summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-02-13net: ipv4: Add scaffolding to change completion function signatureHerbert Xu
This patch adds temporary scaffolding so that the Crypto API completion function can take a void * instead of crypto_async_request. Once affected users have been converted this can be removed. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-13Bluetooth: Use crypto_wait_reqHerbert Xu
This patch replaces the custom crypto completion function with crypto_req_done. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-13fs: ecryptfs: Use crypto_wait_reqHerbert Xu
This patch replaces the custom crypto completion function with crypto_req_done. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-13net: macsec: Add scaffolding to change completion function signatureHerbert Xu
This patch adds temporary scaffolding so that the Crypto API completion function can take a void * instead of crypto_async_request. Once affected users have been converted this can be removed. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-13dm: Add scaffolding to change completion function signatureHerbert Xu
This patch adds temporary scaffolding so that the Crypto API completion function can take a void * instead of crypto_async_request. Once affected users have been converted this can be removed. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Mike Snitzer <snitzer@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-13crypto: api - Add scaffolding to change completion function signatureHerbert Xu
The crypto completion function currently takes a pointer to a struct crypto_async_request object. However, in reality the API does not allow the use of any part of the object apart from the data field. For example, ahash/shash will create a fake object on the stack to pass along a different data field. This leads to potential bugs where the user may try to dereference or otherwise use the crypto_async_request object. This patch adds some temporary scaffolding so that the completion function can take a void * instead. Once affected users have been converted this can be removed. The helper crypto_request_complete will remain even after the conversion is complete. It should be used instead of calling the completion function directly. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-10crypto: virtio/akcipher - Do not use GFP_ATOMIC when not neededChristophe JAILLET
There is no need to use GFP_ATOMIC here. GFP_KERNEL is already used for another memory allocation just the line after. Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-10crypto: aspeed - fix type warningsNeal Liu
This patch fixes following warnings: 1. sparse: incorrect type in assignment (different base types) Fix: change to __le32 type. 2. sparse: cast removes address space '__iomem' of expression Fix: use readb to avoid dereferencing the memory. Signed-off-by: Neal Liu <neal_liu@aspeedtech.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-10crypto: testmgr - add diff-splits of src/dst into default cipher configZhang Yiqun
This type of request is often happened in AF_ALG cases. So add this vector in default cipher config array. Signed-off-by: Zhang Yiqun <zhangyiqun@phytium.com.cn> Reviewed-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-10crypto: arm64/sm4-gcm - Fix possible crash in GCM cryptionHerbert Xu
An often overlooked aspect of the skcipher walker API is that an error is not just indicated by a non-zero return value, but by the fact that walk->nbytes is zero. Thus it is an error to call skcipher_walk_done after getting back walk->nbytes == 0 from the previous interaction with the walker. This is because when walk->nbytes is zero the walker is left in an undefined state and any further calls to it may try to free uninitialised stack memory. The sm4 arm64 ccm code gets this wrong and ends up calling skcipher_walk_done even when walk->nbytes is zero. This patch rewrites the loop in a form that resembles other callers. Reported-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Fixes: ae1b83c7d572 ("crypto: arm64/sm4 - add CE implementation for GCM mode") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Tested-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-10crypto: qat - drop log level of msg in get_instance_node()Giovanni Cabiddu
