openwrt/staging/blogic.git
8 years agodt/bindings: Add bindings for the PIC32 random number generator
Joshua Henderson [Mon, 8 Feb 2016 21:17:52 +0000 (14:17 -0700)]
dt/bindings: Add bindings for the PIC32 random number generator

Document the devicetree bindings for the random number generator found
on Microchip PIC32 class devices.

Signed-off-by: Joshua Henderson <joshua.henderson@microchip.com>
Acked-by: Rob Herring <robh@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-sha - fix race in atmel_sha_final()
Cyrille Pitchen [Mon, 8 Feb 2016 15:26:49 +0000 (16:26 +0100)]
crypto: atmel-sha - fix race in atmel_sha_final()

When (!ctx->bufcnt && !(ctx->flags & SHA_FLAGS_PAD)), the former source
code used to set the SHA_FLAGS_BUSY without checking whether this flag was
already set. If so, the hardware is already processing another hash
request so the processing of the req argument of atmel_sha_final() should
be delayed by queueing this request, the same way as done for the
(ctx->bufcnt != 0) case.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-sha - fix .import()/.export() implementation
Cyrille Pitchen [Mon, 8 Feb 2016 15:26:48 +0000 (16:26 +0100)]
crypto: atmel-sha - fix .import()/.export() implementation

Using only the digest, digcnt[], bufcnt and buffer[] fields of the
struct atmel_sha_reqctx was not enough to import/export the request state,
so now we use the whole structure.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: testmgr - mark authenticated ctr(aes) also as FIPS able
Marcus Meissner [Sat, 6 Feb 2016 10:53:07 +0000 (11:53 +0100)]
crypto: testmgr - mark authenticated ctr(aes) also as FIPS able

(2nd try that adds missing , to build.)

Signed-off-by: Marcus Meissner <meissner@suse.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: keys - Revert "convert public key to akcipher api"
Herbert Xu [Tue, 9 Feb 2016 08:18:01 +0000 (16:18 +0800)]
crypto: keys - Revert "convert public key to akcipher api"

This needs to go through the security tree so I'm reverting the
patches for now.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: testmgr - mark more algorithms as FIPS compliant
Marcus Meissner [Fri, 5 Feb 2016 13:23:33 +0000 (14:23 +0100)]
crypto: testmgr - mark more algorithms as FIPS compliant

Some more authenc() wrapped algorithms are FIPS compliant, tag
them as such.

Signed-off-by: Marcus Meissner <meissner@suse.de>
Acked-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: testmgr - fix out of bound read in __test_aead()
Jerome Marchand [Wed, 3 Feb 2016 12:58:12 +0000 (13:58 +0100)]
crypto: testmgr - fix out of bound read in __test_aead()

__test_aead() reads MAX_IVLEN bytes from template[i].iv, but the
actual length of the initialisation vector can be shorter.
The length of the IV is already calculated earlier in the
function. Let's just reuses that. Also the IV length is currently
calculated several time for no reason. Let's fix that too.
This fix an out-of-bound error detected by KASan.

Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sahara - fill the statesize field
Fabio Estevam [Wed, 3 Feb 2016 12:46:52 +0000 (10:46 -0200)]
crypto: sahara - fill the statesize field

Currently the sahara driver fails to probe:

sahara: probe of 63ff8000.crypto failed with error -22

This happens since commit 8996eafdcbad ("crypto: ahash - ensure statesize
is non-zero"), which requires statesize to be filled.

Pass the statesize members for sha1 and sha256, so we can probe
the driver successfully again.

Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sahara - avoid needlessly saving and restoring sahara_ctx
Fabio Estevam [Wed, 3 Feb 2016 12:46:51 +0000 (10:46 -0200)]
crypto: sahara - avoid needlessly saving and restoring sahara_ctx

Based on commit 434b421241f2d0 ("crypto: caam - avoid needlessly saving and
restoring caam_hash_ctx") from Russell King.

When exporting and importing the hash state, we will only export and
import into hashes which share the same struct crypto_ahash pointer.
(See hash_accept->af_alg_accept->hash_accept_parent.)

This means that saving the sahara_ctx structure on export, and
restoring it on import is a waste of resources.  So, remove this code.

Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sahara - remove unneeded mutex in the exported state
Fabio Estevam [Wed, 3 Feb 2016 12:46:50 +0000 (10:46 -0200)]
crypto: sahara - remove unneeded mutex in the exported state

As pointed out by Herbert Xu we should not include the mutex in the
exported state, so let's just get rid of it.

Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: testmgr - Add a test case for import()/export()
Wang, Rui Y [Wed, 3 Feb 2016 10:26:57 +0000 (18:26 +0800)]
crypto: testmgr - Add a test case for import()/export()

Modify __test_hash() so that hash import/export can be tested
from within the kernel. The test is unconditionally done when
a struct hash_testvec has its .np > 1.

v3: make the test unconditional
v2: Leverage template[i].np as suggested by Tim Chen

Signed-off-by: Rui Wang <rui.y.wang@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: public_key - remove MPIs from public_key_signature struct
Tadeusz Struk [Tue, 2 Feb 2016 18:09:03 +0000 (10:09 -0800)]
crypto: public_key - remove MPIs from public_key_signature struct

After digsig_asymmetric.c is converted the MPIs can be now
safely removed from the public_key_signature structure.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agointegrity: convert digsig to akcipher api
Tadeusz Struk [Tue, 2 Feb 2016 18:08:58 +0000 (10:08 -0800)]
integrity: convert digsig to akcipher api

Convert asymmetric_verify to akcipher api.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: asymmetric_keys - convert public key and digsig asym to the akcipher api
Tadeusz Struk [Tue, 2 Feb 2016 18:08:53 +0000 (10:08 -0800)]
crypto: asymmetric_keys - convert public key and digsig asym to the akcipher api

This patch converts the module verification code to the new akcipher API.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: ccp - Don't assume export/import areas are aligned
Tom Lendacky [Tue, 2 Feb 2016 17:38:21 +0000 (11:38 -0600)]
crypto: ccp - Don't assume export/import areas are aligned

Use a local variable for the exported and imported state so that
alignment is not an issue. On export, set a local variable from the
request context and then memcpy the contents of the local variable to
the export memory area. On import, memcpy the import memory area into
a local variable and then use the local variable to set the request
context.

