Forward devm_ioremap_resource() error code instead of returning
-ENOMEM.
Signed-off-by: NBoris Brezillon <boris.brezillon@free-electrons.com>
Reported-by: NRussell King - ARM Linux <linux@arm.linux.org.uk>
Fixes: f63601fd ("crypto: marvell/cesa - add a new driver for Marvell's CESA")
Cc: <stable@vger.kernel.org> # 4.2+
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

->export() might be called before we have done an update operation,
and in this case the ->state field is left uninitialized.
Put the correct default value when initializing the request.
Signed-off-by: NBoris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Crypto requests are not guaranteed to be finalized (->final() call),
and can be freed at any moment, without getting any notification from
the core. This can lead to memory leaks of the ->cache buffer.

Make this buffer part of the request object, and allocate an extra buffer
from the DMA cache pool when doing DMA operations.

As a side effect, this patch also fixes another bug related to cache
allocation and DMA operations. When the core allocates a new request and
import an existing state, a cache buffer can be allocated (depending
on the state). The problem is, at that very moment, we don't know yet
whether the request will use DMA or not, and since everything is
likely to be initialized to zero, mv_cesa_ahash_alloc_cache() thinks it
should allocate a buffer for standard operation. But when
mv_cesa_ahash_free_cache() is called, req->type has been set to
CESA_DMA_REQ in the meantime, thus leading to an invalind dma_pool_free()
call (the buffer passed in argument has not been allocated from the pool).
Signed-off-by: NBoris Brezillon <boris.brezillon@free-electrons.com>
Reported-by: NGregory CLEMENT <gregory.clement@free-electrons.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch simplifies an unneeded read-write lock.
Signed-off-by: NGary R Hook <gary.hook@amd.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

eCryptfs: Fix null pointer dereference on kzalloc error path

The conversion to skcipher and shash added a couple of null pointer
dereference bugs on the kzalloc failure path.  This patch fixes them.

Fixes: 3095e8e3 ("eCryptfs: Use skcipher and shash")
Reported-by: NDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The default arbiter configuration for ring weights and response ordering
is exactly what we want so we don't need to configure anything more.
This will also fix the problem where number of bundles is different
between different devices.
Reported-by: NAhsan Atta <ahsan.atta@intel.com>
Signed-off-by: NTadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The change fixes potential oops while accessing iomem on invalid
address, if devm_ioremap_resource() fails due to some reason.

The devm_ioremap_resource() function returns ERR_PTR() and never
returns NULL, which makes useless a following check for NULL.
Signed-off-by: NVladimir Zapolskiy <vz@mleia.com>
Fixes: 5a4eea26 ("crypto: ux500 - Use devm_xxx() managed function")
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The change fixes potential oops while accessing iomem on invalid
address, if devm_ioremap_resource() fails due to some reason.

The devm_ioremap_resource() function returns ERR_PTR() and never
returns NULL, which makes useless a following check for NULL.
Signed-off-by: NVladimir Zapolskiy <vz@mleia.com>
Fixes: b0e8b341 ("crypto: atmel - use devm_xxx() managed function")
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The definition of icp_qat_uof_regtype should be coherent with
 the definition in firmware compiler.
Signed-off-by: NYang Pingchao <pingchao.yang@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The exynos random driver uses #ifdef to check for CONFIG_PM, but
then uses SIMPLE_DEV_PM_OPS, which leaves the references out when
CONFIG_PM_SLEEP is not defined, so we get a warning with
PM=y && PM_SLEEP=n:

drivers/char/hw_random/exynos-rng.c:166:12: error: 'exynos_rng_suspend' defined but not used [-Werror=unused-function]
drivers/char/hw_random/exynos-rng.c:171:12: error: 'exynos_rng_resume' defined but not used [-Werror=unused-function]

