1. 05 Jan, 2014 3 commits
    • Marek Vasut's avatar
      crypto: mxs - Add Freescale MXS DCP driver · 15b59e7c
      Marek Vasut authored
      Add support for the MXS DCP block. The driver currently supports
      SHA-1/SHA-256 hashing and AES-128 CBC/ECB modes. The non-standard
      CRC32 is not yet supported.
      Signed-off-by: default avatarMarek Vasut <marex@denx.de>
      Cc: David S. Miller <davem@davemloft.net>
      Cc: Fabio Estevam <fabio.estevam@freescale.com>
      Cc: Shawn Guo <shawn.guo@linaro.org>
      Cc: devicetree@vger.kernel.org
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      15b59e7c
    • Marek Vasut's avatar
      crypto: mxs - Remove the old DCP driver · c493c044
      Marek Vasut authored
      Remove the old DCP driver as it had multiple severe issues. The driver
      will be replaced by a more robust implementation. Here is a short list
      of problems with this driver:
      
      1) It only supports AES_CBC
      2) The driver was apparently never ran behind anyone working with MXS. ie.:
         -> Restarting the DCP block is not done via mxs_reset_block()
         -> The DT name is not "fsl,dcp" or "fsl,mxs-dcp" as other MXS drivers
      3) Introduces new ad-hoc IOCTLs
      4) The IRQ handler can't use usual completion() in the driver because that'd
         trigger "scheduling while atomic" oops, yes?
      Signed-off-by: default avatarMarek Vasut <marex@denx.de>
      Cc: David S. Miller <davem@davemloft.net>
      Cc: Fabio Estevam <fabio.estevam@freescale.com>
      Cc: Shawn Guo <shawn.guo@linaro.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      c493c044
    • Marek Vasut's avatar
      crypto: ahash - Fully restore ahash request before completing · 1d9a394b
      Marek Vasut authored
      When finishing the ahash request, the ahash_op_unaligned_done() will
      call complete() on the request. Yet, this will not call the correct
      complete callback. The correct complete callback was previously stored
      in the requests' private data, as seen in ahash_op_unaligned(). This
      patch restores the correct complete callback and .data field of the
      request before calling complete() on it.
      Signed-off-by: default avatarMarek Vasut <marex@denx.de>
      Cc: David S. Miller <davem@davemloft.net>
      Cc: Fabio Estevam <fabio.estevam@freescale.com>
      Cc: Shawn Guo <shawn.guo@linaro.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      1d9a394b
  2. 31 Dec, 2013 1 commit
  3. 30 Dec, 2013 3 commits
  4. 20 Dec, 2013 8 commits
  5. 09 Dec, 2013 2 commits
  6. 05 Dec, 2013 14 commits
  7. 28 Nov, 2013 8 commits
    • Horia Geanta's avatar
      crypto: testmgr - fix sglen in test_aead for case 'dst != src' · 8ec25c51
      Horia Geanta authored
      Commit d8a32ac2 (crypto: testmgr - make
      test_aead also test 'dst != src' code paths) added support for different
      source and destination buffers in test_aead.
      
      This patch modifies the source and destination buffer lengths accordingly:
      the lengths are not equal since encryption / decryption adds / removes
      the ICV.
      
      Cc: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
      Signed-off-by: default avatarHoria Geanta <horia.geanta@freescale.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      8ec25c51
    • Horia Geanta's avatar
      crypto: talitos - fix aead sglen for case 'dst != src' · 62293a37
      Horia Geanta authored
      For aead case when source and destination buffers are different,
      there is an incorrect assumption that the source length includes the ICV
      length. Fix this, since it leads to an oops when using sg_count() to
      find the number of nents in the scatterlist:
      
      Unable to handle kernel paging request for data at address 0x00000004
      Faulting instruction address: 0xf2265a28
      Oops: Kernel access of bad area, sig: 11 [#1]
      SMP NR_CPUS=8 P2020 RDB
      Modules linked in: talitos(+)
      CPU: 1 PID: 2187 Comm: cryptomgr_test Not tainted 3.11.0 #12
      task: c4e72e20 ti: ef634000 task.ti: ef634000
      NIP: f2265a28 LR: f2266ad8 CTR: c000c900
      REGS: ef635bb0 TRAP: 0300   Not tainted  (3.11.0)
      MSR: 00029000 <CE,EE,ME>  CR: 42042084  XER: 00000000
      DEAR: 00000004, ESR: 00000000
      
