summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2019-11-17crypto: arm64/chacha - depend on generic chacha library instead of crypto driverArd Biesheuvel2-19/+23
Depend on the generic ChaCha library routines instead of pulling in the generic ChaCha skcipher driver, which is more than we need, and makes managing the dependencies between the generic library, generic driver, accelerated library and driver more complicated. While at it, drop the logic to prefer the scalar code on short inputs. Turning the NEON on and off is cheap these days, and one major use case for ChaCha20 is ChaCha20-Poly1305, which is guaranteed to hit the scalar path upon every invocation (when doing the Poly1305 nonce generation) Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-17crypto: x86/chacha - expose SIMD ChaCha routine as library functionArd Biesheuvel3-25/+73
Wire the existing x86 SIMD ChaCha code into the new ChaCha library interface, so that users of the library interface will get the accelerated version when available. Given that calls into the library API will always go through the routines in this module if it is enabled, switch to static keys to select the optimal implementation available (which may be none at all, in which case we defer to the generic implementation for all invocations). Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-17crypto: x86/chacha - depend on generic chacha library instead of crypto driverArd Biesheuvel2-56/+36
In preparation of extending the x86 ChaCha driver to also expose the ChaCha library interface, drop the dependency on the chacha_generic crypto driver as a non-SIMD fallback, and depend on the generic ChaCha library directly. This way, we only pull in the code we actually need, without registering a set of ChaCha skciphers that we will never use. Since turning the FPU on and off is cheap these days, simplify the SIMD routine by dropping the per-page yield, which makes for a cleaner switch to the library API as well. This also allows use to invoke the skcipher walk routines in non-atomic mode. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-17crypto: chacha - move existing library code into lib/cryptoArd Biesheuvel12-86/+199
Currently, our generic ChaCha implementation consists of a permute function in lib/chacha.c that operates on the 64-byte ChaCha state directly [and which is always included into the core kernel since it is used by the /dev/random driver], and the crypto API plumbing to expose it as a skcipher. In order to support in-kernel users that need the ChaCha streamcipher but have no need [or tolerance] for going through the abstractions of the crypto API, let's expose the streamcipher bits via a library API as well, in a way that permits the implementation to be superseded by an architecture specific one if provided. So move the streamcipher code into a separate module in lib/crypto, and expose the init() and crypt() routines to users of the library. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-17crypto: lib - tidy up lib/crypto Kconfig and MakefileArd Biesheuvel3-20/+24
In preparation of introducing a set of crypto library interfaces, tidy up the Makefile and split off the Kconfig symbols into a separate file. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-17crypto: aead - Split out geniv into its own moduleHerbert Xu3-163/+179
If aead is built as a module along with cryptomgr, it creates a dependency loop due to the dependency chain aead => crypto_null => cryptomgr => aead. This is due to the presence of the AEAD geniv code. This code is not really part of the AEAD API but simply support code for IV generators such as seqiv. This patch moves the geniv code into its own module thus breaking the dependency loop. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-17crypto: api - Add softdep on cryptomgrHerbert Xu1-0/+1
The crypto API requires cryptomgr to be present for probing to work so we need a softdep to ensure that cryptomgr is added to the initramfs. This was usually not a problem because until very recently it was not practical to build crypto API as module but with the recent work to eliminate direct AES users this is now possible. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-17MAINTAINERS: add linux-amlogic list for amlogic cryptoCorentin Labbe1-0/+1
The linux-amlogic mailing list need to be in copy of all patch for the amlogic crypto. Signed-off-by: Corentin Labbe <clabbe@baylibre.com> Acked-by: Neil Armstrong <narmstrong@baylibre.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-17crypto: amlogic - fix two resources leakCorentin Labbe1-4/+6
This patch fixes two resources leak that occur on error path. Reported-by: coverity-bot <keescook+coverity-bot@chromium.org> Addresses-Coverity-ID: 1487403 ("RESOURCE_LEAK") Addresses-Coverity-ID: 1487401 ("Resource leaks") Fixes: 48fe583fe541 ("crypto: amlogic - Add crypto accelerator for amlogic GXL") Signed-off-by: Corentin Labbe <clabbe@baylibre.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-17crypto: inside-secure - Fixed authenc w/ (3)DES fails on MacchiatobinPascal van Leeuwen1-2/+3
