linux-stable.git/drivers/crypto, branch v6.14.2 Linux kernel stable tree crypto: hisilicon/sec2 - fix for aead auth key length 2025-04-10T12:44:26+00:00 Wenkai Lin linwenkai6@hisilicon.com 2025-02-05T03:56:26+00:00 7452a878d5bdcaf4d1c0e13e099dda6644f51f3f [ Upstream commit 1b284ffc30b02808a0de698667cbcf5ce5f9144e ] According to the HMAC RFC, the authentication key can be 0 bytes, and the hardware can handle this scenario. Therefore, remove the incorrect validation for this case. Fixes: 2f072d75d1ab ("crypto: hisilicon - Add aead support on SEC2") Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com> Signed-off-by: Chenghai Huang <huangchenghai2@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit 1b284ffc30b02808a0de698667cbcf5ce5f9144e ]

According to the HMAC RFC, the authentication key
can be 0 bytes, and the hardware can handle this
scenario. Therefore, remove the incorrect validation
for this case.

Fixes: 2f072d75d1ab ("crypto: hisilicon - Add aead support on SEC2")
Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
Signed-off-by: Chenghai Huang <huangchenghai2@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: nx - Fix uninitialised hv_nxc on error 2025-04-10T12:44:25+00:00 Herbert Xu herbert@gondor.apana.org.au 2025-03-15T08:50:42+00:00 5ca11c75d4500609b27f024878dd562e1f156cc2 [ Upstream commit 9b00eb923f3e60ca76cbc8b31123716f3a87ac6a ] The compiler correctly warns that hv_nxc may be used uninitialised as that will occur when NX-GZIP is unavailable. Fix it by rearranging the code and delay setting caps_feat until the final query succeeds. Fixes: b4ba22114c78 ("crypto/nx: Get NX capabilities for GZIP coprocessor type") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit 9b00eb923f3e60ca76cbc8b31123716f3a87ac6a ]

The compiler correctly warns that hv_nxc may be used uninitialised
as that will occur when NX-GZIP is unavailable.

Fix it by rearranging the code and delay setting caps_feat until
the final query succeeds.

Fixes: b4ba22114c78 ("crypto/nx: Get NX capabilities for GZIP coprocessor type")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: qat - remove access to parity register for QAT GEN4 2025-04-10T12:44:25+00:00 Bairavi Alagappan bairavix.alagappan@intel.com 2025-03-14T15:09:31+00:00 5a92a8d8ca688cb10513928ea8396d108ce7b641 [ Upstream commit 92c6a707d82f0629debf1c21dd87717776d96af2 ] The firmware already handles parity errors reported by the accelerators by clearing them through the corresponding SSMSOFTERRORPARITY register. To ensure consistent behavior and prevent race conditions between the driver and firmware, remove the logic that checks the SSMSOFTERRORPARITY registers. Additionally, change the return type of the function adf_handle_rf_parr_err() to void, as it consistently returns false. Parity errors are recoverable and do not necessitate a device reset. Fixes: 895f7d532c84 ("crypto: qat - add handling of errors from ERRSOU2 for QAT GEN4") Signed-off-by: Bairavi Alagappan <bairavix.alagappan@intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit 92c6a707d82f0629debf1c21dd87717776d96af2 ]

The firmware already handles parity errors reported by the accelerators
by clearing them through the corresponding SSMSOFTERRORPARITY register.
To ensure consistent behavior and prevent race conditions between the
driver and firmware, remove the logic that checks the SSMSOFTERRORPARITY
registers.

Additionally, change the return type of the function
adf_handle_rf_parr_err() to void, as it consistently returns false.
Parity errors are recoverable and do not necessitate a device reset.

