<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/drivers/crypto, branch v3.16.35</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>crypto: ccp - memset request context to zero during import</title>
<updated>2016-04-30T22:05:51+00:00</updated>
<author>
<name>Tom Lendacky</name>
<email>thomas.lendacky@amd.com</email>
</author>
<published>2016-02-25T22:48:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3900078d66b2564fd4e95c49bc967833c3fa12d2'/>
<id>3900078d66b2564fd4e95c49bc967833c3fa12d2</id>
<content type='text'>
commit ce0ae266feaf35930394bd770c69778e4ef03ba9 upstream.

Since a crypto_ahash_import() can be called against a request context
that has not had a crypto_ahash_init() performed, the request context
needs to be cleared to insure there is no random data present. If not,
the random data can result in a kernel oops during crypto_ahash_update().

Signed-off-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit ce0ae266feaf35930394bd770c69778e4ef03ba9 upstream.

Since a crypto_ahash_import() can be called against a request context
that has not had a crypto_ahash_init() performed, the request context
needs to be cleared to insure there is no random data present. If not,
the random data can result in a kernel oops during crypto_ahash_update().

Signed-off-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: ccp - Don't assume export/import areas are aligned</title>
<updated>2016-04-30T22:05:46+00:00</updated>
<author>
<name>Tom Lendacky</name>
<email>thomas.lendacky@amd.com</email>
</author>
<published>2016-02-02T17:38:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=ec231ef4815ac10c6ff96754b40817550042e8ed'/>
<id>ec231ef4815ac10c6ff96754b40817550042e8ed</id>
<content type='text'>
commit b31dde2a5cb1bf764282abf934266b7193c2bc7c upstream.

Use a local variable for the exported and imported state so that
alignment is not an issue. On export, set a local variable from the
request context and then memcpy the contents of the local variable to
the export memory area. On import, memcpy the import memory area into
a local variable and then use the local variable to set the request
context.

Signed-off-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit b31dde2a5cb1bf764282abf934266b7193c2bc7c upstream.

Use a local variable for the exported and imported state so that
alignment is not an issue. On export, set a local variable from the
request context and then memcpy the contents of the local variable to
the export memory area. On import, memcpy the import memory area into
a local variable and then use the local variable to set the request
context.

Signed-off-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: ccp - Limit the amount of information exported</title>
<updated>2016-04-30T22:05:46+00:00</updated>
<author>
<name>Tom Lendacky</name>
<email>thomas.lendacky@amd.com</email>
</author>
<published>2016-01-29T18:45:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=4b0073dec3c3c0ee1d4faf769d5d1840ff164e30'/>
<id>4b0073dec3c3c0ee1d4faf769d5d1840ff164e30</id>
<content type='text'>
commit d1662165ae612ec8b5f94a6b07e65ea58b6dce34 upstream.

Since the exported information can be exposed to user-space, instead of
exporting the entire request context only export the minimum information
needed.

Signed-off-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit d1662165ae612ec8b5f94a6b07e65ea58b6dce34 upstream.

Since the exported information can be exposed to user-space, instead of
exporting the entire request context only export the minimum information
needed.

Signed-off-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: ccp - Add hash state import and export support</title>
<updated>2016-04-30T22:05:44+00:00</updated>
<author>
<name>Tom Lendacky</name>
<email>thomas.lendacky@amd.com</email>
</author>
<published>2016-01-12T17:17:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=132e906848f8815e39f5ffcde460ed4fe7143bd3'/>
<id>132e906848f8815e39f5ffcde460ed4fe7143bd3</id>
<content type='text'>
commit 952bce9792e6bf36fda09c2e5718abb5d9327369 upstream.

Commit 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero")
added a check to prevent ahash algorithms from successfully registering
if the import and export functions were not implemented. This prevents
an oops in the hash_accept function of algif_hash. This commit causes
the ccp-crypto module SHA support and AES CMAC support from successfully
registering and causing the ccp-crypto module load to fail because the
ahash import and export functions are not implemented.

Update the CCP Crypto API support to provide import and export support
for ahash algorithms.

Signed-off-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 952bce9792e6bf36fda09c2e5718abb5d9327369 upstream.

