[PATCH 1/1] crypto: chelsio - Fix indentation warning

[Harsh Jain]

Fix Warning introduced in changeset

e1a018e607a3 ("crypto: chelsio - Remove dst sg size zero check")

Reported-by: Stephen Rothwell 
Signed-off-by: Harsh Jain 
---
 drivers/crypto/chelsio/chcr_algo.c | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index a9c894b..34a02d6 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -2112,11 +2112,11 @@ static struct sk_buff *create_authenc_wr(struct 
aead_request *req,
error = chcr_aead_common_init(req, op_type);
if (error)
return ERR_PTR(error);
-   dnents = sg_nents_xlen(req->dst, assoclen, CHCR_DST_SG_SIZE, 0);
-   dnents += sg_nents_xlen(req->dst, req->cryptlen +
-   (op_type ? -authsize : authsize), CHCR_DST_SG_SIZE,
-   req->assoclen);
-   dnents += MIN_AUTH_SG; // For IV
+   dnents = sg_nents_xlen(req->dst, assoclen, CHCR_DST_SG_SIZE, 0);
+   dnents += sg_nents_xlen(req->dst, req->cryptlen +
+   (op_type ? -authsize : authsize), CHCR_DST_SG_SIZE,
+   req->assoclen);
+   dnents += MIN_AUTH_SG; // For IV
 
dst_size = get_space_for_phys_dsgl(dnents);
kctx_len = (ntohl(KEY_CONTEXT_CTX_LEN_V(aeadctx->key_ctx_hdr)) << 4)
-- 
2.1.4

Re: [PATCH V8 1/5] crypto: Multi-buffer encryption infrastructure support

[Megha Dey]

On Thu, 2018-01-18 at 22:39 +1100, Herbert Xu wrote:
> On Tue, Jan 09, 2018 at 04:09:04PM -0800, Megha Dey wrote:
> >
> > +static void mcryptd_skcipher_encrypt(struct crypto_async_request *base,
> > +   int err)
> > +{
> > +   struct skcipher_request *req = skcipher_request_cast(base);
> > +   struct mcryptd_skcipher_request_ctx *rctx = skcipher_request_ctx(req);
> > +   struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
> > +   struct mcryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm);
> > +   struct crypto_skcipher *child = ctx->child;
> > +   struct skcipher_request subreq;
> > +
> > +   if (unlikely(err == -EINPROGRESS))
> > +   goto out;
> > +
> > +   /* set up the skcipher request to work on */
> > +   skcipher_request_set_tfm(, child);
> > +   skcipher_request_set_callback(,
> > +   CRYPTO_TFM_REQ_MAY_SLEEP, 0, 0);
> > +   skcipher_request_set_crypt(, req->src, req->dst,
> > +   req->cryptlen, req->iv);
> > +
> > +   /*
> > +* pass addr of descriptor stored in the request context
> > +* so that the callee can get to the request context
> > +*/
> > +   rctx->desc = subreq;
> > +   err = crypto_skcipher_encrypt(>desc);
> > +
> > +   if (err) {
> > +   req->base.complete = rctx->complete;
> > +   goto out;
> > +   }
> > +   return;
> > +
> > +out:
> > +   mcryptd_skcipher_complete(req, err);
> > +}
> 
> OK this looks better but it's still abusing the crypto API interface.
> In particular, you're sharing data with the underlying algorithm
> behind the crypto API's back.  Also, the underlying algorithm does
> callback completion behind the API's back through the shared data
> context.
> 
> It seems to me that the current mcryptd scheme is flawed.  You
> want to batch multiple requests and yet this isn't actually being
> done by mcryptd at all.  The actual batching happens at the very
> lowest level, i.e., in the crypto algorithm below mcryptd.  For
> example, with your patch, the batching appears to happen in
> aes_cbc_job_mgr_submit.
> 
> So the mcryptd template is in fact completely superfluous.  You
> can remove it and just have all the main encrypt/decrypt functions
> invoke the underlying encrypt/decrypt function directly and achieve
> the same result.
> 
> Am I missing something?

Hi Herbert,

After discussing with Tim, it seems like the mcryptd is responsible for
queuing up the encrypt requests and dispatching them to the actual
multi-buffer raw algorithm.  It also flushes the queue
if we wait too long without new requests coming in to force dispatch of
the requests in queue.

Its function is analogous to cryptd but it has its own multi-lane twists
so we haven't reused the cryptd interface.
> 
> Cheers,

Re: [PATCH 5/5] crypto: ahash.c: Require export/import in ahash

[Marek Vasut]

On 01/18/2018 07:34 PM, Kamil Konieczny wrote:
> Export and import are mandatory in async hash. As drivers were
> rewritten, drop empty wrappers and correct init of ahash transformation.

Are you moving checks from the core subsystem to drivers ? This looks
really nonsensical and the commit message doesn't explain the rationale
for that at all.

> Signed-off-by: Kamil Konieczny 
> ---
>  crypto/ahash.c | 18 ++
>  1 file changed, 2 insertions(+), 16 deletions(-)
> 
> diff --git a/crypto/ahash.c b/crypto/ahash.c
> index 3a35d67de7d9..c3cce508c1d4 100644
> --- a/crypto/ahash.c
> +++ b/crypto/ahash.c
> @@ -434,16 +434,6 @@ static int ahash_def_finup(struct ahash_request *req)
>   return ahash_def_finup_finish1(req, err);
>  }
>  
> -static int ahash_no_export(struct ahash_request *req, void *out)
> -{
> - return -ENOSYS;
> -}
> -
> -static int ahash_no_import(struct ahash_request *req, const void *in)
> -{
> - return -ENOSYS;
> -}
> -
>  static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
>  {
>   struct crypto_ahash *hash = __crypto_ahash_cast(tfm);
> @@ -451,8 +441,6 @@ static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
>  
>   hash->setkey = ahash_nosetkey;
>   hash->has_setkey = false;
> - hash->export = ahash_no_export;
> - hash->import = ahash_no_import;
>  
>   if (tfm->__crt_alg->cra_type != _ahash_type)
>   return crypto_init_shash_ops_async(tfm);
> @@ -462,15 +450,13 @@ static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
>   hash->final = alg->final;
>   hash->finup = alg->finup ?: ahash_def_finup;
>   hash->digest = alg->digest;
> + hash->export = alg->export;
> + hash->import = alg->import;
>  
>   if (alg->setkey) {
>   hash->setkey = alg->setkey;
>   hash->has_setkey = true;
>   }
> - if (alg->export)
> - hash->export = alg->export;
> - if (alg->import)
> - hash->import = alg->import;
>  
>   return 0;
>  }
> 


-- 
Best regards,
Marek Vasut

[PATCH v2] crypto: AES-NI GCM - handle zero length dst buffer

[Stephan Müller]

Hi Herbert,

Sorry, I forgot to CC you on this patch -- v2 is unchanged from the
original patch. It only adds you in copy.

---8<---

GCM can be invoked with a zero destination buffer. This is possible if
the AAD and the ciphertext have zero lengths and only the tag exists in
the source buffer (i.e. a source buffer cannot be zero). In this case,
the GCM cipher only performs the authentication and no decryption
operation.

When the destination buffer has zero length, it is possible that no page
is mapped to the SG pointing to the destination. In this case,
sg_page(req->dst) is an invalid access. Therefore, page accesses should
only be allowed if the req->dst->length is non-zero which is the
indicator that a page must exist.

This fixes a crash that can be triggered by user space via AF_ALG.

CC: 
Signed-off-by: Stephan Mueller 
---
 arch/x86/crypto/aesni-intel_glue.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/crypto/aesni-intel_glue.c 
b/arch/x86/crypto/aesni-intel_glue.c
index a5ee78d723cd..34cf1c1f8c98 100644
--- a/arch/x86/crypto/aesni-intel_glue.c
+++ b/arch/x86/crypto/aesni-intel_glue.c
@@ -824,7 +824,7 @@ static int gcmaes_decrypt(struct aead_request *req, 
unsigned int assoclen,
if (sg_is_last(req->src) &&
(!PageHighMem(sg_page(req->src)) ||
req->src->offset + req->src->length <= PAGE_SIZE) &&
-   sg_is_last(req->dst) &&
+   sg_is_last(req->dst) && req->dst->length &&
(!PageHighMem(sg_page(req->dst)) ||
req->dst->offset + req->dst->length <= PAGE_SIZE)) {
one_entry_in_sg = 1;
-- 
2.14.3

[PATCH] crypto: AES-NI GCM - handle zero length dst buffer

[Stephan Müller]

GCM can be invoked with a zero destination buffer. This is possible if
the AAD and the ciphertext have zero lengths and only the tag exists in
the source buffer (i.e. a source buffer cannot be zero). In this case,
the GCM cipher only performs the authentication and no decryption
operation.

