The interfaces blkcipher and hash are obsolete.  This patch replaces
them with skcipher and ahash respectively.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
Acked-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>

This patch replaces uses of blkcipher with skcipher, and the long
obsolete hash interface with ahash.  This is a bug-for-bug conversion
and no attempt has been made to fix bugs such as the ignored return
values of the crypto operations.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch replaces uses of blkcipher with the new skcipher
interface.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch adds the helper crypto_skcipher_driver_name which returns
the driver name of the alg object for a given tfm.  This is needed by
ecryptfs.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

n2rng: Attach on T5/M5, T7/M7 SPARC CPUs

(space to tab fixes after variable names)
Signed-off-by: NAnatoly Pugachev <matorola@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

n2rng: documentation, add DT bindings, vendor prefixes
Signed-off-by: NAnatoly Pugachev <matorola@gmail.com>
Acked-by: NDavid S. Miller <davem@davemloft.net>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch adds the helper crypto_has_ahash which should replace
crypto_has_hash.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch adds the helper crypto_type_has_alg which is meant
to replace crypto_has_alg for new-style crypto types.  Rather
than hard-coding type/mask information they're now retrieved
from the crypto_type object.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

As the size of an skcipher_request is variable, it's awkward to
zero it explicitly.  This patch adds a helper to do that which
should be used when it is created on the stack.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

As the size of an ahash_request or shash_desc is variable, it's
awkward to zero them explicitly.  This patch adds helpers to do
that which should be used when they are created on the stack.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The newly released FIPS 140-2 IG 9.8 specifies that for SP800-90A
compliant DRBGs, the FIPS 140-2 continuous random number generator test
is not required any more.

This patch removes the test and all associated data structures.
Signed-off-by: NStephan Mueller <smueller@chronox.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

While converting ecryptfs over to skcipher I found that it needs
to pick a default key size if one isn't given.  Rather than having
it poke into the guts of the algorithm to get max_keysize, let's
provide a helper that is meant to give a sane default (just in
case we ever get an algorithm that has no maximum key size).
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

req_alloc functions already take into account the request data structure
when allocating memory.
Signed-off-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: NTadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch fixes a false positive uninitialised variable warning
in aead_perform by moving the source processing in front of the
destination processing, thus ensuring that the initialisation of
lastlen is always visible to gcc.
Reported-by: NArnd Bergmann <arnd@arndb.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
Acked-by: NArnd Bergmann <arnd@arndb.de>

Documents device tree bindings for random number generator present on Broadcom
BCM6368 SoC.
Signed-off-by: NÁlvaro Fernández Rojas <noltari@gmail.com>
Reviewed-by: NFlorian Fainelli <f.fainelli@gmail.com>
Acked-by: NRob Herring <robh@kernel.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Now that we have device tree support and BCM6368 is supported in BMIPS_GENERIC,
we can use it for BMIPS_GENERIC too.
Signed-off-by: NÁlvaro Fernández Rojas <noltari@gmail.com>
Reviewed-by: NFlorian Fainelli <f.fainelli@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Adds device tree support for BCM6368, which seems to be the only BCM63xx with
bcm63xx-rng support.
Signed-off-by: NÁlvaro Fernández Rojas <noltari@gmail.com>
Reviewed-by: NFlorian Fainelli <f.fainelli@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

These variables where left as unused in commit 6229c160
("hwrng: bcm63xx - make use of devm_hwrng_register")

Fixes the following warning:
drivers/char/hw_random/bcm63xx-rng.c: In function 'bcm63xx_rng_probe':
drivers/char/hw_random/bcm63xx-rng.c:85:16: warning: unused variable 'rng'
[-Wunused-variable]
  struct hwrng *rng;
                ^
drivers/char/hw_random/bcm63xx-rng.c:82:14: warning: unused variable 'clk'
[-Wunused-variable]
  struct clk *clk;
Signed-off-by: NÁlvaro Fernández Rojas <noltari@gmail.com>
Reviewed-by: NFlorian Fainelli <f.fainelli@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch saves the value of the internal hash register at the end of an
'update' operation then restores this value before starting the next
'update'. This way the driver can now properly handle context switches.

