Merge tag 'v6.13-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6Pull crypto updates from Herbert Xu: "API: - Add sig driver API - Remove signing/verification from akc
Merge tag 'v6.13-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6Pull crypto updates from Herbert Xu: "API: - Add sig driver API - Remove signing/verification from akcipher API - Move crypto_simd_disabled_for_test to lib/crypto - Add WARN_ON for return values from driver that indicates memory corruption Algorithms: - Provide crc32-arch and crc32c-arch through Crypto API - Optimise crc32c code size on x86 - Optimise crct10dif on arm/arm64 - Optimise p10-aes-gcm on powerpc - Optimise aegis128 on x86 - Output full sample from test interface in jitter RNG - Retry without padata when it fails in pcrypt Drivers: - Add support for Airoha EN7581 TRNG - Add support for STM32MP25x platforms in stm32 - Enable iproc-r200 RNG driver on BCMBCA - Add Broadcom BCM74110 RNG driver"* tag 'v6.13-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (112 commits) crypto: marvell/cesa - fix uninit value for struct mv_cesa_op_ctx crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() crypto: aesni - Move back to module_init crypto: lib/mpi - Export mpi_set_bit crypto: aes-gcm-p10 - Use the correct bit to test for P10 hwrng: amd - remove reference to removed PPC_MAPLE config crypto: arm/crct10dif - Implement plain NEON variant crypto: arm/crct10dif - Macroify PMULL asm code crypto: arm/crct10dif - Use existing mov_l macro instead of __adrl crypto: arm64/crct10dif - Remove remaining 64x64 PMULL fallback code crypto: arm64/crct10dif - Use faster 16x64 bit polynomial multiply crypto: arm64/crct10dif - Remove obsolete chunking logic crypto: bcm - add error check in the ahash_hmac_init function crypto: caam - add error check to caam_rsa_set_priv_key_form hwrng: bcm74110 - Add Broadcom BCM74110 RNG driver dt-bindings: rng: add binding for BCM74110 RNG padata: Clean up in padata_do_multithreaded() crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() crypto: qat - Fix missing destroy_workqueue in adf_init_aer() crypto: rsassa-pkcs1 - Reinstate support for legacy protocols ...
show more ...
crypto: drivers - Switch back to struct platform_driver::remove()After commit 0edb555a65d1 ("platform: Make platform_driver::remove()return void") .remove() is (again) the right callback to implem
crypto: drivers - Switch back to struct platform_driver::remove()After commit 0edb555a65d1 ("platform: Make platform_driver::remove()return void") .remove() is (again) the right callback to implement forplatform drivers.Convert all platform drivers below drivers/crypto to use .remove(), withthe eventual goal to drop struct platform_driver::remove_new(). As.remove() and .remove_new() have the same prototypes, conversion is doneby just changing the structure member name in the driver initializer.Signed-off-by: Uwe Kleine-König <u.kleine-koenig@baylibre.com>Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
move asm/unaligned.h to linux/unaligned.hasm/unaligned.h is always an include of asm-generic/unaligned.h;might as well move that thing to linux/unaligned.h and includethat - there's nothing arch-
move asm/unaligned.h to linux/unaligned.hasm/unaligned.h is always an include of asm-generic/unaligned.h;might as well move that thing to linux/unaligned.h and includethat - there's nothing arch-specific in that header.auto-generated by the following:for i in `git grep -l -w asm/unaligned.h`; do sed -i -e "s/asm\/unaligned.h/linux\/unaligned.h/" $idonefor i in `git grep -l -w asm-generic/unaligned.h`; do sed -i -e "s/asm-generic\/unaligned.h/linux\/unaligned.h/" $idonegit mv include/asm-generic/unaligned.h include/linux/unaligned.hgit mv tools/include/asm-generic/unaligned.h tools/include/linux/unaligned.hsed -i -e "/unaligned.h/d" include/asm-generic/Kbuildsed -i -e "s/__ASM_GENERIC/__LINUX/" include/linux/unaligned.h tools/include/linux/unaligned.h
crypto: sun4i-ss - remove unnecessary alignmask for ahashesThe crypto API's support for alignmasks for ahash algorithms is nearlyuseless, as its only effect is to cause the API to align the key an