When the destination buffer has zero length, it is possible that no page
is mapped to the SG pointing to the destination. In this case,
sg_page(req->dst) is an invalid access. Therefore, page accesses should
only be allowed if the req->dst->length is non-zero which is the
indicator that a page must exist.

This fixes a crash that can be triggered by user space via AF_ALG.

CC: 
Signed-off-by: Stephan Mueller 
---
 arch/x86/crypto/aesni-intel_glue.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/crypto/aesni-intel_glue.c 
b/arch/x86/crypto/aesni-intel_glue.c
index a5ee78d723cd..34cf1c1f8c98 100644
--- a/arch/x86/crypto/aesni-intel_glue.c
+++ b/arch/x86/crypto/aesni-intel_glue.c
@@ -824,7 +824,7 @@ static int gcmaes_decrypt(struct aead_request *req, 
unsigned int assoclen,
if (sg_is_last(req->src) &&
(!PageHighMem(sg_page(req->src)) ||
req->src->offset + req->src->length <= PAGE_SIZE) &&
-   sg_is_last(req->dst) &&
+   sg_is_last(req->dst) && req->dst->length &&
(!PageHighMem(sg_page(req->dst)) ||
req->dst->offset + req->dst->length <= PAGE_SIZE)) {
one_entry_in_sg = 1;
-- 
2.14.3

[cryptodev:master 147/154] drivers/crypto/chelsio/chcr_algo.c:2113:2: note: in expansion of macro 'if'

[kbuild test robot]

tree:   
https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master
head:   20b04c02bcb2d1e6a642bbe9e759157bb198499e
commit: e1a018e607a33dc9f987c761daf1792082fb9ca7 [147/154] crypto: chelsio - 
Remove dst sg size zero check
config: x86_64-randconfig-v0-01182123 (attached as .config)
compiler: gcc-7 (Debian 7.2.0-12) 7.2.1 20171025
reproduce:
git checkout e1a018e607a33dc9f987c761daf1792082fb9ca7
# save the attached .config to linux build tree
make ARCH=x86_64 

All warnings (new ones prefixed by >>):

   In file included from include/linux/kernel.h:10:0,
from drivers/crypto/chelsio/chcr_algo.c:44:
   drivers/crypto/chelsio/chcr_algo.c: In function 'create_authenc_wr':
   include/linux/compiler.h:58:2: warning: this 'if' clause does not guard... 
[-Wmisleading-indentation]
 if (__builtin_constant_p(!!(cond)) ? !!(cond) :   \
 ^
   include/linux/compiler.h:56:23: note: in expansion of macro '__trace_if'
#define if(cond, ...) __trace_if( (cond , ## __VA_ARGS__) )
  ^~
>> drivers/crypto/chelsio/chcr_algo.c:2113:2: note: in expansion of macro 'if'
 if (error)
 ^~
   drivers/crypto/chelsio/chcr_algo.c:2115:3: note: ...this statement, but the 
latter is misleadingly indented as if it were guarded by the 'if'
  dnents = sg_nents_xlen(req->dst, assoclen, CHCR_DST_SG_SIZE, 0);
  ^~
   In file included from include/linux/kernel.h:10:0,
from drivers/crypto/chelsio/chcr_algo.c:44:
   drivers/crypto/chelsio/chcr_algo.c: At top level:
   include/linux/compiler.h:64:4: warning: '__f' is static but declared in 
inline function 'strcpy' which is not static
   __f = { \
   ^
   include/linux/compiler.h:56:23: note: in expansion of macro '__trace_if'
#define if(cond, ...) __trace_if( (cond , ## __VA_ARGS__) )
  ^~
   include/linux/string.h:422:2: note: in expansion of macro 'if'
 if (p_size == (size_t)-1 && q_size == (size_t)-1)
 ^~
   include/linux/compiler.h:64:4: warning: '__f' is static but declared in 
inline function 'kmemdup' which is not static
   __f = { \
   ^
   include/linux/compiler.h:56:23: note: in expansion of macro '__trace_if'
#define if(cond, ...) __trace_if( (cond , ## __VA_ARGS__) )
  ^~
   include/linux/string.h:412:2: note: in expansion of macro 'if'
 if (p_size < size)
 ^~
   include/linux/compiler.h:64:4: warning: '__f' is static but declared in 
inline function 'kmemdup' which is not static
   __f = { \
   ^
   include/linux/compiler.h:56:23: note: in expansion of macro '__trace_if'
#define if(cond, ...) __trace_if( (cond , ## __VA_ARGS__) )
  ^~
   include/linux/string.h:410:2: note: in expansion of macro 'if'
 if (__builtin_constant_p(size) && p_size < size)
 ^~
   include/linux/compiler.h:64:4: warning: '__f' is static but declared in 
inline function 'memchr_inv' which is not static
   __f = { \
   ^
   include/linux/compiler.h:56:23: note: in expansion of macro '__trace_if'
#define if(cond, ...) __trace_if( (cond , ## __VA_ARGS__) )
  ^~
   include/linux/string.h:401:2: note: in expansion of macro 'if'
 if (p_size < size)
 ^~
   include/linux/compiler.h:64:4: warning: '__f' is static but declared in 
inline function 'memchr_inv' which is not static
   __f = { \
   ^
   include/linux/compiler.h:56:23: note: in expansion of macro '__trace_if'
#define if(cond, ...) __trace_if( (cond , ## __VA_ARGS__) )
  ^~
   include/linux/string.h:399:2: note: in expansion of macro 'if'
 if (__builtin_constant_p(size) && p_size < size)
 ^~
   include/linux/compiler.h:64:4: warning: '__f' is static but declared in 
inline function 'memchr' which is not static
   __f = { \
   ^
   include/linux/compiler.h:56:23: note: in expansion of macro '__trace_if'
#define if(cond, ...) __trace_if( (cond , ## __VA_ARGS__) )
  ^~
   include/linux/string.h:390:2: note: in expansion of macro 'if'
 if (p_size < size)
 ^~
   include/linux/compiler.h:64:4: warning: '__f' is static but declared in 
inline function 'memchr' which is not static
   __f = { \
   ^
   include/linux/compiler.h:56:23: note: in expansion of macro '__trace_if'
#define if(cond, ...) __trace_if( (cond , ## __VA_ARGS__) )
  ^~
   include/linux/string.h:388:2: note: in expansion of macro 'if'
 if (__builtin_constant_p(size) && p_size < size)
 ^~
   include/linux/compiler.h:64:4: warning: '__f' is static but declared in 
inline function 'memcmp' which is not static
   __f = { \
   ^
   include/linux/compiler.h:56:23: note: in expansion of macro '__trace_if'
 

[PATCH 3/5] crypto: ux500/hash: Add empty export and import

[Kamil Konieczny]

Crypto framework requires export/import in async hash. If driver do not
implement them, wrapper functions in framework will be used, and it will
cause error during ahash alg registration (unless one disables crypto
internal tests). To make change in framework and expose this requirement,
I will remove wrappers from crypto/ahash.c , but this can broke code which
depends on them. Add empty hash export and import, with the same behaviour
as in framework and expose this directly in driver. This can also prevent
OOPS when config option in Cryptographic API 'Disable run-time self tests'
will be enabled.