      GPR00: f2266e10 ef635c60 c4e72e20 00000001 00000014 ef635c69 00000001 c11f3082
      GPR08: 00000010 00000000 00000002 2f635d58 22044084 00000000 00000000 c0755c80
      GPR16: c4bf1000 ef784000 00000000 00000000 00000020 00000014 00000010 ef2f6100
      GPR24: ef2f6200 00000024 ef143210 ef2f6000 00000000 ef635d58 00000000 2f635d58
      NIP [f2265a28] sg_count+0x1c/0xb4 [talitos]
      LR [f2266ad8] talitos_edesc_alloc+0x12c/0x410 [talitos]
      Call Trace:
      [ef635c60] [c0552068] schedule_timeout+0x148/0x1ac (unreliable)
      [ef635cc0] [f2266e10] aead_edesc_alloc+0x54/0x64 [talitos]
      [ef635ce0] [f22680f0] aead_encrypt+0x24/0x70 [talitos]
      [ef635cf0] [c024b948] __test_aead+0x494/0xf68
      [ef635e20] [c024d54c] test_aead+0x64/0xcc
      [ef635e40] [c024d604] alg_test_aead+0x50/0xc4
      [ef635e60] [c024c838] alg_test+0x10c/0x2e4
      [ef635ee0] [c0249d1c] cryptomgr_test+0x4c/0x54
      [ef635ef0] [c005d598] kthread+0xa8/0xac
      [ef635f40] [c000e3bc] ret_from_kernel_thread+0x5c/0x64
      Instruction dump:
      81230024 552807fe 0f080000 5523003a 4bffff24 39000000 2c040000 99050000
      408100a0 7c691b78 38c00001 38600000 <80e90004> 38630001 8109000c 70ea0002
      ---[ end trace 4498123cd8478591 ]---
      Signed-off-by: default avatarHoria Geanta <horia.geanta@freescale.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      62293a37
    • Horia Geanta's avatar
      crypto: caam - fix aead sglen for case 'dst != src' · bbf9c893
      Horia Geanta authored
      For aead case when source and destination buffers are different,
      there is an incorrect assumption that the source length includes the ICV
      length. Fix this, since it leads to an oops when using sg_count() to
      find the number of nents in the scatterlist:
      
      Unable to handle kernel paging request for data at address 0x00000004
      Faulting instruction address: 0xf91f7634
      Oops: Kernel access of bad area, sig: 11 [#1]
      SMP NR_CPUS=8 P4080 DS
      Modules linked in: caamalg(+) caam_jr caam
      CPU: 1 PID: 1053 Comm: cryptomgr_test Not tainted 3.11.0 #16
      task: eeb24ab0 ti: eeafa000 task.ti: eeafa000
      NIP: f91f7634 LR: f91f7f24 CTR: f91f7ef0
      REGS: eeafbbc0 TRAP: 0300   Not tainted  (3.11.0)
      MSR: 00029002 <CE,EE,ME>  CR: 44044044  XER: 00000000
      DEAR: 00000004, ESR: 00000000
      
      GPR00: f91f7f24 eeafbc70 eeb24ab0 00000002 ee8e0900 ee8e0800 00000024 c45c4462
      GPR08: 00000010 00000000 00000014 0c0e4000 24044044 00000000 00000000 c0691590
      GPR16: eeab0000 eeb23000 00000000 00000000 00000000 00000001 00000001 eeafbcc8
      GPR24: 000000d1 00000010 ee2d5000 ee49ea10 ee49ea10 ee46f640 ee46f640 c0691590
      NIP [f91f7634] aead_edesc_alloc.constprop.14+0x144/0x780 [caamalg]
      LR [f91f7f24] aead_encrypt+0x34/0x288 [caamalg]
      Call Trace:
      [eeafbc70] [a1004000] 0xa1004000 (unreliable)
      [eeafbcc0] [f91f7f24] aead_encrypt+0x34/0x288 [caamalg]
      [eeafbcf0] [c020d77c] __test_aead+0x3ec/0xe20
      [eeafbe20] [c020f35c] test_aead+0x6c/0xe0
      [eeafbe40] [c020f420] alg_test_aead+0x50/0xd0
      [eeafbe60] [c020e5e4] alg_test+0x114/0x2e0
      [eeafbee0] [c020bd1c] cryptomgr_test+0x4c/0x60
      [eeafbef0] [c0047058] kthread+0xa8/0xb0
      [eeafbf40] [c000eb0c] ret_from_kernel_thread+0x5c/0x64
      Instruction dump:
      69084321 7d080034 5508d97e 69080001 0f080000 81290024 552807fe 0f080000
      3a600001 5529003a 2f8a0000 40dd0028 <80e90004> 3ab50001 8109000c 70e30002
      ---[ end trace b3c3e23925c7484e ]---
      
      While here, add a tcrypt mode for making it easy to test authenc
      (needed for triggering case above).
      Signed-off-by: default avatarHoria Geanta <horia.geanta@freescale.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      bbf9c893
    • Horia Geanta's avatar
      crypto: ccm - Fix handling of zero plaintext when computing mac · 5638cabf
      Horia Geanta authored
      There are cases when cryptlen can be zero in crypto_ccm_auth():
      -encryptiom: input scatterlist length is zero (no plaintext)
      -decryption: input scatterlist contains only the mac
      plus the condition of having different source and destination buffers
      (or else scatterlist length = max(plaintext_len, ciphertext_len)).
      