WARNING: only hardware versions from sama5d4x and later provide the
needed interface to update the internal hash value. Especially, sama5d3x
cannot implement this feature so context switches are still broken.
Signed-off-by: NCyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch adds support of hardware version 5.1.x embedded inside sama5d2x
SoCs.
Signed-off-by: NCyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The 'done' tasklet handler used to check the 'BUSY' flag to either
finalize the processing of a crypto request which had just completed or
manage the crypto queue to start the next crypto request.

On request R1 completion, the driver calls atmel_sha_finish_req(), which:
1 - clears the 'BUSY' flag since the hardware is no longer used and is
    ready again to process new crypto requests.
2 - notifies the above layer (the client) about the completion of the
    asynchronous crypto request R1 by calling its base.complete()
    callback.
3 - schedules the 'done' task to check the crypto queue and start to
    process the next crypto request (the 'BUSY' flag is supposed to be
    cleared at that moment) if such a pending request exists.

However step 2 might wake the client up so it can now ask our driver to
process a new crypto request R2. This request is enqueued by calling the
atmel_sha_handle_queue() function, which sets the 'BUSY' flags then
starts to process R2.

If the 'done' tasklet, scheduled by step 3, runs just after, it would see
that the 'BUSY' flag is set then understand that R2 has just completed,
which is wrong!

So the state of 'BUSY' flag is not a proper way to detect and handle
crypto request completion.

This patch fixes this race condition by using two different tasklets, one
to handle the crypto request completion events, the other to manage the
crypto queue if needed.
Signed-off-by: NCyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch fixes a crash which occured during the computation of the
digest of an empty message.

Indeed, when processing an empty message, the atmel_sha_handle_queue()
function was never called, hence the dd->req pointer remained
uninitialized.

Later, when the atmel_sha_final_req() function was called, it used
to crash while using this uninitialized dd->req pointer.

Hence this patch adds missing initializations of dd->req before calls of
the atmel_sha_final_req() function.

This bug prevented us from passing the tcrypt test suite on SHA algo.
Signed-off-by: NCyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Commit 8996eafd ("crypto: ahash - ensure statesize is non-zero")
added a check to prevent ahash algorithms from successfully registering
if the import and export functions were not implemented. This prevents
an oops in the hash_accept function of algif_hash. This commit causes
the ccp-crypto module SHA support and AES CMAC support from successfully
registering and causing the ccp-crypto module load to fail because the
ahash import and export functions are not implemented.

Update the CCP Crypto API support to provide import and export support
for ahash algorithms.

Cc: <stable@vger.kernel.org> # 3.14.x-
Signed-off-by: NTom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Increasing CAAM DMA engine transaction size either
-reduces the number of required transactions or
-adds the ability to transfer more data with same transaction count
Signed-off-by: NHoria Geant? <horia.geanta@nxp.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

-This is required to support 32bit adf_ctl
	 utility on a 64bit driver
Signed-off-by: NAhsan Atta <ahsan.atta@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Use memcpy_toio to fix following sparse warning:

drivers/crypto/s5p-sss.c:386:40: warning: incorrect type in argument 1 (different address spaces)
drivers/crypto/s5p-sss.c:386:40:    expected void *<noident>
drivers/crypto/s5p-sss.c:386:40:    got void [noderef] <asn:2>*
Signed-off-by: NKrzysztof Kozlowski <k.kozlowski.k@gmail.com>
Acked-by: NVladimir Zapolskiy <vz@mleia.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Improve a little bit code readability and use dev_info/err for printing
messages.
Signed-off-by: NKrzysztof Kozlowski <k.kozlowski.k@gmail.com>
Acked-by: NVladimir Zapolskiy <vz@mleia.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

adf_dev_restore(accel_dev) was called in adf_dev_shutdown,no
need to call it in adf_device_reset_worker after adf_dev_shutdown
was called.
Signed-off-by: NYang Pingchao <pingchao.yang@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

change name for c6x dev type to more generic.
Signed-off-by: NTadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

As per update of the FIPS 140-2 Annex C supported by SP800-131A, the
ANSI X9.31 DRNG is not an allowed cipher in FIPS mode any more.