Signed-off-by: Kamil Konieczny 
Acked-by: Linus Walleij 
---
 drivers/crypto/ux500/hash/hash_core.c | 18 ++
 1 file changed, 18 insertions(+)

diff --git a/drivers/crypto/ux500/hash/hash_core.c 
b/drivers/crypto/ux500/hash/hash_core.c
index 9acccad26928..2d0a677bcc76 100644
--- a/drivers/crypto/ux500/hash/hash_core.c
+++ b/drivers/crypto/ux500/hash/hash_core.c
@@ -1403,6 +1403,16 @@ static int ahash_sha256_digest(struct ahash_request *req)
return ret1 ? ret1 : ret2;
 }
 
+static int ahash_noimport(struct ahash_request *req, const void *in)
+{
+   return -ENOSYS;
+}
+
+static int ahash_noexport(struct ahash_request *req, void *out)
+{
+   return -ENOSYS;
+}
+
 static int hmac_sha1_init(struct ahash_request *req)
 {
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
@@ -1507,6 +1517,8 @@ static struct hash_algo_template hash_algs[] = {
.update = ahash_update,
.final = ahash_final,
.digest = ahash_sha1_digest,
+   .export = ahash_noexport,
+   .import = ahash_noimport,
.halg.digestsize = SHA1_DIGEST_SIZE,
.halg.statesize = sizeof(struct hash_ctx),
.halg.base = {
@@ -1529,6 +1541,8 @@ static struct hash_algo_template hash_algs[] = {
.update = ahash_update,
.final = ahash_final,
.digest = ahash_sha256_digest,
+   .export = ahash_noexport,
+   .import = ahash_noimport,
.halg.digestsize = SHA256_DIGEST_SIZE,
.halg.statesize = sizeof(struct hash_ctx),
.halg.base = {
@@ -1553,6 +1567,8 @@ static struct hash_algo_template hash_algs[] = {
.final = ahash_final,
.digest = hmac_sha1_digest,
.setkey = hmac_sha1_setkey,
+   .export = ahash_noexport,
+   .import = ahash_noimport,
.halg.digestsize = SHA1_DIGEST_SIZE,
.halg.statesize = sizeof(struct hash_ctx),
.halg.base = {
@@ -1577,6 +1593,8 @@ static struct hash_algo_template hash_algs[] = {
.final = ahash_final,
.digest = hmac_sha256_digest,
.setkey = hmac_sha256_setkey,
+   .export = ahash_noexport,
+   .import = ahash_noimport,
.halg.digestsize = SHA256_DIGEST_SIZE,
.halg.statesize = sizeof(struct hash_ctx),
.halg.base = {
-- 
2.15.0

[PATCH 4/5] crypto: bfin_crc: Add empty hash export and import

[Kamil Konieczny]

Crypto framework requires export/import in async hash. If driver do not
implement them, wrapper functions in framework will be used, and it will
cause error during ahash alg registration (unless one disables crypto
internal tests). To make change in framework and expose this requirement,
I will remove wrappers from crypto/ahash.c , but this can broke code which
depends on them.
Add empty hash export and import, with the same behaviour as in framework
and expose this directly in driver. This can also prevent OOPS when config
option in Cryptographic API 'Disable run-time self tests' will be enabled.

Signed-off-by: Kamil Konieczny 
---
 drivers/crypto/bfin_crc.c | 12 
 1 file changed, 12 insertions(+)

diff --git a/drivers/crypto/bfin_crc.c b/drivers/crypto/bfin_crc.c
index a118b9bed669..65a8e07835e8 100644
--- a/drivers/crypto/bfin_crc.c
+++ b/drivers/crypto/bfin_crc.c
@@ -450,6 +450,16 @@ static int bfin_crypto_crc_digest(struct ahash_request 
*req)
return bfin_crypto_crc_finup(req);
 }
 
+static int bfin_crypto_crc_noimport(struct ahash_request *req, const void *in)
+{
+   return -ENOSYS;
+}
+
+static int bfin_crypto_crc_noexport(struct ahash_request *req, void *out)
+{
+   return -ENOSYS;
+}
+
 static int bfin_crypto_crc_setkey(struct crypto_ahash *tfm, const u8 *key,
unsigned int keylen)
 {
@@ -487,6 +497,8 @@ static struct ahash_alg algs = {
.final  = bfin_crypto_crc_final,
.finup  = bfin_crypto_crc_finup,
.digest = bfin_crypto_crc_digest,
+   .export = bfin_crypto_crc_noexport,
+   .import = bfin_crypto_crc_noimport,
.setkey = bfin_crypto_crc_setkey,
.halg.digestsize= CHKSUM_DIGEST_SIZE,
.halg.base  = {
-- 
2.15.0

[PATCH 5/5] crypto: ahash.c: Require export/import in ahash

[Kamil Konieczny]

Export and import are mandatory in async hash. As drivers were
rewritten, drop empty wrappers and correct init of ahash transformation.

Signed-off-by: Kamil Konieczny 
---
 crypto/ahash.c | 18 ++
 1 file changed, 2 insertions(+), 16 deletions(-)

diff --git a/crypto/ahash.c b/crypto/ahash.c
index 3a35d67de7d9..c3cce508c1d4 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c
@@ -434,16 +434,6 @@ static int ahash_def_finup(struct ahash_request *req)
return ahash_def_finup_finish1(req, err);
 }
 
-static int ahash_no_export(struct ahash_request *req, void *out)
-{
-   return -ENOSYS;
-}
-
-static int ahash_no_import(struct ahash_request *req, const void *in)
-{
-   return -ENOSYS;
-}
-
 static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
 {
struct crypto_ahash *hash = __crypto_ahash_cast(tfm);
@@ -451,8 +441,6 @@ static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
 
hash->setkey = ahash_nosetkey;
hash->has_setkey = false;
-   hash->export = ahash_no_export;
-   hash->import = ahash_no_import;
 
if (tfm->__crt_alg->cra_type != _ahash_type)
return crypto_init_shash_ops_async(tfm);
@@ -462,15 +450,13 @@ static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
hash->final = alg->final;
hash->finup = alg->finup ?: ahash_def_finup;
hash->digest = alg->digest;
+   hash->export = alg->export;
+   hash->import = alg->import;
 
if (alg->setkey) {
hash->setkey = alg->setkey;
hash->has_setkey = true;
}
-   if (alg->export)
-   hash->export = alg->export;
-   if (alg->import)
-   hash->import = alg->import;
 
return 0;
 }
-- 
2.15.0

[PATCH v3 1/5] crypto: mxs-dcp: Add empty hash export and import

[Kamil Konieczny]

Crypto framework requires export/import in async hash. If driver do not
implement them, wrapper functions in framework will be used, and it will
cause error during ahash alg registration (unless one disables crypto
internal tests). To make change in framework and expose this requirement,
I will remove wrappers from crypto/ahash.c , but this can broke code which
depends on them. Add empty hash export and import, with the same behaviour
as in framework and expose this directly in driver. This can also prevent
OOPS when config option in Cryptographic API 'Disable run-time self tests'
will be enabled.

Signed-off-by: Kamil Konieczny 
---
 drivers/crypto/mxs-dcp.c | 14 ++
 1 file changed, 14 insertions(+)

diff --git a/drivers/crypto/mxs-dcp.c b/drivers/crypto/mxs-dcp.c
index 764be3e6933c..a10c418d4e5c 100644
--- a/drivers/crypto/mxs-dcp.c
+++ b/drivers/crypto/mxs-dcp.c
@@ -759,6 +759,16 @@ static int dcp_sha_digest(struct ahash_request *req)
return dcp_sha_finup(req);
 }
 
+static int dcp_sha_noimport(struct ahash_request *req, const void *in)
+{
+   return -ENOSYS;
+}
+
+static int dcp_sha_noexport(struct ahash_request *req, void *out)
+{
+   return -ENOSYS;
+}
+
 static int dcp_sha_cra_init(struct crypto_tfm *tfm)
 {
crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
@@ -829,6 +839,8 @@ static struct ahash_alg dcp_sha1_alg = {
.final  = dcp_sha_final,
.finup  = dcp_sha_finup,
.digest = dcp_sha_digest,
+   .import = dcp_sha_noimport,
+   .export = dcp_sha_noexport,
.halg   = {
.digestsize = SHA1_DIGEST_SIZE,
.base   = {
@@ -853,6 +865,8 @@ static struct ahash_alg dcp_sha256_alg = {
.final  = dcp_sha_final,
.finup  = dcp_sha_finup,
.digest = dcp_sha_digest,
+   .import = dcp_sha_noimport,
+   .export = dcp_sha_noexport,
.halg   = {
.digestsize = SHA256_DIGEST_SIZE,
.base   = {
-- 
2.15.0

[PATCH 2/5] crypto: n2_core: Add empty hash export and import

[Kamil Konieczny]

Crypto framework requires export/import in async hash. If driver do not
implement them, wrapper functions in framework will be used, and it will
cause error during ahash alg registration (unless one disables crypto
internal tests). To make change in framework and expose this requirement,
I will remove wrappers from crypto/ahash.c , but this can broke code which
depends on them. Add empty hash export and import, with the same behaviour
as in framework and expose this directly in driver. This can also prevent
OOPS when config option in Cryptographic API 'Disable run-time self tests'
will be enabled.