Cc: <stable@vger.kernel.org> # 3.14.x-
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sha-mb - Fix load failure
Wang, Rui Y [Tue, 2 Feb 2016 13:56:45 +0000 (21:56 +0800)]
crypto: sha-mb - Fix load failure

On  Monday, February 1, 2016 4:18 PM, Herbert Xu wrote:
>
> On Wed, Jan 27, 2016 at 05:08:35PM +0800, Rui Wang wrote:
>>
>> +static int sha1_mb_async_import(struct ahash_request *req, const void
>> +*in) {
>> + struct ahash_request *mcryptd_req = ahash_request_ctx(req);
>> + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
>> + struct sha1_mb_ctx *ctx = crypto_ahash_ctx(tfm);
>> + struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
>> + struct crypto_shash *child = mcryptd_ahash_child(mcryptd_tfm);
>> + struct mcryptd_hash_request_ctx *rctx;
>> + struct shash_desc *desc;
>> + int err;
>> +
>> + memcpy(mcryptd_req, req, sizeof(*req));
>> + ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
>> + rctx = ahash_request_ctx(mcryptd_req);
>> + desc = &rctx->desc;
>> + desc->tfm = child;
>> + desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
>> +
>> + err = crypto_shash_init(desc);
>> + if (err)
>> + return err;
>
> What is this desc for?

Hi Herbert,

Yeah I just realized that the call to crypto_shash_init() isn't necessary
here. What it does is overwritten by crypto_ahash_import(). But this desc
still needs to be initialized here because it's newly allocated by
ahash_request_alloc(). We eventually calls the shash version of import()
which needs desc as an argument. The real context to be imported is then
derived from shash_desc_ctx(desc).

desc is a sub-field of struct mcryptd_hash_request_ctx, which is again a
sub-field of the bigger blob allocated by ahash_request_alloc(). The entire
blob's size is set in sha1_mb_async_init_tfm(). So a better version is as
follows:

(just removed the call to crypto_shash_init())

>From 4bcb73adbef99aada94c49f352063619aa24d43d Mon Sep 17 00:00:00 2001
From: Rui Wang <rui.y.wang@intel.com>
Date: Mon, 14 Dec 2015 17:22:13 +0800
Subject: [PATCH v2 1/4] crypto x86/sha1_mb: Fix load failure

modprobe sha1_mb fails with the following message:

modprobe: ERROR: could not insert 'sha1_mb': No such device

It is because it needs to set its statesize and implement its
import() and export() interface.

v2: remove redundant call to crypto_shash_init()

Signed-off-by: Rui Wang <rui.y.wang@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: aead - move aead_request_cast helper to aead.h
Tadeusz Struk [Mon, 1 Feb 2016 19:17:30 +0000 (11:17 -0800)]
crypto: aead - move aead_request_cast helper to aead.h

Move the helper function to common header for everybody to use.

changes in v2:
- move the helper to crypto/internal/aead.h
  instead of crypto/aead.h

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sunxi-ss - prevent compilation on 64-bit
Andre Przywara [Mon, 1 Feb 2016 17:39:21 +0000 (17:39 +0000)]
crypto: sunxi-ss - prevent compilation on 64-bit

The driver for the sunxi-ss crypto engine is not entirely 64-bit safe,
compilation on arm64 spits some warnings.
The proper fix was deemed to involved [1], so since 64-bit SoCs won't
have this IP block we just disable this driver for 64-bit.

[1]: http://lists.infradead.org/pipermail/linux-arm-kernel/2016-January/399988.html
     (and the reply)

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Acked-by: Corentin LABBE <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: hash - Remove crypto_hash interface
Herbert Xu [Mon, 1 Feb 2016 13:36:54 +0000 (21:36 +0800)]
crypto: hash - Remove crypto_hash interface

This patch removes all traces of the crypto_hash interface, now
that everyone has switched over to shash or ahash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agostaging: lustre: Use ahash
Herbert Xu [Mon, 1 Feb 2016 13:36:53 +0000 (21:36 +0800)]
staging: lustre: Use ahash

This patch replaces uses of the long obsolete hash interface with
ahash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
8 years agocrypto: hash - Add helpers to return alg and driver names
Herbert Xu [Mon, 1 Feb 2016 13:36:52 +0000 (21:36 +0800)]
crypto: hash - Add helpers to return alg and driver names

This patch adds helpers to retrieve the alg name and driver name
of crypto_shash and crypto_ahash objects.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: skcipher - Fix driver name helper
Herbert Xu [Mon, 1 Feb 2016 13:36:51 +0000 (21:36 +0800)]
crypto: skcipher - Fix driver name helper

The helper crypto_skcipher_driver_name was returning the alg
name and not the driver name.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: doc - Use ahash
Herbert Xu [Mon, 1 Feb 2016 13:36:50 +0000 (21:36 +0800)]
crypto: doc - Use ahash

This patch replaces the crypto_hash example in api-intro.txt with
crypto_ahash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: tcrypt - Use ahash
Herbert Xu [Mon, 1 Feb 2016 13:36:49 +0000 (21:36 +0800)]
crypto: tcrypt - Use ahash

This patch removes the last user of the obsolete crypto_hash
interface, tcrypt, by simply switching it over to ahash.  In
fact it already has all the code there so it's just a matter
of calling the ahash speed test code with the right mask.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: keywrap - memzero the correct memory
Dan Carpenter [Sat, 30 Jan 2016 14:38:28 +0000 (17:38 +0300)]
crypto: keywrap - memzero the correct memory

We're clearing the wrong memory.  The memory corruption is likely
harmless because we weren't going to use that stack memory again but not
zeroing is a potential information leak.

Fixes: e28facde3c39 ('crypto: keywrap - add key wrapping block chaining mode')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: ccp - Limit the amount of information exported
Tom Lendacky [Fri, 29 Jan 2016 18:45:14 +0000 (12:45 -0600)]
crypto: ccp - Limit the amount of information exported

Since the exported information can be exposed to user-space, instead of
exporting the entire request context only export the minimum information
needed.

Cc: <stable@vger.kernel.org> # 3.14.x-
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: omap-aes - Support crypto engine framework
Baolin Wang [Tue, 26 Jan 2016 12:25:40 +0000 (20:25 +0800)]
crypto: omap-aes - Support crypto engine framework

Integrate with the newly added crypto engine to make the crypto hardware
engine underutilized as each block needs to be processed before the crypto
hardware can start working on the next block.

The requests from dm-crypt will be listed into engine queue and processed
by engine automatically, so remove the 'queue' and 'queue_task' things in
omap aes driver.

Signed-off-by: Baolin Wang <baolin.wang@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: engine - Introduce the block request crypto engine framework
Baolin Wang [Tue, 26 Jan 2016 12:25:39 +0000 (20:25 +0800)]
crypto: engine - Introduce the block request crypto engine framework

Now block cipher engines need to implement and maintain their own queue/thread
for processing requests, moreover currently helpers provided for only the queue
itself (in crypto_enqueue_request() and crypto_dequeue_request()) but they
don't help with the mechanics of driving the hardware (things like running the
request immediately, DMA map it or providing a thread to process the queue in)
even though a lot of that code really shouldn't vary that much from device to
device.

