17 files changed, 157 insertions, 196 deletions
diff --git a/arch/arm/crypto/aes-ce-glue.c b/arch/arm/crypto/aes-ce-glue.c
index da3c0428507b..aef022a87c53 100644
--- a/arch/arm/crypto/aes-ce-glue.c
+++ b/arch/arm/crypto/aes-ce-glue.c
@@ -284,7 +284,7 @@ static int ctr_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
                err = blkcipher_walk_done(desc, &walk,
                                          walk.nbytes % AES_BLOCK_SIZE);
        }
-        if (nbytes) {
+        if (walk.nbytes % AES_BLOCK_SIZE) {
                u8 *tdst = walk.dst.virt.addr + blocks * AES_BLOCK_SIZE;
                u8 *tsrc = walk.src.virt.addr + blocks * AES_BLOCK_SIZE;
                u8 __aligned(8) tail[AES_BLOCK_SIZE];
diff --git a/arch/arm64/crypto/aes-glue.c b/arch/arm64/crypto/aes-glue.c
index 5c888049d061..6b2aa0fd6cd0 100644
--- a/arch/arm64/crypto/aes-glue.c
+++ b/arch/arm64/crypto/aes-glue.c
@@ -216,7 +216,7 @@ static int ctr_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
                err = blkcipher_walk_done(desc, &walk,
                                          walk.nbytes % AES_BLOCK_SIZE);
        }
-        if (nbytes) {
+        if (walk.nbytes % AES_BLOCK_SIZE) {
                u8 *tdst = walk.dst.virt.addr + blocks * AES_BLOCK_SIZE;
                u8 *tsrc = walk.src.virt.addr + blocks * AES_BLOCK_SIZE;
                u8 __aligned(8) tail[AES_BLOCK_SIZE];
diff --git a/arch/x86/crypto/sha256-mb/sha256_mb.c b/arch/x86/crypto/sha256-mb/sha256_mb.c
index 89fa85e8b10c..6f97fb33ae21 100644
--- a/arch/x86/crypto/sha256-mb/sha256_mb.c
+++ b/arch/x86/crypto/sha256-mb/sha256_mb.c
@@ -485,10 +485,10 @@ static int sha_complete_job(struct mcryptd_hash_request_ctx *rctx,
                        req = cast_mcryptd_ctx_to_req(req_ctx);
                        if (irqs_disabled())
-                                rctx->complete(&req->base, ret);
+                                req_ctx->complete(&req->base, ret);
                        else {
                                local_bh_disable();
-                                rctx->complete(&req->base, ret);
+                                req_ctx->complete(&req->base, ret);
                                local_bh_enable();
                        }
                }
diff --git a/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S b/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S
index b691da981cd9..a78a0694ddef 100644
--- a/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S
+++ b/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S
@@ -265,13 +265,14 @@ ENTRY(sha256_mb_mgr_get_comp_job_avx2)
        vpinsrd $1, _args_digest+1*32(state, idx, 4), %xmm0, %xmm0
        vpinsrd $2, _args_digest+2*32(state, idx, 4), %xmm0, %xmm0
        vpinsrd $3, _args_digest+3*32(state, idx, 4), %xmm0, %xmm0
-        movl    _args_digest+4*32(state, idx, 4), tmp2_w
+        vmovd   _args_digest(state , idx, 4) , %xmm0
        vpinsrd $1, _args_digest+5*32(state, idx, 4), %xmm1, %xmm1
        vpinsrd $2, _args_digest+6*32(state, idx, 4), %xmm1, %xmm1
        vpinsrd $3, _args_digest+7*32(state, idx, 4), %xmm1, %xmm1
-        vmovdqu %xmm0, _result_digest(job_rax)
+        vmovdqu %xmm0, _result_digest(job_rax)
-        movl    tmp2_w, _result_digest+1*16(job_rax)
+        offset =  (_result_digest + 1*16)
+        vmovdqu %xmm1, offset(job_rax)
        pop     %rbx
diff --git a/arch/x86/crypto/sha512-mb/sha512_mb.c b/arch/x86/crypto/sha512-mb/sha512_mb.c