Fixed 2 copy-paste mistakes in the commit mentioned below that caused authenc w/ (3)DES to consistently fail on Macchiatobin (but strangely work fine on x86+FPGA??). Now fully tested on both platforms. Fixes: 13a1bb93f7b1c9 ("crypto: inside-secure - Fixed warnings...") Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-17crypto: hisilicon - no need to check return value of debugfs_create functionsGreg Kroah-Hartman2-32/+11
When calling debugfs functions, there is no need to ever check the return value. The function can work or not, but the code logic should never do something different based on this. Cc: Zhou Wang <wangzhou1@hisilicon.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Cc: linux-crypto@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-17crypto: hisilicon - add vfs_num module param for zipHao Fang1-84/+98
Currently the VF can be enabled only through sysfs interface after module loaded, but this also needs to be done when the module loaded in some scenarios. This patch adds module param vfs_num, adds hisi_zip_sriov_enable() in probe, and also adjusts the position of probe. Signed-off-by: Hao Fang <fanghao11@huawei.com> Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-17crypto: inside-secure - Fix hangup during probing for EIP97 enginePascal van Leeuwen1-4/+4
Fixed mask used for CFSIZE and RFSIZE fields of HIA_OPTIONS register, these were all 1 bit too wide. Which caused the probing of a standard EIP97 to actually hang due to assume way too large descriptor FIFO's. Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-17hwrng: ks-sa - Add minimum sleep time before ready-pollingAlexander Sverdlin1-0/+38
Current polling timeout is 25 us. The hardware is currently configured to harvest the entropy for 81920 us. This leads to timeouts even during blocking read (wait=1). Log snippet: [ 5.727589] [<c040ffcc>] (ks_sa_rng_probe) from [<c04181e8>] (platform_drv_probe+0x58/0xb4) ... [ 5.727805] hwrng: no data available ... [ 13.157016] random: systemd: uninitialized urandom read (16 bytes read) [ 13.157033] systemd[1]: Initializing machine ID from random generator. ... [ 15.848770] random: fast init done ... [ 15.848807] random: crng init done After the patch: [ 6.223534] random: systemd: uninitialized urandom read (16 bytes read) [ 6.223551] systemd[1]: Initializing machine ID from random generator. ... [ 6.876075] random: fast init done ... [ 6.954200] random: systemd: uninitialized urandom read (16 bytes read) [ 6.955244] random: systemd: uninitialized urandom read (16 bytes read) ... [ 7.121948] random: crng init done Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nokia.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-15crypto: tgr192 - remove unneeded semicolonTian Tao1-2/+2
Fix the warning below. ./crypto/tgr192.c:558:43-44: Unneeded semicolon ./crypto/tgr192.c:586:44-45: Unneeded semicolon Fixes: f63fbd3d501b ("crypto: tgr192 - Switch to shash") Signed-off-by: Tian Tao <tiantao6@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-15crypto: allwinner - fix some spelling mistakesColin Ian King2-4/+4
There are spelling mistakes in dev_warn and dev_err messages. Fix these. Change "recommandation" to "recommendation" and "tryed" to "tried". Signed-off-by: Colin Ian King <colin.king@canonical.com> Acked-by: Corentin Labbe <clabbe.montjoie@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-15hwrng: atmel - add new platform support for sam9x60Codrin Ciubotariu1-2/+37
Add platform support for the new IP found on sam9x60 SoC. For this version, if the peripheral clk is above 100MHz, the HALFR bit must be set. This bit is available only if the IP can generate a random number every 168 cycles (instead of 84). Signed-off-by: Codrin Ciubotariu <codrin.ciubotariu@microchip.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-15dt-bindings: rng: atmel-trng: add new compatibleCodrin Ciubotariu1-1/+1
Add compatible for new IP found on sam9x60 SoC. Signed-off-by: Codrin Ciubotariu <codrin.ciubotariu@microchip.com> Acked-by: Rob Herring <robh@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-08crypto: atmel - Fix selection of CRYPTO_AUTHENCTudor Ambarus1-1/+1
The following error is raised when CONFIG_CRYPTO_DEV_ATMEL_AES=y and CONFIG_CRYPTO_DEV_ATMEL_AUTHENC=m: drivers/crypto/atmel-aes.o: In function `atmel_aes_authenc_setkey': atmel-aes.c:(.text+0x9bc): undefined reference to `crypto_authenc_extractkeys' Makefile:1094: recipe for target 'vmlinux' failed Fix it by moving the selection of CRYPTO_AUTHENC under config CRYPTO_DEV_ATMEL_AES. Fixes: 89a82ef87e01 ("crypto: atmel-authenc - add support to...") Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-08crypto: inside-secure - Add missed clk_disable_unprepareChuhong Yuan1-0/+1
