- 30 Oct, 2013 2 commits
-
-
Stanimir Varbanov authored
This adds Qualcomm PRNG driver device tree binding documentation to use as an example in dts trees. Signed-off-by: Stanimir Varbanov <svarbanov@mm-sol.com> Reviewed-by: Stephen Boyd <sboyd@codeaurora.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Herbert Xu authored
Previously we would use eseqiv on all async ciphers in all cases, and sync ciphers if we have more than one CPU. This meant that chainiv is only used in the case of sync ciphers on a UP machine. As chainiv may aid attackers by making the IV predictable, even though this risk itself is small, the above usage pattern causes it to further leak information about the host. This patch addresses these issues by using eseqiv even if we're on a UP machine. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: David S. Miller <davem@davemloft.net>
-
- 16 Oct, 2013 7 commits
-
-
Mathias Krause authored
Use the common helper function crypto_authenc_extractkeys() for key parsing. Cc: Kim Phillips <kim.phillips@freescale.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Mathias Krause <mathias.krause@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Mathias Krause authored
Use the common helper function crypto_authenc_extractkeys() for key parsing. Also ensure the auth key won't overflow the hash_ctx buffer. Cc: Jamie Iles <jamie@jamieiles.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Mathias Krause <mathias.krause@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Mathias Krause authored
Use the common helper function crypto_authenc_extractkeys() for key parsing. Also ensure the keys do fit into the corresponding buffers. Otherwise memory corruption might occur. Cc: Christian Hohnstaedt <chohnstaedt@innominate.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Mathias Krause <mathias.krause@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Mathias Krause authored
Use the common helper function crypto_authenc_extractkeys() for key parsing. Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Mathias Krause <mathias.krause@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Mathias Krause authored
AEAD key parsing is duplicated to multiple places in the kernel. Add a common helper function to consolidate that functionality. Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Mathias Krause <mathias.krause@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Michael Opdenacker authored
This patch proposes to remove the use of the IRQF_DISABLED flag It's a NOOP since 2.6.35 and it will be removed one day. Signed-off-by: Michael Opdenacker <michael.opdenacker@free-electrons.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Pali Rohár authored
This driver provides kernel-side support for the Random Number Generator hardware found on OMAP34xx processors. This driver comes from Maemo 2.6.28 kernel and was tested on Nokia RX-51. It is platform device because it needs board specific function for smc calls. Signed-off-by: Pali Rohár <pali.rohar@gmail.com> Signed-off-by: Juha Yrjola <juha.yrjola@solidboot.com> Acked-by: Tony Lindgren <tony@atomide.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
- 07 Oct, 2013 8 commits
-
-
Oliver Neukum authored
The AVX2 implementation also uses BMI2 instructions, but doesn't test for their availability. The assumption that AVX2 and BMI2 always go together is false. Some Haswells have AVX2 but not BMI2. Signed-off-by: Oliver Neukum <oneukum@suse.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Sachin Kamat authored
The data structure of_match_ptr() protects is always compiled in. Hence of_match_ptr() is not needed. Signed-off-by: Sachin Kamat <sachin.kamat@linaro.org> Cc: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Sachin Kamat authored
The data structure of_match_ptr() protects is always compiled in. Hence of_match_ptr() is not needed. Signed-off-by: Sachin Kamat <sachin.kamat@linaro.org> Cc: Javier Martin <javier.martin@vista-silicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
James Yonan authored
When comparing MAC hashes, AEAD authentication tags, or other hash values in the context of authentication or integrity checking, it is important not to leak timing information to a potential attacker, i.e. when communication happens over a network. Bytewise memory comparisons (such as memcmp) are usually optimized so that they return a nonzero value as soon as a mismatch is found. E.g, on x86_64/i5 for 512 bytes this can be ~50 cyc for a full mismatch and up to ~850 cyc for a full match (cold). This early-return behavior can leak timing information as a side channel, allowing an attacker to iteratively guess the correct result. This patch adds a new method crypto_memneq ("memory not equal to each other") to the crypto API that compares memory areas of the same length in roughly "constant time" (cache misses could change the timing, but since they don't reveal information about the content of the strings being compared, they are effectively benign). Iow, best and worst case behaviour take the same amount of time to complete (in contrast to memcmp). Note that crypto_memneq (unlike memcmp) can only be used to test for equality or inequality, NOT for lexicographical order. This, however, is not an issue for its use-cases within the crypto API. We