index f4cf5b78fd36..d210174a52b0 100644
--- a/arch/x86/crypto/sha512-mb/sha512_mb.c
+++ b/arch/x86/crypto/sha512-mb/sha512_mb.c
@@ -497,10 +497,10 @@ static int sha_complete_job(struct mcryptd_hash_request_ctx *rctx,
                        req = cast_mcryptd_ctx_to_req(req_ctx);
                        if (irqs_disabled())
-                                rctx->complete(&req->base, ret);
+                                req_ctx->complete(&req->base, ret);
                        else {
                                local_bh_disable();
-                                rctx->complete(&req->base, ret);
+                                req_ctx->complete(&req->base, ret);
                                local_bh_enable();
                        }
                }
diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
index 369999530108..a832426820e8 100644
--- a/crypto/blkcipher.c
+++ b/crypto/blkcipher.c
@@ -233,6 +233,8 @@ static int blkcipher_walk_next(struct blkcipher_desc *desc,
                return blkcipher_walk_done(desc, walk, -EINVAL);
        }
+        bsize = min(walk->walk_blocksize, n);
        walk->flags &= ~(BLKCIPHER_WALK_SLOW | BLKCIPHER_WALK_COPY |
                         BLKCIPHER_WALK_DIFF);
        if (!scatterwalk_aligned(&walk->in, walk->alignmask) ||
@@ -245,7 +247,6 @@ static int blkcipher_walk_next(struct blkcipher_desc *desc,
                }
        }
-        bsize = min(walk->walk_blocksize, n);
        n = scatterwalk_clamp(&walk->in, n);
        n = scatterwalk_clamp(&walk->out, n);
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index cf8037a87b2d..0c654e59f215 100644
--- a/crypto/cryptd.c
+++ b/crypto/cryptd.c
@@ -631,9 +631,14 @@ static int cryptd_hash_export(struct ahash_request *req, void *out)
 static int cryptd_hash_import(struct ahash_request *req, const void *in)
 {
-        struct cryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
+        struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+        struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(tfm);
+        struct shash_desc *desc = cryptd_shash_desc(req);
+        desc->tfm = ctx->child;
+        desc->flags = req->base.flags;
-        return crypto_shash_import(&rctx->desc, in);
+        return crypto_shash_import(desc, in);
 }
 static int cryptd_create_hash(struct crypto_template *tmpl, struct rtattr **tb,
@@ -733,13 +738,14 @@ static void cryptd_aead_crypt(struct aead_request *req,
        rctx = aead_request_ctx(req);
        compl = rctx->complete;
+        tfm = crypto_aead_reqtfm(req);
        if (unlikely(err == -EINPROGRESS))
                goto out;
        aead_request_set_tfm(req, child);
        err = crypt( req );
 out:
-        tfm = crypto_aead_reqtfm(req);
        ctx = crypto_aead_ctx(tfm);
        refcnt = atomic_read(&ctx->refcnt);
diff --git a/crypto/echainiv.c b/crypto/echainiv.c
index 1b01fe98e91f..e3d889b122e0 100644
--- a/crypto/echainiv.c
+++ b/crypto/echainiv.c
@@ -1,8 +1,8 @@
 /*
 * echainiv: Encrypted Chain IV Generator
 *
- * This generator generates an IV based on a sequence number by xoring it
+ * This generator generates an IV based on a sequence number by multiplying
- * with a salt and then encrypting it with the same key as used to encrypt
+ * it with a salt and then encrypting it with the same key as used to encrypt
 * the plain text.  This algorithm requires that the block size be equal
 * to the IV size.  It is mainly useful for CBC.