safexcel_remove misses disabling priv->reg_clk like what is done when probe fails. Add the missed call to fix it. Signed-off-by: Chuhong Yuan <hslester96@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-08crypto: hisilicon - replace #ifdef with IS_ENABLED for CONFIG_NUMAZhou Wang1-26/+25
Replace #ifdef CONFIG_NUMA with IS_ENABLED(CONFIG_NUMA) to fix kbuild error. Fixes: 700f7d0d29c7 ("crypto: hisilicon - fix to return...") Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com> Reported-by: kbuild test robot <lkp@intel.com> Acked-by: Olof Johansson <olof@lixom.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-08crypto: sun8i-ss - fix memdup.cocci warningskbuild test robot1-4/+2
Use kmemdup rather than duplicating its implementation Generated by: scripts/coccinelle/api/memdup.cocci Fixes: f08fcced6d00 ("crypto: allwinner - Add sun8i-ss cryptographic offloader") CC: Corentin Labbe <clabbe.montjoie@gmail.com> Signed-off-by: kbuild test robot <lkp@intel.com> Signed-off-by: Julia Lawall <julia.lawall@lip6.fr> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-08crypto: sun8i-ss - fix semicolon.cocci warningskbuild test robot Remove unneeded semicolon1-1/+1
Generated by: scripts/coccinelle/misc/semicolon.cocci Fixes: f08fcced6d00 ("crypto: allwinner - Add sun8i-ss cryptographic offloader") CC: Corentin Labbe <clabbe.montjoie@gmail.com> Signed-off-by: kbuild test robot <lkp@intel.com> Signed-off-by: Julia Lawall <julia.lawall@lip6.fr> Acked-by: Corentin Labbe <clabbe.montjoie@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-08crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdrChristian Lamparter1-5/+1
This patch fixes a crash that can happen during probe when the available dma memory is not enough (this can happen if the crypto4xx is built as a module). The descriptor window mapping would end up being free'd twice, once in crypto4xx_build_pdr() and the second time in crypto4xx_destroy_sdr(). Fixes: 5d59ad6eea82 ("crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak") Cc: <stable@vger.kernel.org> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-08MAINTAINERS: Add maintainer for HiSilicon TRNG V2 driverZaibo Xu1-0/+5
Here adds maintainer information for HiSilicon TRNG V2 driver. Signed-off-by: Zaibo Xu <xuzaibo@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-08hwrng: hisi - add HiSilicon TRNG driver supportZaibo Xu3-0/+113
This series adds HiSilicon true random number generator(TRNG) driver in hw_random subsystem. Signed-off-by: Zaibo Xu <xuzaibo@huawei.com> Signed-off-by: Weili Qian <qianweili@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-08crypto: amlogic - ensure error variable err is set before returning itColin Ian King1-0/+1
Currently when the call to crypto_engine_alloc_init fails the error return path returns an uninitialized value in the variable err. Fix this by setting err to -ENOMEM. Addresses-Coverity: ("Uninitialized scalar variable") Fixes: 48fe583fe541 ("crypto: amlogic - Add crypto accelerator for amlogic GXL") Signed-off-by: Colin Ian King <colin.king@canonical.com> Acked-by: Corentin Labbe <clabbe@baylibre.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-08crypto: amlogic - Use kmemdup in meson_aes_setkey()YueHaibing1-2/+1
Use kmemdup rather than duplicating its implementation Signed-off-by: YueHaibing <yuehaibing@huawei.com> Acked-by: Corentin Labbe <clabbe@baylibre.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-08crypto: atmel - Fix remaining endianess warningsHerbert Xu2-2/+2
This patch fixes the remaining sparse endianness warnings. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-08crypto: atmel - Fix authenc support when it is set to mHerbert Xu3-11/+11
As it is if CONFIG_CRYPTO_DEV_ATMEL_AUTHENC is set to m it is in effect disabled. This patch fixes it by using IS_ENABLED instead of ifdef. Fixes: 89a82ef87e01 ("crypto: atmel-authenc - add support to...") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Reviewed-by: Tudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-01crypto: amcc - restore CRYPTO_AES dependencyChristian Lamparter1-0/+1
This patch restores the CRYPTO_AES dependency. This is necessary since some of the crypto4xx driver provided modes need functioning software fallbacks for AES-CTR/CCM and GCM. Fixes: da3e7a9715ea ("crypto: amcc - switch to AES library for GCM key derivation") Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-01crypto: hisilicon - fix to return sub-optimal device when best device has no qpsZhou Wang3-20/+77
Currently find_zip_device() finds zip device which has the min NUMA distance with current CPU. This patch modifies find_zip_device to return sub-optimal device when best device has no qps. This patch sorts all devices by NUMA distance, then finds the best zip device which has free qp. Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Shukun Tan <tanshukun1@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-01crypto: hisilicon - use sgl API to get sgl dma addr and lenZhou Wang2-3/+2