tried to locate all of the places in the crypto API where memcmp was being used for authentication or integrity checking, and convert them over to crypto_memneq. crypto_memneq is declared noinline, placed in its own source file, and compiled with optimizations that might increase code size disabled ("Os") because a smart compiler (or LTO) might notice that the return value is always compared against zero/nonzero, and might then reintroduce the same early-return optimization that we are trying to avoid. Using #pragma or __attribute__ optimization annotations of the code for disabling optimization was avoided as it seems to be considered broken or unmaintained for long time in GCC [1]. Therefore, we work around that by specifying the compile flag for memneq.o directly in the Makefile. We found that this seems to be most appropriate. As we use ("Os"), this patch also provides a loop-free "fast-path" for frequently used 16 byte digests. Similarly to kernel library string functions, leave an option for future even further optimized architecture specific assembler implementations. This was a joint work of James Yonan and Daniel Borkmann. Also thanks for feedback from Florian Weimer on this and earlier proposals [2]. [1] http://gcc.gnu.org/ml/gcc/2012-07/msg00211.html [2] https://lkml.org/lkml/2013/2/10/131Signed-off-by: James Yonan <james@openvpn.net> Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Cc: Florian Weimer <fw@deneb.enyo.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Michael Ellerman authored
We don't expect to get errors from the hypervisor when reading the rng, but if we do we should pass the error up to the hwrng driver. Otherwise the hwrng driver will continue calling us forever. Signed-off-by: Michael Ellerman <michael@ellerman.id.au> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Michael Ellerman authored
Signed-off-by: Michael Ellerman <michael@ellerman.id.au> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
kbuild test robot authored
tree: git://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master head: 48e6dc1b commit: a62b01cd [20/24] crypto: create generic version of ablk_helper coccinelle warnings: (new ones prefixed by >>) >> crypto/ablk_helper.c:97:2-8: Replace memcpy with struct assignment >> crypto/ablk_helper.c:78:2-8: Replace memcpy with struct assignment Please consider folding the attached diff :-) Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Fabio Estevam authored
devm_ioremap_resource() may fail, so better check its return value and propagate it in the case of error. Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
- 23 Sep, 2013 13 commits
-
-
Fabio Estevam authored
tasklet_kill() is not being called in probe and the remove function releases the resources in the wrong order. Fix these issues. Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Fabio Estevam authored
Using Use devm_request_irq() can make the code smaller and simpler, as we do not need to call free_irq() in the probe error path and in the remove function. Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Fabio Estevam authored
Using devm_ioremap_resource() can make the code simpler and smaller. When devm_ioremap_resource() is used there is no need to explicitely check the error returned by platform_get_resource(). Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Ard Biesheuvel authored
Move all users of ablk_helper under x86/ to the generic version and delete the x86 specific version. Acked-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Ard Biesheuvel authored
Create a generic version of ablk_helper so it can be reused by other architectures. Acked-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Neil Horman authored
Stephan Mueller reported to me recently a error in random number generation in the ansi cprng. If several small requests are made that are less than the instances block size, the remainder for loop code doesn't increment rand_data_valid in the last iteration, meaning that the last bytes in the rand_data buffer gets reused on the subsequent smaller-than-a-block request for random data. The fix is pretty easy, just re-code the for loop to make sure that rand_data_valid gets incremented appropriately Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Reported-by: Stephan Mueller <stephan.mueller@atsec.com> CC: Stephan Mueller <stephan.mueller@atsec.com> CC: Petr Matousek <pmatouse@redhat.com> CC: Herbert Xu <herbert@gondor.apana.org.au> CC: "David S. Miller" <davem@davemloft.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Stephen Warren authored
Following commit f5b38c5f "crypto: tegra - use kernel entropy instead of ad-hoc", this function is no longer used. It's also only accurate for Tegra20 and not later SoCs. So, remove it. Signed-off-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Sachin Kamat authored
devm_clk_get is device managed and makes code simpler. Signed-off-by: Sachin Kamat <sachin.kamat@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Sachin Kamat authored
'dd' is tested for NULL. However, it is derefenced in the error message print. Change the print to pr_err to avoid this. Signed-off-by: Sachin Kamat <sachin.kamat@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Sachin Kamat authored