crypto: sun4i-ss - remove unnecessary alignmask for ahashesThe crypto API's support for alignmasks for ahash algorithms is nearlyuseless, as its only effect is to cause the API to align the key andresult buffers. The drivers that happen to be specifying an alignmaskfor ahash rarely actually need it. When they do, it's easily fixable,especially considering that these buffers cannot be used for DMA.In preparation for removing alignmask support from ahash, this patchmakes the sun4i-ss driver no longer use it. This driver didn't actuallyrely on it; it only writes to the result buffer in sun4i_hash(), alreadyusing the unaligned access helpers. And this driver only supportsunkeyed hash algorithms, so the key buffer need not be considered.Signed-off-by: Eric Biggers <ebiggers@google.com>Acked-by: Corentin Labbe <clabbe.montjoie@gmail.com>Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: sun4i-ss - Convert to platform remove callback returning voidThe .remove() callback for a platform driver returns an int which makesmany driver authors wrongly assume it's possible to do e
crypto: sun4i-ss - Convert to platform remove callback returning voidThe .remove() callback for a platform driver returns an int which makesmany driver authors wrongly assume it's possible to do error handling byreturning an error code. However the value returned is ignored (apartfrom emitting a warning) and this typically results in resource leaks.To improve here there is a quest to make the remove callback returnvoid. In the first step of this quest all drivers are converted to.remove_new(), which already returns void. Eventually after all driversare converted, .remove_new() will be renamed to .remove().Trivially convert this driver from always returning zero in the removecallback to the void returning variant.Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>Reviewed-by: Andre Przywara <andre.przywara@arm.com>Reviewed-by: Jernej Skrabec <jernej.skrabec@gmail.com>Acked-by: Corentin Labbe <clabbe.montjoie@gmail.com>Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: drivers - Explicitly include correct DT includesThe DT of_device.h and of_platform.h date back to the separateof_platform_bus_type before it as merged into the regular platform bus.As par
crypto: drivers - Explicitly include correct DT includesThe DT of_device.h and of_platform.h date back to the separateof_platform_bus_type before it as merged into the regular platform bus.As part of that merge prepping Arm DT support 13 years ago, they"temporarily" include each other. They also include platform_device.hand of.h. As a result, there's a pretty much random mix of those includefiles used throughout the tree. In order to detangle these headers andreplace the implicit includes with struct declarations, users need toexplicitly include the correct includes.Signed-off-by: Rob Herring <robh@kernel.org>Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: update some Arm documentation referencesThe Arm documentation has moved to Documentation/arch/arm; update aset of references under crypto/allwinner to match.Cc: Corentin Labbe <clabbe.mo
crypto: update some Arm documentation referencesThe Arm documentation has moved to Documentation/arch/arm; update aset of references under crypto/allwinner to match.Cc: Corentin Labbe <clabbe.montjoie@gmail.com>Cc: Herbert Xu <herbert@gondor.apana.org.au>Cc: "David S. Miller" <davem@davemloft.net>Cc: Chen-Yu Tsai <wens@csie.org>Cc: Samuel Holland <samuel@sholland.org>Acked-by: Jernej Skrabec <jernej.skrabec@gmail.com>Signed-off-by: Jonathan Corbet <corbet@lwn.net>
crypto: sun4i-ss - use DEFINE_SHOW_ATTRIBUTE to simplify sun4i_ss_debugfsUse DEFINE_SHOW_ATTRIBUTE helper macro to simplify the code.Signed-off-by: Liu Shixin <liushixin2@huawei.com>Acked-by: Co
crypto: sun4i-ss - use DEFINE_SHOW_ATTRIBUTE to simplify sun4i_ss_debugfsUse DEFINE_SHOW_ATTRIBUTE helper macro to simplify the code.Signed-off-by: Liu Shixin <liushixin2@huawei.com>Acked-by: Corentin Labbe <clabbe.montjoie@gmail.com>Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: sun4i-ss - do not allocate backup IV on requestsInstead of allocate memory on each requests, it is easier topre-allocate buffer for backup IV.This made error path easier.Signed-off-by: C