Commit 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero")
added a check to prevent ahash algorithms from successfully registering
if the import and export functions were not implemented. This prevents
an oops in the hash_accept function of algif_hash. This commit causes
the ccp-crypto module SHA support and AES CMAC support from successfully
registering and causing the ccp-crypto module load to fail because the
ahash import and export functions are not implemented.

Update the CCP Crypto API support to provide import and export support
for ahash algorithms.

Signed-off-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: talitos - Fix timing leak in ESP ICV verification</title>
<updated>2016-01-05T11:22:18+00:00</updated>
<author>
<name>David Gstir</name>
<email>david@sigma-star.at</email>
</author>
<published>2015-11-15T16:14:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=20422a48839b1c869f014f7649cd1522c968d793'/>
<id>20422a48839b1c869f014f7649cd1522c968d793</id>
<content type='text'>
commit 79960943fdc114fd4583c9ab164b5c89da7aa601 upstream.

Using non-constant time memcmp() makes the verification of the authentication
tag in the decrypt path vulnerable to timing attacks. Fix this by using
crypto_memneq() instead.

Signed-off-by: David Gstir &lt;david@sigma-star.at&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
[ luis: backported to 3.16: adjusted context ]
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 79960943fdc114fd4583c9ab164b5c89da7aa601 upstream.

Using non-constant time memcmp() makes the verification of the authentication
tag in the decrypt path vulnerable to timing attacks. Fix this by using
crypto_memneq() instead.

Signed-off-by: David Gstir &lt;david@sigma-star.at&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
[ luis: backported to 3.16: adjusted context ]
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: nx - Fix timing leak in GCM and CCM decryption</title>
<updated>2016-01-05T11:22:18+00:00</updated>
<author>
<name>David Gstir</name>
<email>david@sigma-star.at</email>
</author>
<published>2015-11-15T16:14:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=437a88a58371aa4a3ea01dbe194337e3f97c4b29'/>
<id>437a88a58371aa4a3ea01dbe194337e3f97c4b29</id>
<content type='text'>
commit cb8affb55c7e64816f3effcd9b2fc3268c016fac upstream.

Using non-constant time memcmp() makes the verification of the authentication
tag in the decrypt path vulnerable to timing attacks. Fix this by using
crypto_memneq() instead.

Signed-off-by: David Gstir &lt;david@sigma-star.at&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
[ luis: backported to 3.16: adjusted context ]
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit cb8affb55c7e64816f3effcd9b2fc3268c016fac upstream.

Using non-constant time memcmp() makes the verification of the authentication
tag in the decrypt path vulnerable to timing attacks. Fix this by using
crypto_memneq() instead.

Signed-off-by: David Gstir &lt;david@sigma-star.at&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
[ luis: backported to 3.16: adjusted context ]
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: caam - fix memory corruption in ahash_final_ctx</title>
<updated>2015-09-03T12:29:51+00:00</updated>
<author>
<name>Horia Geant?</name>
<email>horia.geanta@freescale.com</email>
</author>
<published>2015-08-11T17:19:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=4276e7ab383f4df9d963b1fc6ef411284e9a242e'/>
<id>4276e7ab383f4df9d963b1fc6ef411284e9a242e</id>
<content type='text'>
commit b310c178e6d897f82abb9da3af1cd7c02b09f592 upstream.

When doing pointer operation for accessing the HW S/G table,
a value representing number of entries (and not number of bytes)
must be used.

Fixes: 045e36780f115 ("crypto: caam - ahash hmac support")
Signed-off-by: Horia Geant? &lt;horia.geanta@freescale.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit b310c178e6d897f82abb9da3af1cd7c02b09f592 upstream.

When doing pointer operation for accessing the HW S/G table,
a value representing number of entries (and not number of bytes)
must be used.

Fixes: 045e36780f115 ("crypto: caam - ahash hmac support")
Signed-off-by: Horia Geant? &lt;horia.geanta@freescale.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: ixp4xx - Remove bogus BUG_ON on scattered dst buffer</title>
<updated>2015-08-27T11:08:06+00:00</updated>
<author>
<name>Herbert Xu</name>
<email>herbert@gondor.apana.org.au</email>
</author>
<published>2015-07-22T10:05:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=57ece6983da1978b426737490568603d562134e4'/>
<id>57ece6983da1978b426737490568603d562134e4</id>
<content type='text'>
commit f898c522f0e9ac9f3177d0762b76e2ab2d2cf9c0 upstream.