Signed-off-by: Kamil Konieczny 
---
 drivers/crypto/n2_core.c | 12 
 1 file changed, 12 insertions(+)

diff --git a/drivers/crypto/n2_core.c b/drivers/crypto/n2_core.c
index 662e709812cc..80e9c842aad4 100644
--- a/drivers/crypto/n2_core.c
+++ b/drivers/crypto/n2_core.c
@@ -359,6 +359,16 @@ static int n2_hash_async_finup(struct ahash_request *req)
return crypto_ahash_finup(>fallback_req);
 }
 
+static int n2_hash_async_noimport(struct ahash_request *req, const void *in)
+{
+   return -ENOSYS;
+}
+
+static int n2_hash_async_noexport(struct ahash_request *req, void *out)
+{
+   return -ENOSYS;
+}
+
 static int n2_hash_cra_init(struct crypto_tfm *tfm)
 {
const char *fallback_driver_name = crypto_tfm_alg_name(tfm);
@@ -1467,6 +1477,8 @@ static int __n2_register_one_ahash(const struct 
n2_hash_tmpl *tmpl)
ahash->final = n2_hash_async_final;
ahash->finup = n2_hash_async_finup;
ahash->digest = n2_hash_async_digest;
+   ahash->export = n2_hash_async_noexport;
+   ahash->import = n2_hash_async_noimport;
 
halg = >halg;
halg->digestsize = tmpl->digest_size;
-- 
2.15.0

[PATCH v3 0/5] crypto: ahash.c: Require export/import in ahash

[Kamil Konieczny]

First four patches add empty hash export and import functions to each driver,
with the same behaviour as in crypto framework. The last one drops them from
crypto framework. Last one for ahash.c depends on all previous.

Changes in v3:
added change for bfin_crc.c
make this a patchset, instead of unreleated patches
make commit message more descriptive

Kamil Konieczny (5):
  crypto: mxs-dcp: Add empty hash export and import
  crypto: n2_core: Add empty hash export and import
  crypto: ux500/hash: Add empty export and import
  crypto: bfin_crc: Add empty hash export and import
  crypto: ahash.c: Require export/import in ahash

 crypto/ahash.c| 18 ++
 drivers/crypto/bfin_crc.c | 12 
 drivers/crypto/mxs-dcp.c  | 14 ++
 drivers/crypto/n2_core.c  | 12 
 drivers/crypto/ux500/hash/hash_core.c | 18 ++
 5 files changed, 58 insertions(+), 16 deletions(-)

-- 
2.15.0

Re: kernel failure while loading X.509 certificate

[Eric Biggers]

On Thu, Jan 18, 2018 at 11:07:50AM +0100, Paolo Valente wrote:
> 
> 
> > Il giorno 17 gen 2018, alle ore 12:08, David Howells  
> > ha scritto:
> > 
> > If this happened during boot, it could be that you have an X.509 cert for
> > which the digest algorithm isn't built into the kernel.
> > 
> 
> Yeah.  I did look for such an inconsistency after that failure, but I
> didn't find it, most certainly because of my lack of expertise on
> this.
> 
> After the success with rc8, I retried with rc7, repeating the same
> streamline_config.pl procedure as the first time.  Of course, by
> Murphy's laws, rc7 worked this time.  Sorry for making you waste
> your time.  Should this happen again, I won't be so superficial not to
> make a backup of the offending config.
> 

No your report is still useful; I think there is a real kernel bug here,
probably reproducible using add_key() with type "asymmetric", where the
signature's hash algorithm isn't supported by the kernel.  I'll try to put
together a reproducer when I have a chance.  Thanks!

Eric

Re: [PATCH] crypto: ux500/hash: Add empty export and import

[Kamil Konieczny]

Please drop this as I will resend it as part of patchset.

On 16.01.2018 17:32, Kamil Konieczny wrote:
> Crypto framework will require async hash export/import, so add empty
> functions to prevent OOPS.
> 
> Signed-off-by: Kamil Konieczny 
> ---
>  drivers/crypto/ux500/hash/hash_core.c | 18 ++
>  1 file changed, 18 insertions(+)
> 
> diff --git a/drivers/crypto/ux500/hash/hash_core.c 
> b/drivers/crypto/ux500/hash/hash_core.c
> index 9acccad26928..2d0a677bcc76 100644
> --- a/drivers/crypto/ux500/hash/hash_core.c
> +++ b/drivers/crypto/ux500/hash/hash_core.c
> @@ -1403,6 +1403,16 @@ static int ahash_sha256_digest(struct ahash_request 
> *req)
>   return ret1 ? ret1 : ret2;
>  }
>  
> +static int ahash_noimport(struct ahash_request *req, const void *in)
> +{
> + return -ENOSYS;
> +}
> +
> +static int ahash_noexport(struct ahash_request *req, void *out)
> +{
> + return -ENOSYS;
> +}
> +
>  static int hmac_sha1_init(struct ahash_request *req)
>  {
>   struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> @@ -1507,6 +1517,8 @@ static struct hash_algo_template hash_algs[] = {
>   .update = ahash_update,
>   .final = ahash_final,
>   .digest = ahash_sha1_digest,
> + .export = ahash_noexport,
> + .import = ahash_noimport,
>   .halg.digestsize = SHA1_DIGEST_SIZE,
>   .halg.statesize = sizeof(struct hash_ctx),
>   .halg.base = {
> @@ -1529,6 +1541,8 @@ static struct hash_algo_template hash_algs[] = {
>   .update = ahash_update,
>   .final = ahash_final,
>   .digest = ahash_sha256_digest,
> + .export = ahash_noexport,
> + .import = ahash_noimport,
>   .halg.digestsize = SHA256_DIGEST_SIZE,
>   .halg.statesize = sizeof(struct hash_ctx),
>   .halg.base = {
> @@ -1553,6 +1567,8 @@ static struct hash_algo_template hash_algs[] = {
>   .final = ahash_final,
>   .digest = hmac_sha1_digest,
>   .setkey = hmac_sha1_setkey,
> + .export = ahash_noexport,
> + .import = ahash_noimport,
>   .halg.digestsize = SHA1_DIGEST_SIZE,
>   .halg.statesize = sizeof(struct hash_ctx),
>   .halg.base = {
> @@ -1577,6 +1593,8 @@ static struct hash_algo_template hash_algs[] = {
>   .final = ahash_final,
>   .digest = hmac_sha256_digest,
>   .setkey = hmac_sha256_setkey,
> + .export = ahash_noexport,
> + .import = ahash_noimport,
>   .halg.digestsize = SHA256_DIGEST_SIZE,
>   .halg.statesize = sizeof(struct hash_ctx),
>   .halg.base = {
> 

-- 
Best regards,
Kamil Konieczny
Samsung R Institute Poland

Re: [PATCH] crypto: n2_core: Add empty hash export and import

[Kamil Konieczny]

Please drop this as I will resend it as part of patchset.

On 16.01.2018 17:18, Kamil Konieczny wrote:
> Crypto framework will require async hash export/import, so add empty
> functions to prevent OOPS.
> 
> Signed-off-by: Kamil Konieczny 
> ---
>  drivers/crypto/n2_core.c | 12 
>  1 file changed, 12 insertions(+)
> 
> diff --git a/drivers/crypto/n2_core.c b/drivers/crypto/n2_core.c
> index 662e709812cc..80e9c842aad4 100644
> --- a/drivers/crypto/n2_core.c
> +++ b/drivers/crypto/n2_core.c
> @@ -359,6 +359,16 @@ static int n2_hash_async_finup(struct ahash_request *req)
>   return crypto_ahash_finup(>fallback_req);
>  }
>  
> +static int n2_hash_async_noimport(struct ahash_request *req, const void *in)
> +{
> + return -ENOSYS;
> +}
> +
> +static int n2_hash_async_noexport(struct ahash_request *req, void *out)
> +{
> + return -ENOSYS;
> +}
> +
>  static int n2_hash_cra_init(struct crypto_tfm *tfm)
>  {
>   const char *fallback_driver_name = crypto_tfm_alg_name(tfm);
> @@ -1467,6 +1477,8 @@ static int __n2_register_one_ahash(const struct 
> n2_hash_tmpl *tmpl)
>   ahash->final = n2_hash_async_final;
>   ahash->finup = n2_hash_async_finup;
>   ahash->digest = n2_hash_async_digest;
> + ahash->export = n2_hash_async_noexport;
> + ahash->import = n2_hash_async_noimport;
>  
>   halg = >halg;
>   halg->digestsize = tmpl->digest_size;
> 

-- 
Best regards,
Kamil Konieczny
Samsung R Institute Poland

Re: [PATCH] crypto: mxs-dcp: Add empty hash export and import

[Kamil Konieczny]

Please drop this as I will resend it as part of patchset.