Fixes: 895f7d532c84 ("crypto: qat - add handling of errors from ERRSOU2 for QAT GEN4")
Signed-off-by: Bairavi Alagappan <bairavix.alagappan@intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: tegra - Fix format specifier in tegra_sha_prep_cmd() 2025-04-10T12:44:25+00:00 Nathan Chancellor nathan@kernel.org 2025-03-13T15:29:31+00:00 70ca29ae174cbaaca3a8c5829dc78fad675b016e [ Upstream commit 795e5bdb0ada2c77ea28611d88f1d5d7ca9b2f4d ] When building for 32-bit targets, for which ssize_t is 'int' instead of 'long', there is a warning due to an incorrect format specifier: In file included from include/linux/printk.h:610, from include/linux/kernel.h:31, from include/linux/clk.h:13, from drivers/crypto/tegra/tegra-se-hash.c:7: drivers/crypto/tegra/tegra-se-hash.c: In function 'tegra_sha_prep_cmd': drivers/crypto/tegra/tegra-se-hash.c:343:26: error: format '%lu' expects argument of type 'long unsigned int', but argument 6 has type 'ssize_t' {aka 'int'} [-Werror=format=] 343 | dev_dbg(se->dev, "msg len %llu msg left %llu sz %lu cfg %#x", | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ... drivers/crypto/tegra/tegra-se-hash.c:343:59: note: format string is defined here 343 | dev_dbg(se->dev, "msg len %llu msg left %llu sz %lu cfg %#x", | ~~^ | | | long unsigned int | %u cc1: all warnings being treated as errors Use '%zd', the proper specifier for ssize_t, to resolve the warning. Fixes: ff4b7df0b511 ("crypto: tegra - Fix HASH intermediate result handling") Signed-off-by: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit 795e5bdb0ada2c77ea28611d88f1d5d7ca9b2f4d ]

When building for 32-bit targets, for which ssize_t is 'int' instead of
'long', there is a warning due to an incorrect format specifier:

  In file included from include/linux/printk.h:610,
                   from include/linux/kernel.h:31,
                   from include/linux/clk.h:13,
                   from drivers/crypto/tegra/tegra-se-hash.c:7:
  drivers/crypto/tegra/tegra-se-hash.c: In function 'tegra_sha_prep_cmd':
  drivers/crypto/tegra/tegra-se-hash.c:343:26: error: format '%lu' expects argument of type 'long unsigned int', but argument 6 has type 'ssize_t' {aka 'int'} [-Werror=format=]
    343 |         dev_dbg(se->dev, "msg len %llu msg left %llu sz %lu cfg %#x",
        |                          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ...
  drivers/crypto/tegra/tegra-se-hash.c:343:59: note: format string is defined here
    343 |         dev_dbg(se->dev, "msg len %llu msg left %llu sz %lu cfg %#x",
        |                                                         ~~^
        |                                                           |
        |                                                           long unsigned int
        |                                                         %u
  cc1: all warnings being treated as errors

Use '%zd', the proper specifier for ssize_t, to resolve the warning.

Fixes: ff4b7df0b511 ("crypto: tegra - Fix HASH intermediate result handling")
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: tegra - Reserve keyslots to allocate dynamically 2025-04-10T12:44:23+00:00 Akhil R akhilrajeev@nvidia.com 2025-02-24T09:16:09+00:00 1460ff6790af45a36e8900c71f2fbebaf1de925c [ Upstream commit b157e7a228aee9b48c2de05129476b822aa7956d ] The HW supports only storing 15 keys at a time. This limits the number of tfms that can work without failutes. Reserve keyslots to solve this and use the reserved ones during the encryption/decryption operation. This allow users to have the capability of hardware protected keys and faster operations if there are limited number of tfms while not halting the operation if there are more tfms. Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver") Signed-off-by: Akhil R <akhilrajeev@nvidia.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit b157e7a228aee9b48c2de05129476b822aa7956d ]

The HW supports only storing 15 keys at a time. This limits the number
of tfms that can work without failutes. Reserve keyslots to solve this
and use the reserved ones during the encryption/decryption operation.
This allow users to have the capability of hardware protected keys
and faster operations if there are limited number of tfms while not
halting the operation if there are more tfms.

Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver")
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: tegra - finalize crypto req on error 2025-04-10T12:44:23+00:00 Akhil R akhilrajeev@nvidia.com 2025-02-24T09:16:03+00:00 3ba914ad4991be67a4ff88ecaa388bafb55de298 [ Upstream commit 1e245948ca0c252f561792fabb45de5518301d97 ] Call the crypto finalize function before exiting *do_one_req() functions. This allows the driver to take up further requests even if the previous one fails. Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver") Signed-off-by: Akhil R <akhilrajeev@nvidia.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Stable-dep-of: b157e7a228ae ("crypto: tegra - Reserve keyslots to allocate dynamically") Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit 1e245948ca0c252f561792fabb45de5518301d97 ]

Call the crypto finalize function before exiting *do_one_req() functions.
This allows the driver to take up further requests even if the previous
one fails.

Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver")
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stable-dep-of: b157e7a228ae ("crypto: tegra - Reserve keyslots to allocate dynamically")
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: tegra - Set IV to NULL explicitly for AES ECB 2025-04-10T12:44:23+00:00 Akhil R akhilrajeev@nvidia.com 2025-02-24T09:16:08+00:00 479cb7954522ea7391c1d31af421dbffce7b5793 [ Upstream commit bde558220866e74f19450e16d9a2472b488dfedf ] It may happen that the variable req->iv may have stale values or zero sized buffer by default and may end up getting used during encryption/decryption. This inturn may corrupt the results or break the operation. Set the req->iv variable to NULL explicitly for algorithms like AES-ECB where IV is not used. Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver") Signed-off-by: Akhil R <akhilrajeev@nvidia.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit bde558220866e74f19450e16d9a2472b488dfedf ]

It may happen that the variable req->iv may have stale values or
zero sized buffer by default and may end up getting used during
encryption/decryption. This inturn may corrupt the results or break the
operation. Set the req->iv variable to NULL explicitly for algorithms
like AES-ECB where IV is not used.

Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver")
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: tegra - Fix CMAC intermediate result handling 2025-04-10T12:44:22+00:00 Akhil R akhilrajeev@nvidia.com 2025-02-24T09:16:07+00:00 e4327d54bcca938f9411394081d1ec87f9e26933 [ Upstream commit ce390d6c2675d2e24d798169a1a0e3cdbc076907 ] Saving and restoring of the intermediate results are needed if there is context switch caused by another ongoing request on the same engine. This is therefore not only to support import/export functionality. Hence, save and restore the intermediate result for every non-first task. Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver") Signed-off-by: Akhil R <akhilrajeev@nvidia.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit ce390d6c2675d2e24d798169a1a0e3cdbc076907 ]

Saving and restoring of the intermediate results are needed if there is
context switch caused by another ongoing request on the same engine.
This is therefore not only to support import/export functionality.
Hence, save and restore the intermediate result for every non-first task.

Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver")
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: hisilicon/sec2 - fix for sec spec check 2025-04-10T12:44:21+00:00 Wenkai Lin linwenkai6@hisilicon.com 2025-02-05T03:56:28+00:00 5dad0063224e0fb34d40862a9fb7c3a918a5642b [ Upstream commit f4f353cb7ae9bb43e34943edb693532a39118eca ] During encryption and decryption, user requests must be checked first, if the specifications that are not supported by the hardware are used, the software computing is used for processing. Fixes: 2f072d75d1ab ("crypto: hisilicon - Add aead support on SEC2") Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com> Signed-off-by: Chenghai Huang <huangchenghai2@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit f4f353cb7ae9bb43e34943edb693532a39118eca ]

During encryption and decryption, user requests
must be checked first, if the specifications that
are not supported by the hardware are used, the
software computing is used for processing.

Fixes: 2f072d75d1ab ("crypto: hisilicon - Add aead support on SEC2")
Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
Signed-off-by: Chenghai Huang <huangchenghai2@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: hisilicon/sec2 - fix for aead authsize alignment 2025-04-10T12:44:21+00:00 Wenkai Lin linwenkai6@hisilicon.com 2025-02-05T03:56:27+00:00 7408c0e04c55f87edcef3a92c1e9f5d3284a7b8a [ Upstream commit a49cc71e219040d771a8c1254879984f98192811 ] The hardware only supports authentication sizes that are 4-byte aligned. Therefore, the driver switches to software computation in this case. Fixes: 2f072d75d1ab ("crypto: hisilicon - Add aead support on SEC2") Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com> Signed-off-by: Chenghai Huang <huangchenghai2@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Stable-dep-of: f4f353cb7ae9 ("crypto: hisilicon/sec2 - fix for sec spec check") Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit a49cc71e219040d771a8c1254879984f98192811 ]

The hardware only supports authentication sizes
that are 4-byte aligned. Therefore, the driver
switches to software computation in this case.

Fixes: 2f072d75d1ab ("crypto: hisilicon - Add aead support on SEC2")
Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
Signed-off-by: Chenghai Huang <huangchenghai2@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stable-dep-of: f4f353cb7ae9 ("crypto: hisilicon/sec2 - fix for sec spec check")
Signed-off-by: Sasha Levin <sashal@kernel.org>