 *
@@ -24,81 +24,17 @@
 #include <linux/err.h>
 #include <linux/init.h>
 #include <linux/kernel.h>
-#include <linux/mm.h>
 #include <linux/module.h>
-#include <linux/percpu.h>
+#include <linux/slab.h>
-#include <linux/spinlock.h>
 #include <linux/string.h>
-#define MAX_IV_SIZE 16
-static DEFINE_PER_CPU(u32 [MAX_IV_SIZE / sizeof(u32)], echainiv_iv);
-/* We don't care if we get preempted and read/write IVs from the next CPU. */
-static void echainiv_read_iv(u8 *dst, unsigned size)
-{
-        u32 *a = (u32 *)dst;
-        u32 __percpu *b = echainiv_iv;
-        for (; size >= 4; size -= 4) {
-                *a++ = this_cpu_read(*b);
-                b++;
-        }
-}
-static void echainiv_write_iv(const u8 *src, unsigned size)
-{
-        const u32 *a = (const u32 *)src;
-        u32 __percpu *b = echainiv_iv;
-        for (; size >= 4; size -= 4) {
-                this_cpu_write(*b, *a);
-                a++;
-                b++;
-        }
-}
-static void echainiv_encrypt_complete2(struct aead_request *req, int err)
-{
-        struct aead_request *subreq = aead_request_ctx(req);
-        struct crypto_aead *geniv;
-        unsigned int ivsize;
-        if (err == -EINPROGRESS)
-                return;
-        if (err)
-                goto out;
-        geniv = crypto_aead_reqtfm(req);
-        ivsize = crypto_aead_ivsize(geniv);
-        echainiv_write_iv(subreq->iv, ivsize);
-        if (req->iv != subreq->iv)
-                memcpy(req->iv, subreq->iv, ivsize);
-out:
-        if (req->iv != subreq->iv)
-                kzfree(subreq->iv);
-}
-static void echainiv_encrypt_complete(struct crypto_async_request *base,
-                                         int err)
-{
-        struct aead_request *req = base->data;
-        echainiv_encrypt_complete2(req, err);
-        aead_request_complete(req, err);
-}
 static int echainiv_encrypt(struct aead_request *req)
 {
        struct crypto_aead *geniv = crypto_aead_reqtfm(req);
        struct aead_geniv_ctx *ctx = crypto_aead_ctx(geniv);
        struct aead_request *subreq = aead_request_ctx(req);
-        crypto_completion_t compl;
+        __be64 nseqno;
-        void *data;
+        u64 seqno;
        u8 *info;
        unsigned int ivsize = crypto_aead_ivsize(geniv);
        int err;
@@ -108,8 +44,6 @@ static int echainiv_encrypt(struct aead_request *req)
        aead_request_set_tfm(subreq, ctx->child);
-        compl = echainiv_encrypt_complete;
-        data = req;
        info = req->iv;
        if (req->src != req->dst) {
@@ -127,29 +61,30 @@ static int echainiv_encrypt(struct aead_request *req)
                        return err;
        }
-        if (unlikely(!IS_ALIGNED((unsigned long)info,
+        aead_request_set_callback(subreq, req->base.flags,
-                                 crypto_aead_alignmask(geniv) + 1))) {
+                                  req->base.complete, req->base.data);
-                info = kmalloc(ivsize, req->base.flags &
-                                       CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL:
-                                                                  GFP_ATOMIC);
-                if (!info)
-                        return -ENOMEM;
-                memcpy(info, req->iv, ivsize);
-        }
-        aead_request_set_callback(subreq, req->base.flags, compl, data);
        aead_request_set_crypt(subreq, req->dst, req->dst,
                               req->cryptlen, info);
        aead_request_set_ad(subreq, req->assoclen);
-        crypto_xor(info, ctx->salt, ivsize);
+        memcpy(&nseqno, info + ivsize - 8, 8);
+        seqno = be64_to_cpu(nseqno);
+        memset(info, 0, ivsize);
        scatterwalk_map_and_copy(info, req->dst, req->assoclen, ivsize, 1);
-        echainiv_read_iv(info, ivsize);
-        err = crypto_aead_encrypt(subreq);