On 16.01.2018 17:16, Kamil Konieczny wrote:
> Crypto framework will require async hash export/import, so add empty
> functions to prevent OOPS.
> 
> Signed-off-by: Kamil Konieczny 
> ---
>  drivers/crypto/mxs-dcp.c | 14 ++
>  1 file changed, 14 insertions(+)
> 
> diff --git a/drivers/crypto/mxs-dcp.c b/drivers/crypto/mxs-dcp.c
> index 764be3e6933c..a10c418d4e5c 100644
> --- a/drivers/crypto/mxs-dcp.c
> +++ b/drivers/crypto/mxs-dcp.c
> @@ -759,6 +759,16 @@ static int dcp_sha_digest(struct ahash_request *req)
>   return dcp_sha_finup(req);
>  }
>  
> +static int dcp_sha_noimport(struct ahash_request *req, const void *in)
> +{
> + return -ENOSYS;
> +}
> +
> +static int dcp_sha_noexport(struct ahash_request *req, void *out)
> +{
> + return -ENOSYS;
> +}
> +
>  static int dcp_sha_cra_init(struct crypto_tfm *tfm)
>  {
>   crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
> @@ -829,6 +839,8 @@ static struct ahash_alg dcp_sha1_alg = {
>   .final  = dcp_sha_final,
>   .finup  = dcp_sha_finup,
>   .digest = dcp_sha_digest,
> + .import = dcp_sha_noimport,
> + .export = dcp_sha_noexport,
>   .halg   = {
>   .digestsize = SHA1_DIGEST_SIZE,
>   .base   = {
> @@ -853,6 +865,8 @@ static struct ahash_alg dcp_sha256_alg = {
>   .final  = dcp_sha_final,
>   .finup  = dcp_sha_finup,
>   .digest = dcp_sha_digest,
> + .import = dcp_sha_noimport,
> + .export = dcp_sha_noexport,
>   .halg   = {
>   .digestsize = SHA256_DIGEST_SIZE,
>   .base   = {
> 

-- 
Best regards,
Kamil Konieczny
Samsung R Institute Poland

Re: [PATCH v3] tpm: use struct tpm_chip for tpm_chip_find_get()

[Jarkko Sakkinen]

On Wed, Jan 17, 2018 at 07:43:51PM +0530, PrasannaKumar Muralidharan wrote:
> Hi Jarkko,
> 
> On 14 November 2017 at 20:02, Jarkko Sakkinen
>  wrote:
> > On Sun, Nov 12, 2017 at 10:53:35AM +0530, PrasannaKumar Muralidharan wrote:
> >> Did basic check on tpm rng patch, it works fine. As it depends on this
> >> patch this should be working fine too.
> >>
> >> Tested-by: PrasannaKumar Muralidharan 
> >>
> >> Regards,
> >> PrasannaKumar
> >
> > Thank you.
> >
> > /Jarkko
> 
> Wondering what happened to this and tpm rng patch. Is there something
> more to do for this to get merged?
> 
> Thanks,
> PrasannaKumar

Was part of 4.6 PR.

/Jarkko

Re: [PATCH v2 0/3] sha3 fixes and new implementation for arm64

[Ard Biesheuvel]

On 14 January 2018 at 16:41, Ard Biesheuvel  wrote:
> Add an implementation of SHA3 to arm64 using the new special instructions,
> and another one using scalar instructions but coded in assembler (#2)
>
> In preparation of that, fix a bug in the SHA3 (#1) and add some new test
> vectors to get better test coverage (#3).
>
> v2: Drop generic SHA3 as a fallback for the arm64 module. Instead, provide
> a special arm64 version to use as a fallback when the instructions are
> not available or when executing in a context that does not allow SIMD
>
> Drop patches that simplify the generic SHA3 and make it reusable by
> other modules.
>
> Ard Biesheuvel (3):
>   crypto/generic: sha3 - fixes for alignment and big endian operation
>   crypto/arm64: sha3 - new scalar + v8.2 Crypto Extensions
> implementation
>   crypto/testmgr: sha3 - add new testcases
>
>  arch/arm64/crypto/Kconfig   |   4 +
>  arch/arm64/crypto/Makefile  |   3 +
>  arch/arm64/crypto/sha3-arm64-core.S | 512 ++
>  arch/arm64/crypto/sha3-arm64-glue.c | 192 +++
>  crypto/sha3_generic.c   |   5 +-
>  crypto/testmgr.h| 550 
>  6 files changed, 1264 insertions(+), 2 deletions(-)
>  create mode 100644 arch/arm64/crypto/sha3-arm64-core.S
>  create mode 100644 arch/arm64/crypto/sha3-arm64-glue.c
>

Herbert,

Could you hold off on the SHA-3 patches for a little while? With the
performance fix for the generic code, it may no longer be worthwhile
to have a special arm64 implementation as well. I will respin a series
containing everything I think is needed.

The SM3 patch is independent, and is good to go IMO (with Steve's Tested-by)

Thanks,
Ard.

Re: [PATCH v2] [v2] crypto: aes-generic - fix aes-generic regression on powerpc

[Ard Biesheuvel]

On 15 January 2018 at 16:07, Arnd Bergmann  wrote:
> My last bugfix added -Os on the command line, which unfortunately caused
> a build regression on powerpc in some configurations.
>
> I've done some more analysis of the original problem and found slightly
> different workaround that avoids this regression and also results in
> better performance on gcc-7.0: -fcode-hoisting is an optimization step
> that got added in gcc-7 and that for all gcc-7 versions causes worse
> performance.
>
> This disables -fcode-hoisting on all compilers that understand the option.
> For gcc-7.1 and 7.2 I found the same performance as my previous patch
> (using -Os), in gcc-7.0 it was even better. On gcc-8 I could see no
> change in performance from this patch. In theory, code hoisting should
> not be able make things better for the AES cipher, so leaving it
> disabled for gcc-8 only serves to simplify the Makefile change.
>
> Reported-by: kbuild test robot 
> Link: https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg30418.html
> Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83356
> Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83651
> Fixes: 148b974deea9 ("crypto: aes-generic - build with -Os on gcc-7+")
> Signed-off-by: Arnd Bergmann 

Acked-by: Ard Biesheuvel 

> ---
> v2: fix a typo in the Makefile
> ---
>  crypto/Makefile | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/crypto/Makefile b/crypto/Makefile
> index daa69360e054..cdbc03b35510 100644
> --- a/crypto/Makefile
> +++ b/crypto/Makefile
> @@ -99,7 +99,7 @@ obj-$(CONFIG_CRYPTO_TWOFISH_COMMON) += twofish_common.o
>  obj-$(CONFIG_CRYPTO_SERPENT) += serpent_generic.o
>  CFLAGS_serpent_generic.o := $(call cc-option,-fsched-pressure)  # 
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79149
>  obj-$(CONFIG_CRYPTO_AES) += aes_generic.o
> -CFLAGS_aes_generic.o := $(call cc-ifversion, -ge, 0701, -Os) # 
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83356
> +CFLAGS_aes_generic.o := $(call cc-option,-fno-code-hoisting) # 
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83356
>  obj-$(CONFIG_CRYPTO_AES_TI) += aes_ti.o
>  obj-$(CONFIG_CRYPTO_CAMELLIA) += camellia_generic.o
>  obj-$(CONFIG_CRYPTO_CAST_COMMON) += cast_common.o
> --
> 2.9.0
>

Re: [PATCH] crypto: ux500/hash: Add empty export and import

[Kamil Konieczny]

On 18.01.2018 11:06, Linus Walleij wrote:
> On Tue, Jan 16, 2018 at 5:32 PM, Kamil Konieczny
>  wrote:
> 
>> Crypto framework will require async hash export/import, so add empty
>> functions to prevent OOPS.
>>
>> Signed-off-by: Kamil Konieczny 
> 
> Acked-by: Linus Walleij 
> 
> But why isn't the framework code just checking the vtable for NULL?
> 
> if (foo->fp)
> foo->fp(bar);

This will be inefficient, 
it should be checked once at ahash alg register,
or with the old method by using wrapper

-- 
Best regards,
Kamil Konieczny
Samsung R Institute Poland

[cryptodev:master 147/154] drivers/crypto/chelsio/chcr_algo.c:2113:2: warning: this 'if' clause does not guard...

