<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/drivers/crypto/nx, branch linux-3.16.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>crypto: nx - off by one bug in nx_of_update_msc()</title>
<updated>2016-11-20T01:16:53+00:00</updated>
<author>
<name>Dan Carpenter</name>
<email>dan.carpenter@oracle.com</email>
</author>
<published>2016-07-15T11:09:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=127ca125117e4c3befc95042a7e41370b4fc6be1'/>
<id>127ca125117e4c3befc95042a7e41370b4fc6be1</id>
<content type='text'>
commit e514cc0a492a3f39ef71b31590a7ef67537ee04b upstream.

The props-&gt;ap[] array is defined like this:

	struct alg_props ap[NX_MAX_FC][NX_MAX_MODE][3];

So we can see that if msc-&gt;fc and msc-&gt;mode are == to NX_MAX_FC or
NX_MAX_MODE then we're off by one.

Fixes: ae0222b7289d ('powerpc/crypto: nx driver code supporting nx encryption')
Signed-off-by: Dan Carpenter &lt;dan.carpenter@oracle.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit e514cc0a492a3f39ef71b31590a7ef67537ee04b upstream.

The props-&gt;ap[] array is defined like this:

	struct alg_props ap[NX_MAX_FC][NX_MAX_MODE][3];

So we can see that if msc-&gt;fc and msc-&gt;mode are == to NX_MAX_FC or
NX_MAX_MODE then we're off by one.

Fixes: ae0222b7289d ('powerpc/crypto: nx driver code supporting nx encryption')
Signed-off-by: Dan Carpenter &lt;dan.carpenter@oracle.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: nx - Fix timing leak in GCM and CCM decryption</title>
<updated>2016-01-05T11:22:18+00:00</updated>
<author>
<name>David Gstir</name>
<email>david@sigma-star.at</email>
</author>
<published>2015-11-15T16:14:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=437a88a58371aa4a3ea01dbe194337e3f97c4b29'/>
<id>437a88a58371aa4a3ea01dbe194337e3f97c4b29</id>
<content type='text'>
commit cb8affb55c7e64816f3effcd9b2fc3268c016fac upstream.

Using non-constant time memcmp() makes the verification of the authentication
tag in the decrypt path vulnerable to timing attacks. Fix this by using
crypto_memneq() instead.

Signed-off-by: David Gstir &lt;david@sigma-star.at&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
[ luis: backported to 3.16: adjusted context ]
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit cb8affb55c7e64816f3effcd9b2fc3268c016fac upstream.

Using non-constant time memcmp() makes the verification of the authentication
tag in the decrypt path vulnerable to timing attacks. Fix this by using
crypto_memneq() instead.

Signed-off-by: David Gstir &lt;david@sigma-star.at&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
[ luis: backported to 3.16: adjusted context ]
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6 into next</title>
<updated>2014-06-08T02:44:40+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2014-06-08T02:44:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=639b4ac691c6f6e48921dc576379c176f82f3250'/>
<id>639b4ac691c6f6e48921dc576379c176f82f3250</id>
<content type='text'>
Pull crypto updates from Herbert Xu:
 "Here is the crypto update for 3.16:

   - Added test vectors for SHA/AES-CCM/DES-CBC/3DES-CBC.
   - Fixed a number of error-path memory leaks in tcrypt.
   - Fixed error-path memory leak in caam.
   - Removed unnecessary global mutex from mxs-dcp.
   - Added ahash walk interface that can actually be asynchronous.
   - Cleaned up caam error reporting.
   - Allow crypto_user get operation to be used by non-root users.
   - Add support for SSS module on Exynos.
   - Misc fixes"

* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6: (60 commits)
  crypto: testmgr - add aead cbc des, des3_ede tests
  crypto: testmgr - Fix DMA-API warning
  crypto: cesa - tfm-&gt;__crt_alg-&gt;cra_type directly
  crypto: sahara - tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: padlock - tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: n2 - tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: dcp - tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: cesa - tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: ccp - tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: geode - Don't use tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: geode - Weed out printk() from probe()
  crypto: geode - Consistently use AES_KEYSIZE_128
  crypto: geode - Kill AES_IV_LENGTH
  crypto: geode - Kill AES_MIN_BLOCK_SIZE
  crypto: mxs-dcp - Remove global mutex
  crypto: hash - Add real ahash walk interface
  hwrng: n2-drv - Introduce the use of the managed version of kzalloc
  crypto: caam - reinitialize keys_fit_inline for decrypt and givencrypt
  crypto: s5p-sss - fix multiplatform build
  hwrng: timeriomem - remove unnecessary OOM messages
  ...
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull crypto updates from Herbert Xu:
 "Here is the crypto update for 3.16:

