1. 25 Oct, 2019 8 commits
    • Ben Dooks's avatar
      hwrng: ka-sa - fix __iomem on registers · d1569349
      Ben Dooks authored
      Add __ioemm attribute to reg_rng to fix the following
      sparse warnings:
      
      drivers/char/hw_random/ks-sa-rng.c:102:9: warning: incorrect type in argument 2 (different address spaces)
      drivers/char/hw_random/ks-sa-rng.c:102:9:    expected void volatile [noderef] <asn:2> *addr
      drivers/char/hw_random/ks-sa-rng.c:102:9:    got unsigned int *
      drivers/char/hw_random/ks-sa-rng.c:104:9: warning: incorrect type in argument 2 (different address spaces)
      drivers/char/hw_random/ks-sa-rng.c:104:9:    expected void volatile [noderef] <asn:2> *addr
      drivers/char/hw_random/ks-sa-rng.c:104:9:    got unsigned int *
      drivers/char/hw_random/ks-sa-rng.c:113:9: warning: incorrect type in argument 2 (different address spaces)
      drivers/char/hw_random/ks-sa-rng.c:113:9:    expected void volatile [noderef] <asn:2> *addr
      drivers/char/hw_random/ks-sa-rng.c:113:9:    got unsigned int *
      drivers/char/hw_random/ks-sa-rng.c:116:9: warning: incorrect type in argument 2 (different address spaces)
      drivers/char/hw_random/ks-sa-rng.c:116:9:    expected void volatile [noderef] <asn:2> *addr
      drivers/char/hw_random/ks-sa-rng.c:116:9:    got unsigned int *
      drivers/char/hw_random/ks-sa-rng.c:119:17: warning: incorrect type in argument 1 (different address spaces)
      drivers/char/hw_random/ks-sa-rng.c:119:17:    expected void const volatile [noderef] <asn:2> *addr
      drivers/char/hw_random/ks-sa-rng.c:119:17:    got unsigned int *
      drivers/char/hw_random/ks-sa-rng.c:121:9: warning: incorrect type in argument 2 (different address spaces)
      drivers/char/hw_random/ks-sa-rng.c:121:9:    expected void volatile [noderef] <asn:2> *addr
      drivers/char/hw_random/ks-sa-rng.c:121:9:    got unsigned int *
      drivers/char/hw_random/ks-sa-rng.c:132:9: warning: incorrect type in argument 2 (different address spaces)
      drivers/char/hw_random/ks-sa-rng.c:132:9:    expected void volatile [noderef] <asn:2> *addr
      drivers/char/hw_random/ks-sa-rng.c:132:9:    got unsigned int *
      drivers/char/hw_random/ks-sa-rng.c:143:19: warning: incorrect type in argument 1 (different address spaces)
      drivers/char/hw_random/ks-sa-rng.c:143:19:    expected void const volatile [noderef] <asn:2> *addr
      drivers/char/hw_random/ks-sa-rng.c:143:19:    got unsigned int *
      drivers/char/hw_random/ks-sa-rng.c:144:19: warning: incorrect type in argument 1 (different address spaces)
      drivers/char/hw_random/ks-sa-rng.c:144:19:    expected void const volatile [noderef] <asn:2> *addr
      drivers/char/hw_random/ks-sa-rng.c:144:19:    got unsigned int *
      drivers/char/hw_random/ks-sa-rng.c:146:9: warning: incorrect type in argument 2 (different address spaces)
      drivers/char/hw_random/ks-sa-rng.c:146:9:    expected void volatile [noderef] <asn:2> *addr
      drivers/char/hw_random/ks-sa-rng.c:146:9:    got unsigned int *
      drivers/char/hw_random/ks-sa-rng.c:160:25: warning: incorrect type in argument 1 (different address spaces)
      drivers/char/hw_random/ks-sa-rng.c:160:25:    expected void const volatile [noderef] <asn:2> *addr
      drivers/char/hw_random/ks-sa-rng.c:160:25:    got unsigned int *
      drivers/char/hw_random/ks-sa-rng.c:194:28: warning: incorrect type in assignment (different address spaces)
      drivers/char/hw_random/ks-sa-rng.c:194:28:    expected struct trng_regs *reg_rng
      drivers/char/hw_random/ks-sa-rng.c:194:28:    got void [noderef] <asn:2> *
      Signed-off-by: default avatarBen Dooks <ben.dooks@codethink.co.uk>
      Acked-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      d1569349
    • Ard Biesheuvel's avatar
      crypto: powerpc/spe-xts - implement support for ciphertext stealing · d0be0720
      Ard Biesheuvel authored
      Add the logic to deal with input sizes that are not a round multiple
      of the AES block size, as described by the XTS spec. This brings the
      SPE implementation in line with other kernel drivers that have been
      updated recently to take this into account.
      
