Eric Lee / smarc-fsl-linux-kernel

16 Jul, 2020

1 commit

  • 7bcb2c99f   crypto: algapi - use common mechanism for inheriting flags ... Browse Code »

    The flag CRYPTO_ALG_ASYNC is "inherited" in the sense that when a
    template is instantiated, the template will have CRYPTO_ALG_ASYNC set if
    any of the algorithms it uses has CRYPTO_ALG_ASYNC set.

    We'd like to add a second flag (CRYPTO_ALG_ALLOCATES_MEMORY) that gets
    "inherited" in the same way. This is difficult because the handling of
    CRYPTO_ALG_ASYNC is hardcoded everywhere. Address this by:

    - Add CRYPTO_ALG_INHERITED_FLAGS, which contains the set of flags that
    have these inheritance semantics.

    - Add crypto_algt_inherited_mask(), for use by template ->create()
    methods. It returns any of these flags that the user asked to be
    unset and thus must be passed in the 'mask' to crypto_grab_*().

    - Also modify crypto_check_attr_type() to handle computing the 'mask'
    so that most templates can just use this.

    - Make crypto_grab_*() propagate these flags to the template instance
    being created so that templates don't have to do this themselves.

    Make crypto/simd.c propagate these flags too, since it "wraps" another
    algorithm, similar to a template.

    Based on a patch by Mikulas Patocka
    (https://lore.kernel.org/r/alpine.LRH.2.02.2006301414580.30526@file01.intranet.prod.int.rdu2.redhat.com).

    Signed-off-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Eric Biggers
     

06 Mar, 2020

1 commit

09 Jan, 2020

5 commits

  • 758ec5ac5   crypto: cryptd - convert to new way of freeing instances ... Browse Code »

    Convert the "cryptd" template to the new way of freeing instances, where
    a ->free() method is installed to the instance struct itself. This
    replaces the weakly-typed method crypto_template::free().

    This will allow removing support for the old way of freeing instances.

    Note that the 'default' case in cryptd_free() was already unreachable.
    So, we aren't missing anything by keeping only the ahash and aead parts.

    Signed-off-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Eric Biggers
     
  • 218c5035f   crypto: cryptd - use crypto_grab_shash() and simplify error paths ... Browse Code »

    Make the cryptd template (in the hash case) use the new function
    crypto_grab_shash() to initialize its shash spawn.

    This is needed to make all spawns be initialized in a consistent way.

    This required making cryptd_create_hash() allocate the instance directly
    rather than use cryptd_alloc_instance().

    Also simplify the error handling by taking advantage of crypto_drop_*()
    now accepting (as a no-op) spawns that haven't been initialized yet, and
    by taking advantage of crypto_grab_*() now handling ERR_PTR() names.

    Signed-off-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Eric Biggers
     
  • cd900f0ca   crypto: aead - pass instance to crypto_grab_aead() ... Browse Code »

    Initializing a crypto_aead_spawn currently requires:

    1. Set spawn->base.inst to point to the instance.
    2. Call crypto_grab_aead().

    But there's no reason for these steps to be separate, and in fact this
    unneeded complication has caused at least one bug, the one fixed by
    commit 6db43410179b ("crypto: adiantum - initialize crypto_spawn::inst")

    So just make crypto_grab_aead() take the instance as an argument.

    To keep the function calls from getting too unwieldy due to this extra
    argument, also introduce a 'mask' variable into the affected places
    which weren't already using one.

    Signed-off-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Eric Biggers
     
  • b9f76dddb   crypto: skcipher - pass instance to crypto_grab_skcipher() ... Browse Code »

    Initializing a crypto_skcipher_spawn currently requires:

    1. Set spawn->base.inst to point to the instance.
    2. Call crypto_grab_skcipher().

    But there's no reason for these steps to be separate, and in fact this
    unneeded complication has caused at least one bug, the one fixed by
    commit 6db43410179b ("crypto: adiantum - initialize crypto_spawn::inst")

    So just make crypto_grab_skcipher() take the instance as an argument.

    To keep the function calls from getting too unwieldy due to this extra
    argument, also introduce a 'mask' variable into the affected places
    which weren't already using one.

    Signed-off-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Eric Biggers
     
  • af5034e8e   crypto: remove propagation of CRYPTO_TFM_RES_* flags ... Browse Code »

    The CRYPTO_TFM_RES_* flags were apparently meant as a way to make the
    ->setkey() functions provide more information about errors. But these
    flags weren't actually being used or tested, and in many cases they
    weren't being set correctly anyway. So they've now been removed.

