From b82ce24426a4071da9529d726057e4e642948667 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Tue, 4 Jul 2017 12:21:12 +0800 Subject: crypto: sha1-ssse3 - Disable avx2 It has been reported that sha1-avx2 can cause page faults by reading beyond the end of the input. This patch disables it until it can be fixed. Cc: Fixes: 7c1da8d0d046 ("crypto: sha - SHA1 transform x86_64 AVX2") Reported-by: Jan Stancek Signed-off-by: Herbert Xu --- arch/x86/crypto/sha1_ssse3_glue.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/crypto/sha1_ssse3_glue.c b/arch/x86/crypto/sha1_ssse3_glue.c index fc61739150e7..f960a043cdeb 100644 --- a/arch/x86/crypto/sha1_ssse3_glue.c +++ b/arch/x86/crypto/sha1_ssse3_glue.c @@ -201,7 +201,7 @@ asmlinkage void sha1_transform_avx2(u32 *digest, const char *data, static bool avx2_usable(void) { - if (avx_usable() && boot_cpu_has(X86_FEATURE_AVX2) + if (false && avx_usable() && boot_cpu_has(X86_FEATURE_AVX2) && boot_cpu_has(X86_FEATURE_BMI1) && boot_cpu_has(X86_FEATURE_BMI2)) return true; -- cgit v1.2.3-59-g8ed1b From 7459e1d25ffefa2b1be799477fcc1f6c62f6cec7 Mon Sep 17 00:00:00 2001 From: Horia Geantă Date: Fri, 7 Jul 2017 16:57:06 +0300 Subject: crypto: caam - fix signals handling MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Driver does not properly handle the case when signals interrupt wait_for_completion_interruptible(): -it does not check for return value -completion structure is allocated on stack; in case a signal interrupts the sleep, it will go out of scope, causing the worker thread (caam_jr_dequeue) to fail when it accesses it wait_for_completion_interruptible() is replaced with uninterruptable wait_for_completion(). We choose to block all signals while waiting for I/O (device executing the split key generation job descriptor) since the alternative - in order to have a deterministic device state - would be to flush the job ring (aborting *all* in-progress jobs). Cc: Fixes: 045e36780f115 ("crypto: caam - ahash hmac support") Fixes: 4c1ec1f930154 ("crypto: caam - refactor key_gen, sg") Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu --- drivers/crypto/caam/caamhash.c | 2 +- drivers/crypto/caam/key_gen.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c index 7c44c90ad593..910ec61cae09 100644 --- a/drivers/crypto/caam/caamhash.c +++ b/drivers/crypto/caam/caamhash.c @@ -396,7 +396,7 @@ static int hash_digest_key(struct caam_hash_ctx *ctx, const u8 *key_in, ret = caam_jr_enqueue(jrdev, desc, split_key_done, &result); if (!ret) { /* in progress */ - wait_for_completion_interruptible(&result.completion); + wait_for_completion(&result.completion); ret = result.err; #ifdef DEBUG print_hex_dump(KERN_ERR, diff --git a/drivers/crypto/caam/key_gen.c b/drivers/crypto/caam/key_gen.c index 1bb2816a9b4d..c425d4adaf2a 100644 --- a/drivers/crypto/caam/key_gen.c +++ b/drivers/crypto/caam/key_gen.c @@ -149,7 +149,7 @@ int gen_split_key(struct device *jrdev, u8 *key_out, ret = caam_jr_enqueue(jrdev, desc, split_key_done, &result); if (!ret) { /* in progress */ - wait_for_completion_interruptible(&result.completion); + wait_for_completion(&result.completion); ret = result.err; #ifdef DEBUG print_hex_dump(KERN_ERR, "ctx.key@"__stringify(__LINE__)": ", -- cgit v1.2.3-59-g8ed1b From 2acce6aa9f6569d4e135b2c4cfb56acce95efaeb Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Mon, 10 Jul 2017 22:00:48 +0800 Subject: Networking crypto: af_alg - Avoid sock_graft call warning The newly added sock_graft warning triggers in af_alg_accept. It's harmless as we're essentially doing sock->sk = sock->sk. The sock_graft call is actually redundant because all the work it does is subsumed by sock_init_data. However, it was added to placate SELinux as it uses it to initialise its internal state. This patch avoisd the warning by making the SELinux call directly. Reported-by: Linus Torvalds Signed-off-by: Herbert Xu Acked-by: David S. Miller --- crypto/af_alg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/af_alg.c b/crypto/af_alg.c index 3556d8eb54a7..92a3d540d920 100644 --- a/crypto/af_alg.c +++ b/crypto/af_alg.c @@ -287,7 +287,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock, bool