The functions qat_crypto_get_instance_node() and qat_compression_get_instance_node() allow to get a QAT instance (ring pair) on a device close to the node specified as input parameter. When this is not possible, and a QAT device is available in the system, these function return an instance on a remote node and they print a message reporting that it is not possible to find a device on the specified node. This is interpreted by people as an error rather than an info. The print "Could not find a device on node" indicates that a kernel application is running on a core in a socket that does not have a QAT device directly attached to it and performance might suffer. Due to the nature of the message, this can be considered as a debug message, therefore drop the severity to debug and report it only once to avoid flooding. Suggested-by: Vladis Dronov <vdronov@redhat.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by: Fiona Trahe <fiona.trahe@intel.com> Reviewed-by: Vladis Dronov <vdronov@redhat.com> Tested-by: Vladis Dronov <vdronov@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-10crypto: qat - fix out-of-bounds readGiovanni Cabiddu
When preparing an AER-CTR request, the driver copies the key provided by the user into a data structure that is accessible by the firmware. If the target device is QAT GEN4, the key size is rounded up by 16 since a rounded up size is expected by the device. If the key size is rounded up before the copy, the size used for copying the key might be bigger than the size of the region containing the key, causing an out-of-bounds read. Fix by doing the copy first and then update the keylen. This is to fix the following warning reported by KASAN: [ 138.150574] BUG: KASAN: global-out-of-bounds in qat_alg_skcipher_init_com.isra.0+0x197/0x250 [intel_qat] [ 138.150641] Read of size 32 at addr ffffffff88c402c0 by task cryptomgr_test/2340 [ 138.150651] CPU: 15 PID: 2340 Comm: cryptomgr_test Not tainted 6.2.0-rc1+ #45 [ 138.150659] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.86B.0087.D13.2208261706 08/26/2022 [ 138.150663] Call Trace: [ 138.150668] <TASK> [ 138.150922] kasan_check_range+0x13a/0x1c0 [ 138.150931] memcpy+0x1f/0x60 [ 138.150940] qat_alg_skcipher_init_com.isra.0+0x197/0x250 [intel_qat] [ 138.151006] qat_alg_skcipher_init_sessions+0xc1/0x240 [intel_qat] [ 138.151073] crypto_skcipher_setkey+0x82/0x160 [ 138.151085] ? prepare_keybuf+0xa2/0xd0 [ 138.151095] test_skcipher_vec_cfg+0x2b8/0x800 Fixes: 67916c951689 ("crypto: qat - add AES-CTR support for QAT GEN4 devices") Cc: <stable@vger.kernel.org> Reported-by: Vladis Dronov <vdronov@redhat.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by: Fiona Trahe <fiona.trahe@intel.com> Reviewed-by: Vladis Dronov <vdronov@redhat.com> Tested-by: Vladis Dronov <vdronov@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-10crypto: arm64/sm4-ccm - Rewrite skcipher walker loopTianjia Zhang
The fact that an error in the skcipher walker API are indicated not only by a non-zero return value, but also by the fact that walk->nbytes is zero, causes the layout of the skcipher walker loop to be sufficiently different from the usual layout, which is not a problem in itself, but it is likely to cause reading confusion and difficulty in code maintenance. This patch rewrites skcipher walker loop, and separates the last chunk cryption from the loop to avoid wrong calls to the skcipher walker API. In addition to following the usual convention of checking walk->nbytes, it also makes the loop execute logic clearer and easier to understand. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-10crypto: atmel - Drop unused id parameter from atmel_i2c_probe()Uwe Kleine-König
id is unused in atmel_i2c_probe() and the callers have extra efforts to determine the right parameter. So drop the parameter simplifying both atmel_i2c_probe() and its callers. Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Reviewed-by: Tudor Ambarus <tudor.ambarus@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-10crypto: safexcel - Use crypto_wait_reqHerbert Xu
This patch replaces the custom crypto completion function with crypto_req_done. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-10crypto: x86/blowfish - Eliminate use of SYM_TYPED_FUNC_START in asmPeter Lafreniere
