Unlike shash algorithms, ahash drivers must implement export
and import as their descriptors may contain hardware state and
cannot be exported as is.  Unfortunately some ahash drivers did
not provide them and end up causing crashes with algif_hash.

This patch adds a check to prevent these drivers from registering
ahash algorithms until they are fixed.

Cc: stable@vger.kernel.org
Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

We need to explicitly check the AVX and AES CPU features, as we can't
infer them from the related XSAVE feature flags.  For example, the
Core i3 2310M passes the XSAVE feature test but does not implement
AES-NI.
Reported-and-tested-by: NStéphane Glondu <glondu@debian.org>
References: https://bugs.debian.org/800934
Fixes: ce4f5f9b ("x86/fpu, crypto x86/camellia_aesni_avx: Simplify...")
Signed-off-by: NBen Hutchings <ben@decadent.org.uk>
Cc: stable <stable@vger.kernel.org> # 4.2
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Some of the crypto algorithms write to the initialization vector,
but no space has been allocated for it. This clobbers adjacent memory.

Cc: stable@vger.kernel.org
Signed-off-by: NDave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The function can return negative value.

The problem has been detected using proposed semantic patch
scripts/coccinelle/tests/unsigned_lesser_than_zero.cocci [1].

[1]: http://permalink.gmane.org/gmane.linux.kernel/2038576Signed-off-by: NAndrzej Hajda <a.hajda@samsung.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Don't allow to trigger SBR from a VF running in VMM context.

Cc: stable@vger.kernel.org
Signed-off-by: NConor McLoughlin <conor.mcloughlin@intel.com>
Signed-off-by: NTadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The mv_cesa_queue_req() function calls crypto_enqueue_request() to
enqueue a request. In the normal case (i.e the queue isn't full), this
function returns -EINPROGRESS. The current Marvell CESA crypto driver
takes this into account and cleans up the request only if an error
occured, i.e if the return value is not -EINPROGRESS.

Unfortunately this causes problems with
CRYPTO_TFM_REQ_MAY_BACKLOG-flagged requests. When such a request is
passed to crypto_enqueue_request() and the queue is full,
crypto_enqueue_request() will return -EBUSY, but will keep the request
enqueued nonetheless. This situation was not properly handled by the
Marvell CESA driver, which was anyway cleaning up the request in such
a situation. When later on the request was taken out of the backlog
and actually processed, a kernel crash occured due to the internal
driver data structures for this structure having been cleaned up.

To avoid this situation, this commit adds a
mv_cesa_req_needs_cleanup() helper function which indicates if the
request needs to be cleaned up or not after a call to
crypto_enqueue_request(). This helper allows to do the cleanup only in
the appropriate cases, and all call sites of mv_cesa_queue_req() are
fixed to use this new helper function.
Reported-by: NVincent Donnefort <vdonnefort@gmail.com>
Fixes: db509a45 ("crypto: marvell/cesa - add TDMA support")
Cc: <stable@vger.kernel.org> # v4.2+
Signed-off-by: NThomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: NBoris Brezillon <boris.brezillon@free-electrons.com>
Tested-by: NVincent Donnefort <vdonnefort@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

While the destination buffer 'iv' is MAX_IVLEN size,
the source 'template[i].iv' could be smaller, thus
memcpy may read read invalid memory.
Use crypto_skcipher_ivsize() to get real ivsize
and pass it to memcpy.
Signed-off-by: NAndrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The sun4i_ss_opti_poll function cipher data until the output miter have
a length of 0.
If the crypto API client, give more SGs than necessary this could result
in an infinite loop.
Fix it by checking for remaining bytes, just like sun4i_ss_cipher_poll().
Signed-off-by: NLABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This code uses FP (floating point), Altivec and VSX (Vector-Scalar
Extension). It can just depend on CONFIG_VSX though, because that
already depends on FP and Altivec.