This patch removes a bogus BUG_ON in the ablkcipher path that
triggers when the destination buffer is different from the source
buffer and is scattered.

Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit f898c522f0e9ac9f3177d0762b76e2ab2d2cf9c0 upstream.

This patch removes a bogus BUG_ON in the ablkcipher path that
triggers when the destination buffer is different from the source
buffer and is scattered.

Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: omap-des - Fix unmapping of dma channels</title>
<updated>2015-08-10T08:54:10+00:00</updated>
<author>
<name>Vutla, Lokesh</name>
<email>lokeshvutla@ti.com</email>
</author>
<published>2015-07-02T13:03:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=a87b9ace44f63f464097797c1fa438c4deb9641a'/>
<id>a87b9ace44f63f464097797c1fa438c4deb9641a</id>
<content type='text'>
commit acb33cc541d7a5495b16a133702d4c401ea4e294 upstream.

dma_unmap_sg() is being called twice after completing the
task. Looks like this is a copy paste error when creating
des driver.
With this the following warn appears during boot:

[    4.210457] ------------[ cut here ]------------
[    4.215114] WARNING: CPU: 0 PID: 0 at lib/dma-debug.c:1080 check_unmap+0x710/0x9a0()
[    4.222899] omap-des 480a5000.des: DMA-API: device driver tries to free DMA memory it has not allocated [device address=0x00000000ab2ce000] [size=8 bytes]
[    4.236785] Modules linked in:
[    4.239860] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.14.39-02999-g1bc045a-dirty #182
[    4.247918] [&lt;c001678c&gt;] (unwind_backtrace) from [&lt;c0012574&gt;] (show_stack+0x10/0x14)
[    4.255710] [&lt;c0012574&gt;] (show_stack) from [&lt;c05a37e8&gt;] (dump_stack+0x84/0xb8)
[    4.262977] [&lt;c05a37e8&gt;] (dump_stack) from [&lt;c0046464&gt;] (warn_slowpath_common+0x68/0x8c)
[    4.271107] [&lt;c0046464&gt;] (warn_slowpath_common) from [&lt;c004651c&gt;] (warn_slowpath_fmt+0x30/0x40)
[    4.279854] [&lt;c004651c&gt;] (warn_slowpath_fmt) from [&lt;c02d50a4&gt;] (check_unmap+0x710/0x9a0)
[    4.287991] [&lt;c02d50a4&gt;] (check_unmap) from [&lt;c02d5478&gt;] (debug_dma_unmap_sg+0x90/0x19c)
[    4.296128] [&lt;c02d5478&gt;] (debug_dma_unmap_sg) from [&lt;c04a77d8&gt;] (omap_des_done_task+0x1cc/0x3e4)
[    4.304963] [&lt;c04a77d8&gt;] (omap_des_done_task) from [&lt;c004a090&gt;] (tasklet_action+0x84/0x124)
[    4.313370] [&lt;c004a090&gt;] (tasklet_action) from [&lt;c004a4ac&gt;] (__do_softirq+0xf0/0x20c)
[    4.321235] [&lt;c004a4ac&gt;] (__do_softirq) from [&lt;c004a840&gt;] (irq_exit+0x98/0xec)
[    4.328500] [&lt;c004a840&gt;] (irq_exit) from [&lt;c000f9ac&gt;] (handle_IRQ+0x50/0xb0)
[    4.335589] [&lt;c000f9ac&gt;] (handle_IRQ) from [&lt;c0008688&gt;] (gic_handle_irq+0x28/0x5c)

Removing the duplicate call to dma_unmap_sg().