Now that we use the ECB/CBC macros, none of the asm functions in blowfish-x86_64 are called indirectly. So we can safely use SYM_FUNC_START instead of SYM_TYPED_FUNC_START with no effect, allowing us to remove an include. Signed-off-by: Peter Lafreniere <peter@n8pjl.ca> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-10crypto: x86/blowfish - Convert to use ECB/CBC helpersPeter Lafreniere
We can simplify the blowfish-x86_64 glue code by using the preexisting ECB/CBC helper macros. Additionally, this allows for easier reuse of asm functions in later x86 implementations of blowfish. This involves: 1 - Modifying blowfish_dec_blk_4way() to xor outputs when a flag is passed. 2 - Renaming blowfish_dec_blk_4way() to __blowfish_dec_blk_4way(). 3 - Creating two wrapper functions around __blowfish_dec_blk_4way() for use in the ECB/CBC macros. 4 - Removing the custom ecb_encrypt() and cbc_encrypt() routines in favor of macro-based routines. Signed-off-by: Peter Lafreniere <peter@n8pjl.ca> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-10crypto: x86/blowfish - Remove unused encode parameterPeter Lafreniere
The blowfish-x86_64 encryption functions have an unused argument. Remove it. This involves: 1 - Removing xor_block() macros. 2 - Removing handling of fourth argument from __blowfish_enc_blk{,_4way}() functions. 3 - Renaming __blowfish_enc_blk{,_4way}() to blowfish_enc_blk{,_4way}(). 4 - Removing the blowfish_enc_blk{,_4way}() wrappers from blowfish_glue.c 5 - Temporarily using SYM_TYPED_FUNC_START for now indirectly-callable encode functions. Signed-off-by: Peter Lafreniere <peter@n8pjl.ca> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-10crypto: arm64/aes-ccm - Rewrite skcipher walker loopHerbert Xu
An often overlooked aspect of the skcipher walker API is that an error is not just indicated by a non-zero return value, but by the fact that walk->nbytes is zero. Thus it is an error to call skcipher_walk_done after getting back walk->nbytes == 0 from the previous interaction with the walker. This is because when walk->nbytes is zero the walker is left in an undefined state and any further calls to it may try to free uninitialised stack memory. The arm64 ccm code has to deal with zero-length messages, and it needs to process data even when walk->nbytes == 0 is returned. It doesn't have this bug because there is an explicit check for walk->nbytes != 0 prior to the skcipher_walk_done call. However, the loop is still sufficiently different from the usual layout and it appears to have been copied into other code which then ended up with this bug. This patch rewrites it to follow the usual convention of checking walk->nbytes. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Tested-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-10MAINTAINERS: repair file entry for STARFIVE TRNG DRIVERLukas Bulwahn
Commit c388f458bc34 ("hwrng: starfive - Add TRNG driver for StarFive SoC") adds the STARFIVE TRNG DRIVER section to MAINTAINERS, but refers to the non-existing file drivers/char/hw_random/starfive-trng.c rather than to the actually added file drivers/char/hw_random/jh7110-trng.c in this commit. Hence, ./scripts/get_maintainer.pl --self-test=patterns complains about a broken reference. Repair this file entry in STARFIVE TRNG DRIVER. Fixes: c388f458bc34 ("hwrng: starfive - Add TRNG driver for StarFive SoC") Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com> Acked-by: Jia Jie Ho <jiajie.ho@starfivetech.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-10Documentation: qat: change kernel versionMeadhbh
Change kernel version from 5.20 to 6.0, as 5.20 is not a release. Signed-off-by: Meadhbh Fitzpatrick <meadhbh.fitzpatrick@intel.com> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by: Vladis Dronov <vdronov@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-03hwrng: starfive - Enable compile testingHerbert Xu
Enable compile testing for jh7110. Also remove the dependency on HW_RANDOM. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Reviewed-by: Conor Dooley <conor.dooley@microchip.com> Reviewed-by: Jia Jie Ho <jiajie.ho@starfivetech.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-03crypto: ux500/hash - delete driverLinus Walleij
It turns out we can just modify the newer STM32 HASH driver to be used with Ux500 and now that we have done that, delete the old and sparsely maintained Ux500 HASH driver. Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-03crypto: stm32/hash - Support Ux500 hashLinus Walleij
