aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-12-27crypto: chtls - Fixed memory leakVinay Kumar Yadav
Freed work request skbs when connection terminates. enqueue_wr()/ dequeue_wr() is shared between softirq and application contexts, should be protected by socket lock. Moved dequeue_wr() to appropriate file. Signed-off-by: Vinay Kumar Yadav <vinay.yadav@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-27crypto: chtls - Add support for AES256-GCM based ciphersVinay Kumar Yadav
Added support to set 256 bit key to the hardware from setsockopt for AES256-GCM based ciphers. Signed-off-by: Vinay Kumar Yadav <vinay.yadav@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-27crypto: caam - Add support for i.MX8M MiniAdam Ford
The i.MX8M Mini uses the same crypto engine as the i.MX8MQ, but the driver is restricting the check to just the i.MX8MQ. This patch expands the check for either i.MX8MQ or i.MX8MM. Signed-off-by: Adam Ford <aford173@gmail.com> Tested-by: Iuliana Prodan <iuliana.prodan@nxp.com> Reviewed-by: Iuliana Prodan <iuliana.prodan@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-27crypto: api - Retain alg refcount in crypto_grab_spawnHerbert Xu
This patch changes crypto_grab_spawn to retain the reference count on the algorithm. This is because the caller needs to access the algorithm parameters and without the reference count the algorithm can be freed at any time. The reference count will be subsequently dropped by the crypto API once the instance has been registered. The helper crypto_drop_spawn will also conditionally drop the reference count depending on whether it has been registered. Note that the code is actually added to crypto_init_spawn. However, unless the caller activates this by setting spawn->dropref beforehand then nothing happens. The only caller that sets dropref is currently crypto_grab_spawn. Once all legacy users of crypto_init_spawn disappear, then we can kill the dropref flag. Internally each instance will maintain a list of its spawns prior to registration. This memory used by this list is shared with other fields that are only used after registration. In order for this to work a new flag spawn->registered is added to indicate whether spawn->inst can be used. Fixes: d6ef2f198d4c ("crypto: api - Add crypto_grab_spawn primitive") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-27crypto: sun4i-ss - make unexported sun4i_ss_pm_ops staticBen Dooks (Codethink)
The sun4i_ss_pm_ops is not referenced outside the driver except via a pointer, so make it static to avoid the following warning: drivers/crypto/allwinner/sun4i-ss/sun4i-ss-core.c:276:25: warning: symbol 'sun4i_ss_pm_ops' was not declared. Should it be static? Signed-off-by: Ben Dooks (Codethink) <ben.dooks@codethink.co.uk> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-27crypto: stm32/hash - Use dma_request_chan() instead dma_request_slave_channel()Peter Ujfalusi
dma_request_slave_channel() is a wrapper on top of dma_request_chan() eating up the error code. By using dma_request_chan() directly the driver can support deferred probing against DMA. Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-27crypto: img-hash - Use dma_request_chan instead dma_request_slave_channelPeter Ujfalusi
dma_request_slave_channel() is a wrapper on top of dma_request_chan() eating up the error code. By using dma_request_chan() directly the driver can support deferred probing against DMA. Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-27crypto: lib/curve25519 - re-add selftestsJason A. Donenfeld
Somehow these were dropped when Zinc was being integrated, which is problematic, because testing the library interface for Curve25519 is important.. This commit simply adds them back and wires them in in the same way that the blake2s selftests are wired in. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-27crypto: api - remove unneeded semicolonChen Zhou
Fixes coccicheck warning: ./include/linux/crypto.h:573:2-3: Unneeded semicolon Signed-off-by: Chen Zhou <chenzhou10@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-27crypto: allwinner - remove unneeded semicolonChen Zhou
Fixes coccicheck warning: ./drivers/crypto/allwinner/sun8i-ce/sun8i-ce-core.c:558:52-53: Unneeded semicolon Signed-off-by: Chen Zhou <chenzhou10@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-20crypto: algapi - make unregistration functions return voidEric Biggers
Some of the algorithm unregistration functions return -ENOENT when asked to unregister a non-registered algorithm, while others always return 0 or always return void. But no users check the return value, except for two of the bulk unregistration functions which print a message on error but still always return 0 to their caller, and crypto_del_alg() which calls crypto_unregister_instance() which always returns 0. Since unregistering a non-registered algorithm is always a kernel bug but there isn't anything callers should do to handle this situation at runtime, let's simplify things by making all the unregistration functions return void, and moving the error message into crypto_unregister_alg() and upgrading it to a WARN(). Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-20crypto: arm64 - Use modern annotations for assembly functionsMark Brown