'tegra_aes_cra_exit' is used only in this file. Signed-off-by: Sachin Kamat <sachin.kamat@linaro.org> Cc: Stephen Warren <swarren@wwwdotorg.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Sachin Kamat authored
Local symbols used only in this file are made static. Signed-off-by: Sachin Kamat <sachin.kamat@linaro.org> Cc: Dmitry Kasatkin <dmitry.kasatkin@nokia.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Sachin Kamat authored
Local symbols used only in this file are made static. Signed-off-by: Sachin Kamat <sachin.kamat@linaro.org> Cc: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Yashpal Dutta authored
KMap the buffers before copying trailing bytes during hmac into a session temporary buffer. This is required if pinned buffer from user-space is send during hmac and is safe even if hmac request is generated from within kernel. Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
- 13 Sep, 2013 10 commits
-
-
Alex Porosanu authored
RNG4 block contains multiple (i.e. 2) state handles that can be initialized. This patch adds the necessary code for detecting which of the two state handles has been instantiated by another piece of software e.g. u-boot and instantiate the other one (or both if none was instantiated). Only the state handle(s) instantiated by this driver will be deinstantiated when removing the module. Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Alex Porosanu authored
RNG4 defines in desc.h were incomplete (bits AI & PS were missing), while SK was set as an ALG related bit. This patchs adds the missing bits and corrects the SK bit. Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Alex Porosanu authored
If the caam driver module instantiates the RNG state handle 0, then upon the removal of the module, the RNG state handle is left initialized. This patch takes care of reverting the state of the handle back to its previous uninstantatied state. Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Alex Porosanu authored
This patch splits the RNG4 state handle instantiation function into two parts: one that handles the creation of the descriptor which instructs the CAAM to perform the instantiation of the state handle and another function that performs the running of the said descriptor using the DECO debug mechanism. Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Alex Porosanu authored
The RNG4 block in CAAM needs to be 'seeded' first before being used for generating pseudo-random data. The 'seeding' is done by getting entropy from the TRNG ring oscillator. The RTFRQMAX register controls the maximum allowable number of samples that can be aquired during an entropy sample. Depending on the clock at which the RNG4 block (and for that matter the SEC block) runs, it's possible that a hard-coded value for the maximum frequency is inadequate, i.e. more samples than needed are taken. This is an error, and thus the RNG4 block doesn't get initialized. The patch attempts to alleviate this issue by trying with progressivly larger frequencies, until the number of samples is adequate. This patch also fixes how a descriptor is deemed as being finished: instead of checking the VALID field in the DECO debug register, it makes sure that the DECO is idle, by checking the DECO state field of the said register. Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Alex Porosanu authored
If the CAAM driver initialization failed (due to various reasons, e.g. RNG4 initialization failed), then the registration of hash/algorithms/rng shouldn't take place. This patch adds the necessary code to prevent this registration. Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Alex Porosanu authored
The way the DECO runs a descriptor through the direct (debug) interface is different from the JRI interface: the DECO will continue to try and execute the next commands, after the descriptor buffer has ended. This leads to unpredictable results and possibly to locking up of the DECO. This patch adds a halt command at the end of the descriptor to ensure the DECO halts when it reaches the end of the descriptor buffer. Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Linus Walleij authored
The way I read the Tegra AES RNG is that it has a homebrew algorithm for initializing the 128bit RNG using timespec and the unique chip ID. This looks like reinventing the (square) wheel, instead just grab 128bits from the kernel entropy pool where the time and (after another patch) chip unique ID is already mixed in. Incidentally this also gets rid of a rather ugly cross-dependence on the machine using an extern declaration. Cc: Varun Wadekar <vwadekar@nvidia.com> Cc: Neil Horman <nhorman@tuxdriver.com> Cc: linux-tegra@vger.kernel.org Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Acked-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Ben Hutchings authored
It is only used in modular builds. Reported-by: kbuild test robot <fengguang.wu@intel.com> Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Jussi Kivilinna authored
Commit 3d387ef0 (Revert "crypto: blowfish - add AVX2/x86_64 implementation of blowfish cipher") reverted too much as it removed the 'assembler supports AVX2' check and therefore disabled remaining AVX2 implementations of Camellia and Serpent. Patch restores the check and enables these implementations. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-