Use sgl API to get sgl dma addr and len, this will help to avoid compile error in some platforms. So NEED_SG_DMA_LENGTH can be removed here, which can only be selected by arch code. Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com> Suggested-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-01crypto: skcipher - rename the crypto_blkcipher module and kconfig optionEric Biggers18-94/+94
Now that the blkcipher algorithm type has been removed in favor of skcipher, rename the crypto_blkcipher kernel module to crypto_skcipher, and rename the config options accordingly: CONFIG_CRYPTO_BLKCIPHER => CONFIG_CRYPTO_SKCIPHER CONFIG_CRYPTO_BLKCIPHER2 => CONFIG_CRYPTO_SKCIPHER2 Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-01crypto: skcipher - remove the "blkcipher" algorithm typeEric Biggers15-1181/+22
Now that all "blkcipher" algorithms have been converted to "skcipher", remove the blkcipher algorithm type. The skcipher (symmetric key cipher) algorithm type was introduced a few years ago to replace both blkcipher and ablkcipher (synchronous and asynchronous block cipher). The advantages of skcipher include: - A much less confusing name, since none of these algorithm types have ever actually been for raw block ciphers, but rather for all length-preserving encryption modes including block cipher modes of operation, stream ciphers, and other length-preserving modes. - It unified blkcipher and ablkcipher into a single algorithm type which supports both synchronous and asynchronous implementations. Note, blkcipher already operated only on scatterlists, so the fact that skcipher does too isn't a regression in functionality. - Better type safety by using struct skcipher_alg, struct crypto_skcipher, etc. instead of crypto_alg, crypto_tfm, etc. - It sometimes simplifies the implementations of algorithms. Also, the blkcipher API was no longer being tested. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-01crypto: skcipher - rename crypto_skcipher_type2 to crypto_skcipher_typeEric Biggers1-7/+6
Now that the crypto_skcipher_type() function has been removed, there's no reason to call the crypto_type struct for skciphers "crypto_skcipher_type2". Rename it to simply "crypto_skcipher_type". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-01crypto: skcipher - remove crypto_has_ablkcipher()Eric Biggers2-32/+1
crypto_has_ablkcipher() has no users, and it does the same thing as crypto_has_skcipher() anyway. So remove it. This also removes the last user of crypto_skcipher_type() and crypto_skcipher_mask(), so remove those too. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-01crypto: skcipher - unify the crypto_has_skcipher*() functionsEric Biggers2-20/+3
crypto_has_skcipher() and crypto_has_skcipher2() do the same thing: they check for the availability of an algorithm of type skcipher, blkcipher, or ablkcipher, which also meets any non-type constraints the caller specified. And they have exactly the same prototype. Therefore, eliminate the redundancy by removing crypto_has_skcipher() and renaming crypto_has_skcipher2() to crypto_has_skcipher(). Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-01dt-bindings: crypto: Add DT bindings documentation for sun8i-ss Security SystemCorentin Labbe1-0/+60
This patch adds documentation for Device-Tree bindings of the Security System cryptographic offloader driver. Signed-off-by: Corentin Labbe <clabbe.montjoie@gmail.com> Acked-by: Maxime Ripard <mripard@kernel.org> Reviewed-by: Rob Herring <robh@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-01crypto: allwinner - Add sun8i-ss cryptographic offloaderCorentin Labbe6-0/+1328
The Security System is an hardware cryptographic offloader present on Allwinner SoCs A80 and A83T. It is different from the previous sun4i-ss. This driver supports AES cipher in CBC and ECB mode. Acked-by: Maxime Ripard <mripard@kernel.org> Signed-off-by: Corentin Labbe <clabbe.montjoie@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-01crypto: testmgr - add test vectors for blake2bDavid Sterba2-0/+335
Test vectors for blake2b with various digest sizes. As the algorithm is the same up to the digest calculation, the key and input data length is distributed in a way that tests all combinanions of the two over the digest sizes. Based on the suggestion from Eric, the following input sizes are tested [0, 1, 7, 15, 64, 247, 256], where blake2b blocksize is 128, so the padded and the non-padded input buffers are tested. blake2b-160 blake2b-256 blake2b-384 blake2b-512 --------------------------------------------------- len=0 | klen=0 klen=1 klen=32 klen=64 len=1 | klen=32 klen=64 klen=0 klen=1 len=7 | klen=64 klen=0 klen=1 klen=32 len=15 | klen=1 klen=32 klen=64 klen=0 len=64 | klen=0 klen=1 klen=32 klen=64 len=247 | klen=32 klen=64 klen=0 klen=1 len=256 | klen=64 klen=0 klen=1 klen=32 Where key: - klen=0: empty key - klen=1: 1 byte value 0x42, 'B' - klen=32: first 32 bytes of the default key, sequence 00..1f - klen=64: default key, sequence 00..3f The unkeyed vectors are ordered before keyed, as this is required by testmgr. CC: Eric Biggers <ebiggers@kernel.org> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-01crypto: blake2b - add blake2b generic implementationDavid Sterba3-0/+453