In an effort to clarify and simplify the annotation of assembly functions in the kernel new macros have been introduced. These replace ENTRY and ENDPROC and also add a new annotation for static functions which previously had no ENTRY equivalent. Update the annotations in the crypto code to the new macros. There are a small number of files imported from OpenSSL where the assembly is generated using perl programs, these are not currently annotated at all and have not been modified. Signed-off-by: Mark Brown <broonie@kernel.org> Acked-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-20crypto: atmel-aes - Fix CTR counter overflow when multiple fragmentsTudor Ambarus
The CTR transfer works in fragments of data of maximum 1 MByte because of the 16 bit CTR counter embedded in the IP. Fix the CTR counter overflow handling for messages larger than 1 MByte. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Fixes: 781a08d9740a ("crypto: atmel-aes - Fix counter overflow in CTR mode") Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-20crypto: chelsio - calculating tx_channel_id as per the max number of channelsAyush Sawal
chcr driver was not using the number of channels from lld and assuming that there are always two channels available. With following patch chcr will use number of channel as passed by cxgb4. Signed-off-by: Ayush Sawal <ayush.sawal@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-20crypto: atmel-{aes,tdes} - Update the IV only when the op succeedsTudor Ambarus
Do not update the IV in case of errors. Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-20crypto: atmel-{sha,tdes} - Print warn message even when deferringTudor Ambarus
Even when deferring, we would like to know what caused it. Update dev_warn to dev_err because if the DMA init fails, the probe is stopped. Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-20crypto: atmel-{aes,sha,tdes} - Stop passing unused argument in _dma_init()Tudor Ambarus
pdata is not used. Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-20crypto: atmel-{aes,sha,tdes} - Drop duplicate init of dma_slave_config.directionTudor Ambarus
The 'direction' member of the dma_slave_config will be going away as it duplicates the direction given in the prepare call. Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-20crypto: atmel-{aes,sha} - Fix incorrect use of dmaengine_terminate_all()Tudor Ambarus
device_terminate_all() is used to abort all the pending and ongoing transfers on the channel, it should be used just in the error path. Also, dmaengine_terminate_all() is deprecated and one should use dmaengine_terminate_async() or dmaengine_terminate_sync(). The method is not used in atomic context, use dmaengine_terminate_sync(). A secondary aspect of this patch is that it luckily avoids a deadlock between atmel_aes and at_hdmac.c. While in tasklet with the lock held, the dma controller invokes the client callback (dmaengine_terminate_all), which tries to get the same lock. The at_hdmac fix would be to drop the lock before invoking the client callback, a fix on at_hdmac will follow. Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-20crypto: amlogic - add unspecified HAS_IOMEM dependencyBrendan Higgins
Currently CONFIG_CRYPTO_DEV_AMLOGIC_GXL=y implicitly depends on CONFIG_HAS_IOMEM=y; consequently, on architectures without IOMEM we get the following build error: ld: drivers/crypto/amlogic/amlogic-gxl-core.o: in function `meson_crypto_probe': drivers/crypto/amlogic/amlogic-gxl-core.c:240: undefined reference to `devm_platform_ioremap_resource' Fix the build error by adding the unspecified dependency. Reported-by: Brendan Higgins <brendanhiggins@google.com> Signed-off-by: Brendan Higgins <brendanhiggins@google.com> Acked-by: Corentin Labbe <clabbe@baylibre.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-20crypto: inside-secure - add unspecified HAS_IOMEM dependencyBrendan Higgins
Currently CONFIG_CRYPTO_DEV_SAFEXCEL=y implicitly depends on CONFIG_HAS_IOMEM=y; consequently, on architectures without IOMEM we get the following build error: ld: drivers/crypto/inside-secure/safexcel.o: in function `safexcel_probe': drivers/crypto/inside-secure/safexcel.c:1692: undefined reference to `devm_platform_ioremap_resource' Fix the build error by adding the unspecified dependency. Reported-by: Brendan Higgins <brendanhiggins@google.com> Signed-off-by: Brendan Higgins <brendanhiggins@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-20crypto: inside-secure - Fix hang case on EIP97 with basic DES/3DES opsPascal van Leeuwen
This patch fixes another hang case on the EIP97 caused by sending invalidation tokens to the hardware when doing basic (3)DES ECB/CBC operations. Invalidation tokens are an EIP197 feature and needed nor supported by the EIP97. So they should not be sent for that device. Signed-off-by: Pascal van Leeuwen <pvanleeuwen@rambus.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-20crypto: inside-secure - Fix hang case on EIP97 with zero length input dataPascal van Leeuwen