[kbuild test robot]

tree:   
https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master
head:   20b04c02bcb2d1e6a642bbe9e759157bb198499e
commit: e1a018e607a33dc9f987c761daf1792082fb9ca7 [147/154] crypto: chelsio - 
Remove dst sg size zero check
config: ia64-allmodconfig (attached as .config)
compiler: ia64-linux-gcc (GCC) 7.2.0
reproduce:
wget 
https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O 
~/bin/make.cross
chmod +x ~/bin/make.cross
git checkout e1a018e607a33dc9f987c761daf1792082fb9ca7
# save the attached .config to linux build tree
make.cross ARCH=ia64 

All warnings (new ones prefixed by >>):

   drivers/crypto/chelsio/chcr_algo.c: In function 'create_authenc_wr':
>> drivers/crypto/chelsio/chcr_algo.c:2113:2: warning: this 'if' clause does 
>> not guard... [-Wmisleading-indentation]
 if (error)
 ^~
   drivers/crypto/chelsio/chcr_algo.c:2115:3: note: ...this statement, but the 
latter is misleadingly indented as if it were guarded by the 'if'
  dnents = sg_nents_xlen(req->dst, assoclen, CHCR_DST_SG_SIZE, 0);
  ^~

vim +/if +2113 drivers/crypto/chelsio/chcr_algo.c

2debd3325 Harsh Jain2016-11-29  2078  
2debd3325 Harsh Jain2016-11-29  2079  static struct sk_buff 
*create_authenc_wr(struct aead_request *req,
2debd3325 Harsh Jain2016-11-29  2080
 unsigned short qid,
2debd3325 Harsh Jain2016-11-29  2081
 int size,
2debd3325 Harsh Jain2016-11-29  2082
 unsigned short op_type)
324429d74 Hariprasad Shenai 2016-08-17  2083  {
2debd3325 Harsh Jain2016-11-29  2084struct crypto_aead *tfm = 
crypto_aead_reqtfm(req);
2f47d5804 Harsh Jain2017-10-08  2085struct chcr_aead_ctx *aeadctx = 
AEAD_CTX(a_ctx(tfm));
2debd3325 Harsh Jain2016-11-29  2086struct chcr_authenc_ctx *actx = 
AUTHENC_CTX(aeadctx);
2debd3325 Harsh Jain2016-11-29  2087struct chcr_aead_reqctx *reqctx 
= aead_request_ctx(req);
2debd3325 Harsh Jain2016-11-29  2088struct sk_buff *skb = NULL;
2debd3325 Harsh Jain2016-11-29  2089struct chcr_wr *chcr_req;
2debd3325 Harsh Jain2016-11-29  2090struct cpl_rx_phys_dsgl 
*phys_cpl;
2f47d5804 Harsh Jain2017-10-08  2091struct ulptx_sgl *ulptx;
2f47d5804 Harsh Jain2017-10-08  2092unsigned int transhdr_len;
3d64bd670 Harsh Jain2018-01-11  2093unsigned int dst_size = 0, 
temp, subtype = get_aead_subtype(tfm);
2f47d5804 Harsh Jain2017-10-08  2094unsigned int   kctx_len = 0, 
dnents;
2debd3325 Harsh Jain2016-11-29  2095unsigned int  assoclen = 
req->assoclen;
2debd3325 Harsh Jain2016-11-29  2096unsigned int  authsize = 
crypto_aead_authsize(tfm);
2f47d5804 Harsh Jain2017-10-08  2097int error = -EINVAL;
2debd3325 Harsh Jain2016-11-29  2098int null = 0;
2debd3325 Harsh Jain2016-11-29  2099gfp_t flags = req->base.flags & 
CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL :
2debd3325 Harsh Jain2016-11-29  2100GFP_ATOMIC;
2f47d5804 Harsh Jain2017-10-08  2101struct adapter *adap = 
padap(a_ctx(tfm)->dev);
2debd3325 Harsh Jain2016-11-29  2102  
2f47d5804 Harsh Jain2017-10-08  2103if (req->cryptlen == 0)
2f47d5804 Harsh Jain2017-10-08  2104return NULL;
2debd3325 Harsh Jain2016-11-29  2105  
2f47d5804 Harsh Jain2017-10-08  2106reqctx->b0_dma = 0;
3d64bd670 Harsh Jain2018-01-11  2107if (subtype == 
CRYPTO_ALG_SUB_TYPE_CBC_NULL ||
3d64bd670 Harsh Jain2018-01-11  2108subtype == 
CRYPTO_ALG_SUB_TYPE_CTR_NULL) {
2debd3325 Harsh Jain2016-11-29  2109null = 1;
2debd3325 Harsh Jain2016-11-29  2110assoclen = 0;
324429d74 Hariprasad Shenai 2016-08-17  2111}
2f47d5804 Harsh Jain2017-10-08  2112error = 
chcr_aead_common_init(req, op_type);
2f47d5804 Harsh Jain2017-10-08 @2113if (error)
2f47d5804 Harsh Jain2017-10-08  2114return ERR_PTR(error);
2f47d5804 Harsh Jain2017-10-08  2115dnents = 
sg_nents_xlen(req->dst, assoclen, CHCR_DST_SG_SIZE, 0);
2f47d5804 Harsh Jain2017-10-08  2116dnents += 
sg_nents_xlen(req->dst, req->cryptlen +
2f47d5804 Harsh Jain2017-10-08  2117(op_type ? 
-authsize : authsize), CHCR_DST_SG_SIZE,
2f47d5804 Harsh Jain2017-10-08  2118req->assoclen);
2f47d5804 Harsh Jain2017-10-08  2119dnents += MIN_AUTH_SG; 
// For IV
2f47d5804 Harsh Jain2017-10-08  2120  
2f47d5804 Harsh Jain2017-10-08  2121dst_size = 
get_space_for_phys_dsgl(dnents);
2debd3325 Harsh Jain2016-11-29  2122kctx_len = 
(ntohl(KEY_CONTEXT_CTX_LEN_V(aeadctx->key_ctx_hdr)) << 4)
2debd3325 Harsh Jain

Re: [PATCH] hwrng: imx-rngc: simplify the power management definitions

[Herbert Xu]

On Thu, Jan 11, 2018 at 10:06:39PM +0100, Martin Kaiser wrote:
> Use the SIMPLE_DEV_PM_OPS() macro instead of populating a struct
> dev_pm_ops directly. The suspend and resume functions will now be used
> for both hibernation and suspend to ram.
> 
> If power management is disabled, SIMPLE_DEV_PM_OPS() evaluates to
> nothing, The two functions won't be used and won't be included in the
> kernel. Mark them as __maybe_unused to clarify that this is intended
> behaviour.
> 
> With these modifications in place, we don't need the #ifdefs for power
> management any more.
> 
> Signed-off-by: Martin Kaiser 

Patch applied.  Thanks.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH] crypto: marvell/cesa - Fix DMA API misuse

[Herbert Xu]

On Wed, Jan 10, 2018 at 03:15:43PM +, Robin Murphy wrote:
> phys_to_dma() is an internal helper for certain DMA API implementations,
> and is not appropriate for drivers to use. It appears that what the CESA
> driver really wants to be using is dma_map_resource() - admittedly that
> didn't exist when the offending code was first merged, but it does now.
> 
> Signed-off-by: Robin Murphy 

Patch applied.  Thanks.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH] hw_random: mediatek: Setup default RNG quality

[Herbert Xu]

On Wed, Jan 10, 2018 at 12:02:46PM +0800, sean.w...@mediatek.com wrote:
> From: Sean Wang 
> 
> When hw_random device's quality is non-zero, it will automatically fill
> the kernel's entropy pool at boot.  For the purpose, one conservative
> quality value is being picked up as the default value.
> 
> Signed-off-by: Sean Wang 

Patch applied.  Thanks.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH -next] hwrng: exynos - remove redundant dev_err call in exynos_trng_probe()

[Herbert Xu]

On Wed, Jan 10, 2018 at 01:30:59PM +, Wei Yongjun wrote:
> There is a error message within devm_ioremap_resource
> already, so remove the dev_err call to avoid redundant
> error message.
> 
> Signed-off-by: Wei Yongjun 

Patch applied.  Thanks.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH 0/5] crypto: chelsio - Cleanup and bug fixes

[Herbert Xu]