   - Added test vectors for SHA/AES-CCM/DES-CBC/3DES-CBC.
   - Fixed a number of error-path memory leaks in tcrypt.
   - Fixed error-path memory leak in caam.
   - Removed unnecessary global mutex from mxs-dcp.
   - Added ahash walk interface that can actually be asynchronous.
   - Cleaned up caam error reporting.
   - Allow crypto_user get operation to be used by non-root users.
   - Add support for SSS module on Exynos.
   - Misc fixes"

* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6: (60 commits)
  crypto: testmgr - add aead cbc des, des3_ede tests
  crypto: testmgr - Fix DMA-API warning
  crypto: cesa - tfm-&gt;__crt_alg-&gt;cra_type directly
  crypto: sahara - tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: padlock - tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: n2 - tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: dcp - tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: cesa - tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: ccp - tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: geode - Don't use tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: geode - Weed out printk() from probe()
  crypto: geode - Consistently use AES_KEYSIZE_128
  crypto: geode - Kill AES_IV_LENGTH
  crypto: geode - Kill AES_MIN_BLOCK_SIZE
  crypto: mxs-dcp - Remove global mutex
  crypto: hash - Add real ahash walk interface
  hwrng: n2-drv - Introduce the use of the managed version of kzalloc
  crypto: caam - reinitialize keys_fit_inline for decrypt and givencrypt
  crypto: s5p-sss - fix multiplatform build
  hwrng: timeriomem - remove unnecessary OOM messages
  ...
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto/nx/nx-842: dev_set_drvdata can no longer fail</title>
<updated>2014-05-28T20:39:51+00:00</updated>
<author>
<name>Jean Delvare</name>
<email>jdelvare@suse.de</email>
</author>
<published>2014-05-28T12:02:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=cda43576afa641d83ae268cb9795ae2a549d53d9'/>
<id>cda43576afa641d83ae268cb9795ae2a549d53d9</id>
<content type='text'>
Don't check if dev_set_drvdata() failed, it can't, and it returns void
now.

Signed-off-by: Jean Delvare &lt;jdelvare@suse.de&gt;
Cc: Robert Jennings &lt;rcj@linux.vnet.ibm.com&gt;
Cc: Marcelo Henrique Cerri &lt;mhcerri@linux.vnet.ibm.com&gt;
Cc: Fionnuala Gunter &lt;fin@linux.vnet.ibm.com&gt;
Reported-by: Stephen Rothwell &lt;sfr@canb.auug.org.au&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Don't check if dev_set_drvdata() failed, it can't, and it returns void
now.

Signed-off-by: Jean Delvare &lt;jdelvare@suse.de&gt;
Cc: Robert Jennings &lt;rcj@linux.vnet.ibm.com&gt;
Cc: Marcelo Henrique Cerri &lt;mhcerri@linux.vnet.ibm.com&gt;
Cc: Fionnuala Gunter &lt;fin@linux.vnet.ibm.com&gt;
Reported-by: Stephen Rothwell &lt;sfr@canb.auug.org.au&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: nx - Use RCU_INIT_POINTER(x, NULL)</title>
<updated>2014-04-16T12:16:46+00:00</updated>
<author>
<name>Monam Agarwal</name>
<email>monamagarwal123@gmail.com</email>
</author>
<published>2014-03-23T19:32:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=7ded6e3d1bf5f83786753d1e0556a5c9711ced8a'/>
<id>7ded6e3d1bf5f83786753d1e0556a5c9711ced8a</id>
<content type='text'>
This patch replaces rcu_assign_pointer(x, NULL) with RCU_INIT_POINTER(x, NULL)

The rcu_assign_pointer() ensures that the initialization of a structure
is carried out before storing a pointer to that structure.
And in the case of the NULL pointer, there is no structure to initialize.
So, rcu_assign_pointer(p, NULL) can be safely converted to RCU_INIT_POINTER(p, NULL)

Signed-off-by: Monam Agarwal &lt;monamagarwal123@gmail.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This patch replaces rcu_assign_pointer(x, NULL) with RCU_INIT_POINTER(x, NULL)