crypto: sun4i-ss - do not allocate backup IV on requestsInstead of allocate memory on each requests, it is easier topre-allocate buffer for backup IV.This made error path easier.Signed-off-by: Corentin Labbe <clabbe@baylibre.com>Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: sun4i-ss - Fix PM reference leak when pm_runtime_get_sync() failspm_runtime_get_sync will increment pm usage counter even it failed.Forgetting to putting operation will result in reference
crypto: sun4i-ss - Fix PM reference leak when pm_runtime_get_sync() failspm_runtime_get_sync will increment pm usage counter even it failed.Forgetting to putting operation will result in reference leak here.Fix it by replacing it with pm_runtime_resume_and_get to keep usagecounter balanced.Signed-off-by: Shixin Liu <liushixin2@huawei.com>Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: sun4i-ss - simplify optional reset handlingAs of commit bb475230b8e5 ("reset: make optional functions reallyoptional"), the reset framework API calls use NULL pointers to describeoptional
crypto: sun4i-ss - simplify optional reset handlingAs of commit bb475230b8e5 ("reset: make optional functions reallyoptional"), the reset framework API calls use NULL pointers to describeoptional, non-present reset controls.This allows to unconditionally return errors fromdevm_reset_control_get_optional_exclusive.Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: sun4i-ss - add SPDX header and remove blank linesThis patchs fixes some remaining style issue.Signed-off-by: Corentin Labbe <clabbe@baylibre.com>Signed-off-by: Corentin Labbe <clabbe@bay
crypto: sun4i-ss - add SPDX header and remove blank linesThis patchs fixes some remaining style issue.Signed-off-by: Corentin Labbe <clabbe@baylibre.com>Signed-off-by: Corentin Labbe <clabbe@baylibre.com>Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: sun4i-ss - enabled stats via debugfsThis patch enable to access usage stats for each algorithm.Signed-off-by: Corentin Labbe <clabbe@baylibre.com>Signed-off-by: Herbert Xu <herbert@gondo
crypto: sun4i-ss - enabled stats via debugfsThis patch enable to access usage stats for each algorithm.Signed-off-by: Corentin Labbe <clabbe@baylibre.com>Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: sun4i-ss - fix kmap usageWith the recent kmap change, some tests which were conditional onCONFIG_DEBUG_HIGHMEM now are enabled by default.This permit to detect a problem in sun4i-ss usage
crypto: sun4i-ss - fix kmap usageWith the recent kmap change, some tests which were conditional onCONFIG_DEBUG_HIGHMEM now are enabled by default.This permit to detect a problem in sun4i-ss usage of kmap.sun4i-ss uses two kmap via sg_miter (one for input, one for output), butusing two kmap at the same time is hard:"the ordering has to be correct and with sg_miter that's probably hard to getright." (quoting Tlgx)So the easiest solution is to never have two sg_miter/kmap open at the same time.After each use of sg_miter, I store the current index, for being able toresume sg_miter to the right place.Fixes: 6298e948215f ("crypto: sunxi-ss - Add Allwinner Security System crypto accelerator")Signed-off-by: Corentin Labbe <clabbe@baylibre.com>Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: sun4i-ss - initialize need_fallbackThe need_fallback is never initialized and seem to be always true at runtime.So all hardware operations are always bypassed.Fixes: 0ae1f46c55f87 ("cryp
crypto: sun4i-ss - initialize need_fallbackThe need_fallback is never initialized and seem to be always true at runtime.So all hardware operations are always bypassed.Fixes: 0ae1f46c55f87 ("crypto: sun4i-ss - fallback when length is not multiple of blocksize")Cc: <stable@vger.kernel.org>Signed-off-by: Corentin Labbe <clabbe@baylibre.com>Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: sun4i-ss - handle BigEndian for cipherCiphers produce invalid results on BE.Key and IV need to be written in LE.Fixes: 6298e948215f2 ("crypto: sunxi-ss - Add Allwinner Security System cr