    Also, if someone ever actually needs to start better distinguishing
    ->setkey() errors (which is somewhat unlikely, as this has been unneeded
    for a long time), we'd be much better off just defining different return
    values, like -EINVAL if the key is invalid for the algorithm vs.
    -EKEYREJECTED if the key was rejected by a policy like "no weak keys".
    That would be much simpler, less error-prone, and easier to test.

    So just remove CRYPTO_TFM_RES_MASK and all the unneeded logic that
    propagates these flags around.

    Signed-off-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Eric Biggers
     

01 Nov, 2019

1 commit

  • c65058b75   crypto: skcipher - remove the "blkcipher" algorithm type ... Browse Code »

    Now that all "blkcipher" algorithms have been converted to "skcipher",
    remove the blkcipher algorithm type.

    The skcipher (symmetric key cipher) algorithm type was introduced a few
    years ago to replace both blkcipher and ablkcipher (synchronous and
    asynchronous block cipher). The advantages of skcipher include:

    - A much less confusing name, since none of these algorithm types have
    ever actually been for raw block ciphers, but rather for all
    length-preserving encryption modes including block cipher modes of
    operation, stream ciphers, and other length-preserving modes.

    - It unified blkcipher and ablkcipher into a single algorithm type
    which supports both synchronous and asynchronous implementations.
    Note, blkcipher already operated only on scatterlists, so the fact
    that skcipher does too isn't a regression in functionality.

    - Better type safety by using struct skcipher_alg, struct
    crypto_skcipher, etc. instead of crypto_alg, crypto_tfm, etc.

    - It sometimes simplifies the implementations of algorithms.

    Also, the blkcipher API was no longer being tested.

    Signed-off-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Eric Biggers
     

15 Aug, 2019

1 commit

  • 43b970fa8   crypto: cryptd - Use refcount_t for refcount ... Browse Code »

    Reference counters are preferred to use refcount_t instead of
    atomic_t.
    This is because the implementation of refcount_t can prevent
    overflows and detect possible use-after-free.
    So convert atomic_t ref counters to refcount_t.

    Signed-off-by: Chuhong Yuan
    Signed-off-by: Herbert Xu

    Chuhong Yuan
     

09 Jul, 2019

1 commit

  • 4d2fa8b44   Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 ... Browse Code »

    Pull crypto updates from Herbert Xu:
    "Here is the crypto update for 5.3:

    API:
    - Test shash interface directly in testmgr
    - cra_driver_name is now mandatory

    Algorithms:
    - Replace arc4 crypto_cipher with library helper
    - Implement 5 way interleave for ECB, CBC and CTR on arm64
    - Add xxhash
    - Add continuous self-test on noise source to drbg
    - Update jitter RNG

    Drivers:
    - Add support for SHA204A random number generator
    - Add support for 7211 in iproc-rng200
    - Fix fuzz test failures in inside-secure
    - Fix fuzz test failures in talitos
    - Fix fuzz test failures in qat"

    * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (143 commits)
    crypto: stm32/hash - remove interruptible condition for dma
    crypto: stm32/hash - Fix hmac issue more than 256 bytes
    crypto: stm32/crc32 - rename driver file
    crypto: amcc - remove memset after dma_alloc_coherent
    crypto: ccp - Switch to SPDX license identifiers
    crypto: ccp - Validate the the error value used to index error messages
    crypto: doc - Fix formatting of new crypto engine content
    crypto: doc - Add parameter documentation
    crypto: arm64/aes-ce - implement 5 way interleave for ECB, CBC and CTR
    crypto: arm64/aes-ce - add 5 way interleave routines
    crypto: talitos - drop icv_ool
    crypto: talitos - fix hash on SEC1.
    crypto: talitos - move struct talitos_edesc into talitos.h
    lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE
    crypto/NX: Set receive window credits to max number of CRBs in RxFIFO
    crypto: asymmetric_keys - select CRYPTO_HASH where needed
    crypto: serpent - mark __serpent_setkey_sbox noinline
    crypto: testmgr - dynamically allocate crypto_shash
    crypto: testmgr - dynamically allocate testvec_config
    crypto: talitos - eliminate unneeded 'done' functions at build time
    ...