The EIP97 hardware cannot handle zero length input data and will (usually) hang when presented with this anyway. This patch converts any zero length input to a 1 byte dummy input to prevent this hanging. Signed-off-by: Pascal van Leeuwen <pvanleeuwen@rambus.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-20crypto: inside-secure - Fix Unable to fit even 1 command desc error w/ EIP97Pascal van Leeuwen
Due to the additions of support for modes like AES-CCM and AES-GCM, which require large command tokens, the size of the descriptor has grown such that it now does not fit into the descriptor cache of a standard EIP97 anymore. This means that the driver no longer works on the Marvell Armada 3700LP chip (as used on e.g. Espressobin) that it has always supported. Additionally, performance on EIP197's like Marvell A8K may also degrade due to being able to fit less descriptors in the on-chip cache. Putting these tokens into the descriptor was really a hack and not how the design was supposed to be used - resource allocation did not account for it. So what this patch does, is move the command token out of the descriptor. To avoid having to allocate buffers on the fly for these command tokens, they are stuffed in a "shadow ring", which is a circular buffer of fixed size blocks that runs in lock-step with the descriptor ring. i.e. there is one token block per descriptor. The descriptor ring itself is then pre- populated with the pointers to these token blocks so these do not need to be filled in when building the descriptors later. Signed-off-by: Pascal van Leeuwen <pvanleeuwen@rambus.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-20padata: update documentation file path in MAINTAINERSDaniel Jordan
It's changed since the recent RST conversion. Fixes: bfcdcef8c8e3 ("padata: update documentation") Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: Steffen Klassert <steffen.klassert@secunet.com> Cc: linux-crypto@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-20crypto: api - fix unexpectedly getting generic implementationHerbert Xu
When CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y, the first lookup of an algorithm that needs to be instantiated using a template will always get the generic implementation, even when an accelerated one is available. This happens because the extra self-tests for the accelerated implementation allocate the generic implementation for comparison purposes, and then crypto_alg_tested() for the generic implementation "fulfills" the original request (i.e. sets crypto_larval::adult). This patch fixes this by only fulfilling the original request if we are currently the best outstanding larval as judged by the priority. If we're not the best then we will ask all waiters on that larval request to retry the lookup. Note that this patch introduces a behaviour change when the module providing the new algorithm is unregistered during the process. Previously we would have failed with ENOENT, after the patch we will instead redo the lookup. Fixes: 9a8a6b3f0950 ("crypto: testmgr - fuzz hashes against...") Fixes: d435e10e67be ("crypto: testmgr - fuzz skciphers against...") Fixes: 40153b10d91c ("crypto: testmgr - fuzz AEADs against...") Reported-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Reviewed-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-20crypto: caam/qi2 - remove double buffering for ahashAndrei Botila
Previously double buffering was used for storing previous and next "less-than-block-size" bytes. Double buffering can be removed by moving the copy of next "less-than-block-size" bytes after current request is executed by HW. Signed-off-by: Andrei Botila <andrei.botila@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-20crypto: caam - remove double buffering for ahashAndrei Botila
Previously double buffering was used for storing previous and next "less-than-block-size" bytes. Double buffering can be removed by moving the copy of next "less-than-block-size" bytes after current request is executed by HW. Signed-off-by: Andrei Botila <andrei.botila@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-20crypto: picoxcell - adjust the position of tasklet_init and fix missed ↵Chuhong Yuan
tasklet_kill Since tasklet is needed to be initialized before registering IRQ handler, adjust the position of tasklet_init to fix the wrong order. Besides, to fix the missed tasklet_kill, this patch adds a helper function and uses devm_add_action to kill the tasklet automatically. Fixes: ce92136843cb ("crypto: picoxcell - add support for the picoxcell crypto engines") Signed-off-by: Chuhong Yuan <hslester96@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-20crypto: hisilicon - still no need to check return value of debugfs_create ↵Greg Kroah-Hartman
functions Just like in 4a97bfc79619 ("crypto: hisilicon - no need to check return value of debugfs_create functions"), there still is no need to ever check the return value. The function can work or not, but the code logic should never do something different based on this. Cc: Zhou Wang <wangzhou1@hisilicon.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Cc: linux-crypto@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-20crypto: ccp - provide in-kernel API to submit TEE commandsRijo Thomas
