide the operations necessary to implement the base Kerberos specification [RFC4120], they do not provide all the required operations in the Kerberos cryptography framework [RFC3961]. As a result, it is not generally possible to implement potential extensions to Kerberos using these encryption types. The Kerberos encryption type negotiation mechanism [RFC4537] provides one approach for using such extensions even when a Kerberos infrastructure uses long-term RC4 keys. Because this specification does not implement operations required by RFC 3961 and because of security concerns with the use of RC4 and MD4 discussed in Section 8, this specification is not appropriate for publication on the standards track. The RC4-HMAC encryption types are used to ease upgrade of existing Windows NT environments, provide strong cryptography (128-bit key lengths), and provide exportable (meet United States government export restriction requirements) encryption. This document describes the implementation of those encryption types. Furthermore, this RFC was re-classified as 'historic' by RFC 8429 [1] in 2018, stating that 'none of the encryption types it specifies should be used' Note that other outdated algorithms are left in place (some of which are guarded by CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES), so this should only adversely affect interoperability with Windows NT/2000 systems that have not received any updates since 2008 (but are connected to a network nonetheless) [0] https://tools.ietf.org/html/rfc4757 [1] https://tools.ietf.org/html/rfc8429Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Ard Biesheuvel authored
Switch to the ARC4 library interface, to remove the pointless dependency on the skcipher API, from which we will hopefully be able to drop ecb(arc4) skcipher support. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Ard Biesheuvel authored
Switch to the ARC4 library interface, to remove the pointless dependency on the skcipher API, from which we will hopefully be able to drop ecb(arc4) skcipher support. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Marco Felsch authored
The RNGB can generate 2^20 words (1 word == 4 byte) of 'random' data after the seed pool was initialized. The pool needs to be reseeded if more words are required. The reseeding is done automatically since commit 3acd9ea9 ("hwrng: imx-rngc - use automatic seeding"). We can't retrieve the TRNG values directly so we need a other way to get the quality level. We know that the PRNG uses 20.000 entropy samples from the TRNG to generate 2^20 words (1MiB) and the quality level is defined as (in bits of entropy per 1024 bits of input). So the quality level can be calculated by: 20.000 * 1024 ------------- = ~ 19.5 2^20 Signed-off-by: Marco Felsch <m.felsch@pengutronix.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Dominik Przychodni authored
Return -EINVAL for authenc(hmac(sha1),cbc(aes)), authenc(hmac(sha256),cbc(aes)) and authenc(hmac(sha512),cbc(aes)) if the cipher length is not multiple of the AES block. This is to prevent an undefined device behaviour. Fixes: d370cec3 ("crypto: qat - Intel(R) QAT crypto interface") Cc: <stable@vger.kernel.org> Signed-off-by: Dominik Przychodni <dominik.przychodni@intel.com> [giovanni.cabiddu@intel.com: reworded commit message] Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-