Thus this patch provides a mechanism for pushing requests to the hardware
as it becomes free that drivers could use. And this framework is patterned
on the SPI code and has worked out well there.
(https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/
 drivers/spi/spi.c?id=ffbbdd21329f3e15eeca6df2d4bc11c04d9d91c0)

Signed-off-by: Baolin Wang <baolin.wang@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: api - Introduce crypto_queue_len() helper function
Baolin Wang [Tue, 26 Jan 2016 12:25:38 +0000 (20:25 +0800)]
crypto: api - Introduce crypto_queue_len() helper function

This patch introduces crypto_queue_len() helper function to help to get the
queue length in the crypto queue list now.

Signed-off-by: Baolin Wang <baolin.wang@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-sha - fix algorihtm registration
Cyrille Pitchen [Fri, 29 Jan 2016 16:04:02 +0000 (17:04 +0100)]
crypto: atmel-sha - fix algorihtm registration

This patch implements the missing .import() and .export() mandatory
hooks for asynchronous hash algorithms. It also sets the relevant, non
zero, value for the .statesize field when declaring the supported SHA
algorithms. Indeed a zero value of .statesize prevents the algorithm from
being registered.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: crc32 - Rename generic implementation
Herbert Xu [Fri, 29 Jan 2016 10:20:17 +0000 (18:20 +0800)]
crypto: crc32 - Rename generic implementation

The generic crc32 implementation is currently called crc32.  This
is a problem because it clashes with the lib implementation of crc32.

This patch renames the crypto crc32 to crc32_generic so that it is
consistent with crc32c.  An alias for the driver is also added.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: mcryptd - Fix load failure
Wang, Rui Y [Wed, 27 Jan 2016 09:08:36 +0000 (17:08 +0800)]
crypto: mcryptd - Fix load failure

mcryptd_create_hash() fails by returning -EINVAL, causing any
driver using mcryptd to fail to load. It is because it needs
to set its statesize properly.

Signed-off-by: Rui Wang <rui.y.wang@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: jitterentropy - always select CRYPTO_RNG
Arnd Bergmann [Tue, 26 Jan 2016 13:47:10 +0000 (14:47 +0100)]
crypto: jitterentropy - always select CRYPTO_RNG

When building the jitterentropy driver by itself, we get a link error
when CRYPTO_RNG is not enabled as well:

crypto/built-in.o: In function `jent_mod_init':
jitterentropy-kcapi.c:(.init.text+0x98): undefined reference to `crypto_register_rng'
crypto/built-in.o: In function `jent_mod_exit':
jitterentropy-kcapi.c:(.exit.text+0x60): undefined reference to `crypto_unregister_rng'

This adds a 'select CRYPTO_RNG' to CRYPTO_JITTERENTROPY to ensure the API
is always there when it's used, not just when DRBG is also enabled.
CRYPTO_DRBG would set it implicitly through CRYPTO_JITTERENTROPY now,
but this leaves it in place to make it explicit what the driver does.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sunxi - don't print confusing data
Arnd Bergmann [Tue, 26 Jan 2016 13:44:50 +0000 (14:44 +0100)]
crypto: sunxi - don't print confusing data

gcc correctly warns that the printk output contains a variable that
it thinks is not initialized in some cases:

drivers/crypto/sunxi-ss/sun4i-ss-cipher.c: In function 'sun4i_ss_cipher_poll':
drivers/crypto/sunxi-ss/sun4i-ss-cipher.c:254:76: warning: 'todo' may be used uninitialized in this function [-Wmaybe-uninitialized]
drivers/crypto/sunxi-ss/sun4i-ss-cipher.c:144:15: note: 'todo' was declared here

A closer look at the function reveals that the variable is always
initialized at this point (ileft is guaranteed to be positive at the
start), but its contents are not well-defined:
Depending on some other variables, it might be either a count in
words or bytes, and it could refer to either input or output.

The easiest solution apparently is to remove the confusing output
and let the reader figure out the state from the other variables.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agolibceph: Remove unnecessary ivsize variables
Ilya Dryomov [Tue, 26 Jan 2016 10:54:55 +0000 (18:54 +0800)]
libceph: Remove unnecessary ivsize variables

This patch removes the unnecessary ivsize variabls as they always
have the value of AES_BLOCK_SIZE.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: compress - remove unused pcomp interface
Joonsoo Kim [Tue, 26 Jan 2016 08:15:03 +0000 (17:15 +0900)]
crypto: compress - remove unused pcomp interface

It is unused now, so remove it.

Signed-off-by: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sha1-mb - Add missing args_digest offset
Megha Dey [Tue, 26 Jan 2016 00:46:09 +0000 (16:46 -0800)]
crypto: sha1-mb - Add missing args_digest offset

The _args_digest is defined as _args+_digest, both of which are the first
members of 2 separate structures, effectively yielding _args_digest to have
a value of zero. Thus, no errors have spawned yet due to this. To ensure
sanity, adding the missing _args_digest offset to the sha1_mb_mgr_submit.S.

Signed-off-by: Megha Dey <megha.dey@linux.intel.com>
Acked-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agoeCryptfs: Use skcipher and shash
Herbert Xu [Mon, 25 Jan 2016 02:29:33 +0000 (10:29 +0800)]
eCryptfs: Use skcipher and shash

This patch replaces uses of ablkcipher and blkcipher with skcipher,
and the long obsolete hash interface with shash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agotcp: Use ahash
Herbert Xu [Sun, 24 Jan 2016 13:20:23 +0000 (21:20 +0800)]
tcp: Use ahash

This patch replaces uses of the long obsolete hash interface with
ahash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: David S. Miller <davem@davemloft.net>
8 years agosctp: Use shash
Herbert Xu [Sun, 24 Jan 2016 13:20:12 +0000 (21:20 +0800)]
sctp: Use shash

This patch replaces uses of the long obsolete hash interface with
shash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: David S. Miller <davem@davemloft.net>
8 years agonfsd: Use shash
Herbert Xu [Sun, 24 Jan 2016 13:20:02 +0000 (21:20 +0800)]
nfsd: Use shash

This patch replaces uses of the long obsolete hash interface with
shash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agoiscsi-target: Use shash and ahash
Herbert Xu [Sun, 24 Jan 2016 13:19:52 +0000 (21:19 +0800)]
iscsi-target: Use shash and ahash