Extend the functionality of AMD Secure Processor (SP) driver by providing an in-kernel API to submit commands to TEE ring buffer for processing by Trusted OS running on AMD Secure Processor. Following TEE commands are supported by Trusted OS: * TEE_CMD_ID_LOAD_TA : Load Trusted Application (TA) binary into TEE environment * TEE_CMD_ID_UNLOAD_TA : Unload TA binary from TEE environment * TEE_CMD_ID_OPEN_SESSION : Open session with loaded TA * TEE_CMD_ID_CLOSE_SESSION : Close session with loaded TA * TEE_CMD_ID_INVOKE_CMD : Invoke a command with loaded TA * TEE_CMD_ID_MAP_SHARED_MEM : Map shared memory * TEE_CMD_ID_UNMAP_SHARED_MEM : Unmap shared memory Linux AMD-TEE driver will use this API to submit command buffers for processing in Trusted Execution Environment. The AMD-TEE driver shall be introduced in a separate patch. Cc: Jens Wiklander <jens.wiklander@linaro.org> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Co-developed-by: Devaraj Rangasamy <Devaraj.Rangasamy@amd.com> Signed-off-by: Devaraj Rangasamy <Devaraj.Rangasamy@amd.com> Signed-off-by: Rijo Thomas <Rijo-john.Thomas@amd.com> Acked-by: Gary R Hook <gary.hook@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-20crypto: ccp - add TEE support for Raven RidgeRijo Thomas
Adds a PCI device entry for Raven Ridge. Raven Ridge is an APU with a dedicated AMD Secure Processor having Trusted Execution Environment (TEE) support. The TEE provides a secure environment for running Trusted Applications (TAs) which implement security-sensitive parts of a feature. This patch configures AMD Secure Processor's TEE interface by initializing a ring buffer (shared memory between Rich OS and Trusted OS) which can hold multiple command buffer entries. The TEE interface is facilitated by a set of CPU to PSP mailbox registers. The next patch will address how commands are submitted to the ring buffer. Cc: Jens Wiklander <jens.wiklander@linaro.org> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Co-developed-by: Devaraj Rangasamy <Devaraj.Rangasamy@amd.com> Signed-off-by: Devaraj Rangasamy <Devaraj.Rangasamy@amd.com> Signed-off-by: Rijo Thomas <Rijo-john.Thomas@amd.com> Acked-by: Gary R Hook <gary.hook@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-20crypto: ccp - check whether PSP supports SEV or TEE before initializationRijo Thomas
Read PSP feature register to check for TEE (Trusted Execution Environment) support. If neither SEV nor TEE is supported by PSP, then skip PSP initialization. Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Jens Wiklander <jens.wiklander@linaro.org> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Co-developed-by: Devaraj Rangasamy <Devaraj.Rangasamy@amd.com> Signed-off-by: Devaraj Rangasamy <Devaraj.Rangasamy@amd.com> Signed-off-by: Rijo Thomas <Rijo-john.Thomas@amd.com> Acked-by: Gary R Hook <gary.hook@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-20crypto: ccp - move SEV vdata to a dedicated data structureRijo Thomas
PSP can support both SEV and TEE interface. Therefore, move SEV specific registers to a dedicated data structure. TEE interface specific registers will be added in a later patch. Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Jens Wiklander <jens.wiklander@linaro.org> Co-developed-by: Devaraj Rangasamy <Devaraj.Rangasamy@amd.com> Signed-off-by: Devaraj Rangasamy <Devaraj.Rangasamy@amd.com> Signed-off-by: Rijo Thomas <Rijo-john.Thomas@amd.com> Acked-by: Gary R Hook <gary.hook@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-20crypto: ccp - create a generic psp-dev fileRijo Thomas
The PSP (Platform Security Processor) provides support for key management commands in Secure Encrypted Virtualization (SEV) mode, along with software-based Trusted Execution Environment (TEE) to enable third-party Trusted Applications. Therefore, introduce psp-dev.c and psp-dev.h files, which can invoke SEV (or TEE) initialization based on platform feature support. TEE interface support will be introduced in a later patch. Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Jens Wiklander <jens.wiklander@linaro.org> Co-developed-by: Devaraj Rangasamy <Devaraj.Rangasamy@amd.com> Signed-off-by: Devaraj Rangasamy <Devaraj.Rangasamy@amd.com> Signed-off-by: Rijo Thomas <Rijo-john.Thomas@amd.com> Acked-by: Gary R Hook <gary.hook@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-20crypto: ccp - rename psp-dev files to sev-devRijo Thomas
This is a preliminary patch for creating a generic PSP device driver file, which will have support for both SEV and TEE (Trusted Execution Environment) interface. This patch does not introduce any new functionality, but simply renames psp-dev.c and psp-dev.h files to sev-dev.c and sev-dev.h files respectively. Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Jens Wiklander <jens.wiklander@linaro.org> Co-developed-by: Devaraj Rangasamy <Devaraj.Rangasamy@amd.com> Signed-off-by: Devaraj Rangasamy <Devaraj.Rangasamy@amd.com> Signed-off-by: Rijo Thomas <Rijo-john.Thomas@amd.com> Acked-by: Gary R Hook <gary.hook@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-11crypto: hmac - Use init_tfm/exit_tfm interfaceHerbert Xu