The Ux500 has a hash block which is an ancestor to the STM32 hash block. With some minor code path additions we can support also this variant in the STM32 driver. Differences: - Ux500 only supports SHA1 and SHA256 (+/- MAC) so we split up the algorithm registration per-algorithm and register each algorithm along with its MAC variant separately. - Ux500 does not have an interrupt to indicate that hash calculation is complete, so we add code paths to handle polling for completion if the interrupt is missing in the device tree. - Ux500 is lacking the SR status register, to check if an operating is complete, we need to poll the HASH_STR_DCAL bit in the HASH_STR register instead. - Ux500 had the resulting hash at address offset 0x0c and 8 32bit registers ahead. We account for this with a special code path when reading out the hash digest. - Ux500 need a special bit set in the control register before performing the final hash calculation on an empty message. - Ux500 hashes on empty messages will be performed if the above bit is set, but are incorrect. For this reason we just make an inline synchronous hash using a fallback hash. Tested on the Ux500 Golden device with the extended tests. Acked-by: Lionel Debieve <lionel.debieve@foss.st.com> Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-03crypto: stm32/hash - Wait for idle before final CPU xmitLinus Walleij
When calculating the hash using the CPU, right before the final hash calculation, heavy testing on Ux500 reveals that it is wise to wait for the hardware to go idle before calculating the final hash. The default test vectors mostly worked fine, but when I used the extensive tests and stress the hardware I ran into this problem. Acked-by: Lionel Debieve <lionel.debieve@foss.st.com> Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-03crypto: stm32/hash - Use existing busy poll functionLinus Walleij
When exporting state we are waiting indefinitely in the same was as the ordinary stm32_hash_wait_busy() poll-for-completion function but without a timeout, which means we could hang in an eternal loop. Fix this by waiting for completion like the rest of the code. Acked-by: Lionel Debieve <lionel.debieve@foss.st.com> Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-03crypto: stm32/hash - Simplify codeLinus Walleij
We are passing (rctx->flags & HASH_FLAGS_FINUP) as indicator for the final request but we already know this to be true since we are in the (final) arm of an if-statement set from the same flag. Just open-code it as true. Acked-by: Lionel Debieve <lionel.debieve@foss.st.com> Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-03dt-bindings: crypto: Let STM32 define Ux500 HASHLinus Walleij
This adds device tree bindings for the Ux500 HASH block as a compatible in the STM32 HASH bindings. The Ux500 HASH binding has been used for ages in the kernel device tree for Ux500 but was never documented, so fill in the gap by making it a sibling of the STM32 HASH block, which is what it is. The relationship to the existing STM32 HASH block is pretty obvious when looking at the register map, and I have written patches to reuse the STM32 HASH driver on the Ux500. The main difference from the outside is that the Ux500 HASH lacks the interrupt line, so some special if-clauses are needed to accomodate this in the binding. Reviewed-by: Rob Herring <robh@kernel.org> Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-03crypto: marvell/cesa - Use crypto_wait_reqHerbert Xu
This patch replaces the custom crypto completion function with crypto_req_done. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-03crypto: img-hash - Fix sparse endianness warningHerbert Xu
Use cpu_to_be32 instead of be32_to_cpu in img_hash_read_result_queue to silence sparse. The generated code should be identical. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-03crypto: ccp - Flush the SEV-ES TMR memory before giving it to firmwareTom Lendacky
Perform a cache flush on the SEV-ES TMR memory after allocation to prevent any possibility of the firmware encountering an error should dirty cache lines be present. Use clflush_cache_range() to flush the SEV-ES TMR memory. Fixes: 97f9ac3db661 ("crypto: ccp - Add support for SEV-ES to the PSP driver") Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-03crypto: qat - add qat_zlib_deflateLucas Segarra Fernandez