CC: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: NStephan Mueller <smueller@chronox.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This aligns the stack pointer in chacha20_4block_xor_ssse3 to 64 bytes.
Fixes general protection faults and potential kernel panics.

Cc: stable@vger.kernel.org
Signed-off-by: NEli Cooper <elicooper@gmx.com>
Acked-by: NMartin Willi <martin@strongswan.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Dave Young reported:
> Hi,
>
> I saw the warning "Missing required AuthAttr" when testing kexec,
> known issue?  Idea about how to fix it?
>
> The kernel is latest linus tree plus sevral patches from Toshi to
> cleanup io resource structure.
>
> in function pkcs7_sig_note_set_of_authattrs():
>         if (!test_bit(sinfo_has_content_type, &sinfo->aa_set) ||
>             !test_bit(sinfo_has_message_digest, &sinfo->aa_set) ||
>             (ctx->msg->data_type == OID_msIndirectData &&
>              !test_bit(sinfo_has_ms_opus_info, &sinfo->aa_set))) {
>                 pr_warn("Missing required AuthAttr\n");
>                 return -EBADMSG;
>         }
>
> The third condition below is true:
> (ctx->msg->data_type == OID_msIndirectData &&
>              !test_bit(sinfo_has_ms_opus_info, &sinfo->aa_set))
>
> I signed the kernel with redhat test key like below:
> pesign -c 'Red Hat Test Certificate' -i arch/x86/boot/bzImage -o /boot/vmlinuz-4.4.0-rc8+ -s --force

And right he is!  The Authenticode specification is a paragon amongst
technical documents, and has this pearl of wisdom to offer:

---------------------------------
Authenticode-Specific SignerInfo UnauthenticatedAttributes Structures

  The following Authenticode-specific data structures are present in
  SignerInfo authenticated attributes.

  SpcSpOpusInfo
  SpcSpOpusInfo is identified by SPC_SP_OPUS_INFO_OBJID
  (1.3.6.1.4.1.311.2.1.12) and is defined as follows:
  SpcSpOpusInfo ::= SEQUENCE {
    programName  [0] EXPLICIT SpcString OPTIONAL,
    moreInfo     [1] EXPLICIT SpcLink OPTIONAL,
  } --#public--

  SpcSpOpusInfo has two fields:
    programName
      This field contains the program description:
      If publisher chooses not to specify a description, the SpcString
      structure contains a zero-length program name.
      If the publisher chooses to specify a
      description, the SpcString structure contains a Unicode string.
    moreInfo
      This field is set to an SPCLink structure that contains a URL for
      a Web site with more information about the signer. The URL is an
      ASCII string.
---------------------------------

Which is to say that this is an optional *unauthenticated* field which
may be present in the Authenticated Attribute list.  This is not how
pkcs7 is supposed to work, so when David implemented this, he didn't
appreciate the subtlety the original spec author was working with, and
missed the part of the sublime prose that says this Authenticated
Attribute is an Unauthenticated Attribute.  As a result, the code in
question simply takes as given that the Authenticated Attributes should
be authenticated.

But this one should not, individually.  Because it says it's not
authenticated.

It still has to hash right so the TBS digest is correct.  So it is both
authenticated and unauthenticated, all at once.  Truly, a wonder of
technical accomplishment.

Additionally, pesign's implementation has always attempted to be
compatible with the signatures emitted from contemporary versions of
Microsoft's signtool.exe.  During the initial implementation, Microsoft
signatures always produced the same values for SpcSpOpusInfo -
{U"Microsoft Windows", "http://www.microsoft.com"} - without regard to
who the signer was.

Sometime between Windows 8 and Windows 8.1 they stopped including the
field in their signatures altogether, and as such pesign stopped
producing them in commits c0c4da6 and d79cb0c, sometime around June of
2012.  The theory here is that anything that breaks with
pesign signatures would also be breaking with signtool.exe sigs as well,
and that'll be a more noticed problem for firmwares parsing it, so it'll
get fixed.  The fact that we've done exactly this bug in Linux code is
first class, grade A irony.