The rcu_assign_pointer() ensures that the initialization of a structure
is carried out before storing a pointer to that structure.
And in the case of the NULL pointer, there is no structure to initialize.
So, rcu_assign_pointer(p, NULL) can be safely converted to RCU_INIT_POINTER(p, NULL)

Signed-off-by: Monam Agarwal &lt;monamagarwal123@gmail.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto/nx/nx-842: Fix handling of vmalloc addresses</title>
<updated>2014-02-11T00:24:49+00:00</updated>
<author>
<name>Nathan Fontenot</name>
<email>nfont@linux.vnet.ibm.com</email>
</author>
<published>2014-01-29T16:34:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=0ba3e1011660042dd3ea08ae8dbdc173352f3d47'/>
<id>0ba3e1011660042dd3ea08ae8dbdc173352f3d47</id>
<content type='text'>
The powerpc specific nx-842 compression driver does not currently
handle translating a vmalloc address to a physical address.

The current driver uses __pa() for all addresses which does not
properly handle vmalloc addresses and thus causes a failure since
we do not pass a proper physical address to the hypervisor.

This patch adds a routine to convert an address to a physical
address by checking for vmalloc addresses and handling them properly.

Signed-off-by: Nathan Fontenot &lt;nfont@linux.vnet.ibm.com&gt;
 ---
 drivers/crypto/nx/nx-842.c |   29 +++++++++++++++++++----------
 1 file changed, 19 insertions(+), 10 deletions(-)
Signed-off-by: Benjamin Herrenschmidt &lt;benh@kernel.crashing.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The powerpc specific nx-842 compression driver does not currently
handle translating a vmalloc address to a physical address.

The current driver uses __pa() for all addresses which does not
properly handle vmalloc addresses and thus causes a failure since
we do not pass a proper physical address to the hypervisor.

This patch adds a routine to convert an address to a physical
address by checking for vmalloc addresses and handling them properly.

Signed-off-by: Nathan Fontenot &lt;nfont@linux.vnet.ibm.com&gt;
 ---
 drivers/crypto/nx/nx-842.c |   29 +++++++++++++++++++----------
 1 file changed, 19 insertions(+), 10 deletions(-)
Signed-off-by: Benjamin Herrenschmidt &lt;benh@kernel.crashing.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: nx - fix SHA-2 for chunks bigger than block size</title>
<updated>2013-09-02T10:32:56+00:00</updated>
<author>
<name>Marcelo Cerri</name>
<email>mhcerri@linux.vnet.ibm.com</email>
</author>
<published>2013-08-29T14:36:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=069fa0453f9dc86fd97dd5b3f5fda4724ed5ff69'/>
<id>069fa0453f9dc86fd97dd5b3f5fda4724ed5ff69</id>
<content type='text'>
Each call to the co-processor, with exception of the last call, needs to
send data that is multiple of block size. As consequence, any remaining
data is kept in the internal NX context.

This patch fixes a bug in the driver that causes it to save incorrect
data into the context when data is bigger than the block size.

Reviewed-by: Joy Latten &lt;jmlatten@linux.vnet.ibm.com&gt;
Signed-off-by: Marcelo Cerri &lt;mhcerri@linux.vnet.ibm.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Each call to the co-processor, with exception of the last call, needs to
send data that is multiple of block size. As consequence, any remaining
data is kept in the internal NX context.

This patch fixes a bug in the driver that causes it to save incorrect
data into the context when data is bigger than the block size.

Reviewed-by: Joy Latten &lt;jmlatten@linux.vnet.ibm.com&gt;
Signed-off-by: Marcelo Cerri &lt;mhcerri@linux.vnet.ibm.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: nx - fix GCM for zero length messages</title>
<updated>2013-09-02T10:32:55+00:00</updated>
<author>
<name>Marcelo Cerri</name>
<email>mhcerri@linux.vnet.ibm.com</email>
</author>
<published>2013-08-29T14:36:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=dec0ed6c1b2c8c2aa37c04feccaf4784764c95f1'/>
<id>dec0ed6c1b2c8c2aa37c04feccaf4784764c95f1</id>
<content type='text'>
The NX CGM implementation doesn't support zero length messages and the
current implementation has two flaws:

 - When the input data length is zero, it ignores the associated data.
 - Even when both lengths are zero, it uses the Crypto API to encrypt a
   zeroed block using ctr(aes) and because of this it allocates a new
   transformation and sets the key for this new tfm. Both operations are
   intended to be used only in user context, while the cryptographic
   operations can be called in both user and softirq contexts.