+        do {
-        echainiv_encrypt_complete2(req, err);
+                u64 a;
-        return err;
+                memcpy(&a, ctx->salt + ivsize - 8, 8);
+                a |= 1;
+                a *= seqno;
+                memcpy(info + ivsize - 8, &a, 8);
+        } while ((ivsize -= 8));
+        return crypto_aead_encrypt(subreq);
 }
 static int echainiv_decrypt(struct aead_request *req)
@@ -196,8 +131,7 @@ static int echainiv_aead_create(struct crypto_template *tmpl,
        alg = crypto_spawn_aead_alg(spawn);
        err = -EINVAL;
-        if (inst->alg.ivsize & (sizeof(u32) - 1) ||
+        if (inst->alg.ivsize & (sizeof(u64) - 1) || !inst->alg.ivsize)
-            inst->alg.ivsize > MAX_IV_SIZE)
                goto free_inst;
        inst->alg.encrypt = echainiv_encrypt;
@@ -206,7 +140,6 @@ static int echainiv_aead_create(struct crypto_template *tmpl,
        inst->alg.init = aead_init_geniv;
        inst->alg.exit = aead_exit_geniv;
-        inst->alg.base.cra_alignmask |= __alignof__(u32) - 1;
        inst->alg.base.cra_ctxsize = sizeof(struct aead_geniv_ctx);
        inst->alg.base.cra_ctxsize += inst->alg.ivsize;
diff --git a/crypto/ghash-generic.c b/crypto/ghash-generic.c
index bac70995e064..12ad3e3a84e3 100644
--- a/crypto/ghash-generic.c
+++ b/crypto/ghash-generic.c
@@ -14,24 +14,13 @@
 #include <crypto/algapi.h>
 #include <crypto/gf128mul.h>
+#include <crypto/ghash.h>
 #include <crypto/internal/hash.h>
 #include <linux/crypto.h>
 #include <linux/init.h>
 #include <linux/kernel.h>
 #include <linux/module.h>
-#define GHASH_BLOCK_SIZE        16
-#define GHASH_DIGEST_SIZE       16
-struct ghash_ctx {
-        struct gf128mul_4k *gf128;
-};
-struct ghash_desc_ctx {
-        u8 buffer[GHASH_BLOCK_SIZE];
-        u32 bytes;
-};
 static int ghash_init(struct shash_desc *desc)
 {
        struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c
index 877019a6d3ea..8baab4307f7b 100644
--- a/crypto/rsa-pkcs1pad.c
+++ b/crypto/rsa-pkcs1pad.c
@@ -298,41 +298,48 @@ static int pkcs1pad_decrypt_complete(struct akcipher_request *req, int err)
        struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
        struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
        struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
+        unsigned int dst_len;
        unsigned int pos;
+        u8 *out_buf;
-        if (err == -EOVERFLOW)
-                /* Decrypted value had no leading 0 byte */
-                err = -EINVAL;
        if (err)
                goto done;
-        if (req_ctx->child_req.dst_len != ctx->key_size - 1) {
+        err = -EINVAL;
-                err = -EINVAL;
+        dst_len = req_ctx->child_req.dst_len;
+        if (dst_len < ctx->key_size - 1)
                goto done;
+        out_buf = req_ctx->out_buf;
+        if (dst_len == ctx->key_size) {
+                if (out_buf[0] != 0x00)
+                        /* Decrypted value had no leading 0 byte */
+                        goto done;
+                dst_len--;
+                out_buf++;
        }
-        if (req_ctx->out_buf[0] != 0x02) {
+        if (out_buf[0] != 0x02)
-                err = -EINVAL;
                goto done;
-        }
-        for (pos = 1; pos < req_ctx->child_req.dst_len; pos++)
+        for (pos = 1; pos < dst_len; pos++)
-                if (req_ctx->out_buf[pos] == 0x00)
+                if (out_buf[pos] == 0x00)
                        break;
-        if (pos < 9 || pos == req_ctx->child_req.dst_len) {
+        if (pos < 9 || pos == dst_len)
-                err = -EINVAL;
                goto done;
-        }
        pos++;
-        if (req->dst_len < req_ctx->child_req.dst_len - pos)
+        err = 0;
+        if (req->dst_len < dst_len - pos)
                err = -EOVERFLOW;
-        req->dst_len = req_ctx->child_req.dst_len - pos;