This patch switches hmac over to the new init_tfm/exit_tfm interface as opposed to cra_init/cra_exit. This way the shash API can make sure that descsize does not exceed the maximum. This patch also adds the API helper shash_alg_instance. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Reviewed-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-11crypto: padlock-sha - Use init_tfm/exit_tfm interfaceHerbert Xu
This patch switches padlock-sha over to the new init_tfm/exit_tfm interface as opposed to cra_init/cra_exit. This way the shash API can make sure that descsize does not exceed the maximum. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Reviewed-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-11crypto: shash - Add init_tfm/exit_tfm and verify descsizeHerbert Xu
The shash interface supports a dynamic descsize field because of the presence of fallbacks (it's just padlock-sha actually, perhaps we can remove it one day). As it is the API does not verify the setting of descsize at all. It is up to the individual algorithms to ensure that descsize does not exceed the specified maximum value of HASH_MAX_DESCSIZE (going above would cause stack corruption). In order to allow the API to impose this limit directly, this patch adds init_tfm/exit_tfm hooks to the shash_alg structure. We can then verify the descsize setting in the API directly. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Reviewed-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-11crypto: api - Add more comments to crypto_remove_spawnsHerbert Xu
This patch explains the logic behind crypto_remove_spawns and its underling crypto_more_spawns. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-11crypto: api - Do not zap spawn->algHerbert Xu
Currently when a spawn is removed we will zap its alg field. This is racy because the spawn could belong to an unregistered instance which may dereference the spawn->alg field. This patch fixes this by keeping spawn->alg constant and instead adding a new spawn->dead field to indicate that a spawn is going away. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-11crypto: api - Fix race condition in crypto_spawn_algHerbert Xu
The function crypto_spawn_alg is racy because it drops the lock before shooting the dying algorithm. The algorithm could disappear altogether before we shoot it. This patch fixes it by moving the shooting into the locked section. Fixes: 6bfd48096ff8 ("[CRYPTO] api: Added spawns") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-11crypto: doc - remove references to ARC4Eric Biggers
arc4 is no longer considered secure, so it shouldn't be used, even as just an example. Mention serpent and chacha20 instead. Signed-off-by: Eric Biggers <ebiggers@google.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-11crypto: api - Check spawn->alg under lock in crypto_drop_spawnHerbert Xu
We need to check whether spawn->alg is NULL under lock as otherwise the algorithm could be removed from under us after we have checked it and found it to be non-NULL. This could cause us to remove the spawn from a non-existent list. Fixes: 7ede5a5ba55a ("crypto: api - Fix crypto_drop_spawn crash...") Cc: <stable@vger.kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-11crypto: chacha - fix warning message in header fileValdis Klētnieks
Building with W=1 causes a warning: CC [M] arch/x86/crypto/chacha_glue.o In file included from arch/x86/crypto/chacha_glue.c:10: ./include/crypto/internal/chacha.h:37:1: warning: 'inline' is not at beginning of declaration [-Wold-style-declaration] 37 | static int inline chacha12_setkey(struct crypto_skcipher *tfm, const u8 *key, | ^~~~~~ Straighten out the order to match the rest of the header file. Signed-off-by: Valdis Kletnieks <valdis.kletnieks@vt.edu> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-11crypto: atmel-{aes,sha,tdes} - Group common alg type init in dedicated methodsTudor Ambarus
Move common alg type init to dedicated methods. Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-11crypto: atmel-aes - Use gcm helper to check authsizeTudor Ambarus
Use core helper functions. Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-11crypto: atmel-sha - Void return type for atmel_sha_update_dma_stop()Tudor Ambarus
No error handling, change return type to void. Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-11crypto: atmel-{sha,tdes} - Remove unused 'err' member of driver dataTudor Ambarus
'err' member was initialized to 0 but its value never changed. Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-11crypto: atmel-aes - Fix saving of IV for CTR modeTudor Ambarus
The req->iv of the skcipher_request is expected to contain the last used IV. Update the req->iv for CTR mode. Fixes: bd3c7b5c2aba ("crypto: atmel - add Atmel AES driver") Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>