The ZLIB format (RFC 1950) is made of deflate compressed data surrounded by a header and a footer. The QAT accelerators support only the deflate algorithm, therefore the header and the footer need to be inserted in software. This adds logic in the QAT driver to support the ZLIB format. In particular: * Generalize the function qat_comp_alg_compress_decompress() to allow skipping an initial region (header) of the source and/or destination scatter lists. * Add logic to register the qat_zlib_deflate algorithm into the acomp framework. * For ZLIB compression, skip the initial portion of the destination buffer before sending the job to the QAT accelerator and insert the ZLIB header and footer in the callback, after the QAT request has been processed. * For ZLIB decompression, parse the header in the input buffer provided by the user and verify its validity before attempting the decompression of the buffer with QAT. Then submit the buffer to QAT for decompression. In the callback verify the correctness of the footer by comparing the value of the ADLER produced by QAT with the one in the destination buffer. Signed-off-by: Lucas Segarra Fernandez <lucas.segarra.fernandez@intel.com> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-03crypto: qat - extend buffer list logic interfaceLucas Segarra Fernandez
Extend qat_bl_sgl_to_bufl() to allow skipping the mapping of a region of the source and the destination scatter lists starting from byte zero. This is to support the ZLIB format (RFC 1950) in the qat driver. The ZLIB format is made of deflate compressed data surrounded by a header and a footer. The QAT accelerators support only the deflate algorithm, therefore the header should not be mapped since it is inserted in software. Signed-off-by: Lucas Segarra Fernandez <lucas.segarra.fernandez@intel.com> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-03Revert "crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in ↵Herbert Xu
pkcs1pad_encrypt_sign_complete" This reverts commit 1ca2809897155f1adc43e4859b4a3582e235c09a. While the akcipher API as a whole is designed to be called only from thread context, its completion path is still called from softirq context as usual. Therefore we must not use GFP_KERNEL on that path. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-03crypto: x86 - exit fpu context earlier in ECB/CBC macrosPeter Lafreniere
Currently the ecb/cbc macros hold fpu context unnecessarily when using scalar cipher routines (e.g. when handling odd sizes of blocks per walk). Change the macros to drop fpu context as soon as the fpu is out of use. No performance impact found (on Intel Haswell). Signed-off-by: Peter Lafreniere <peter@n8pjl.ca> Acked-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-01-27crypto: engine - Fix excess parameter doc warningHerbert Xu
The engine parameter should not be marked for kernel doc as it triggers a warning. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-01-27crypto: xts - Handle EBUSY correctlyHerbert Xu
As it is xts only handles the special return value of EINPROGRESS, which means that in all other cases it will free data related to the request. However, as the caller of xts may specify MAY_BACKLOG, we also need to expect EBUSY and treat it in the same way. Otherwise backlogged requests will trigger a use-after-free. Fixes: 8083b1bf8163 ("crypto: xts - add support for ciphertext stealing") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-01-27crypto: caam - Use ahash_request_completeHerbert Xu
Instead of calling the base completion function directly, use the correct ahash helper which is ahash_request_complete. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Reviewed-by: Gaurav Jain <gaurav.jain@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-01-27crypto: bcm - Use subrequest for fallbackHerbert Xu
Instead of doing saving and restoring on the AEAD request object for fallback processing, use a subrequest instead. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-01-27crypto: cryptd - Remove unnecessary skcipher_request_zeroHerbert Xu
Previously the child skcipher request was stored on the stack and therefore needed to be zeroed. As it is now dynamically allocated we no longer need to do so. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-01-27crypto: aspeed - Use devm_platform_get_and_ioremap_resource()ye xingchen