kern) goto unlock; sock_init_data(newsock, sk2); - sock_graft(sk2, newsock); + security_sock_graft(sk2, newsock); security_sk_clone(sk, sk2); err = type->accept(ask->private, sk2); -- cgit v1.2.3-59-g8ed1b From 1606043f214f912a52195293614935811a6e3e53 Mon Sep 17 00:00:00 2001 From: Gilad Ben-Yossef Date: Wed, 28 Jun 2017 10:22:03 +0300 Subject: crypto: atmel - only treat EBUSY as transient if backlog The Atmel SHA driver was treating -EBUSY as indication of queueing to backlog without checking that backlog is enabled for the request. Fix it by checking request flags. Cc: Signed-off-by: Gilad Ben-Yossef Signed-off-by: Herbert Xu --- drivers/crypto/atmel-sha.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/atmel-sha.c b/drivers/crypto/atmel-sha.c index a9482023d7d3..dad4e5bad827 100644 --- a/drivers/crypto/atmel-sha.c +++ b/drivers/crypto/atmel-sha.c @@ -1204,7 +1204,9 @@ static int atmel_sha_finup(struct ahash_request *req) ctx->flags |= SHA_FLAGS_FINUP; err1 = atmel_sha_update(req); - if (err1 == -EINPROGRESS || err1 == -EBUSY) + if (err1 == -EINPROGRESS || + (err1 == -EBUSY && (ahash_request_flags(req) & + CRYPTO_TFM_REQ_MAY_BACKLOG))) return err1; /* -- cgit v1.2.3-59-g8ed1b From 854b06f768794cd664886ec3ba3a5b1c58d42167 Mon Sep 17 00:00:00 2001 From: David Gstir Date: Wed, 28 Jun 2017 15:27:10 +0200 Subject: crypto: caam - properly set IV after {en,de}crypt MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Certain cipher modes like CTS expect the IV (req->info) of ablkcipher_request (or equivalently req->iv of skcipher_request) to contain the last ciphertext block when the {en,de}crypt operation is done. This is currently not the case for the CAAM driver which in turn breaks e.g. cts(cbc(aes)) when the CAAM driver is enabled. This patch fixes the CAAM driver to properly set the IV after the {en,de}crypt operation of ablkcipher finishes. This issue was revealed by the changes in the SW CTS mode in commit 0605c41cc53ca ("crypto: cts - Convert to skcipher") Cc: # 4.8+ Signed-off-by: David Gstir Reviewed-by: Horia Geantă Signed-off-by: Herbert Xu --- drivers/crypto/caam/caamalg.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c index fde399c88779..0488b7f81dcf 100644 --- a/drivers/crypto/caam/caamalg.c +++ b/drivers/crypto/caam/caamalg.c @@ -882,10 +882,10 @@ static void ablkcipher_encrypt_done(struct device *jrdev, u32 *desc, u32 err, { struct ablkcipher_request *req = context; struct ablkcipher_edesc *edesc; -#ifdef DEBUG struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req); int ivsize = crypto_ablkcipher_ivsize(ablkcipher); +#ifdef DEBUG dev_err(jrdev, "%s %d: err 0x%x\n", __func__, __LINE__, err); #endif @@ -904,6 +904,14 @@ static void ablkcipher_encrypt_done(struct device *jrdev, u32 *desc, u32 err, #endif ablkcipher_unmap(jrdev, edesc, req); + + /* + * The crypto API expects us to set the IV (req->info) to the last + * ciphertext block. This is used e.g. by the CTS mode. + */ + scatterwalk_map_and_copy(req->info, req->dst, req->nbytes - ivsize, + ivsize, 0); + kfree(edesc); ablkcipher_request_complete(req, err); @@ -914,10 +922,10 @@ static void ablkcipher_decrypt_done(struct device *jrdev, u32 *desc, u32 err, { struct ablkcipher_request *req = context; struct ablkcipher_edesc *edesc; -#ifdef DEBUG struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req); int ivsize = crypto_ablkcipher_ivsize(ablkcipher); +#ifdef DEBUG dev_err(jrdev, "%s %d: err 0x%x\n", __func__, __LINE__, err); #endif @@ -935,6 +943,14 @@ static void ablkcipher_decrypt_done(struct device *jrdev, u32 *desc, u32 err, #endif ablkcipher_unmap(jrdev, edesc, req); + + /* + * The crypto API expects us to set the IV (req->info) to the last + * ciphertext block. + */ + scatterwalk_map_and_copy(req->info, req->src, req->nbytes - ivsize, + ivsize, 0); + kfree(edesc); ablkcipher_request_complete(req, err); -- cgit v1.2.3-59-g8ed1b From d3f1d2f7863137c5d71e64041b48968db29b149e Mon Sep 17 00:00:00 2001 From: Harsh Jain Date: Fri, 23 Jun 2017 19:45:11 +0530 Subject: crypto: chcr - Avoid algo allocation in softirq. Thsi patch fixes calling "crypto_alloc_cipher" call