The patch brings support of several BLAKE2 variants (2b with various digest lengths). The keyed digest is supported, using tfm->setkey call. The in-tree user will be btrfs (for checksumming), we're going to use the BLAKE2b-256 variant. The code is reference implementation taken from the official sources and modified in terms of kernel coding style (whitespace, comments, uintXX_t -> uXX types, removed unused prototypes and #ifdefs, removed testing code, changed secure_zero_memory -> memzero_explicit, used own helpers for unaligned reads/writes and rotations). Further changes removed sanity checks of key length or output size, these values are verified in the crypto API callbacks or hardcoded in shash_alg and not exposed to users. Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-01crypto: sun4i-ss - Move to Allwinner directoryCorentin Labbe11-33/+28
Since we have a dedicated Allwinner directory for crypto driver, move the sun4i-ss driver in it. Acked-by: Maxime Ripard <mripard@kernel.org> Signed-off-by: Corentin Labbe <clabbe.montjoie@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-01crypto: allwinner - Add sun8i-ce Crypto EngineCorentin Labbe6-0/+1394
The Crypto Engine is an hardware cryptographic offloader present on all recent Allwinner SoCs H2+, H3, R40, A64, H5, H6 This driver supports AES cipher in CBC/ECB mode. Acked-by: Maxime Ripard <mripard@kernel.org> Signed-off-by: Corentin Labbe <clabbe.montjoie@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-01crypto: allwinner - Add allwinner subdirectoryCorentin Labbe4-0/+15
Since a second Allwinner crypto driver will be added, it is better to create a dedicated subdirectory. Acked-by: Maxime Ripard <mripard@kernel.org> Signed-off-by: Corentin Labbe <clabbe.montjoie@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-01crypto: mediatek - remove redundant bitwise-orColin Ian King1-1/+1
Bitwise-or'ing 0xffffffff with the u32 variable ctr is the same result as assigning the value to ctr. Remove the redundant bitwise-or and just use an assignment. Addresses-Coverity: ("Suspicious &= or |= constant expression") Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-01crypto: ecdh - fix big endian bug in ECC libraryArd Biesheuvel1-1/+2
The elliptic curve arithmetic library used by the EC-DH KPP implementation assumes big endian byte order, and unconditionally reverses the byte and word order of multi-limb quantities. On big endian systems, the byte reordering is not necessary, while the word ordering needs to be retained. So replace the __swab64() invocation with a call to be64_to_cpu() which should do the right thing for both little and big endian builds. Fixes: 3c4b23901a0c ("crypto: ecdh - Add ECDH software support") Cc: <stable@vger.kernel.org> # v4.9+ Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-01crypto: caam - populate platform devices lastAndrey Smirnov1-7/+6
Move the call to devm_of_platform_populate() at the end of caam_probe(), so we won't try to add any child devices until all of the initialization is finished successfully. Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com> Cc: Chris Healy <cphealy@gmail.com> Cc: Lucas Stach <l.stach@pengutronix.de> Cc: Horia Geantă <horia.geanta@nxp.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: Iuliana Prodan <iuliana.prodan@nxp.com> Cc: linux-crypto@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-01crypto: caam - use devres to populate platform devicesAndrey Smirnov1-23/+3
Use devres to de-initialize the RNG and drop explicit de-initialization code in caam_remove(). Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Cc: Chris Healy <cphealy@gmail.com> Cc: Lucas Stach <l.stach@pengutronix.de> Cc: Horia Geantă <horia.geanta@nxp.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: Iuliana Prodan <iuliana.prodan@nxp.com> Cc: linux-crypto@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-11-01crypto: caam - use devres to de-initialize QIAndrey Smirnov4-19/+7
Use devres to de-initialize the QI and drop explicit de-initialization code in caam_remove(). Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Cc: Chris Healy <cphealy@gmail.com> Cc: Lucas Stach <l.stach@pengutronix.de> Cc: Horia Geantă <horia.geanta@nxp.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: Iuliana Prodan <iuliana.prodan@nxp.com> Cc: linux-crypto@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>