[PATCH] crypto: qat - Don't attempt to register algorithm multiple times
When multiple devices are present in the system the driver attempts to register the same algorithm many times. Signed-off-by: Tadeusz Struk --- drivers/crypto/qat/qat_common/qat_asym_algs.c | 13 ++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c index 557a740..3e3c5c8 100644 --- a/drivers/crypto/qat/qat_common/qat_asym_algs.c +++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c @@ -58,6 +58,8 @@ #include "adf_common_drv.h" #include "qat_crypto.h" +static atomic_t active_devs; + struct qat_rsa_input_params { union { struct { @@ -629,11 +631,16 @@ static struct akcipher_alg rsa = { int qat_asym_algs_register(void) { - rsa.base.cra_flags = 0; - return crypto_register_akcipher(&rsa); + if (atomic_add_return(1, &active_devs) == 1) { + rsa.base.cra_flags = 0; + return crypto_register_akcipher(&rsa); + } + + return 0; } void qat_asym_algs_unregister(void) { - crypto_unregister_akcipher(&rsa); + if (atomic_sub_return(1, &active_devs) == 0) + crypto_unregister_akcipher(&rsa); } -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] crypto: qat - fix invalid check for RSA keylen in fips mode
The condition checking allowed key length was invalid. Reported-by: Dan Carpenter Signed-off-by: Tadeusz Struk --- drivers/crypto/qat/qat_common/qat_asym_algs.c |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c index 13a76a0..557a740 100644 --- a/drivers/crypto/qat/qat_common/qat_asym_algs.c +++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c @@ -443,7 +443,7 @@ int qat_rsa_get_n(void *context, size_t hdrlen, unsigned char tag, ctx->key_sz = vlen; ret = -EINVAL; /* In FIPS mode only allow key size 2K & 3K */ - if (fips_enabled && (ctx->key_sz != 256 || ctx->key_sz != 384)) { + if (fips_enabled && (ctx->key_sz != 256 && ctx->key_sz != 384)) { pr_err("QAT: RSA: key size not allowed in FIPS mode\n"); goto err; } @@ -510,7 +510,7 @@ int qat_rsa_get_d(void *context, size_t hdrlen, unsigned char tag, goto err; /* In FIPS mode only allow key size 2K & 3K */ - if (fips_enabled && (vlen != 256 || vlen != 384)) { + if (fips_enabled && (vlen != 256 && vlen != 384)) { pr_err("QAT: RSA: key size not allowed in FIPS mode\n"); goto err; } -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] crypto: rsa - fix invalid check for keylen in fips mode
The condition checking allowed key length was invalid. Reported-by: Dan Carpenter Signed-off-by: Tadeusz Struk --- crypto/rsa_helper.c |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/rsa_helper.c b/crypto/rsa_helper.c index 3e8e0a9..8d96ce9 100644 --- a/crypto/rsa_helper.c +++ b/crypto/rsa_helper.c @@ -28,7 +28,7 @@ int rsa_get_n(void *context, size_t hdrlen, unsigned char tag, return -ENOMEM; /* In FIPS mode only allow key size 2K & 3K */ - if (fips_enabled && (mpi_get_size(key->n) != 256 || + if (fips_enabled && (mpi_get_size(key->n) != 256 && mpi_get_size(key->n) != 384)) { pr_err("RSA: key size not allowed in FIPS mode\n"); mpi_free(key->n); @@ -62,7 +62,7 @@ int rsa_get_d(void *context, size_t hdrlen, unsigned char tag, return -ENOMEM; /* In FIPS mode only allow key size 2K & 3K */ - if (fips_enabled && (mpi_get_size(key->d) != 256 || + if (fips_enabled && (mpi_get_size(key->d) != 256 && mpi_get_size(key->d) != 384)) { pr_err("RSA: key size not allowed in FIPS mode\n"); mpi_free(key->d); -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: crypto: qat - Add support for RSA algorithm
On Mon, Jul 20, 2015 at 09:13:32AM -0700, Tadeusz Struk wrote: > On 07/20/2015 08:12 AM, Dan Carpenter wrote: > > The patch a990532023b9: "crypto: qat - Add support for RSA algorithm" > > from Jul 15, 2015, leads to the following Smatch warning: > > > > drivers/crypto/qat/qat_common/qat_asym_algs.c:446 qat_rsa_get_n() > > warn: was && intended here instead of ||? > > > > drivers/crypto/qat/qat_common/qat_asym_algs.c > >444 ret = -EINVAL; > >445 /* In FIPS mode only allow key size 2K & 3K */ > >446 if (fips_enabled && (ctx->key_sz != 256 || ctx->key_sz != > > 384)) { > > > > > > > > Looks like the static checker is correct. > > The logic is if fips_enabled we want to accept only key size 2K (256 bytes) > or 3K (384 bytes) > so the condition looks ok to me. Maybe the comment above is misleading? Logically ->key_sz can't be both 256 and 384 at the same time. What you are describing is &&. This seems like an important function, my guess is we have never tested it with fips_enabled? regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: crypto: qat - Add support for RSA algorithm