      These are not handled correctly, leading to crashes like:
      
      root@p4080ds:~/crypto# insmod tcrypt.ko mode=45
      ------------[ cut here ]------------
      kernel BUG at crypto/scatterwalk.c:37!
      Oops: Exception in kernel mode, sig: 5 [#1]
      SMP NR_CPUS=8 P4080 DS
      Modules linked in: tcrypt(+) crc32c xts xcbc vmac pcbc ecb gcm ghash_generic gf128mul ccm ctr seqiv
      CPU: 3 PID: 1082 Comm: cryptomgr_test Not tainted 3.11.0 #14
      task: ee12c5b0 ti: eecd0000 task.ti: eecd0000
      NIP: c0204d98 LR: f9225848 CTR: c0204d80
      REGS: eecd1b70 TRAP: 0700   Not tainted  (3.11.0)
      MSR: 00029002 <CE,EE,ME>  CR: 22044022  XER: 20000000
      
      GPR00: f9225c94 eecd1c20 ee12c5b0 eecd1c28 ee879400 ee879400 00000000 ee607464
      GPR08: 00000001 00000001 00000000 006b0000 c0204d80 00000000 00000002 c0698e20
      GPR16: ee987000 ee895000 fffffff4 ee879500 00000100 eecd1d58 00000001 00000000
      GPR24: ee879400 00000020 00000000 00000000 ee5b2800 ee607430 00000004 ee607460
      NIP [c0204d98] scatterwalk_start+0x18/0x30
      LR [f9225848] get_data_to_compute+0x28/0x2f0 [ccm]
      Call Trace:
      [eecd1c20] [f9225974] get_data_to_compute+0x154/0x2f0 [ccm] (unreliable)
      [eecd1c70] [f9225c94] crypto_ccm_auth+0x184/0x1d0 [ccm]
      [eecd1cb0] [f9225d40] crypto_ccm_encrypt+0x60/0x2d0 [ccm]
      [eecd1cf0] [c020d77c] __test_aead+0x3ec/0xe20
      [eecd1e20] [c020f35c] test_aead+0x6c/0xe0
      [eecd1e40] [c020f420] alg_test_aead+0x50/0xd0
      [eecd1e60] [c020e5e4] alg_test+0x114/0x2e0
      [eecd1ee0] [c020bd1c] cryptomgr_test+0x4c/0x60
      [eecd1ef0] [c0047058] kthread+0xa8/0xb0
      [eecd1f40] [c000eb0c] ret_from_kernel_thread+0x5c/0x64
      Instruction dump:
      0f080000 81290024 552807fe 0f080000 5529003a 4bffffb4 90830000 39400000
      39000001 8124000c 2f890000 7d28579e <0f090000> 81240008 91230004 4e800020
      ---[ end trace 6d652dfcd1be37bd ]---
      
      Cc: <stable@vger.kernel.org>
      Cc: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
      Signed-off-by: default avatarHoria Geanta <horia.geanta@freescale.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      5638cabf
    • Gerald Schaefer's avatar
      crypto: s390 - Fix aes-xts parameter corruption · 9dda2769
      Gerald Schaefer authored
      Some s390 crypto algorithms incorrectly use the crypto_tfm structure to
      store private data. As the tfm can be shared among multiple threads, this
      can result in data corruption.
      
      This patch fixes aes-xts by moving the xts and pcc parameter blocks from
      the tfm onto the stack (48 + 96 bytes).
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarGerald Schaefer <gerald.schaefer@de.ibm.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      9dda2769
    • Horia Geanta's avatar
      crypto: talitos - corrrectly handle zero-length assoc data · 935e99a3
      Horia Geanta authored
      talitos does not handle well zero-length assoc data. From dmesg:
      talitos ffe30000.crypto: master data transfer error
      talitos ffe30000.crypto: gather return/length error
      
      Check whether assoc data is provided by inspecting assoclen,
      not assoc pointer.
      This is needed in order to pass testmgr tests.
      Signed-off-by: default avatarHoria Geanta <horia.geanta@freescale.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      935e99a3
    • Tom Lendacky's avatar
      crypto: scatterwalk - Set the chain pointer indication bit · 41da8b5a
      Tom Lendacky authored
      The scatterwalk_crypto_chain function invokes the scatterwalk_sg_chain
      function to chain two scatterlists, but the chain pointer indication
      bit is not set.  When the resulting scatterlist is used, for example,
      by sg_nents to count the number of scatterlist entries, a segfault occurs
      because sg_nents does not follow the chain pointer to the chained scatterlist.
      
      Update scatterwalk_sg_chain to set the chain pointer indication bit as is
      done by the sg_chain function.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      41da8b5a
    • Tom Lendacky's avatar
      crypto: authenc - Find proper IV address in ablkcipher callback · fc019c71
      Tom Lendacky authored
      When performing an asynchronous ablkcipher operation the authenc
      completion callback routine is invoked, but it does not locate and use
      the proper IV.
      
      The callback routine, crypto_authenc_encrypt_done, is updated to use
      the same method of calculating the address of the IV as is done in
      crypto_authenc_encrypt function which sets up the callback.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      fc019c71
  8. 26 Nov, 2013 1 commit