This patch replaces uses of the long obsolete hash interface with
either shash (for non-SG users) or ahash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agoiscsi_tcp: Use ahash
Herbert Xu [Sun, 24 Jan 2016 13:19:41 +0000 (21:19 +0800)]
iscsi_tcp: Use ahash

This patch replaces uses of the long obsolete hash interface with
ahash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Mike Christie <michaelc@cs.wisc.edu>
8 years agonfc: s3fwrn5: Use shash
Herbert Xu [Sun, 24 Jan 2016 13:19:31 +0000 (21:19 +0800)]
nfc: s3fwrn5: Use shash

This patch replaces uses of the long obsolete hash interface with
shash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agodrbd: Use shash and ahash
Herbert Xu [Sun, 24 Jan 2016 13:19:21 +0000 (21:19 +0800)]
drbd: Use shash and ahash

This patch replaces uses of the long obsolete hash interface with
either shash (for non-SG users) or ahash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agoipsec: Use skcipher and ahash when probing algorithms
Herbert Xu [Sun, 24 Jan 2016 13:19:11 +0000 (21:19 +0800)]
ipsec: Use skcipher and ahash when probing algorithms

This patch removes the last reference to hash and ablkcipher from
IPsec and replaces them with ahash and skcipher respectively.  For
skcipher there is currently no difference at all, while for ahash
the current code is actually buggy and would prevent asynchronous
algorithms from being discovered.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: David S. Miller <davem@davemloft.net>
8 years agorxrpc: Use skcipher
Herbert Xu [Sun, 24 Jan 2016 13:19:01 +0000 (21:19 +0800)]
rxrpc: Use skcipher

This patch replaces uses of blkcipher with skcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agomac802154: Use skcipher
Herbert Xu [Sun, 24 Jan 2016 13:18:50 +0000 (21:18 +0800)]
mac802154: Use skcipher

This patch replaces uses of blkcipher with skcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Stefan Schmidt <stefan@osg.samsung.com>
8 years agolibceph: Use skcipher
Herbert Xu [Sun, 24 Jan 2016 13:18:40 +0000 (21:18 +0800)]
libceph: Use skcipher

This patch replaces uses of blkcipher with skcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agoBluetooth: Use skcipher and hash
Herbert Xu [Sun, 24 Jan 2016 13:18:30 +0000 (21:18 +0800)]
Bluetooth: Use skcipher and hash

This patch replaces uses of blkcipher with skcipher and the long
obsolete hash interface with shash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
8 years agoKEYS: Use skcipher
Herbert Xu [Sun, 24 Jan 2016 13:18:19 +0000 (21:18 +0800)]
KEYS: Use skcipher

This patch replaces uses of blkcipher with skcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agolib80211: Use skcipher and ahash
Herbert Xu [Sun, 24 Jan 2016 13:18:09 +0000 (21:18 +0800)]
lib80211: Use skcipher and ahash

This patch replaces uses of blkcipher with skcipher and the long
obsolete hash interface with ahash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agosunrpc: Use skcipher and ahash/shash
Herbert Xu [Sun, 24 Jan 2016 13:17:59 +0000 (21:17 +0800)]
sunrpc: Use skcipher and ahash/shash

This patch replaces uses of blkcipher with skcipher and the long
obsolete hash interface with either shash (for non-SG users) and
ahash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agof2fs: Use skcipher
Herbert Xu [Sun, 24 Jan 2016 13:17:49 +0000 (21:17 +0800)]
f2fs: Use skcipher

This patch replaces uses of ablkcipher with skcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agoext4: Use skcipher
Herbert Xu [Sun, 24 Jan 2016 13:17:38 +0000 (21:17 +0800)]
ext4: Use skcipher

This patch replaces uses of ablkcipher with skcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocifs: Use skcipher
Herbert Xu [Sun, 24 Jan 2016 13:17:17 +0000 (21:17 +0800)]
cifs: Use skcipher

This patch replaces uses of blkcipher with skcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agowusb: Use skcipher
Herbert Xu [Sun, 24 Jan 2016 13:17:07 +0000 (21:17 +0800)]
wusb: Use skcipher

This patch replaces uses of blkcipher with skcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agostaging: rtl8192u: Use skcipher and ahash
Herbert Xu [Sun, 24 Jan 2016 13:16:57 +0000 (21:16 +0800)]
staging: rtl8192u: Use skcipher and ahash

This patch replaces uses of blkcipher with skcipher, and the long
obsolete hash interface with ahash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
8 years agoorinoco: Use ahash
Herbert Xu [Sun, 24 Jan 2016 13:16:47 +0000 (21:16 +0800)]
orinoco: Use ahash

This patch replaces uses the long obsolete hash interface with ahash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agodm crypt: Use skcipher and ahash
Herbert Xu [Sun, 24 Jan 2016 13:16:36 +0000 (21:16 +0800)]
dm crypt: Use skcipher and ahash

This patch replaces uses of ablkcipher with skcipher, and the long
obsolete hash interface with ahash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agostaging: rtl8192e: Replace uses of obsolete blkcipher and hash
Herbert Xu [Sun, 24 Jan 2016 13:16:26 +0000 (21:16 +0800)]
staging: rtl8192e: Replace uses of obsolete blkcipher and hash

The interfaces blkcipher and hash are obsolete.  This patch replaces
them with skcipher and ahash respectively.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
8 years agoppp_mppe: Use skcipher and ahash
Herbert Xu [Sun, 24 Jan 2016 13:16:16 +0000 (21:16 +0800)]
ppp_mppe: Use skcipher and ahash

This patch replaces uses of blkcipher with skcipher, and the long
obsolete hash interface with ahash.  This is a bug-for-bug conversion
and no attempt has been made to fix bugs such as the ignored return
values of the crypto operations.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agoblock: cryptoloop - Use new skcipher interface
Herbert Xu [Sun, 24 Jan 2016 13:16:06 +0000 (21:16 +0800)]
block: cryptoloop - Use new skcipher interface

This patch replaces uses of blkcipher with the new skcipher
interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: skcipher - Add helper to retrieve driver name
Herbert Xu [Tue, 26 Jan 2016 14:14:36 +0000 (22:14 +0800)]
crypto: skcipher - Add helper to retrieve driver name

This patch adds the helper crypto_skcipher_driver_name which returns
the driver name of the alg object for a given tfm.  This is needed by
ecryptfs.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agohwrng: n2 - Attach on T5/M5, T7/M7 SPARC CPUs
Anatoly Pugachev [Mon, 25 Jan 2016 21:19:02 +0000 (00:19 +0300)]
hwrng: n2 - Attach on T5/M5, T7/M7 SPARC CPUs

n2rng: Attach on T5/M5, T7/M7 SPARC CPUs

(space to tab fixes after variable names)