+        req->dst_len = dst_len - pos;
        if (!err)
                sg_copy_from_buffer(req->dst,
                                sg_nents_for_len(req->dst, req->dst_len),
-                                req_ctx->out_buf + pos, req->dst_len);
+                                out_buf + pos, req->dst_len);
 done:
        kzfree(req_ctx->out_buf);
diff --git a/drivers/char/hw_random/Kconfig b/drivers/char/hw_random/Kconfig
index fb9c7adfdb3a..200dab5136a7 100644
--- a/drivers/char/hw_random/Kconfig
+++ b/drivers/char/hw_random/Kconfig
@@ -244,7 +244,7 @@ config HW_RANDOM_TX4939
 config HW_RANDOM_MXC_RNGA
        tristate "Freescale i.MX RNGA Random Number Generator"
-        depends on ARCH_HAS_RNGA
+        depends on SOC_IMX31
        default HW_RANDOM
        ---help---
          This driver provides kernel-side support for the Random Number
diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c
index eb97562414d2..156aad167cd6 100644
--- a/drivers/crypto/caam/caamalg.c
+++ b/drivers/crypto/caam/caamalg.c
@@ -592,7 +592,10 @@ skip_enc:
        /* Read and write assoclen bytes */
        append_math_add(desc, VARSEQINLEN, ZERO, REG3, CAAM_CMD_SZ);
-        append_math_add(desc, VARSEQOUTLEN, ZERO, REG3, CAAM_CMD_SZ);
+        if (alg->caam.geniv)
+                append_math_add_imm_u32(desc, VARSEQOUTLEN, REG3, IMM, ivsize);
+        else
+                append_math_add(desc, VARSEQOUTLEN, ZERO, REG3, CAAM_CMD_SZ);
        /* Skip assoc data */
        append_seq_fifo_store(desc, 0, FIFOST_TYPE_SKIP | FIFOLDST_VLF);
@@ -601,6 +604,14 @@ skip_enc:
        append_seq_fifo_load(desc, 0, FIFOLD_CLASS_CLASS2 | FIFOLD_TYPE_MSG |
                             KEY_VLF);
+        if (alg->caam.geniv) {
+                append_seq_load(desc, ivsize, LDST_CLASS_1_CCB |
+                                LDST_SRCDST_BYTE_CONTEXT |
+                                (ctx1_iv_off << LDST_OFFSET_SHIFT));
+                append_move(desc, MOVE_SRC_CLASS1CTX | MOVE_DEST_CLASS2INFIFO |
+                            (ctx1_iv_off << MOVE_OFFSET_SHIFT) | ivsize);
+        }
        /* Load Counter into CONTEXT1 reg */
        if (is_rfc3686)
                append_load_imm_be32(desc, 1, LDST_IMM | LDST_CLASS_1_CCB |
@@ -2184,7 +2195,7 @@ static void init_authenc_job(struct aead_request *req,
        init_aead_job(req, edesc, all_contig, encrypt);
-        if (ivsize && (is_rfc3686 || !(alg->caam.geniv && encrypt)))
+        if (ivsize && ((is_rfc3686 && encrypt) || !alg->caam.geniv))
                append_load_as_imm(desc, req->iv, ivsize,
                                   LDST_CLASS_1_CCB |
                                   LDST_SRCDST_BYTE_CONTEXT |
@@ -2578,20 +2589,6 @@ static int aead_decrypt(struct aead_request *req)
        return ret;
 }
-static int aead_givdecrypt(struct aead_request *req)
-{
-        struct crypto_aead *aead = crypto_aead_reqtfm(req);
-        unsigned int ivsize = crypto_aead_ivsize(aead);
-        if (req->cryptlen < ivsize)
-                return -EINVAL;
-        req->cryptlen -= ivsize;
-        req->assoclen += ivsize;
-        return aead_decrypt(req);
-}
 /*
 * allocate and map the ablkcipher extended descriptor for ablkcipher
 */
@@ -3251,7 +3248,7 @@ static struct caam_aead_alg driver_aeads[] = {
                        .setkey = aead_setkey,
                        .setauthsize = aead_setauthsize,
                        .encrypt = aead_encrypt,
-                        .decrypt = aead_givdecrypt,
+                        .decrypt = aead_decrypt,
                        .ivsize = AES_BLOCK_SIZE,
                        .maxauthsize = MD5_DIGEST_SIZE,
                },
@@ -3297,7 +3294,7 @@ static struct caam_aead_alg driver_aeads[] = {
                        .setkey = aead_setkey,
                        .setauthsize = aead_setauthsize,