This removes the incorrect #ifdef and instead uses a __maybe_unused
annotation to let the compiler know it can silently drop
the function definition.
Signed-off-by: NArnd Bergmann <arnd@arndb.de>
Reviewed-by: NKrzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Support for different generations of the coprocessor
requires that an abstraction layer be implemented for
interacting with the hardware. This patch splits out
version-specific functions to a separate file and populates
the version structure (acting as a driver) with function
pointers.
Signed-off-by: NGary R Hook <gary.hook@amd.com>
Acked-by: NTom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Future hardware may introduce new algorithms wherein the
driver will need to manage resources for different versions
of the cryptographic coprocessor. This precursor patch
determines the version of the available device, and marks
and registers algorithms accordingly. A structure is added
which manages the version-specific data.
Signed-off-by: NGary R Hook <gary.hook@amd.com>
Acked-by: NTom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Enable management of >1 CCPs in a system. Each device will
get a unique identifier, as well as uniquely named
resources. Treat each CCP as an orthogonal unit and register
 resources individually.
Signed-off-by: NGary R Hook <gary.hook@amd.com>
Acked-by: NTom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Each x86 SoC will make use of a unique PCI ID for the CCP
device so it is not necessary to check for the CPU family
and model.
Signed-off-by: NGary R Hook <gary.hook@amd.com>
Acked-by: NTom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Since a crypto_ahash_import() can be called against a request context
that has not had a crypto_ahash_init() performed, the request context
needs to be cleared to insure there is no random data present. If not,
the random data can result in a kernel oops during crypto_ahash_update().

Cc: <stable@vger.kernel.org> # 3.14.x-
Signed-off-by: NTom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

When we use CONFIG_PROFILE_ALL_BRANCHES, every 'if()' introduces
a static variable, but that is not allowed in 'extern inline'
functions:

mpi-inline.h:116:204: warning: '______f' is static but declared in inline function 'mpihelp_sub' which is not static
mpi-inline.h:113:184: warning: '______f' is static but declared in inline function 'mpihelp_sub' which is not static
mpi-inline.h:70:184: warning: '______f' is static but declared in inline function 'mpihelp_add' which is not static
mpi-inline.h:56:204: warning: '______f' is static but declared in inline function 'mpihelp_add_1' which is not static

This changes the MPI code to use 'static inline' instead, to get
rid of hundreds of warnings.
Signed-off-by: NArnd Bergmann <arnd@arndb.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

A wrapper around the umull assembly instruction might reuse
the input register as an output, which is undefined on
some ARM machines, as pointed out by this assembler warning:

  CC      lib/mpi/generic_mpih-mul1.o
/tmp/ccxJuxIy.s: Assembler messages:
/tmp/ccxJuxIy.s:53: rdhi, rdlo and rm must all be different
  CC      lib/mpi/generic_mpih-mul2.o
/tmp/ccI0scAD.s: Assembler messages:
/tmp/ccI0scAD.s:53: rdhi, rdlo and rm must all be different
  CC      lib/mpi/generic_mpih-mul3.o
/tmp/ccMvVQcp.s: Assembler messages:
/tmp/ccMvVQcp.s:53: rdhi, rdlo and rm must all be different

This changes the constraints to force different registers to
be used as output.
Signed-off-by: NArnd Bergmann <arnd@arndb.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Allow building when OF is not enabled as suggested by Florian
Signed-off-by: NÁlvaro Fernández Rojas <noltari@gmail.com>
Reported-by: NFlorian Fainelli <f.fainelli@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

RFC 3686 CTR in various authenc methods.

rfc3686(ctr(aes)) is already marked fips compliant,
so these should be fine.
Signed-off-by: NMarcus Meissner <meissner@suse.de>
Acked-by: NStephan Mueller <smueller@chronox.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Signed-off-by: NYang Pingchao <pingchao.yang@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The limbs are integers in the host endianness, so we can't simply
iterate over the individual bytes. The current code happens to work on
little-endian, because the order of the limbs in the MPI array is the
same as the order of the bytes in each limb, but it breaks on
big-endian.

Fixes: 0f74fbf7 ("MPI: Fix mpi_read_buffer")
Signed-off-by: NMichal Marek <mmarek@suse.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add md5 sha1 sha256 support for crypto engine in rk3288.
Signed-off-by: NZain Wang <zain.wang@rock-chips.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Commit 28856a9e missed the addition of the crypto/xts.h include file
for different architecture-specific AES implementations.
Signed-off-by: NStephan Mueller <smueller@chronox.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The crypto API received the skcipher API which is intended to replace
the ablkcipher and blkcipher API. This patch adds the skcipher API
documentation to the DocBook, updates the code sample (including
removing the blkcipher example) replaces the references to ablkcipher
and blkcipher with skcipher.
Signed-off-by: NStephan Mueller <smueller@chronox.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The associated data handling with the kernel crypto API has been
updated. This needs to be reflected in the documentation.
Signed-off-by: NStephan Mueller <smueller@chronox.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add new crypto API call crypto_rng_generate to DocBook.
Signed-off-by: NStephan Mueller <smueller@chronox.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Reference the new akcipher API calls in the kernel crypto API DocBook.