    Linus Torvalds
     

05 Jul, 2019

1 commit

03 Jul, 2019

1 commit

  • 1a0fad630   crypto: cryptd - Fix skcipher instance memory leak ... Browse Code »

    cryptd_skcipher_free() fails to free the struct skcipher_instance
    allocated in cryptd_create_skcipher(), leading to a memory leak. This
    is detected by kmemleak on bootup on ARM64 platforms:

    unreferenced object 0xffff80003377b180 (size 1024):
    comm "cryptomgr_probe", pid 822, jiffies 4294894830 (age 52.760s)
    backtrace:
    kmem_cache_alloc_trace+0x270/0x2d0
    cryptd_create+0x990/0x124c
    cryptomgr_probe+0x5c/0x1e8
    kthread+0x258/0x318
    ret_from_fork+0x10/0x1c

    Fixes: 4e0958d19bd8 ("crypto: cryptd - Add support for skcipher")
    Cc:
    Signed-off-by: Vincent Whitchurch
    Signed-off-by: Herbert Xu

    Vincent Whitchurch
     

31 May, 2019

1 commit

  • 2874c5fd2   treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 ... Browse Code »

    Based on 1 normalized pattern(s):

    this program is free software you can redistribute it and or modify
    it under the terms of the gnu general public license as published by
    the free software foundation either version 2 of the license or at
    your option any later version

    extracted by the scancode license scanner the SPDX license identifier

    GPL-2.0-or-later

    has been chosen to replace the boilerplate/reference in 3029 file(s).

    Signed-off-by: Thomas Gleixner
    Reviewed-by: Allison Randal
    Cc: linux-spdx@vger.kernel.org
    Link: https://lkml.kernel.org/r/20190527070032.746973796@linutronix.de
    Signed-off-by: Greg Kroah-Hartman

    Thomas Gleixner
     

30 May, 2019

2 commits

25 Apr, 2019

1 commit

  • 877b5691f   crypto: shash - remove shash_desc::flags ... Browse Code »

    The flags field in 'struct shash_desc' never actually does anything.
    The only ostensibly supported flag is CRYPTO_TFM_REQ_MAY_SLEEP.
    However, no shash algorithm ever sleeps, making this flag a no-op.

    With this being the case, inevitably some users who can't sleep wrongly
    pass MAY_SLEEP. These would all need to be fixed if any shash algorithm
    actually started sleeping. For example, the shash_ahash_*() functions,
    which wrap a shash algorithm with the ahash API, pass through MAY_SLEEP
    from the ahash API to the shash API. However, the shash functions are
    called under kmap_atomic(), so actually they're assumed to never sleep.

    Even if it turns out that some users do need preemption points while
    hashing large buffers, we could easily provide a helper function
    crypto_shash_update_large() which divides the data into smaller chunks
    and calls crypto_shash_update() and cond_resched() for each chunk. It's
    not necessary to have a flag in 'struct shash_desc', nor is it necessary
    to make individual shash algorithms aware of this at all.

    Therefore, remove shash_desc::flags, and document that the
    crypto_shash_*() functions can be called from any context.

    Signed-off-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Eric Biggers
     

18 Apr, 2019

1 commit

23 Dec, 2018

1 commit

  • c79b411ea   crypto: skcipher - remove remnants of internal IV generators ... Browse Code »

    Remove dead code related to internal IV generators, which are no longer
    used since they've been replaced with the "seqiv" and "echainiv"
    templates. The removed code includes:

    - The "givcipher" (GIVCIPHER) algorithm type. No algorithms are
    registered with this type anymore, so it's unneeded.

    - The "const char *geniv" member of aead_alg, ablkcipher_alg, and
    blkcipher_alg. A few algorithms still set this, but it isn't used
    anymore except to show via /proc/crypto and CRYPTO_MSG_GETALG.
    Just hardcode "" or "" in those cases.

    - The 'skcipher_givcrypt_request' structure, which is never used.

    Signed-off-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Eric Biggers
     

28 Sep, 2018

1 commit

  • 36b3875a9   crypto: cryptd - Remove VLA usage of skcipher ... Browse Code »

    In the quest to remove all stack VLA usage from the kernel[1], this
    replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage
    with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(),
    which uses a fixed stack size.

    [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com

    Signed-off-by: Kees Cook
    Signed-off-by: Herbert Xu

    Kees Cook
     

12 Jan, 2018

2 commits

  • a208fa8f3   crypto: hash - annotate algorithms taking optional key ... Browse Code »

    We need to consistently enforce that keyed hashes cannot be used without
    setting the key. To do this we need a reliable way to determine whether
    a given hash algorithm is keyed or not. AF_ALG currently does this by
    checking for the presence of a ->setkey() method. However, this is
    actually slightly broken because the CRC-32 algorithms implement
    ->setkey() but can also be used without a key. (The CRC-32 "key" is not
    actually a cryptographic key but rather represents the initial state.
    If not overridden, then a default initial state is used.)