On 07/20/2015 08:12 AM, Dan Carpenter wrote: > The patch a990532023b9: "crypto: qat - Add support for RSA algorithm" > from Jul 15, 2015, leads to the following Smatch warning: > > drivers/crypto/qat/qat_common/qat_asym_algs.c:446 qat_rsa_get_n() > warn: was && intended here instead of ||? > > drivers/crypto/qat/qat_common/qat_asym_algs.c >444 ret = -EINVAL; >445 /* In FIPS mode only allow key size 2K & 3K */ >446 if (fips_enabled && (ctx->key_sz != 256 || ctx->key_sz != > 384)) { > > > Looks like the static checker is correct. The logic is if fips_enabled we want to accept only key size 2K (256 bytes) or 3K (384 bytes) so the condition looks ok to me. Maybe the comment above is misleading? regards, T -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: crypto: qat - Add support for RSA algorithm
Also: drivers/crypto/qat/qat_common/qat_asym_algs.c:513 qat_rsa_get_d() warn: was && intended here instead of ||? regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
re: crypto: qat - Add support for RSA algorithm
Hello Tadeusz Struk, The patch a990532023b9: "crypto: qat - Add support for RSA algorithm" from Jul 15, 2015, leads to the following Smatch warning: drivers/crypto/qat/qat_common/qat_asym_algs.c:446 qat_rsa_get_n() warn: was && intended here instead of ||? drivers/crypto/qat/qat_common/qat_asym_algs.c 444 ret = -EINVAL; 445 /* In FIPS mode only allow key size 2K & 3K */ 446 if (fips_enabled && (ctx->key_sz != 256 || ctx->key_sz != 384)) { Looks like the static checker is correct. 447 pr_err("QAT: RSA: key size not allowed in FIPS mode\n"); 448 goto err; 449 } 450 /* invalid key size provided */ 451 if (!qat_rsa_enc_fn_id(ctx->key_sz)) 452 goto err; 453 454 ret = -ENOMEM; 455 ctx->n = dma_zalloc_coherent(dev, ctx->key_sz, &ctx->dma_n, GFP_KERNEL); 456 if (!ctx->n) 457 goto err; 458 459 memcpy(ctx->n, ptr, ctx->key_sz); 460 return 0; 461 err: 462 ctx->key_sz = 0; 463 ctx->n = NULL; 464 return ret; 465 } regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v11] crypto: Add Allwinner Security System crypto accelerator
On Mon, Jul 20, 2015 at 10:18:36AM +0200, Maxime Ripard wrote: > On Mon, Jul 20, 2015 at 04:10:50PM +0800, Herbert Xu wrote: > > On Fri, Jul 17, 2015 at 04:39:37PM +0200, LABBE Corentin wrote: > > > Hello > > > > > > This is the driver for the Security System included in Allwinner SoC A20. > > > The Security System (SS for short) is a hardware cryptographic > > > accelerator that > > > support AES/MD5/SHA1/DES/3DES/PRNG algorithms. > > > It could be found on others Allwinner SoC: > > > - A10, A10s, A13, A31 and A33 manual give the same datasheet for SS than > > > A20 > > > - A23 speak about a security system but without precisions > > > - A80 and A83T datasheet speak about a security system with more functions > > > (SHA224/SHA256/RSA/CRC), they will be supported in a separate driver. > > > > All applied. Thanks a lot! > > All applied, DT bits included? Yes. -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v11] crypto: Add Allwinner Security System crypto accelerator
On Mon, Jul 20, 2015 at 04:10:50PM +0800, Herbert Xu wrote: > On Fri, Jul 17, 2015 at 04:39:37PM +0200, LABBE Corentin wrote: > > Hello > > > > This is the driver for the Security System included in Allwinner SoC A20. > > The Security System (SS for short) is a hardware cryptographic accelerator > > that > > support AES/MD5/SHA1/DES/3DES/PRNG algorithms. > > It could be found on others Allwinner SoC: > > - A10, A10s, A13, A31 and A33 manual give the same datasheet for SS than A20 > > - A23 speak about a security system but without precisions > > - A80 and A83T datasheet speak about a security system with more functions > > (SHA224/SHA256/RSA/CRC), they will be supported in a separate driver. > > All applied. Thanks a lot! All applied, DT bits included? Maxime -- Maxime Ripard, Free Electrons Embedded Linux, Kernel and Android engineering http://free-electrons.com signature.asc Description: Digital signature
Re: [PATCH v11] crypto: Add Allwinner Security System crypto accelerator
On Fri, Jul 17, 2015 at 04:39:37PM +0200, LABBE Corentin wrote: > Hello > > This is the driver for the Security System included in Allwinner SoC A20. > The Security System (SS for short) is a hardware cryptographic accelerator > that > support AES/MD5/SHA1/DES/3DES/PRNG algorithms. > It could be found on others Allwinner SoC: > - A10, A10s, A13, A31 and A33 manual give the same datasheet for SS than A20 > - A23 speak about a security system but without precisions > - A80 and A83T datasheet speak about a security system with more functions > (SHA224/SHA256/RSA/CRC), they will be supported in a separate driver. All applied. Thanks a lot! -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 1/4] crypto: caam - fix ERA property reading
On Fri, Jul 17, 2015 at 04:54:51PM +0300, Horia Geantă wrote: > From: Alex Porosanu > > In order to ensure that the ERA property is properly read from DT > on all platforms, of_property_read* function needs to be used. > > Signed-off-by: Alex Porosanu > Signed-off-by: Horia Geantă All applied. -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html