Also, fix the comments in the akcipher.h file: double dashes do not look
good in the DocBook; fix a typo.
Signed-off-by: NStephan Mueller <smueller@chronox.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

caam_jr_shutdown() is only used in this file, so it can be
made static.

This avoids the following sparse warning:

drivers/crypto/caam/jr.c:68:5: warning: symbol 'caam_jr_shutdown' was not declared. Should it be static?
Signed-off-by: NFabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Fix a leak on error path in qat asym
Reported-by: NSalvatore Benedetto <salvatore.benedetto@intel.com>
Signed-off-by: NTadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The patch centralizes the XTS key check logic into the service function
xts_check_key which is invoked from the different XTS implementations.
With this, the XTS implementations in ARM, ARM64, PPC and S390 have now
a sanity check for the XTS keys similar to the other arches.

In addition, this service function received a check to ensure that the
key != the tweak key which is mandated by FIPS 140-2 IG A.9. As the
check is not present in the standards defining XTS, it is only enforced
in FIPS mode of the kernel.
Signed-off-by: NStephan Mueller <smueller@chronox.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add support for the hardware true random number generator
peripheral found on PIC32.
Signed-off-by: NJoshua Henderson <joshua.henderson@microchip.com>
Signed-off-by: NPurna Chandra Mandal <purna.mandal@microchip.com>
Reviewed-by: NDaniel Thompson <daniel.thompson@linaro.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Document the devicetree bindings for the random number generator found
on Microchip PIC32 class devices.
Signed-off-by: NJoshua Henderson <joshua.henderson@microchip.com>
Acked-by: NRob Herring <robh@kernel.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

When (!ctx->bufcnt && !(ctx->flags & SHA_FLAGS_PAD)), the former source
code used to set the SHA_FLAGS_BUSY without checking whether this flag was
already set. If so, the hardware is already processing another hash
request so the processing of the req argument of atmel_sha_final() should
be delayed by queueing this request, the same way as done for the
(ctx->bufcnt != 0) case.
Signed-off-by: NCyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Using only the digest, digcnt[], bufcnt and buffer[] fields of the
struct atmel_sha_reqctx was not enough to import/export the request state,
so now we use the whole structure.
Signed-off-by: NCyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

(2nd try that adds missing , to build.)
Signed-off-by: NMarcus Meissner <meissner@suse.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This needs to go through the security tree so I'm reverting the
patches for now.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Some more authenc() wrapped algorithms are FIPS compliant, tag
them as such.
Signed-off-by: NMarcus Meissner <meissner@suse.de>
Acked-by: NStephan Mueller <smueller@chronox.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

__test_aead() reads MAX_IVLEN bytes from template[i].iv, but the
actual length of the initialisation vector can be shorter.
The length of the IV is already calculated earlier in the
function. Let's just reuses that. Also the IV length is currently
calculated several time for no reason. Let's fix that too.
This fix an out-of-bound error detected by KASan.
Signed-off-by: NJerome Marchand <jmarchan@redhat.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Currently the sahara driver fails to probe:

sahara: probe of 63ff8000.crypto failed with error -22

This happens since commit 8996eafd ("crypto: ahash - ensure statesize
is non-zero"), which requires statesize to be filled.

Pass the statesize members for sha1 and sha256, so we can probe
the driver successfully again.
Signed-off-by: NFabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Based on commit 434b4212 ("crypto: caam - avoid needlessly saving and
restoring caam_hash_ctx") from Russell King.

When exporting and importing the hash state, we will only export and
import into hashes which share the same struct crypto_ahash pointer.
(See hash_accept->af_alg_accept->hash_accept_parent.)

This means that saving the sahara_ctx structure on export, and
restoring it on import is a waste of resources.  So, remove this code.
Signed-off-by: NFabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>