      Cc: Eric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      d0be0720
    • Eric Biggers's avatar
      crypto: powerpc - convert SPE AES algorithms to skcipher API · 7f725f41
      Eric Biggers authored
      Convert the glue code for the PowerPC SPE implementations of AES-ECB,
      AES-CBC, AES-CTR, and AES-XTS from the deprecated "blkcipher" API to the
      "skcipher" API.  This is needed in order for the blkcipher API to be
      removed.
      
      Tested with:
      
      	export ARCH=powerpc CROSS_COMPILE=powerpc-linux-gnu-
      	make mpc85xx_defconfig
      	cat >> .config << EOF
      	# CONFIG_MODULES is not set
      	# CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set
      	CONFIG_DEBUG_KERNEL=y
      	CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y
      	CONFIG_CRYPTO_AES=y
      	CONFIG_CRYPTO_CBC=y
      	CONFIG_CRYPTO_CTR=y
      	CONFIG_CRYPTO_ECB=y
      	CONFIG_CRYPTO_XTS=y
      	CONFIG_CRYPTO_AES_PPC_SPE=y
      	EOF
      	make olddefconfig
      	make -j32
      	qemu-system-ppc -M mpc8544ds -cpu e500 -nographic \
      		-kernel arch/powerpc/boot/zImage \
      		-append cryptomgr.fuzz_iterations=1000
      
      Note that xts-ppc-spe still fails the comparison tests due to the lack
      of ciphertext stealing support.  This is not addressed by this patch.
      
      This patch also cleans up the code by making ->encrypt() and ->decrypt()
      call a common function for each of ECB, CBC, and XTS, and by using a
      clearer way to compute the length to process at each step.
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      7f725f41
    • Eric Biggers's avatar
      crypto: powerpc - don't set ivsize for AES-ECB · 8255e65d
      Eric Biggers authored
      Set the ivsize for the "ecb-ppc-spe" algorithm to 0, since ECB mode
      doesn't take an IV.
      
      This fixes a failure in the extra crypto self-tests:
      
      	alg: skcipher: ivsize for ecb-ppc-spe (16) doesn't match generic impl (0)
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      8255e65d
    • Eric Biggers's avatar
      crypto: powerpc - don't unnecessarily use atomic scatterwalk · 0d6ecb2e
      Eric Biggers authored
      The PowerPC SPE implementations of AES modes only disable preemption
      during the actual encryption/decryption, not during the scatterwalk
      functions.  It's therefore unnecessary to request an atomic scatterwalk.
      So don't do so.
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      0d6ecb2e
    • Ard Biesheuvel's avatar
      crypto: aegis128 - duplicate init() and final() hooks in SIMD code · 52828263
      Ard Biesheuvel authored
      In order to speed up aegis128 processing even more, duplicate the init()
      and final() routines as SIMD versions in their entirety. This results
      in a 2x speedup on ARM Cortex-A57 for ~1500 byte packets (using AES
      instructions).
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      52828263
    • Ard Biesheuvel's avatar
      crypto: aegis128 - avoid function pointers for parameterization · 2698bce1
      Ard Biesheuvel authored
      Instead of passing around an ops structure with function pointers,
      which forces indirect calls to be used, refactor the code slightly
      so we can use ordinary function calls. At the same time, switch to
      a static key to decide whether or not the SIMD code path may be used.
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      2698bce1
    • Sumit Garg's avatar
      hwrng: omap - Fix RNG wait loop timeout · be867f98
      Sumit Garg authored
      Existing RNG data read timeout is 200us but it doesn't cover EIP76 RNG
      data rate which takes approx. 700us to produce 16 bytes of output data
      as per testing results. So configure the timeout as 1000us to also take
      account of lack of udelay()'s reliability.
      