                        .encrypt = aead_encrypt,
-                        .decrypt = aead_givdecrypt,
+                        .decrypt = aead_decrypt,
                        .ivsize = AES_BLOCK_SIZE,
                        .maxauthsize = SHA1_DIGEST_SIZE,
                },
@@ -3343,7 +3340,7 @@ static struct caam_aead_alg driver_aeads[] = {
                        .setkey = aead_setkey,
                        .setauthsize = aead_setauthsize,
                        .encrypt = aead_encrypt,
-                        .decrypt = aead_givdecrypt,
+                        .decrypt = aead_decrypt,
                        .ivsize = AES_BLOCK_SIZE,
                        .maxauthsize = SHA224_DIGEST_SIZE,
                },
@@ -3389,7 +3386,7 @@ static struct caam_aead_alg driver_aeads[] = {
                        .setkey = aead_setkey,
                        .setauthsize = aead_setauthsize,
                        .encrypt = aead_encrypt,
-                        .decrypt = aead_givdecrypt,
+                        .decrypt = aead_decrypt,
                        .ivsize = AES_BLOCK_SIZE,
                        .maxauthsize = SHA256_DIGEST_SIZE,
                },
@@ -3435,7 +3432,7 @@ static struct caam_aead_alg driver_aeads[] = {
                        .setkey = aead_setkey,
                        .setauthsize = aead_setauthsize,
                        .encrypt = aead_encrypt,
-                        .decrypt = aead_givdecrypt,
+                        .decrypt = aead_decrypt,
                        .ivsize = AES_BLOCK_SIZE,
                        .maxauthsize = SHA384_DIGEST_SIZE,
                },
@@ -3481,7 +3478,7 @@ static struct caam_aead_alg driver_aeads[] = {
                        .setkey = aead_setkey,
                        .setauthsize = aead_setauthsize,
                        .encrypt = aead_encrypt,
-                        .decrypt = aead_givdecrypt,
+                        .decrypt = aead_decrypt,
                        .ivsize = AES_BLOCK_SIZE,
                        .maxauthsize = SHA512_DIGEST_SIZE,
                },
@@ -3527,7 +3524,7 @@ static struct caam_aead_alg driver_aeads[] = {
                        .setkey = aead_setkey,
                        .setauthsize = aead_setauthsize,
                        .encrypt = aead_encrypt,
-                        .decrypt = aead_givdecrypt,
+                        .decrypt = aead_decrypt,
                        .ivsize = DES3_EDE_BLOCK_SIZE,
                        .maxauthsize = MD5_DIGEST_SIZE,
                },
@@ -3575,7 +3572,7 @@ static struct caam_aead_alg driver_aeads[] = {
                        .setkey = aead_setkey,
                        .setauthsize = aead_setauthsize,
                        .encrypt = aead_encrypt,
-                        .decrypt = aead_givdecrypt,
+                        .decrypt = aead_decrypt,
                        .ivsize = DES3_EDE_BLOCK_SIZE,
                        .maxauthsize = SHA1_DIGEST_SIZE,
                },
@@ -3623,7 +3620,7 @@ static struct caam_aead_alg driver_aeads[] = {
                        .setkey = aead_setkey,
                        .setauthsize = aead_setauthsize,
                        .encrypt = aead_encrypt,
-                        .decrypt = aead_givdecrypt,
+                        .decrypt = aead_decrypt,
                        .ivsize = DES3_EDE_BLOCK_SIZE,
                        .maxauthsize = SHA224_DIGEST_SIZE,
                },
@@ -3671,7 +3668,7 @@ static struct caam_aead_alg driver_aeads[] = {
                        .setkey = aead_setkey,
                        .setauthsize = aead_setauthsize,
                        .encrypt = aead_encrypt,
-                        .decrypt = aead_givdecrypt,
+                        .decrypt = aead_decrypt,
                        .ivsize = DES3_EDE_BLOCK_SIZE,