Signed-off-by: Anatoly Pugachev <matorola@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agohwrng: n2 - documentation, add DT bindings, vendor prefixes
Anatoly Pugachev [Mon, 25 Jan 2016 16:09:21 +0000 (19:09 +0300)]
hwrng: n2 - documentation, add DT bindings, vendor prefixes

n2rng: documentation, add DT bindings, vendor prefixes

Signed-off-by: Anatoly Pugachev <matorola@gmail.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: hash - Add crypto_has_ahash helper
Herbert Xu [Sat, 23 Jan 2016 05:52:40 +0000 (13:52 +0800)]
crypto: hash - Add crypto_has_ahash helper

This patch adds the helper crypto_has_ahash which should replace
crypto_has_hash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: api - Add crypto_type_has_alg helper
Herbert Xu [Sat, 23 Jan 2016 05:51:01 +0000 (13:51 +0800)]
crypto: api - Add crypto_type_has_alg helper

This patch adds the helper crypto_type_has_alg which is meant
to replace crypto_has_alg for new-style crypto types.  Rather
than hard-coding type/mask information they're now retrieved
from the crypto_type object.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: skcipher - Add helper to zero stack request
Herbert Xu [Fri, 22 Jan 2016 15:21:10 +0000 (23:21 +0800)]
crypto: skcipher - Add helper to zero stack request

As the size of an skcipher_request is variable, it's awkward to
zero it explicitly.  This patch adds a helper to do that which
should be used when it is created on the stack.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: hash - Add helpers to zero stack request/descriptor
Herbert Xu [Fri, 22 Jan 2016 15:17:58 +0000 (23:17 +0800)]
crypto: hash - Add helpers to zero stack request/descriptor

As the size of an ahash_request or shash_desc is variable, it's
awkward to zero them explicitly.  This patch adds helpers to do
that which should be used when they are created on the stack.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: drbg - remove FIPS 140-2 continuous test
Stephan Mueller [Fri, 22 Jan 2016 08:52:28 +0000 (09:52 +0100)]
crypto: drbg - remove FIPS 140-2 continuous test

The newly released FIPS 140-2 IG 9.8 specifies that for SP800-90A
compliant DRBGs, the FIPS 140-2 continuous random number generator test
is not required any more.

This patch removes the test and all associated data structures.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: skcipher - Add default key size helper
Herbert Xu [Thu, 21 Jan 2016 09:10:56 +0000 (17:10 +0800)]
crypto: skcipher - Add default key size helper

While converting ecryptfs over to skcipher I found that it needs
to pick a default key size if one isn't given.  Rather than having
it poke into the guts of the algorithm to get max_keysize, let's
provide a helper that is meant to give a sane default (just in
case we ever get an algorithm that has no maximum key size).

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - Reduced reqsize in qat_algs
Cabiddu, Giovanni [Tue, 19 Jan 2016 17:34:04 +0000 (17:34 +0000)]
crypto: qat - Reduced reqsize in qat_algs

req_alloc functions already take into account the request data structure
when allocating memory.

Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: ixp4xx - Fix false lastlen uninitialised warning
Herbert Xu [Tue, 19 Jan 2016 01:00:21 +0000 (09:00 +0800)]
crypto: ixp4xx - Fix false lastlen uninitialised warning

This patch fixes a false positive uninitialised variable warning
in aead_perform by moving the source processing in front of the
destination processing, thus ensuring that the initialisation of
lastlen is always visible to gcc.

Reported-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Arnd Bergmann <arnd@arndb.de>
8 years agohwrng: brcm63xx - document device tree bindings
Álvaro Fernández Rojas [Sun, 17 Jan 2016 09:03:57 +0000 (10:03 +0100)]
hwrng: brcm63xx - document device tree bindings

Documents device tree bindings for random number generator present on Broadcom
BCM6368 SoC.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Acked-by: Rob Herring <robh@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agohwrng: bcm63xx - allow building for BMIPS_GENERIC
Álvaro Fernández Rojas [Sun, 17 Jan 2016 09:03:56 +0000 (10:03 +0100)]
hwrng: bcm63xx - allow building for BMIPS_GENERIC

Now that we have device tree support and BCM6368 is supported in BMIPS_GENERIC,
we can use it for BMIPS_GENERIC too.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agohwrng: bcm63xx - add device tree support
Álvaro Fernández Rojas [Sun, 17 Jan 2016 09:03:55 +0000 (10:03 +0100)]
hwrng: bcm63xx - add device tree support

Adds device tree support for BCM6368, which seems to be the only BCM63xx with
bcm63xx-rng support.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agohwrng: bcm63xx - remove unused variables
Álvaro Fernández Rojas [Sun, 17 Jan 2016 09:03:54 +0000 (10:03 +0100)]
hwrng: bcm63xx - remove unused variables

These variables where left as unused in commit 6229c16060fe
("hwrng: bcm63xx - make use of devm_hwrng_register")

Fixes the following warning:
drivers/char/hw_random/bcm63xx-rng.c: In function 'bcm63xx_rng_probe':
drivers/char/hw_random/bcm63xx-rng.c:85:16: warning: unused variable 'rng'
[-Wunused-variable]
  struct hwrng *rng;
                ^
drivers/char/hw_random/bcm63xx-rng.c:82:14: warning: unused variable 'clk'
[-Wunused-variable]
  struct clk *clk;

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-sha - fix context switches
Cyrille Pitchen [Fri, 15 Jan 2016 14:49:34 +0000 (15:49 +0100)]
crypto: atmel-sha - fix context switches

This patch saves the value of the internal hash register at the end of an
'update' operation then restores this value before starting the next
'update'. This way the driver can now properly handle context switches.

WARNING: only hardware versions from sama5d4x and later provide the
needed interface to update the internal hash value. Especially, sama5d3x
cannot implement this feature so context switches are still broken.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-sha - add support of sama5d2x SoCs
Cyrille Pitchen [Fri, 15 Jan 2016 14:49:33 +0000 (15:49 +0100)]
crypto: atmel-sha - add support of sama5d2x SoCs

This patch adds support of hardware version 5.1.x embedded inside sama5d2x
SoCs.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-sha - fix a race between the 'done' tasklet and the crypto client
Cyrille Pitchen [Fri, 15 Jan 2016 14:49:32 +0000 (15:49 +0100)]
crypto: atmel-sha - fix a race between the 'done' tasklet and the crypto client

The 'done' tasklet handler used to check the 'BUSY' flag to either
finalize the processing of a crypto request which had just completed or
manage the crypto queue to start the next crypto request.