Reported-by: Tomi Valkeinen &lt;tomi.valkeinen@ti.com&gt;
Signed-off-by: Lokesh Vutla &lt;lokeshvutla@ti.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit acb33cc541d7a5495b16a133702d4c401ea4e294 upstream.

dma_unmap_sg() is being called twice after completing the
task. Looks like this is a copy paste error when creating
des driver.
With this the following warn appears during boot:

[    4.210457] ------------[ cut here ]------------
[    4.215114] WARNING: CPU: 0 PID: 0 at lib/dma-debug.c:1080 check_unmap+0x710/0x9a0()
[    4.222899] omap-des 480a5000.des: DMA-API: device driver tries to free DMA memory it has not allocated [device address=0x00000000ab2ce000] [size=8 bytes]
[    4.236785] Modules linked in:
[    4.239860] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.14.39-02999-g1bc045a-dirty #182
[    4.247918] [&lt;c001678c&gt;] (unwind_backtrace) from [&lt;c0012574&gt;] (show_stack+0x10/0x14)
[    4.255710] [&lt;c0012574&gt;] (show_stack) from [&lt;c05a37e8&gt;] (dump_stack+0x84/0xb8)
[    4.262977] [&lt;c05a37e8&gt;] (dump_stack) from [&lt;c0046464&gt;] (warn_slowpath_common+0x68/0x8c)
[    4.271107] [&lt;c0046464&gt;] (warn_slowpath_common) from [&lt;c004651c&gt;] (warn_slowpath_fmt+0x30/0x40)
[    4.279854] [&lt;c004651c&gt;] (warn_slowpath_fmt) from [&lt;c02d50a4&gt;] (check_unmap+0x710/0x9a0)
[    4.287991] [&lt;c02d50a4&gt;] (check_unmap) from [&lt;c02d5478&gt;] (debug_dma_unmap_sg+0x90/0x19c)
[    4.296128] [&lt;c02d5478&gt;] (debug_dma_unmap_sg) from [&lt;c04a77d8&gt;] (omap_des_done_task+0x1cc/0x3e4)
[    4.304963] [&lt;c04a77d8&gt;] (omap_des_done_task) from [&lt;c004a090&gt;] (tasklet_action+0x84/0x124)
[    4.313370] [&lt;c004a090&gt;] (tasklet_action) from [&lt;c004a4ac&gt;] (__do_softirq+0xf0/0x20c)
[    4.321235] [&lt;c004a4ac&gt;] (__do_softirq) from [&lt;c004a840&gt;] (irq_exit+0x98/0xec)
[    4.328500] [&lt;c004a840&gt;] (irq_exit) from [&lt;c000f9ac&gt;] (handle_IRQ+0x50/0xb0)
[    4.335589] [&lt;c000f9ac&gt;] (handle_IRQ) from [&lt;c0008688&gt;] (gic_handle_irq+0x28/0x5c)

Removing the duplicate call to dma_unmap_sg().

Reported-by: Tomi Valkeinen &lt;tomi.valkeinen@ti.com&gt;
Signed-off-by: Lokesh Vutla &lt;lokeshvutla@ti.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Revert "crypto: talitos - convert to use be16_add_cpu()"</title>
<updated>2015-07-09T13:36:02+00:00</updated>
<author>
<name>Horia Geant?</name>
<email>horia.geanta@freescale.com</email>
</author>
<published>2015-05-11T17:04:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=e4fa50cdd84057fd277aacfe02906e4369d6a12a'/>
<id>e4fa50cdd84057fd277aacfe02906e4369d6a12a</id>
<content type='text'>
commit 69d9cd8c592f1abce820dbce7181bbbf6812cfbd upstream.

This reverts commit 7291a932c6e27d9768e374e9d648086636daf61c.

The conversion to be16_add_cpu() is incorrect in case cryptlen is
negative due to premature (i.e. before addition / subtraction)
implicit conversion of cryptlen (int -&gt; u16) leading to sign loss.

Cc: Wei Yongjun &lt;yongjun_wei@trendmicro.com.cn&gt;
Signed-off-by: Horia Geanta &lt;horia.geanta@freescale.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 69d9cd8c592f1abce820dbce7181bbbf6812cfbd upstream.

This reverts commit 7291a932c6e27d9768e374e9d648086636daf61c.

The conversion to be16_add_cpu() is incorrect in case cryptlen is
negative due to premature (i.e. before addition / subtraction)
implicit conversion of cryptlen (int -&gt; u16) leading to sign loss.

Cc: Wei Yongjun &lt;yongjun_wei@trendmicro.com.cn&gt;
Signed-off-by: Horia Geanta &lt;horia.geanta@freescale.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