      Fixes: 38321242 ("hwrng: omap - Add device variant for SafeXcel IP-76 found in Armada 8K")
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      be867f98
  2. 23 Oct, 2019 21 commits
  3. 18 Oct, 2019 3 commits
  4. 10 Oct, 2019 8 commits
    • Ard Biesheuvel's avatar
      crypto: geode-aes - switch to skcipher for cbc(aes) fallback · 504582e8
      Ard Biesheuvel authored
      Commit 79c65d17 ("crypto: cbc - Convert to skcipher") updated
      the generic CBC template wrapper from a blkcipher to a skcipher algo,
      to get away from the deprecated blkcipher interface. However, as a side
      effect, drivers that instantiate CBC transforms using the blkcipher as
      a fallback no longer work, since skciphers can wrap blkciphers but not
      the other way around. This broke the geode-aes driver.
      
      So let's fix it by moving to the sync skcipher interface when allocating
      the fallback. At the same time, align with the generic API for ECB and
      CBC by rejecting inputs that are not a multiple of the AES block size.
      
      Fixes: 79c65d17 ("crypto: cbc - Convert to skcipher")
      Cc: <stable@vger.kernel.org> # v4.20+ ONLY
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarFlorian Bezdeka <florian@bezdeka.de>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      504582e8
    • Navid Emamdoost's avatar
      crypto: user - fix memory leak in crypto_reportstat · c03b04dc
      Navid Emamdoost authored
      In crypto_reportstat, a new skb is created by nlmsg_new(). This skb is
      leaked if crypto_reportstat_alg() fails. Required release for skb is
      added.
      
      Fixes: cac5818c ("crypto: user - Implement a generic crypto statistics")
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarNavid Emamdoost <navid.emamdoost@gmail.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      c03b04dc
    • Navid Emamdoost's avatar
      crypto: user - fix memory leak in crypto_report · ffdde593
      Navid Emamdoost authored
      In crypto_report, a new skb is created via nlmsg_new(). This skb should
      be released if crypto_report_alg() fails.
      
      Fixes: a38f7907 ("crypto: Add userspace configuration API")
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarNavid Emamdoost <navid.emamdoost@gmail.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      ffdde593
    • Ayush Sawal's avatar
      crypto: af_alg - cast ki_complete ternary op to int · 64e7f852
      Ayush Sawal authored
      when libkcapi test is executed  using HW accelerator, cipher operation
      return -74.Since af_alg_async_cb->ki_complete treat err as unsigned int,
      libkcapi receive 429467222 even though it expect -ve value.
      
      Hence its required to cast resultlen to int so that proper
      error is returned to libkcapi.
      
      AEAD one shot non-aligned test 2(libkcapi test)
      ./../bin/kcapi   -x 10   -c "gcm(aes)" -i 7815d4b06ae50c9c56e87bd7
      -k ea38ac0c9b9998c80e28fb496a2b88d9 -a
      "853f98a750098bec1aa7497e979e78098155c877879556bb51ddeb6374cbaefc"
      -t "c4ce58985b7203094be1d134c1b8ab0b" -q
      "b03692f86d1b8b39baf2abb255197c98"
      
      Fixes: d887c52d ("crypto: algif_aead - overhaul memory management")
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAyush Sawal <ayush.sawal@chelsio.com>
      Signed-off-by: default avatarAtul Gupta <atul.gupta@chelsio.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarAyush Sawal <ayush.sawal@chelsio.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      64e7f852
    • Tudor Ambarus's avatar
      crypto: atmel-aes - Fix IV handling when req->nbytes < ivsize · 86ef1dfc
      Tudor Ambarus authored
      commit 394a9e04 ("crypto: cfb - add missing 'chunksize' property")
      adds a test vector where the input length is smaller than the IV length
      (the second test vector). This revealed a NULL pointer dereference in
      the atmel-aes driver, that is caused by passing an incorrect offset in
      scatterwalk_map_and_copy() when atmel_aes_complete() is called.
      
      Do not save the IV in req->info of ablkcipher_request (or equivalently
      req->iv of skcipher_request) when req->nbytes < ivsize, because the IV
      will not be further used.
      