On Thu, Jan 11, 2018 at 04:45:47PM +0530, Harsh Jain wrote:
> This series include cleanup, bug fixes and authenc algo supporting
>  ctr(aes)-sha operation.
> 
> Harsh Jain (5):
>   crypto: chelsio - Fix Indentation
>   crypto: chelsio - check for sg null
>   crypto: chelsio - Fix IV updated in XTS operation
>   crypto: chelsio - Add authenc versions of ctr and sha
>   crypto: chelsio - Remove dst sg size zero check
> 
>  drivers/crypto/chelsio/chcr_algo.c   | 299 
> ++-
>  drivers/crypto/chelsio/chcr_crypto.h |   7 +-
>  2 files changed, 233 insertions(+), 73 deletions(-)

All applied.  Thanks.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH] hwrng: exynos - Signedness bug in exynos_trng_do_read()

[Herbert Xu]

On Wed, Jan 10, 2018 at 12:36:58PM +0300, Dan Carpenter wrote:
> "val" needs to be signed for the error handling to work.
> 
> Fixes: 6cd225cc5d8a ("hwrng: exynos - add Samsung Exynos True RNG driver")
> Signed-off-by: Dan Carpenter 

Patch applied.  Thanks.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH 0/7] arm64: move literal data into .rodata section

[Herbert Xu]

On Thu, Jan 18, 2018 at 11:46:07AM +, Ard Biesheuvel wrote:
> On 18 January 2018 at 11:41, Herbert Xu  wrote:
> > On Wed, Jan 10, 2018 at 12:11:35PM +, Ard Biesheuvel wrote:
> >> Prevent inadvertently creating speculative gadgets by moving literal data
> >> into the .rodata section.
> >>
> >> Patch #1 enables this for C code, by reverting a change that disables the
> >> GCC feature implementing this. Note that this conflicts with the mitigation
> >> of erratum #843419 for Cortex-A53.
> >
> > Ard, which tree is this supposed to go through?
> >
> 
> Hi Herbert,
> 
> I am going to drop that first patch, the remaining 6 patches can go
> through the crypto tree as they are independent.

Patches 2-7 applied.  Thanks.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [RFT PATCH] crypto: arm64 - implement SHA-512 using special instructions

[Herbert Xu]

On Tue, Jan 09, 2018 at 06:23:02PM +, Ard Biesheuvel wrote:
> Implement the SHA-512 using the new special instructions that have
> been introduced as an optional extension in ARMv8.2.
> 
> Signed-off-by: Ard Biesheuvel 

Patch applied.  Thanks.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH 1/2] crypto: exynos-rng - Add SPDX license identifier and correct module license

[Herbert Xu]

On Tue, Jan 09, 2018 at 06:57:35PM +0100, Krzysztof Kozlowski wrote:
> Replace GPL license statement with SPDX GPL-2.0 license identifier and
> correct the module license to GPLv2.
> 
> The license itself was a generic GPL because of copy-and-paste from old
> drivers/char/hw_random/exynos-rng.c driver (on which this was based on).
> However the module license indicated GPL-2.0 or later.  GPL-2.0 was
> intended by author so fix up this mess.
> 
> Signed-off-by: Krzysztof Kozlowski 

All applied.  Thanks.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH 0/7] arm64: move literal data into .rodata section

[Ard Biesheuvel]

On 18 January 2018 at 11:41, Herbert Xu  wrote:
> On Wed, Jan 10, 2018 at 12:11:35PM +, Ard Biesheuvel wrote:
>> Prevent inadvertently creating speculative gadgets by moving literal data
>> into the .rodata section.
>>
>> Patch #1 enables this for C code, by reverting a change that disables the
>> GCC feature implementing this. Note that this conflicts with the mitigation
>> of erratum #843419 for Cortex-A53.
>
> Ard, which tree is this supposed to go through?
>

Hi Herbert,

I am going to drop that first patch, the remaining 6 patches can go
through the crypto tree as they are independent.

Thanks,
Ard.

Re: [PATCH 0/7] arm64: move literal data into .rodata section

[Herbert Xu]

On Wed, Jan 10, 2018 at 12:11:35PM +, Ard Biesheuvel wrote:
> Prevent inadvertently creating speculative gadgets by moving literal data
> into the .rodata section.
> 
> Patch #1 enables this for C code, by reverting a change that disables the
> GCC feature implementing this. Note that this conflicts with the mitigation
> of erratum #843419 for Cortex-A53.

Ard, which tree is this supposed to go through?

Thanks,
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH v2] crypto/ahash: Require export/import in ahash

[Kamil Konieczny]

On 16.01.2018 19:38, Kamil Konieczny wrote:
> Export and import were optional in async hash. As most drivers were
> rewritten, they become mandatory now, so correct init of ahash
> transformation.
> 
> Signed-off-by: Kamil Konieczny 

Please drop this patch, as there is one more driver needed for convert,
namely bfin_crc.c

I will also prepare this as patch series, to be sure that this patch is last

> ---
> This is resend of previous patch. As Bartlomiej Zolnierkiewicz pointed out,
> there are still three crypto drivers that didn't have export/import 
> implemented:
> 
> drivers/crypto/mxs-dcp.c
> drivers/crypto/n2_core.c
> drivers/crypto/ux500/hash/hash_core.c
> 
> I have no documentation for them, so I sended patches with the behaviour taken
> from crypto framework, but maybe that hardware is capable of import/export,
> so proper implementation is possible. Unfortunatly, there is no maintainer
> for any of these files.
> 
> Please take this patch after these remainig drivers will be patched.
> 
>  crypto/ahash.c | 18 ++
>  1 file changed, 2 insertions(+), 16 deletions(-)
> 
> diff --git a/crypto/ahash.c b/crypto/ahash.c
> index 3a35d67de7d9..7a8906d5af53 100644
> --- a/crypto/ahash.c
> +++ b/crypto/ahash.c
> @@ -434,16 +434,6 @@ static int ahash_def_finup(struct ahash_request *req)
>   return ahash_def_finup_finish1(req, err);
>  }
>  
> -static int ahash_no_export(struct ahash_request *req, void *out)
> -{
> - return -ENOSYS;
> -}
> -
> -static int ahash_no_import(struct ahash_request *req, const void *in)
> -{
> - return -ENOSYS;
> -}
> -
>  static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
>  {
>   struct crypto_ahash *hash = __crypto_ahash_cast(tfm);
> @@ -451,8 +441,8 @@ static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
>  
>   hash->setkey = ahash_nosetkey;
>   hash->has_setkey = false;
> - hash->export = ahash_no_export;
> - hash->import = ahash_no_import;
> + hash->export = alg->export;
> + hash->import = alg->import;
>  
>   if (tfm->__crt_alg->cra_type != _ahash_type)
>   return crypto_init_shash_ops_async(tfm);
> @@ -467,10 +457,6 @@ static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
>   hash->setkey = alg->setkey;
>   hash->has_setkey = true;
>   }
> - if (alg->export)
> - hash->export = alg->export;
> - if (alg->import)
> - hash->import = alg->import;
>  
>   return 0;
>  }
> 

-- 
Best regards,
Kamil Konieczny
Samsung R Institute Poland

[bug report] crypto: lrw - Convert to skcipher

[Dan Carpenter]

Hello Herbert Xu,

The patch 700cb3f5fe75: "crypto: lrw - Convert to skcipher" from Nov
22, 2016, leads to the following static checker warning:

crypto/lrw.c:316 exit_crypt()
warn: should '(struct rctx)->ext' be freed with kzfree()'

crypto/lrw.c
   309  static void exit_crypt(struct skcipher_request *req)
   310  {
   311  struct rctx *rctx = skcipher_request_ctx(req);
   312  
   313  rctx->left = 0;
   314  
   315  if (rctx->ext)
   316  kfree(rctx->ext);


I am working on a Smatch check that complains about stuff we should
maybe free with kzfree.  It first makes a list of any struct members
which are freed with kzfree() then it does a second pass and complains
if any of them are freed with regular kfree().