                        .maxauthsize = SHA256_DIGEST_SIZE,
                },
@@ -3719,7 +3716,7 @@ static struct caam_aead_alg driver_aeads[] = {
                        .setkey = aead_setkey,
                        .setauthsize = aead_setauthsize,
                        .encrypt = aead_encrypt,
-                        .decrypt = aead_givdecrypt,
+                        .decrypt = aead_decrypt,
                        .ivsize = DES3_EDE_BLOCK_SIZE,
                        .maxauthsize = SHA384_DIGEST_SIZE,
                },
@@ -3767,7 +3764,7 @@ static struct caam_aead_alg driver_aeads[] = {
                        .setkey = aead_setkey,
                        .setauthsize = aead_setauthsize,
                        .encrypt = aead_encrypt,
-                        .decrypt = aead_givdecrypt,
+                        .decrypt = aead_decrypt,
                        .ivsize = DES3_EDE_BLOCK_SIZE,
                        .maxauthsize = SHA512_DIGEST_SIZE,
                },
@@ -3813,7 +3810,7 @@ static struct caam_aead_alg driver_aeads[] = {
                        .setkey = aead_setkey,
                        .setauthsize = aead_setauthsize,
                        .encrypt = aead_encrypt,
-                        .decrypt = aead_givdecrypt,
+                        .decrypt = aead_decrypt,
                        .ivsize = DES_BLOCK_SIZE,
                        .maxauthsize = MD5_DIGEST_SIZE,
                },
@@ -3859,7 +3856,7 @@ static struct caam_aead_alg driver_aeads[] = {
                        .setkey = aead_setkey,
                        .setauthsize = aead_setauthsize,
                        .encrypt = aead_encrypt,
-                        .decrypt = aead_givdecrypt,
+                        .decrypt = aead_decrypt,
                        .ivsize = DES_BLOCK_SIZE,
                        .maxauthsize = SHA1_DIGEST_SIZE,
                },
@@ -3905,7 +3902,7 @@ static struct caam_aead_alg driver_aeads[] = {
                        .setkey = aead_setkey,
                        .setauthsize = aead_setauthsize,
                        .encrypt = aead_encrypt,
-                        .decrypt = aead_givdecrypt,
+                        .decrypt = aead_decrypt,
                        .ivsize = DES_BLOCK_SIZE,
                        .maxauthsize = SHA224_DIGEST_SIZE,
                },
@@ -3951,7 +3948,7 @@ static struct caam_aead_alg driver_aeads[] = {
                        .setkey = aead_setkey,
                        .setauthsize = aead_setauthsize,
                        .encrypt = aead_encrypt,
-                        .decrypt = aead_givdecrypt,
+                        .decrypt = aead_decrypt,
                        .ivsize = DES_BLOCK_SIZE,
                        .maxauthsize = SHA256_DIGEST_SIZE,
                },
@@ -3997,7 +3994,7 @@ static struct caam_aead_alg driver_aeads[] = {
                        .setkey = aead_setkey,
                        .setauthsize = aead_setauthsize,
                        .encrypt = aead_encrypt,
-                        .decrypt = aead_givdecrypt,
+                        .decrypt = aead_decrypt,
                        .ivsize = DES_BLOCK_SIZE,
                        .maxauthsize = SHA384_DIGEST_SIZE,
                },
@@ -4043,7 +4040,7 @@ static struct caam_aead_alg driver_aeads[] = {
                        .setkey = aead_setkey,
                        .setauthsize = aead_setauthsize,
                        .encrypt = aead_encrypt,
-                        .decrypt = aead_givdecrypt,
+                        .decrypt = aead_decrypt,
                        .ivsize = DES_BLOCK_SIZE,
                        .maxauthsize = SHA512_DIGEST_SIZE,
                },
@@ -4092,7 +4089,7 @@ static struct caam_aead_alg driver_aeads[] = {
                        .setkey = aead_setkey,