      While touching the code, modify the type of ivsize from int to
      unsigned int, to comply with the return type of
      crypto_ablkcipher_ivsize().
      
      Fixes: 91308019 ("crypto: atmel-aes - properly set IV after {en,de}crypt")
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarTudor Ambarus <tudor.ambarus@microchip.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      86ef1dfc
    • Ard Biesheuvel's avatar
      crypto: aegis128/simd - build 32-bit ARM for v8 architecture explicitly · 83053677
      Ard Biesheuvel authored
      Now that the Clang compiler has taken it upon itself to police the
      compiler command line, and reject combinations for arguments it views
      as incompatible, the AEGIS128 no longer builds correctly, and errors
      out like this:
      
        clang-10: warning: ignoring extension 'crypto' because the 'armv7-a'
        architecture does not support it [-Winvalid-command-line-argument]
      
      So let's switch to armv8-a instead, which matches the crypto-neon-fp-armv8
      FPU profile we specify. Since neither were actually supported by GCC
      versions before 4.8, let's tighten the Kconfig dependencies as well so
      we won't run into errors when building with an ancient compiler.
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Reviewed-by: default avatarNathan Chancellor <natechancellor@gmail.com>
      Tested-by: default avatarNathan Chancellor <natechancellor@gmail.com>
      Reviewed-by: default avatarNick Desaulniers <ndesaulniers@google.com>
      Tested-by: default avatarNick Desaulniers <ndesaulniers@google.com>
      Reported-by: <ci_notify@linaro.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      83053677
    • Arnd Bergmann's avatar
      crypto: inside-secure - Remove #ifdef checks · 977da073
      Arnd Bergmann authored
      When both PCI and OF are disabled, no drivers are registered, and
      we get some unused-function warnings:
      
      drivers/crypto/inside-secure/safexcel.c:1221:13: error: unused function 'safexcel_unregister_algorithms' [-Werror,-Wunused-function]
      static void safexcel_unregister_algorithms(struct safexcel_crypto_priv *priv)
      drivers/crypto/inside-secure/safexcel.c:1307:12: error: unused function 'safexcel_probe_generic' [-Werror,-Wunused-function]
      static int safexcel_probe_generic(void *pdev,
      drivers/crypto/inside-secure/safexcel.c:1531:13: error: unused function 'safexcel_hw_reset_rings' [-Werror,-Wunused-function]
      static void safexcel_hw_reset_rings(struct safexcel_crypto_priv *priv)
      
      It's better to make the compiler see what is going on and remove
      such ifdef checks completely. In case of PCI, this is trivial since
      pci_register_driver() is defined to an empty function that makes the
      compiler subsequently drop all unused code silently.
      
      The global pcireg_rc/ofreg_rc variables are not actually needed here
      since the driver registration does not fail in ways that would make
      it helpful.
      
      For CONFIG_OF, an IS_ENABLED() check is still required, since platform
      drivers can exist both with and without it.
      
      A little change to linux/pci.h is needed to ensure that
      pcim_enable_device() is visible to the driver. Moving the declaration
      outside of ifdef would be sufficient here, but for consistency with the
      rest of the file, adding an inline helper is probably best.
      
      Fixes: 212ef6f2 ("crypto: inside-secure - Fix unused variable warning when CONFIG_PCI=n")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Acked-by: Bjorn Helgaas <bhelgaas@google.com>	# pci.h
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      977da073
    • Arnd Bergmann's avatar
      crypto: inside-secure - Fix a maybe-uninitialized warning · 74e6bd47
      Arnd Bergmann authored
      A previous fixup avoided an unused variable warning but replaced
      it with a slightly scarier warning:
      
      drivers/crypto/inside-secure/safexcel.c:1100:6: error: variable 'irq' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized]
      
      This is harmless as it is impossible to get into this case, but
      the compiler has no way of knowing that. Add an explicit error
      handling case to make it obvious to both compilers and humans
      reading the source.
      
      Fixes: 212ef6f2 ("crypto: inside-secure - Fix unused variable warning when CONFIG_PCI=n")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Acked-by: default avatarPascal van Leeuwen <pvanleeuwen@verimatrix.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      74e6bd47