   317  }

Here is the complete list of warnings from v4.15-rc8.  It's not very
long...

crypto/lrw.c:316 exit_crypt() warn: should '(struct rctx)->ext' be freed with 
kzfree()'
drivers/crypto/virtio/virtio_crypto_core.c:411 virtcrypto_free_unused_reqs() 
warn: should '(struct virtio_crypto_request)->req_data' be freed with kzfree()'
drivers/net/wireless/intersil/orinoco/wext.c:78 orinoco_set_key() warn: should 
'(struct key_params)->key' be freed with kzfree()'
drivers/staging/wlan-ng/p80211conv.c:216 skb_ether_to_p80211() warn: should 
'(struct p80211_metawep)->data' be freed with kzfree()'
fs/cifs/connect.c:1710 cifs_parse_mount_options() warn: should '(struct 
smb_vol)->password' be freed with kzfree()'
fs/cifs/connect.c:1748 cifs_parse_mount_options() warn: should '(struct 
smb_vol)->password' be freed with kzfree()'
fs/cifs/connect.c:4238 cifs_construct_tcon() warn: should '(struct 
smb_vol)->password' be freed with kzfree()'
security/apparmor/crypto.c:102 aa_calc_profile_hash() warn: should '(struct 
aa_profile)->hash' be freed with kzfree()'

regards,
dan carpenter

Re: kernel failure while loading X.509 certificate

[Paolo Valente]

> Il giorno 17 gen 2018, alle ore 12:08, David Howells  ha 
> scritto:
> 
> If this happened during boot, it could be that you have an X.509 cert for
> which the digest algorithm isn't built into the kernel.
> 

Yeah.  I did look for such an inconsistency after that failure, but I
didn't find it, most certainly because of my lack of expertise on
this.

After the success with rc8, I retried with rc7, repeating the same
streamline_config.pl procedure as the first time.  Of course, by
Murphy's laws, rc7 worked this time.  Sorry for making you waste
your time.  Should this happen again, I won't be so superficial not to
make a backup of the offending config.

Thanks,
Paolo

> David

Re: [PATCH] crypto: ux500/hash: Add empty export and import

[Linus Walleij]

On Tue, Jan 16, 2018 at 5:32 PM, Kamil Konieczny
 wrote:

> Crypto framework will require async hash export/import, so add empty
> functions to prevent OOPS.
>
> Signed-off-by: Kamil Konieczny 

Acked-by: Linus Walleij 

But why isn't the framework code just checking the vtable for NULL?

if (foo->fp)
foo->fp(bar);

Yours,
Linus Walleij

Re: [PATCH 1/7] staging: ccree: remove ccree from staging tree

[Greg Kroah-Hartman]

On Thu, Jan 18, 2018 at 10:39:11AM +0200, Gilad Ben-Yossef wrote:
> On Sat, Jan 13, 2018 at 3:21 PM, Greg Kroah-Hartman
>  wrote:
> > On Thu, Jan 11, 2018 at 09:17:08AM +, Gilad Ben-Yossef wrote:
> >> Remove the ccree driver from the staging tree in preparation to
> >> introducing it in the crypto tree.
> >>
> >> Signed-off-by: Gilad Ben-Yossef 
> >
> > Heh, no, just make a patch series that adds the driver to the correct
> > location in the crypto tree.
> >
> > If that gets accepted, we can then delete the staging driver with a
> > separate patch, after the fact.  No need for it to be in this patch
> > series.
> 
> Yes, I should have been more communicative as to why I am doing this, sorry.
> 
> The problem is that if you apply the patch adding the driver to
> drivers/crypto/ the kernel
> no longer links due to symbol name collisions.

Then as the first patch in your series, just mark the staging driver as
relying on BROKEN, and all should be fine :)

thanks,

greg k-h

[BUG] skcipher: Test 1 failed (invalid result) on encryption for cts(virtio_crypto_aes_cbc)

[Corentin Labbe]

Hello

When modprobing tcrypt on a qemu virtual machine, I get the following trace in 
dmesg:
skcipher: Test 1 failed (invalid result) on encryption for 
cts(virtio_crypto_aes_cbc)

Regards
Corentin Labbe

Re: [PATCH 1/2] crypto: Implement a generic crypto statistics

[LABBE Corentin]

On Fri, Jan 12, 2018 at 10:11:18AM +0100, Stephan Mueller wrote:
> Am Freitag, 12. Januar 2018, 10:07:30 CET schrieb LABBE Corentin:
> 
> > > > +   __u64 stat_hash_tlen;
> > > > 
> > > >  };
> > > 
> > > What I am slightly unsure here is: how should user space detect whether
> > > these additional parameters are part of the NETLINK_USER API or not? I
> > > use that interface in my libkcapi whose binary may be used on multiple
> > > different kernel versions. How should that library operate if one kernel
> > > has these parameters and another does not?
> > 
> > Userspace could check for kernel version and know if stat are present or
> > not. Another way is to add a new netlink request.
> 
> Well, I am not sure that checking the kernel version is good enough. Distros 
> and other vendors may backport this patch. This means that for some older 
> kernel versions this interface is present.
> 
> Hence I would rather opt for a separate stat message where the user spacee 
> caller receives an error on kernels that does not support it.
> 
Herbert,
I have two way of adding a new netlink request
- keep the current patch and simply add a new CRYPTO_MSG_GETSTAT which use the 
same function than CRYPTO_MSG_GETALG
=> minimal changes, in fact CRYPTO_MSG_GETSTAT and CRYPTO_MSG_GETALG 
would be the same, but it is easy for userspace to test presence of stat.
- Create a new CRYPTO_MSG_GETSTAT which imply lot of code and add a new 
crypto_user_stat.c
=> this imply also to change makefile (rename crypto_user.c to 
crypto_user_base.c) since crypto_user.ko is made of two files.

Which one do you prefer ?

Regards

Re: [PATCH -next] staging: ccree: remove redundant dev_err call in init_cc_resources()

[Gilad Ben-Yossef]

On Thu, Jan 11, 2018 at 1:14 PM, Wei Yongjun  wrote:
> There is a error message within devm_ioremap_resource
> already, so remove the dev_err call to avoid redundant
> error message.
>
> Signed-off-by: Wei Yongjun 
> ---
>  drivers/staging/ccree/cc_driver.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/drivers/staging/ccree/cc_driver.c 
> b/drivers/staging/ccree/cc_driver.c
> index 6682d9d..c27d5a8 100644
> --- a/drivers/staging/ccree/cc_driver.c
> +++ b/drivers/staging/ccree/cc_driver.c
> @@ -174,10 +174,8 @@ static int init_cc_resources(struct platform_device 
> *plat_dev)
> req_mem_cc_regs = platform_get_resource(plat_dev, IORESOURCE_MEM, 0);
> /* Map registers space */
> new_drvdata->cc_base = devm_ioremap_resource(dev, req_mem_cc_regs);
> -   if (IS_ERR(new_drvdata->cc_base)) {
> -   dev_err(dev, "Failed to ioremap registers");
> +   if (IS_ERR(new_drvdata->cc_base))
> return PTR_ERR(new_drvdata->cc_base);
> -   }
>
> dev_dbg(dev, "Got MEM resource (%s): %pR\n", req_mem_cc_regs->name,
> req_mem_cc_regs);
>

Yeah, that makes sense.

Acked-by: Gilad Ben-Yossef 

Thanks,
Gilad

-- 
Gilad Ben-Yossef
Chief Coffee Drinker

"If you take a class in large-scale robotics, can you end up in a
situation where the homework eats your dog?"
 -- Jean-Baptiste Queru

Re: [PATCH 1/7] staging: ccree: remove ccree from staging tree

[Gilad Ben-Yossef]

On Sat, Jan 13, 2018 at 3:21 PM, Greg Kroah-Hartman
 wrote:
> On Thu, Jan 11, 2018 at 09:17:08AM +, Gilad Ben-Yossef wrote:
>> Remove the ccree driver from the staging tree in preparation to
>> introducing it in the crypto tree.
>>
>> Signed-off-by: Gilad Ben-Yossef 
>
> Heh, no, just make a patch series that adds the driver to the correct
> location in the crypto tree.
>
> If that gets accepted, we can then delete the staging driver with a
> separate patch, after the fact.  No need for it to be in this patch
> series.

Yes, I should have been more communicative as to why I am doing this, sorry.

The problem is that if you apply the patch adding the driver to
drivers/crypto/ the kernel
no longer links due to symbol name collisions.

If we really must avoid doing an "atomic" replacement I guess I can change the
Kconfig name to ...CCREE_OLD or something although I would prefer not doing
that so that people using the driver in staging/ don't need to change
their kernel
build configs when they are upgrading versions.

Does that makes sense?

Thanks,
Gilad



-- 
Gilad Ben-Yossef
Chief Coffee Drinker

"If you take a class in large-scale robotics, can you end up in a
situation where the homework eats your dog?"
 -- Jean-Baptiste Queru