This patch replaces the nested Crypto API use and adds two special
cases:

 - When input data and associated data lengths are zero: it uses NX ECB
   mode to emulate the encryption of a zeroed block using ctr(aes).
 - When input data is zero and associated data is available: it uses NX
   GMAC mode to calculate the associated data MAC.

Reviewed-by: Joy Latten &lt;jmlatten@linux.vnet.ibm.com&gt;
Signed-off-by: Marcelo Cerri &lt;mhcerri@linux.vnet.ibm.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The NX CGM implementation doesn't support zero length messages and the
current implementation has two flaws:

 - When the input data length is zero, it ignores the associated data.
 - Even when both lengths are zero, it uses the Crypto API to encrypt a
   zeroed block using ctr(aes) and because of this it allocates a new
   transformation and sets the key for this new tfm. Both operations are
   intended to be used only in user context, while the cryptographic
   operations can be called in both user and softirq contexts.

This patch replaces the nested Crypto API use and adds two special
cases:

 - When input data and associated data lengths are zero: it uses NX ECB
   mode to emulate the encryption of a zeroed block using ctr(aes).
 - When input data is zero and associated data is available: it uses NX
   GMAC mode to calculate the associated data MAC.

Reviewed-by: Joy Latten &lt;jmlatten@linux.vnet.ibm.com&gt;
Signed-off-by: Marcelo Cerri &lt;mhcerri@linux.vnet.ibm.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: nx - fix XCBC for zero length messages</title>
<updated>2013-09-02T10:32:55+00:00</updated>
<author>
<name>Marcelo Cerri</name>
<email>mhcerri@linux.vnet.ibm.com</email>
</author>
<published>2013-08-29T14:36:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=41e3173daf4e2d2f2dcc48ae7ffc8d0c4f3ecec9'/>
<id>41e3173daf4e2d2f2dcc48ae7ffc8d0c4f3ecec9</id>
<content type='text'>
The NX XCBC implementation doesn't support zero length messages and
because of that NX is currently returning a hard-coded hash for zero
length messages. However this approach is incorrect since the hash value
also depends on which key is used.

This patch removes the hard-coded hash and replace it with an
implementation based on the RFC 3566 using ECB.

Reviewed-by: Joy Latten &lt;jmlatten@linux.vnet.ibm.com&gt;
Signed-off-by: Marcelo Cerri &lt;mhcerri@linux.vnet.ibm.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The NX XCBC implementation doesn't support zero length messages and
because of that NX is currently returning a hard-coded hash for zero
length messages. However this approach is incorrect since the hash value
also depends on which key is used.

This patch removes the hard-coded hash and replace it with an
implementation based on the RFC 3566 using ECB.

Reviewed-by: Joy Latten &lt;jmlatten@linux.vnet.ibm.com&gt;
Signed-off-by: Marcelo Cerri &lt;mhcerri@linux.vnet.ibm.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: nx - fix limits to sg lists for AES-CCM</title>
<updated>2013-09-02T10:32:54+00:00</updated>
<author>
<name>Fionnuala Gunter</name>
<email>fin@linux.vnet.ibm.com</email>
</author>
<published>2013-08-29T14:36:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=2b188b3b86005ca63eb851a1992f06b9a301f800'/>
<id>2b188b3b86005ca63eb851a1992f06b9a301f800</id>
<content type='text'>
This patch updates the NX driver to perform several hyper calls when necessary
so that the length limits of scatter/gather lists are respected.

Reviewed-by: Marcelo Cerri &lt;mhcerri@linux.vnet.ibm.com&gt;
Signed-off-by: Joy Latten &lt;jmlatten@linux.vnet.ibm.com&gt;
Signed-off-by: Fionnuala Gunter &lt;fin@linux.vnet.ibm.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This patch updates the NX driver to perform several hyper calls when necessary
so that the length limits of scatter/gather lists are respected.

Reviewed-by: Marcelo Cerri &lt;mhcerri@linux.vnet.ibm.com&gt;
Signed-off-by: Joy Latten &lt;jmlatten@linux.vnet.ibm.com&gt;
Signed-off-by: Fionnuala Gunter &lt;fin@linux.vnet.ibm.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
</feed>