Otherwise we get lots of link errors such as:

  drivers/built-in.o: In function `.p8_aes_setkey':
  aes.c:(.text+0x2d325c): undefined reference to `.enable_kernel_altivec'
  aes.c:(.text+0x2d326c): undefined reference to `.enable_kernel_vsx'
Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Currently context size (cra_ctxsize) doesn't specified for
ghash_async_alg. Which means it's zero. Thus crypto_create_tfm()
doesn't allocate needed space for ghash_async_ctx, so any
read/write to ctx (e.g. in ghash_async_init_tfm()) is not valid.

Cc: stable@vger.kernel.org
Signed-off-by: NAndrey Ryabinin <aryabinin@odin.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The tsgl scatterlist must be re-initialized after each
operation. Otherwise the sticky bits in the page_link will corrupt the
list with pre-mature termination or false chaining.
Signed-off-by: NLars Persson <larper@axis.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

We need to support legacy VFs as well as VFs running on different OSes.
To do so the compatibility check need needs to be relaxed.
This patch moves the logic responsible for VF to PF version and
compatibility checking from adfsriov.c to adf_pf2vf_msg.c,
where it belongs, and changes the logic enable legacy VFs.
Signed-off-by: NTadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Change mpi_read_buffer to return a number without leading zeros
so that mpi_read_buffer and mpi_get_buffer return the same thing.
Signed-off-by: NTadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add range check for ring number.
Reported-by: NDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: NTadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

In build time vadduqm opcode  is not being mapped
correctly.

Adding a new map in ppc-xlate to do this.
Signed-off-by: NLeonidas S Barbosa <leosilva@linux.vnet.ibm.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

"The preferred form for passing a size of a struct is the following:

        p = kmalloc(sizeof(*p), ...);
....

The preferred form for allocating a zeroed array is the following:

        p = kcalloc(n, sizeof(...), ...); "

,so do as suggested.
Signed-off-by: NFabio Estevam <fabio.estevam@freescale.com>
Reviewed-by: NHoria Geant? <horia.geanta@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Instead of propagating a 'fake' error code, just propagate the real
one in the case of caam_drv_identify_clk() failure.
Signed-off-by: NFabio Estevam <fabio.estevam@freescale.com>
Reviewed-by: NHoria Geant? <horia.geanta@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

In the error path we should disable the resources that were previously
acquired, so fix the error handling accordingly.
Signed-off-by: NFabio Estevam <fabio.estevam@freescale.com>
Reviewed-by: NHoria Geant? <horia.geanta@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Most significant part of JQCR (Job Queue Control Register) contains
bits that control endianness: ILE - Immediate Little Endian,
DWS - Double Word Swap.
The bits are automatically set by the Job Queue Controller HW.

Unfortunately these bits are cleared in SW when submitting descriptors
via the register-based service interface.
>From LS1021A:
JQCR_MS = 08080100 - before writing: ILE | DWS | SRC (JR0)
JQCR_MS = 30000100 - after writing: WHL | FOUR | SRC (JR0)

This would cause problems on little endian caam for descriptors
containing immediata data or double-word pointers.
Currently there is no problem since the only descriptors ran through
this interface are the ones that (un)instantiate RNG.
Signed-off-by: NHoria Geant? <horia.geanta@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch adds the helper AHASH_REQUEST_ON_STACK for those users
of ahash that are synchronous only.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch replaces uses of blkcipher and ablkcipher with the
new skcipher interface.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch introduces the crypto skcipher interface which aims
to replace both blkcipher and ablkcipher.

It's very similar to the existing ablkcipher interface.  The
main difference is the removal of the givcrypt interface.  In
order to make the transition easier for blkcipher users, there
is a helper SKCIPHER_REQUEST_ON_STACK which can be used to place
a request on the stack for synchronous transforms.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

CMAC is an approved cipher in FIPS 140-2. The patch allows the use
of CMAC with TDES and AES in FIPS mode.
Signed-off-by: NStephan Mueller <smueller@chronox.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch moves the data allocated using dma_alloc_coherent to the
corresponding managed interface. To be compatible with the change,
various gotos are replaced with direct returns and unneeded labels
are dropped.
Signed-off-by: NVaishali Thakkar <vthakkar1994@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

LS1021A is a QorIQ SoC having little endian CAAM.