in bottom halves. Pre allocate aes cipher required to update Tweak value for XTS. Signed-off-by: Harsh Jain Signed-off-by: Herbert Xu --- drivers/crypto/chelsio/chcr_algo.c | 23 +++++++++++++++-------- drivers/crypto/chelsio/chcr_crypto.h | 1 + 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/drivers/crypto/chelsio/chcr_algo.c b/drivers/crypto/chelsio/chcr_algo.c index aa4e5b88483d..508cbc79e508 100644 --- a/drivers/crypto/chelsio/chcr_algo.c +++ b/drivers/crypto/chelsio/chcr_algo.c @@ -899,26 +899,20 @@ static int chcr_update_tweak(struct ablkcipher_request *req, u8 *iv) u8 *key; unsigned int keylen; - cipher = crypto_alloc_cipher("aes-generic", 0, 0); + cipher = ablkctx->aes_generic; memcpy(iv, req->info, AES_BLOCK_SIZE); - if (IS_ERR(cipher)) { - ret = -ENOMEM; - goto out; - } keylen = ablkctx->enckey_len / 2; key = ablkctx->key + keylen; ret = crypto_cipher_setkey(cipher, key, keylen); if (ret) - goto out1; + goto out; crypto_cipher_encrypt_one(cipher, iv, iv); for (i = 0; i < (reqctx->processed / AES_BLOCK_SIZE); i++) gf128mul_x_ble((le128 *)iv, (le128 *)iv); crypto_cipher_decrypt_one(cipher, iv, iv); -out1: - crypto_free_cipher(cipher); out: return ret; } @@ -1262,6 +1256,17 @@ static int chcr_cra_init(struct crypto_tfm *tfm) pr_err("failed to allocate fallback for %s\n", alg->cra_name); return PTR_ERR(ablkctx->sw_cipher); } + + if (get_cryptoalg_subtype(tfm) == CRYPTO_ALG_SUB_TYPE_XTS) { + /* To update tweak*/ + ablkctx->aes_generic = crypto_alloc_cipher("aes-generic", 0, 0); + if (IS_ERR(ablkctx->aes_generic)) { + pr_err("failed to allocate aes cipher for tweak\n"); + return PTR_ERR(ablkctx->aes_generic); + } + } else + ablkctx->aes_generic = NULL; + tfm->crt_ablkcipher.reqsize = sizeof(struct chcr_blkcipher_req_ctx); return chcr_device_init(crypto_tfm_ctx(tfm)); } @@ -1292,6 +1297,8 @@ static void chcr_cra_exit(struct crypto_tfm *tfm) struct ablk_ctx *ablkctx = ABLK_CTX(ctx); crypto_free_skcipher(ablkctx->sw_cipher); + if (ablkctx->aes_generic) + crypto_free_cipher(ablkctx->aes_generic); } static int get_alg_config(struct algo_param *params, diff --git a/drivers/crypto/chelsio/chcr_crypto.h b/drivers/crypto/chelsio/chcr_crypto.h index a4f95b014b46..30af1ee17b87 100644 --- a/drivers/crypto/chelsio/chcr_crypto.h +++ b/drivers/crypto/chelsio/chcr_crypto.h @@ -155,6 +155,7 @@ struct ablk_ctx { struct crypto_skcipher *sw_cipher; + struct crypto_cipher *aes_generic; __be32 key_ctx_hdr; unsigned int enckey_len; unsigned char ciph_mode; -- cgit v1.2.3-59-g8ed1b From b8fc3397c9e88dc7889b56395d04c1f3d65d186f Mon Sep 17 00:00:00 2001 From: Colin Ian King Date: Tue, 20 Jun 2017 11:35:50 +0100 Subject: crypto: cavium - make several functions static The functions cvm_encrypt, cvm_decrypt, cvm_xts_setkey and cvm_enc_dec_init does not need to be in global scope, so make them static. Signed-off-by: Colin Ian King Acked-by: David S. Miller Signed-off-by: Herbert Xu --- drivers/crypto/cavium/cpt/cptvf_algs.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/crypto/cavium/cpt/cptvf_algs.c b/drivers/crypto/cavium/cpt/cptvf_algs.c index 1b220f3ed017..df21d996db7e 100644 --- a/drivers/crypto/cavium/cpt/cptvf_algs.c +++ b/drivers/crypto/cavium/cpt/cptvf_algs.c @@ -222,17 +222,17 @@ static inline int cvm_enc_dec(struct ablkcipher_request *req, u32 enc) return -EINPROGRESS; } -int cvm_encrypt(struct ablkcipher_request *req) +static int cvm_encrypt(struct ablkcipher_request *req) { return cvm_enc_dec(req, true); } -int cvm_decrypt(struct ablkcipher_request *req) +static int cvm_decrypt(struct ablkcipher_request *req) { return cvm_enc_dec(req, false); } -int cvm_xts_setkey(struct crypto_ablkcipher *cipher, const u8 *key, +static int cvm_xts_setkey(struct crypto_ablkcipher *cipher, const u8 *key, u32 keylen) { struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher); @@ -336,7 +336,7 @@ static int cvm_ecb_des3_setkey(struct crypto_ablkcipher *cipher, const u8 *key, return cvm_setkey(cipher, key, keylen, DES3_ECB); } -int cvm_enc_dec_init(struct crypto_tfm *tfm) +static int cvm_enc_dec_init(struct crypto_tfm *tfm) { struct cvm_enc_ctx *ctx = crypto_tfm_ctx(tfm); -- cgit v1.2.3-59-g8ed1b