So anyway, we should not be checking this field for presence or any
particular value: if the field exists, it should be at the right place,
but aside from that, as long as the hash matches the field is good.
Signed-off-by: NPeter Jones <pjones@redhat.com>
Tested-by: NDave Young <dyoung@redhat.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Previous change (see "Fixes" tag) to the MCFGR register
clears AWCACHE[0] ("bufferable" AXI3 attribute) (which is "1" at POR).

This makes all writes non-bufferable, causing a ~ 5% performance drop
for PPC-based platforms.

Rework previous change such that MCFGR[AWCACHE]=4'b0011
(bufferable + cacheable) for all platforms.
Note: For ARM-based platforms, AWCACHE[0] is ignored
by the interconnect IP.

Cc: <stable@vger.kernel.org> # 4.3+
Fixes: f1096749 ("crypto: caam - fix snooping for write transactions")
Signed-off-by: NHoria Geant? <horia.geanta@nxp.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Pull MIPS updates from Ralf Baechle:
 "This is the main pull request for MIPS for 4.5 plus some 4.4 fixes.

  The executive summary:

   - ATH79 platform improvments, use DT bindings for the ATH79 USB PHY.
   - Avoid useless rebuilds for zboot.
   - jz4780: Add NEMC, BCH and NAND device tree nodes
   - Initial support for the MicroChip's DT platform.  As all the device
     drivers are missing this is still of limited use.
   - Some Loongson3 cleanups.
   - The unavoidable whitespace polishing.
   - Reduce clock skew when synchronizing the CPU cycle counters on CPU
     startup.
   - Add MIPS R6 fixes.
   - Lots of cleanups across arch/mips as fallout from KVM.
   - Lots of minor fixes and changes for IEEE 754-2008 support to the
     FPU emulator / fp-assist software.
   - Minor Ralink, BCM47xx and bcm963xx platform support improvments.
   - Support SMP on BCM63168"

* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: (84 commits)
  MIPS: zboot: Add support for serial debug using the PROM
  MIPS: zboot: Avoid useless rebuilds
  MIPS: BMIPS: Enable ARCH_WANT_OPTIONAL_GPIOLIB
  MIPS: bcm63xx: nvram: Remove unused bcm63xx_nvram_get_psi_size() function
  MIPS: bcm963xx: Update bcm_tag field image_sequence
  MIPS: bcm963xx: Move extended flash address to bcm_tag header file
  MIPS: bcm963xx: Move Broadcom BCM963xx image tag data structure
  MIPS: bcm63xx: nvram: Use nvram structure definition from header file
  MIPS: bcm963xx: Add Broadcom BCM963xx board nvram data structure
  MAINTAINERS: Add KVM for MIPS entry
  MIPS: KVM: Add missing newline to kvm_err()
  MIPS: Move KVM specific opcodes into asm/inst.h
  MIPS: KVM: Use cacheops.h definitions
  MIPS: Break down cacheops.h definitions
  MIPS: Use EXCCODE_ constants with set_except_vector()
  MIPS: Update trap codes
  MIPS: Move Cause.ExcCode trap codes to mipsregs.h
  MIPS: KVM: Make kvm_mips_{init,exit}() static
  MIPS: KVM: Refactor added offsetof()s
  MIPS: KVM: Convert EXPORT_SYMBOL to _GPL
  ...

Merge tag 'platform-drivers-x86-v4.5-2' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86

Pull x86 platform driver updates from Darren Hart:
 "Emergency travel prevented me from completing my final testing on this
  until today.  Nothing here that couldn't wait until RC1 fixes, but I
  thought it best to get it out sooner rather than later as it does
  contain a build warning fix.

  Summary:

  A build warning fix, MAINTAINERS cleanup, and a new DMI quirk:

  ideapad-laptop:
   - Add Lenovo Yoga 700 to no_hw_rfkill dmi list

  MAINTAINERS:
   - Combine multiple telemetry entries

  intel_telemetry_debugfs:
   - Fix unused warnings in telemetry debugfs"

* tag 'platform-drivers-x86-v4.5-2' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86:
  ideapad-laptop: Add Lenovo Yoga 700 to no_hw_rfkill dmi list
  MAINTAINERS: Combine multiple telemetry entries
  intel_telemetry_debugfs: Fix unused warnings in telemetry debugfs

Pull thermal management updates from Zhang Rui:
 "The top merge commit was re-generated yesterday because two topic
  branches were dropped from this pull request in the last minute due to
  some unaddressed comments.  All the other material has been in
  linux-next for quite a while.