On request R1 completion, the driver calls atmel_sha_finish_req(), which:
1 - clears the 'BUSY' flag since the hardware is no longer used and is
    ready again to process new crypto requests.
2 - notifies the above layer (the client) about the completion of the
    asynchronous crypto request R1 by calling its base.complete()
    callback.
3 - schedules the 'done' task to check the crypto queue and start to
    process the next crypto request (the 'BUSY' flag is supposed to be
    cleared at that moment) if such a pending request exists.

However step 2 might wake the client up so it can now ask our driver to
process a new crypto request R2. This request is enqueued by calling the
atmel_sha_handle_queue() function, which sets the 'BUSY' flags then
starts to process R2.

If the 'done' tasklet, scheduled by step 3, runs just after, it would see
that the 'BUSY' flag is set then understand that R2 has just completed,
which is wrong!

So the state of 'BUSY' flag is not a proper way to detect and handle
crypto request completion.

This patch fixes this race condition by using two different tasklets, one
to handle the crypto request completion events, the other to manage the
crypto queue if needed.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-sha - fix crash when computing digest on empty message
Cyrille Pitchen [Fri, 15 Jan 2016 14:49:31 +0000 (15:49 +0100)]
crypto: atmel-sha - fix crash when computing digest on empty message

This patch fixes a crash which occured during the computation of the
digest of an empty message.

Indeed, when processing an empty message, the atmel_sha_handle_queue()
function was never called, hence the dd->req pointer remained
uninitialized.

Later, when the atmel_sha_final_req() function was called, it used
to crash while using this uninitialized dd->req pointer.

Hence this patch adds missing initializations of dd->req before calls of
the atmel_sha_final_req() function.

This bug prevented us from passing the tcrypt test suite on SHA algo.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: ccp - Add hash state import and export support
Tom Lendacky [Tue, 12 Jan 2016 17:17:38 +0000 (11:17 -0600)]
crypto: ccp - Add hash state import and export support

Commit 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero")
added a check to prevent ahash algorithms from successfully registering
if the import and export functions were not implemented. This prevents
an oops in the hash_accept function of algif_hash. This commit causes
the ccp-crypto module SHA support and AES CMAC support from successfully
registering and causing the ccp-crypto module load to fail because the
ahash import and export functions are not implemented.

Update the CCP Crypto API support to provide import and export support
for ahash algorithms.

Cc: <stable@vger.kernel.org> # 3.14.x-
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: caam - enable LARGE_BURST for enhancing DMA transactions size
Horia Geant? [Tue, 12 Jan 2016 15:14:10 +0000 (17:14 +0200)]
crypto: caam - enable LARGE_BURST for enhancing DMA transactions size

Increasing CAAM DMA engine transaction size either
-reduces the number of required transactions or
-adds the ability to transfer more data with same transaction count

Signed-off-by: Horia Geant? <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - Pack cfg ctl structs
Atta, Ahsan [Mon, 11 Jan 2016 15:23:47 +0000 (15:23 +0000)]
crypto: qat - Pack cfg ctl structs

-This is required to support 32bit adf_ctl
 utility on a 64bit driver

Signed-off-by: Ahsan Atta <ahsan.atta@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: s5p-sss - Use memcpy_toio for iomem annotated memory
Krzysztof Koz?owski [Mon, 11 Jan 2016 11:45:51 +0000 (20:45 +0900)]
crypto: s5p-sss - Use memcpy_toio for iomem annotated memory

Use memcpy_toio to fix following sparse warning:

drivers/crypto/s5p-sss.c:386:40: warning: incorrect type in argument 1 (different address spaces)
drivers/crypto/s5p-sss.c:386:40:    expected void *<noident>
drivers/crypto/s5p-sss.c:386:40:    got void [noderef] <asn:2>*

Signed-off-by: Krzysztof Kozlowski <k.kozlowski.k@gmail.com>
Acked-by: Vladimir Zapolskiy <vz@mleia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: s5p-sss - Fix minor coding style violations
Krzysztof Koz?owski [Mon, 11 Jan 2016 11:45:50 +0000 (20:45 +0900)]
crypto: s5p-sss - Fix minor coding style violations

Improve a little bit code readability and use dev_info/err for printing
messages.

Signed-off-by: Krzysztof Kozlowski <k.kozlowski.k@gmail.com>
Acked-by: Vladimir Zapolskiy <vz@mleia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - remove redundant function call
Pingchao Yang [Wed, 6 Jan 2016 09:56:20 +0000 (17:56 +0800)]
crypto: qat - remove redundant function call

adf_dev_restore(accel_dev) was called in adf_dev_shutdown,no
need to call it in adf_device_reset_worker after adf_dev_shutdown
was called.

Signed-off-by: Yang Pingchao <pingchao.yang@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - change name for c6xx dev type
Tadeusz Struk [Tue, 5 Jan 2016 19:14:55 +0000 (11:14 -0800)]
crypto: qat - change name for c6xx dev type

change name for c6x dev type to more generic.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: ansi_cprng - ANSI X9.31 DRNG is not allowed in FIPS 140-2
Stephan Mueller [Tue, 5 Jan 2016 12:12:21 +0000 (13:12 +0100)]
crypto: ansi_cprng - ANSI X9.31 DRNG is not allowed in FIPS 140-2

As per update of the FIPS 140-2 Annex C supported by SP800-131A, the
ANSI X9.31 DRNG is not an allowed cipher in FIPS mode any more.

CC: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: chacha20-ssse3 - Align stack pointer to 64 bytes
Eli Cooper [Thu, 21 Jan 2016 16:24:08 +0000 (00:24 +0800)]
crypto: chacha20-ssse3 - Align stack pointer to 64 bytes

This aligns the stack pointer in chacha20_4block_xor_ssse3 to 64 bytes.
Fixes general protection faults and potential kernel panics.