crypto: sun4i-ss - handle BigEndian for cipherCiphers produce invalid results on BE.Key and IV need to be written in LE.Fixes: 6298e948215f2 ("crypto: sunxi-ss - Add Allwinner Security System crypto accelerator")Cc: <stable@vger.kernel.org>Signed-off-by: Corentin Labbe <clabbe@baylibre.com>Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: sun4i-ss - IV register does not work on A10 and A13Allwinner A10 and A13 SoC have a version of the SS which produceinvalid IV in IVx register.Instead of adding a variant for those, let's
crypto: sun4i-ss - IV register does not work on A10 and A13Allwinner A10 and A13 SoC have a version of the SS which produceinvalid IV in IVx register.Instead of adding a variant for those, let's convert SS to produce IVdirectly from data.Fixes: 6298e948215f2 ("crypto: sunxi-ss - Add Allwinner Security System crypto accelerator")Cc: <stable@vger.kernel.org>Signed-off-by: Corentin Labbe <clabbe@baylibre.com>Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: sun4i-ss - checking sg length is not sufficientThe optimized cipher function need length multiple of 4 bytes.But it get sometimes odd length.This is due to SG data could be stored with an
crypto: sun4i-ss - checking sg length is not sufficientThe optimized cipher function need length multiple of 4 bytes.But it get sometimes odd length.This is due to SG data could be stored with an offset.So the fix is to check also if the offset is aligned with 4 bytes.Fixes: 6298e948215f2 ("crypto: sunxi-ss - Add Allwinner Security System crypto accelerator")Cc: <stable@vger.kernel.org>Signed-off-by: Corentin Labbe <clabbe@baylibre.com>Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: sun4i-ss - linearize buffers content must be keptWhen running the non-optimized cipher function, SS produce partial randomoutput.This is due to linearize buffers being reseted after each
crypto: sun4i-ss - linearize buffers content must be keptWhen running the non-optimized cipher function, SS produce partial randomoutput.This is due to linearize buffers being reseted after each loop.For preserving stack, instead of moving them back to start of function,I move them in sun4i_ss_ctx.Fixes: 8d3bcb9900ca ("crypto: sun4i-ss - reduce stack usage")Signed-off-by: Corentin Labbe <clabbe@baylibre.com>Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: sha - split sha.h into sha1.h and sha2.hCurrently <crypto/sha.h> contains declarations for both SHA-1 and SHA-2,and <crypto/sha3.h> contains declarations for SHA-3.This organization is i
crypto: sha - split sha.h into sha1.h and sha2.hCurrently <crypto/sha.h> contains declarations for both SHA-1 and SHA-2,and <crypto/sha3.h> contains declarations for SHA-3.This organization is inconsistent, but more importantly SHA-1 is nolonger considered to be cryptographically secure. So to the extentpossible, SHA-1 shouldn't be grouped together with any of the other SHAversions, and usage of it should be phased out.Therefore, split <crypto/sha.h> into two headers <crypto/sha1.h> and<crypto/sha2.h>, and make everyone explicitly specify whether they wantthe declarations for SHA-1, SHA-2, or both.This avoids making the SHA-1 declarations visible to files that don'twant anything to do with SHA-1. It also prepares for potentially movingsha1.h into a new insecure/ or dangerous/ directory.Signed-off-by: Eric Biggers <ebiggers@google.com>Acked-by: Ard Biesheuvel <ardb@kernel.org>Acked-by: Jason A. Donenfeld <Jason@zx2c4.com>Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: sun4i-ss - Fix sparse endianness markersThis patch also fixes the incorrect endianness markings in thesun4i-ss driver. It should have no effect in the genereated code.Instead of using c
crypto: sun4i-ss - Fix sparse endianness markersThis patch also fixes the incorrect endianness markings in thesun4i-ss driver. It should have no effect in the genereated code.Instead of using cpu_to_Xe32 followed by a memcpy, this patchconverts the final hash write to use put_unaligned_X instead.Reported-by: kernel test robot <lkp@intel.com>Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>Acked-by: Corentin Labbe <clabbe.montjoie@gmail.com>Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: sun4i - permit asynchronous skcipher as fallbackEven though the sun4i driver implements asynchronous versions of ecb(aes)and cbc(aes), the fallbacks it allocates are required to be synchro