  Specifics:

   - Enhance thermal core to handle unexpected device cooling states
     after fresh boot and system resume.  From Zhang Rui and Chen Yu.

   - Several fixes and cleanups on Rockchip and RCAR thermal drivers.
     From Caesar Wang and Kuninori Morimoto.

   - Add Broxton support for Intel processor thermal reporting device
     driver.  From Amy Wiles"

* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux:
  thermal: trip_point_temp_store() calls thermal_zone_device_update()
  thermal: rcar: rcar_thermal_get_temp() return error if strange temp
  thermal: rcar: check irq possibility in rcar_thermal_irq_xxx()
  thermal: rcar: check every rcar_thermal_update_temp() return value
  thermal: rcar: move rcar_thermal_dt_ids to upside
  thermal: rockchip: Support the RK3399 SoCs in thermal driver
  thermal: rockchip: Support the RK3228 SoCs in thermal driver
  dt-bindings: rockchip-thermal: Support the RK3228/RK3399 SoCs compatible
  thermal: rockchip: fix a trivial typo
  Thermal: Enable Broxton SoC thermal reporting device
  thermal: constify pch_dev_ops structure
  Thermal: do thermal zone update after a cooling device registered
  Thermal: handle thermal zone device properly during system sleep
  Thermal: initialize thermal zone device correctly

Pull 9p updates from Eric Van Hensbergen:
 "Sorry for the last minute pull request, there's was a change that
  didn't get pulled into for-next until two weeks ago and I wanted to
  give it some bake time.

  Summary:

  Rework and error handling fixes, primarily in the fscatch and fd
  transports"

* tag 'for-linus-4.5-merge-window' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs:
  fs/9p: use fscache mutex rather than spinlock
  9p: trans_fd, bail out if recv fcall if missing
  9p: trans_fd, read rework to use p9_parse_header
  net/9p: Add device name details on error

Pull Ceph updates from Sage Weil:
 "The two main changes are aio support in CephFS, and a series that
  fixes several issues in the authentication key timeout/renewal code.

  On top of that are a variety of cleanups and minor bug fixes"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
  libceph: remove outdated comment
  libceph: kill off ceph_x_ticket_handler::validity
  libceph: invalidate AUTH in addition to a service ticket
  libceph: fix authorizer invalidation, take 2
  libceph: clear messenger auth_retry flag if we fault
  libceph: fix ceph_msg_revoke()
  libceph: use list_for_each_entry_safe
  ceph: use i_size_{read,write} to get/set i_size
  ceph: re-send AIO write request when getting -EOLDSNAP error
  ceph: Asynchronous IO support
  ceph: Avoid to propagate the invalid page point
  ceph: fix double page_unlock() in page_mkwrite()
  rbd: delete an unnecessary check before rbd_dev_destroy()
  libceph: use list_next_entry instead of list_entry_next
  ceph: ceph_frag_contains_value can be boolean
  ceph: remove unused functions in ceph_frag.h

Pull SMB3 fixes from Steve French:
 "A collection of CIFS/SMB3 fixes.

  It includes a couple bug fixes, a few for improved debugging of
  cifs.ko and some improvements to the way cifs does key generation.

  I do have some additional bug fixes I expect in the next week or two
  (to address a problem found by xfstest, and some fixes for SMB3.11
  dialect, and a couple patches that just came in yesterday that I am
  reviewing)"

* 'for-next' of git://git.samba.org/sfrench/cifs-2.6:
  cifs_dbg() outputs an uninitialized buffer in cifs_readdir()
  cifs: fix race between call_async() and reconnect()
  Prepare for encryption support (first part). Add decryption and encryption key generation. Thanks to Metze for helping with this.
  cifs: Allow using O_DIRECT with cache=loose
  cifs: Make echo interval tunable
  cifs: Check uniqueid for SMB2+ and return -ESTALE if necessary
  Print IP address of unresponsive server
  cifs: Ratelimit kernel log messages