Cc: stable@vger.kernel.org
Signed-off-by: Eli Cooper <elicooper@gmx.com>
Acked-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agoPKCS#7: Don't require SpcSpOpusInfo in Authenticode pkcs7 signatures
Peter Jones [Mon, 18 Jan 2016 15:49:58 +0000 (10:49 -0500)]
PKCS#7: Don't require SpcSpOpusInfo in Authenticode pkcs7 signatures

Dave Young reported:
> Hi,
>
> I saw the warning "Missing required AuthAttr" when testing kexec,
> known issue?  Idea about how to fix it?
>
> The kernel is latest linus tree plus sevral patches from Toshi to
> cleanup io resource structure.
>
> in function pkcs7_sig_note_set_of_authattrs():
>         if (!test_bit(sinfo_has_content_type, &sinfo->aa_set) ||
>             !test_bit(sinfo_has_message_digest, &sinfo->aa_set) ||
>             (ctx->msg->data_type == OID_msIndirectData &&
>              !test_bit(sinfo_has_ms_opus_info, &sinfo->aa_set))) {
>                 pr_warn("Missing required AuthAttr\n");
>                 return -EBADMSG;
>         }
>
> The third condition below is true:
> (ctx->msg->data_type == OID_msIndirectData &&
>              !test_bit(sinfo_has_ms_opus_info, &sinfo->aa_set))
>
> I signed the kernel with redhat test key like below:
> pesign -c 'Red Hat Test Certificate' -i arch/x86/boot/bzImage -o /boot/vmlinuz-4.4.0-rc8+ -s --force

And right he is!  The Authenticode specification is a paragon amongst
technical documents, and has this pearl of wisdom to offer:

---------------------------------
Authenticode-Specific SignerInfo UnauthenticatedAttributes Structures

  The following Authenticode-specific data structures are present in
  SignerInfo authenticated attributes.

  SpcSpOpusInfo
  SpcSpOpusInfo is identified by SPC_SP_OPUS_INFO_OBJID
  (1.3.6.1.4.1.311.2.1.12) and is defined as follows:
  SpcSpOpusInfo ::= SEQUENCE {
    programName  [0] EXPLICIT SpcString OPTIONAL,
    moreInfo     [1] EXPLICIT SpcLink OPTIONAL,
  } --#public--

  SpcSpOpusInfo has two fields:
    programName
      This field contains the program description:
      If publisher chooses not to specify a description, the SpcString
      structure contains a zero-length program name.
      If the publisher chooses to specify a
      description, the SpcString structure contains a Unicode string.
    moreInfo
      This field is set to an SPCLink structure that contains a URL for
      a Web site with more information about the signer. The URL is an
      ASCII string.
---------------------------------

Which is to say that this is an optional *unauthenticated* field which
may be present in the Authenticated Attribute list.  This is not how
pkcs7 is supposed to work, so when David implemented this, he didn't
appreciate the subtlety the original spec author was working with, and
missed the part of the sublime prose that says this Authenticated
Attribute is an Unauthenticated Attribute.  As a result, the code in
question simply takes as given that the Authenticated Attributes should
be authenticated.

But this one should not, individually.  Because it says it's not
authenticated.

It still has to hash right so the TBS digest is correct.  So it is both
authenticated and unauthenticated, all at once.  Truly, a wonder of
technical accomplishment.

Additionally, pesign's implementation has always attempted to be
compatible with the signatures emitted from contemporary versions of
Microsoft's signtool.exe.  During the initial implementation, Microsoft
signatures always produced the same values for SpcSpOpusInfo -
{U"Microsoft Windows", "http://www.microsoft.com"} - without regard to
who the signer was.

Sometime between Windows 8 and Windows 8.1 they stopped including the
field in their signatures altogether, and as such pesign stopped
producing them in commits c0c4da6 and d79cb0c, sometime around June of
2012.  The theory here is that anything that breaks with
pesign signatures would also be breaking with signtool.exe sigs as well,
and that'll be a more noticed problem for firmwares parsing it, so it'll
get fixed.  The fact that we've done exactly this bug in Linux code is
first class, grade A irony.

So anyway, we should not be checking this field for presence or any
particular value: if the field exists, it should be at the right place,
but aside from that, as long as the hash matches the field is good.

Signed-off-by: Peter Jones <pjones@redhat.com>
Tested-by: Dave Young <dyoung@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: caam - make write transactions bufferable on PPC platforms
Horia Geant? [Tue, 12 Jan 2016 15:59:29 +0000 (17:59 +0200)]
crypto: caam - make write transactions bufferable on PPC platforms

Previous change (see "Fixes" tag) to the MCFGR register
clears AWCACHE[0] ("bufferable" AXI3 attribute) (which is "1" at POR).

This makes all writes non-bufferable, causing a ~ 5% performance drop
for PPC-based platforms.

Rework previous change such that MCFGR[AWCACHE]=4'b0011
(bufferable + cacheable) for all platforms.
Note: For ARM-based platforms, AWCACHE[0] is ignored
by the interconnect IP.

Cc: <stable@vger.kernel.org> # 4.3+
Fixes: f10967495144 ("crypto: caam - fix snooping for write transactions")
Signed-off-by: Horia Geant? <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agoLinux 4.5-rc1
Linus Torvalds [Sun, 24 Jan 2016 21:06:47 +0000 (13:06 -0800)]
Linux 4.5-rc1

8 years agoMerge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus
Linus Torvalds [Sun, 24 Jan 2016 20:50:56 +0000 (12:50 -0800)]
Merge branch 'upstream' of git://git.linux-mips.org/ralf/upstream-linus

Pull MIPS updates from Ralf Baechle:
 "This is the main pull request for MIPS for 4.5 plus some 4.4 fixes.

  The executive summary:

   - ATH79 platform improvments, use DT bindings for the ATH79 USB PHY.
   - Avoid useless rebuilds for zboot.
   - jz4780: Add NEMC, BCH and NAND device tree nodes
   - Initial support for the MicroChip's DT platform.  As all the device
     drivers are missing this is still of limited use.
   - Some Loongson3 cleanups.
   - The unavoidable whitespace polishing.
   - Reduce clock skew when synchronizing the CPU cycle counters on CPU
     startup.
   - Add MIPS R6 fixes.
   - Lots of cleanups across arch/mips as fallout from KVM.
   - Lots of minor fixes and changes for IEEE 754-2008 support to the
     FPU emulator / fp-assist software.
   - Minor Ralink, BCM47xx and bcm963xx platform support improvments.
   - Support SMP on BCM63168"

* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: (84 commits)
  MIPS: zboot: Add support for serial debug using the PROM
  MIPS: zboot: Avoid useless rebuilds
  MIPS: BMIPS: Enable ARCH_WANT_OPTIONAL_GPIOLIB
  MIPS: bcm63xx: nvram: Remove unused bcm63xx_nvram_get_psi_size() function
  MIPS: bcm963xx: Update bcm_tag field image_sequence
  MIPS: bcm963xx: Move extended flash address to bcm_tag header file
  MIPS: bcm963xx: Move Broadcom BCM963xx image tag data structure
  MIPS: bcm63xx: nvram: Use nvram structure definition from header file
  MIPS: bcm963xx: Add Broadcom BCM963xx board nvram data structure
  MAINTAINERS: Add KVM for MIPS entry
  MIPS: KVM: Add missing newline to kvm_err()
  MIPS: Move KVM specific opcodes into asm/inst.h
  MIPS: KVM: Use cacheops.h definitions
  MIPS: Break down cacheops.h definitions
  MIPS: Use EXCCODE_ constants with set_except_vector()
  MIPS: Update trap codes
  MIPS: Move Cause.ExcCode trap codes to mipsregs.h
  MIPS: KVM: Make kvm_mips_{init,exit}() static
  MIPS: KVM: Refactor added offsetof()s
  MIPS: KVM: Convert EXPORT_SYMBOL to _GPL
  ...