    Prepare to fix this by introducing a flag CRYPTO_ALG_OPTIONAL_KEY which
    indicates that the algorithm has a ->setkey() method, but it is not
    required to be called. Then set it on all the CRC-32 algorithms.

    The same also applies to the Adler-32 implementation in Lustre.

    Also, the cryptd and mcryptd templates have to pass through the flag
    from their underlying algorithm.

    Cc: stable@vger.kernel.org
    Signed-off-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Eric Biggers
     
  • 841a3ff32   crypto: cryptd - pass through absence of ->setkey() ... Browse Code »

    When the cryptd template is used to wrap an unkeyed hash algorithm,
    don't install a ->setkey() method to the cryptd instance. This change
    is necessary for cryptd to keep working with unkeyed hash algorithms
    once we start enforcing that ->setkey() is called when present.

    Cc: stable@vger.kernel.org
    Signed-off-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Eric Biggers
     

11 Dec, 2017

1 commit

29 Nov, 2017

1 commit

03 Nov, 2017

1 commit

  • 6b80ea389   crypto: change transient busy return code to -ENOSPC ... Browse Code »

    The crypto API was using the -EBUSY return value to indicate
    both a hard failure to submit a crypto operation into a
    transformation provider when the latter was busy and the backlog
    mechanism was not enabled as well as a notification that the
    operation was queued into the backlog when the backlog mechanism
    was enabled.

    Having the same return code indicate two very different conditions
    depending on a flag is both error prone and requires extra runtime
    check like the following to discern between the cases:

    if (err == -EINPROGRESS ||
    (err == -EBUSY && (ahash_request_flags(req) &
    CRYPTO_TFM_REQ_MAY_BACKLOG)))

    This patch changes the return code used to indicate a crypto op
    failed due to the transformation provider being transiently busy
    to -ENOSPC.

    Signed-off-by: Gilad Ben-Yossef
    Signed-off-by: Herbert Xu

    Gilad Ben-Yossef
     

28 Nov, 2016

1 commit

01 Nov, 2016

1 commit

07 Sep, 2016

1 commit

31 Aug, 2016

1 commit

23 Jun, 2016

1 commit

  • 81760ea6a   crypto: cryptd - Add helpers to check whether a tfm is queued ... Browse Code »

    This patch adds helpers to check whether a given tfm is currently
    queued. This is meant to be used by ablk_helper and similar
    entities to ensure that no reordering is introduced because of
    requests queued in cryptd with respect to requests being processed
    in softirq context.

    The per-cpu queue length limit is also increased to 1000 in line
    with network limits.

    Signed-off-by: Herbert Xu

    Herbert Xu
     

04 Dec, 2015

1 commit

  • 1a0783402   crypto: cryptd - Assign statesize properly ... Browse Code »

    cryptd_create_hash() fails by returning -EINVAL. It is because after
    8996eafdc ("crypto: ahash - ensure statesize is non-zero") all ahash
    drivers must have a non-zero statesize.

    This patch fixes the problem by properly assigning the statesize.

    Signed-off-by: Rui Wang
    Signed-off-by: Herbert Xu

    Wang, Rui Y
     

27 Nov, 2015

1 commit

17 Aug, 2015

2 commits

14 Jul, 2015

1 commit

07 Jul, 2015

1 commit

  • ec9f2006f   crypto: cryptd - Fix AEAD request context corruption ... Browse Code »

    The AEAD version of cryptd uses the same context for its own state
    as well as that of the child. In doing so it did not maintain the
    proper ordering, thus resulting in potential state corruption where
    the child will overwrite the state stored by cryptd.

    This patch fixes and also sets the request size properly.

    Signed-off-by: Herbert Xu

    Herbert Xu
     

03 Jun, 2015

2 commits

22 May, 2015

1 commit

  • 9b8c456e0   crypto: cryptd - Use crypto_grab_aead ... Browse Code »

    As AEAD has switched over to using frontend types, the function
    crypto_init_spawn must not be used since it does not specify a
    frontend type. Otherwise it leads to a crash when the spawn is
    used.

    This patch fixes it by switching over to crypto_grab_aead instead.

    Fixes: 5d1d65f8bea6 ("crypto: aead - Convert top level interface to new style")
    Signed-off-by: Herbert Xu

    Herbert Xu
     

13 May, 2015

1 commit

31 Mar, 2015

1 commit