There are a few differences b/w QorIQ and i.MX from CAAM perspective:

1. i.MX platforms are somewhat special wrt. 64-bit registers:
-big endian format at 64-bit level: MSW at address+0 and LSW at address+4
-little endian format at 32-bit level (within MSW and LSW)
and thus need special handling.

2. No CCM (clock controller module) for QorIQ.
No CAAM clocks to enable / disable.

A new Kconfig option - CRYPTO_DEV_FSL_CAAM_LE - is added to indicate
CAAM is little endian (*). It is hidden from the user (to avoid
misconfiguration); when adding support for a new platform with LE CAAM,
either the Kconfig needs to be updated or the corresponding defconfig
needs to indicate that CAAM is LE.
(*) Using a DT property to provide CAAM endianness would not allow
for the ifdeffery.

In order to keep changes to a minimum, the following changes
are postponed:
-endianness fix of the last word in the S/G (rsvd2, bpid, offset),
fields are always 0 anyway;
-S/G format fix for i.MX7 (yes, i.MX7 support was not added yet,
but still...)
Signed-off-by: NHoria Geant? <horia.geanta@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Change memcpy to memmove because the copy is done within the same buffer.
Signed-off-by: NTadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

GHASH table algorithm is using a big endian key.
In little endian machines key will be LE ordered.
After a lxvd2x instruction key is loaded as it is,
LE/BE order, in first case it'll generate a wrong
table resulting in wrong hashes from the algorithm.

Bug affects only LE machines.
In order to fix it we do a swap for loaded key.

Cc: stable@vger.kernel.org
Signed-off-by: NLeonidas S Barbosa <leosilva@linux.vnet.ibm.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

AES-CTR is using a counter 8bytes-8bytes what miss match with
kernel specs.

In the previous code a vadduwm was done to increment counter.
Replacing this for a vadduqm now considering both cases counter
8-8 bytes and full 16bytes.

Cc: stable@vger.kernel.org
Signed-off-by: NLeonidas S Barbosa <leosilva@linux.vnet.ibm.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch adds a missing tristate statement to Kconfig for the
new CRYPTO_NULL2 option.

Fixes: 149a3971 ("crypto: aead - Add type-safe geniv init/exit helpers")
Reported-by: NStephan Mueller <smueller@chronox.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The file nx.h has function prototypes that use struct crypto_aead.
However, as crypto/aead.h is not included we don't have a definition
for it.  This patch adds a forward declaration to fix this.
Reported-by: Nkbuild test robot <fengguang.wu@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The Kconfig option NULL2 has been added as CRYPTO_MANAGER now
depends indirectly on NULL2.  However, the Makefile was not updated
to use the new option, resulting in potential build failures when
only NULL2 is enabled.

Fixes: 149a3971 ("crypto: aead - Add type-safe geniv init/exit helpers")
Reported-by: Nkbuild test robot <fengguang.wu@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Compare pointer-typed values to NULL rather than 0.

The semantic patch that makes this change is available
in scripts/coccinelle/null/badzero.cocci
Signed-off-by: NFabio Estevam <fabio.estevam@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch removes the CRYPTO_ALG_AEAD_NEW flag now that everyone
has been converted.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Now that the AEAD conversion is complete we can rip out the old
AEAD interafce and associated code.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The qat driver uses crypto_aead_crt in order to get the authsize.
This patch replaces it with the crypto_aead_authsize helper instead.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Pretty soon the crypto_aead encrypt/decrypt hooks will disappear
as they are now always identical to those in struct aead_alg.

This patch replaces the references to these hooks with the ones
from aead_alg instead.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch replaces the echainiv init/exit handlers with the generic
geniv helpers.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch replaces the seqiv init/exit handlers with the generic
geniv helpers.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch adds the helpers aead_init_geniv and aead_exit_geniv
which are type-safe and intended the replace the existing geniv
init/exit helpers.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Now that we no longer have any legacy AEAD implementations the
compatibility code path can no longer be triggered.  This patch
removes it.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>