8 years agoMerge tag 'platform-drivers-x86-v4.5-2' of git://git.infradead.org/users/dvhart/linux...
Linus Torvalds [Sun, 24 Jan 2016 20:45:35 +0000 (12:45 -0800)]
Merge tag 'platform-drivers-x86-v4.5-2' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86

Pull x86 platform driver updates from Darren Hart:
 "Emergency travel prevented me from completing my final testing on this
  until today.  Nothing here that couldn't wait until RC1 fixes, but I
  thought it best to get it out sooner rather than later as it does
  contain a build warning fix.

  Summary:

  A build warning fix, MAINTAINERS cleanup, and a new DMI quirk:

  ideapad-laptop:
   - Add Lenovo Yoga 700 to no_hw_rfkill dmi list

  MAINTAINERS:
   - Combine multiple telemetry entries

  intel_telemetry_debugfs:
   - Fix unused warnings in telemetry debugfs"

* tag 'platform-drivers-x86-v4.5-2' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86:
  ideapad-laptop: Add Lenovo Yoga 700 to no_hw_rfkill dmi list
  MAINTAINERS: Combine multiple telemetry entries
  intel_telemetry_debugfs: Fix unused warnings in telemetry debugfs

8 years agoMerge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux
Linus Torvalds [Sun, 24 Jan 2016 20:43:06 +0000 (12:43 -0800)]
Merge branch 'next' of git://git./linux/kernel/git/rzhang/linux

Pull thermal management updates from Zhang Rui:
 "The top merge commit was re-generated yesterday because two topic
  branches were dropped from this pull request in the last minute due to
  some unaddressed comments.  All the other material has been in
  linux-next for quite a while.

  Specifics:

   - Enhance thermal core to handle unexpected device cooling states
     after fresh boot and system resume.  From Zhang Rui and Chen Yu.

   - Several fixes and cleanups on Rockchip and RCAR thermal drivers.
     From Caesar Wang and Kuninori Morimoto.

   - Add Broxton support for Intel processor thermal reporting device
     driver.  From Amy Wiles"

* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux:
  thermal: trip_point_temp_store() calls thermal_zone_device_update()
  thermal: rcar: rcar_thermal_get_temp() return error if strange temp
  thermal: rcar: check irq possibility in rcar_thermal_irq_xxx()
  thermal: rcar: check every rcar_thermal_update_temp() return value
  thermal: rcar: move rcar_thermal_dt_ids to upside
  thermal: rockchip: Support the RK3399 SoCs in thermal driver
  thermal: rockchip: Support the RK3228 SoCs in thermal driver
  dt-bindings: rockchip-thermal: Support the RK3228/RK3399 SoCs compatible
  thermal: rockchip: fix a trivial typo
  Thermal: Enable Broxton SoC thermal reporting device
  thermal: constify pch_dev_ops structure
  Thermal: do thermal zone update after a cooling device registered
  Thermal: handle thermal zone device properly during system sleep
  Thermal: initialize thermal zone device correctly

8 years agoMerge tag 'for-linus-4.5-merge-window' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Sun, 24 Jan 2016 20:39:09 +0000 (12:39 -0800)]
Merge tag 'for-linus-4.5-merge-window' of git://git./linux/kernel/git/ericvh/v9fs

Pull 9p updates from Eric Van Hensbergen:
 "Sorry for the last minute pull request, there's was a change that
  didn't get pulled into for-next until two weeks ago and I wanted to
  give it some bake time.

  Summary:

  Rework and error handling fixes, primarily in the fscatch and fd
  transports"

* tag 'for-linus-4.5-merge-window' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs:
  fs/9p: use fscache mutex rather than spinlock
  9p: trans_fd, bail out if recv fcall if missing
  9p: trans_fd, read rework to use p9_parse_header
  net/9p: Add device name details on error

8 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph...
Linus Torvalds [Sun, 24 Jan 2016 20:34:13 +0000 (12:34 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/sage/ceph-client

Pull Ceph updates from Sage Weil:
 "The two main changes are aio support in CephFS, and a series that
  fixes several issues in the authentication key timeout/renewal code.

  On top of that are a variety of cleanups and minor bug fixes"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
  libceph: remove outdated comment
  libceph: kill off ceph_x_ticket_handler::validity
  libceph: invalidate AUTH in addition to a service ticket
  libceph: fix authorizer invalidation, take 2
  libceph: clear messenger auth_retry flag if we fault
  libceph: fix ceph_msg_revoke()
  libceph: use list_for_each_entry_safe
  ceph: use i_size_{read,write} to get/set i_size
  ceph: re-send AIO write request when getting -EOLDSNAP error
  ceph: Asynchronous IO support
  ceph: Avoid to propagate the invalid page point
  ceph: fix double page_unlock() in page_mkwrite()
  rbd: delete an unnecessary check before rbd_dev_destroy()
  libceph: use list_next_entry instead of list_entry_next
  ceph: ceph_frag_contains_value can be boolean
  ceph: remove unused functions in ceph_frag.h

8 years agoMerge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6
Linus Torvalds [Sun, 24 Jan 2016 20:31:12 +0000 (12:31 -0800)]
Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6

Pull SMB3 fixes from Steve French:
 "A collection of CIFS/SMB3 fixes.

  It includes a couple bug fixes, a few for improved debugging of
  cifs.ko and some improvements to the way cifs does key generation.

  I do have some additional bug fixes I expect in the next week or two
  (to address a problem found by xfstest, and some fixes for SMB3.11
  dialect, and a couple patches that just came in yesterday that I am
  reviewing)"

* 'for-next' of git://git.samba.org/sfrench/cifs-2.6:
  cifs_dbg() outputs an uninitialized buffer in cifs_readdir()
  cifs: fix race between call_async() and reconnect()
  Prepare for encryption support (first part). Add decryption and encryption key generation. Thanks to Metze for helping with this.
  cifs: Allow using O_DIRECT with cache=loose
  cifs: Make echo interval tunable
  cifs: Check uniqueid for SMB2+ and return -ESTALE if necessary
  Print IP address of unresponsive server
  cifs: Ratelimit kernel log messages