Convert platform_get_resource(), devm_ioremap_resource() to a single call to devm_platform_get_and_ioremap_resource(), as this is exactly what this function does. Signed-off-by: ye xingchen <ye.xingchen@zte.com.cn> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-01-27crypto: aspeed - change aspeed_acry_akcipher_algs to staticYang Yingliang
aspeed_acry_akcipher_algs is only used in aspeed-acry.c now, change it to static. Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> Acked-by: Andrew Jeffery <andrew@aj.id.au> Reviewed-by: Neal Liu <neal_liu@aspeedtech.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-01-27crypto: testmgr - disallow certain DRBG hash functions in FIPS modeVladis Dronov
According to FIPS 140-3 IG, section D.R "Hash Functions Acceptable for Use in the SP 800-90A DRBGs", modules certified after May 16th, 2023 must not support the use of: SHA-224, SHA-384, SHA512-224, SHA512-256, SHA3-224, SHA3-384. Disallow HMAC and HASH DRBGs using SHA-384 in FIPS mode. Signed-off-by: Vladis Dronov <vdronov@redhat.com> Reviewed-by: Stephan Müller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-01-27hwrng: starfive - Add TRNG driver for StarFive SoCJia Jie Ho
This adds driver support for the hardware random number generator in Starfive SoCs and adds StarFive TRNG entry to MAINTAINERS. Co-developed-by: Jenny Zhang <jenny.zhang@starfivetech.com> Signed-off-by: Jenny Zhang <jenny.zhang@starfivetech.com> Signed-off-by: Jia Jie Ho <jiajie.ho@starfivetech.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-01-27dt-bindings: rng: Add StarFive TRNG moduleJia Jie Ho
Add documentation to describe Starfive true random number generator module. Co-developed-by: Jenny Zhang <jenny.zhang@starfivetech.com> Signed-off-by: Jenny Zhang <jenny.zhang@starfivetech.com> Signed-off-by: Jia Jie Ho <jiajie.ho@starfivetech.com> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Reviewed-by: Conor Dooley <conor.dooley@microchip.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-01-27crypto: ccp - Add a firmware definition for EPYC gen 4 processorsTom Lendacky
Add a new MODULE_FIRMWARE() entry for 4th generation EPYC processors. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-01-27crypto: ccp - Provide MMIO register naming for documenationTom Lendacky
Add comments next to the version data MMIO register values to identify the register name being used. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-01-20crypto: x86/aria-avx512 - fix build failure with old binutilsTaehee Yoo
The minimum version of binutils for kernel build is currently 2.23 and it doesn't support GFNI. So, it fails to build the aria-avx512 if the old binutils is used. aria-avx512 requires GFNI, so it should not be allowed to build if the old binutils is used. The AS_AVX512 and AS_GFNI are added to the Kconfig to disable build aria-avx512 if the old binutils is used. Fixes: c970d42001f2 ("crypto: x86/aria - implement aria-avx512") Reported-by: Jan Beulich <jbeulich@suse.com> Signed-off-by: Taehee Yoo <ap420073@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-01-20crypto: x86/aria-avx2 - fix build failure with old binutilsTaehee Yoo
The minimum version of binutils for kernel build is currently 2.23 and it doesn't support GFNI. So, it fails to build the aria-avx2 if the old binutils is used. The code using GFNI is an optional part of aria-avx2. So, it disables GFNI part in it when the old binutils is used. Fixes: 37d8d3ae7a58 ("crypto: x86/aria - implement aria-avx2") Reported-by: Jan Beulich <jbeulich@suse.com> Signed-off-by: Taehee Yoo <ap420073@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-01-20crypto: x86/aria-avx - fix build failure with old binutilsTaehee Yoo
The minimum version of binutils for kernel build is currently 2.23 and it doesn't support GFNI. So, it fails to build the aria-avx if the old binutils is used. The code using GFNI is an optional part of aria-avx. So, it disables GFNI part in it when the old binutils is used. In order to check whether the using binutils is supporting GFNI or not, AS_GFNI is added. Fixes: ba3579e6e45c ("crypto: aria-avx - add AES-NI/AVX/x86_64/GFNI assembler implementation of aria cipher") Reported-by: Jan Beulich <jbeulich@suse.com> Signed-off-by: Taehee Yoo <ap420073@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>