crypto: sun4i - permit asynchronous skcipher as fallbackEven though the sun4i driver implements asynchronous versions of ecb(aes)and cbc(aes), the fallbacks it allocates are required to be synchronous.Given that SIMD based software implementations are usually asynchronousas well, even though they rarely complete asynchronously (this typicallyonly happens in cases where the request was made from softirq context,while SIMD was already in use in the task context that it interrupted),these implementations are disregarded, and either the generic C versionor another table based version implemented in assembler is selectedinstead.Since falling back to synchronous AES is not only a performance issue, butpotentially a security issue as well (due to the fact that table based AESis not time invariant), let's fix this, by allocating an ordinary skcipheras the fallback, and invoke it with the completion routine that was givento the outer request.Signed-off-by: Ard Biesheuvel <ardb@kernel.org>Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: remove CRYPTO_TFM_RES_BAD_KEY_LENThe CRYPTO_TFM_RES_BAD_KEY_LEN flag was apparently meant as a way tomake the ->setkey() functions provide more information about errors.However, no one a
crypto: remove CRYPTO_TFM_RES_BAD_KEY_LENThe CRYPTO_TFM_RES_BAD_KEY_LEN flag was apparently meant as a way tomake the ->setkey() functions provide more information about errors.However, no one actually checks for this flag, which makes it pointless.Also, many algorithms fail to set this flag when given a bad length key.Reviewing just the generic implementations, this is the case foraes-fixed-time, cbcmac, echainiv, nhpoly1305, pcrypt, rfc3686, rfc4309,rfc7539, rfc7539esp, salsa20, seqiv, and xcbc. But there are probablymany more in arch/*/crypto/ and drivers/crypto/.Some algorithms can even set this flag when the key is the correctlength. For example, authenc and authencesn set it when the key payloadis malformed in any way (not just a bad length), the atmel-sha and ccreedrivers can set it if a memory allocation fails, and the chelsio driversets it for bad auth tag lengths, not just bad key lengths.So even if someone actually wanted to start checking this flag (whichseems unlikely, since it's been unused for a long time), there would bea lot of work needed to get it working correctly. But it would probablybe much better to go back to the drawing board and just define differentreturn values, like -EINVAL if the key is invalid for the algorithm vs.-EKEYREJECTED if the key was rejected by a policy like "no weak keys".That would be much simpler, less error-prone, and easier to test.So just remove this flag.Signed-off-by: Eric Biggers <ebiggers@google.com>Reviewed-by: Horia Geantă <horia.geanta@nxp.com>Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: sun4i-ss - make unexported sun4i_ss_pm_ops staticThe sun4i_ss_pm_ops is not referenced outside the driverexcept via a pointer, so make it static to avoid the followingwarning:drivers/cr
crypto: sun4i-ss - make unexported sun4i_ss_pm_ops staticThe sun4i_ss_pm_ops is not referenced outside the driverexcept via a pointer, so make it static to avoid the followingwarning:drivers/crypto/allwinner/sun4i-ss/sun4i-ss-core.c:276:25: warning: symbol 'sun4i_ss_pm_ops' was not declared. Should it be static?Signed-off-by: Ben Dooks (Codethink) <ben.dooks@codethink.co.uk>Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: sun4i-ss - add the A33 variant of SSThe A33 SS has a difference with all other SS, it give SHA1 digestdirectly in BE.So this patch adds variant support in sun4i-ss.Fixes: 6298e948215f (
crypto: sun4i-ss - add the A33 variant of SSThe A33 SS has a difference with all other SS, it give SHA1 digestdirectly in BE.So this patch adds variant support in sun4i-ss.Fixes: 6298e948215f ("crypto: sunxi-ss - Add Allwinner Security System crypto accelerator")Signed-off-by: Corentin Labbe <clabbe.montjoie@gmail.com>Acked-by: Maxime Ripard <mripard@kernel.org>Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
12