                        .setauthsize = aead_setauthsize,
                        .encrypt = aead_encrypt,
-                        .decrypt = aead_givdecrypt,
+                        .decrypt = aead_decrypt,
                        .ivsize = CTR_RFC3686_IV_SIZE,
                        .maxauthsize = MD5_DIGEST_SIZE,
                },
@@ -4143,7 +4140,7 @@ static struct caam_aead_alg driver_aeads[] = {
                        .setkey = aead_setkey,
                        .setauthsize = aead_setauthsize,
                        .encrypt = aead_encrypt,
-                        .decrypt = aead_givdecrypt,
+                        .decrypt = aead_decrypt,
                        .ivsize = CTR_RFC3686_IV_SIZE,
                        .maxauthsize = SHA1_DIGEST_SIZE,
                },
@@ -4194,7 +4191,7 @@ static struct caam_aead_alg driver_aeads[] = {
                        .setkey = aead_setkey,
                        .setauthsize = aead_setauthsize,
                        .encrypt = aead_encrypt,
-                        .decrypt = aead_givdecrypt,
+                        .decrypt = aead_decrypt,
                        .ivsize = CTR_RFC3686_IV_SIZE,
                        .maxauthsize = SHA224_DIGEST_SIZE,
                },
@@ -4245,7 +4242,7 @@ static struct caam_aead_alg driver_aeads[] = {
                        .setkey = aead_setkey,
                        .setauthsize = aead_setauthsize,
                        .encrypt = aead_encrypt,
-                        .decrypt = aead_givdecrypt,
+                        .decrypt = aead_decrypt,
                        .ivsize = CTR_RFC3686_IV_SIZE,
                        .maxauthsize = SHA256_DIGEST_SIZE,
                },
@@ -4296,7 +4293,7 @@ static struct caam_aead_alg driver_aeads[] = {
                        .setkey = aead_setkey,
                        .setauthsize = aead_setauthsize,
                        .encrypt = aead_encrypt,
-                        .decrypt = aead_givdecrypt,
+                        .decrypt = aead_decrypt,
                        .ivsize = CTR_RFC3686_IV_SIZE,
                        .maxauthsize = SHA384_DIGEST_SIZE,
                },
@@ -4347,7 +4344,7 @@ static struct caam_aead_alg driver_aeads[] = {
                        .setkey = aead_setkey,
                        .setauthsize = aead_setauthsize,
                        .encrypt = aead_encrypt,
-                        .decrypt = aead_givdecrypt,
+                        .decrypt = aead_decrypt,
                        .ivsize = CTR_RFC3686_IV_SIZE,
                        .maxauthsize = SHA512_DIGEST_SIZE,
                },
diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c
index 769148dbaeb3..20f35df8a01f 100644
--- a/drivers/crypto/qat/qat_common/qat_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_algs.c
@@ -1260,8 +1260,8 @@ static struct crypto_alg qat_algs[] = { {
                        .setkey = qat_alg_ablkcipher_xts_setkey,
                        .decrypt = qat_alg_ablkcipher_decrypt,
                        .encrypt = qat_alg_ablkcipher_encrypt,
-                        .min_keysize = AES_MIN_KEY_SIZE,
+                        .min_keysize = 2 * AES_MIN_KEY_SIZE,
-                        .max_keysize = AES_MAX_KEY_SIZE,
+                        .max_keysize = 2 * AES_MAX_KEY_SIZE,
                        .ivsize = AES_BLOCK_SIZE,
                },
        },
diff --git a/drivers/crypto/vmx/aes_xts.c b/drivers/crypto/vmx/aes_xts.c
index cfb25413917c..24353ec336c5 100644
--- a/drivers/crypto/vmx/aes_xts.c
+++ b/drivers/crypto/vmx/aes_xts.c
@@ -129,8 +129,8 @@ static int p8_aes_xts_crypt(struct blkcipher_desc *desc,
                blkcipher_walk_init(&walk, dst, src, nbytes);
-                iv = (u8 *)walk.iv;
                ret = blkcipher_walk_virt(desc, &walk);
+                iv = walk.iv;
                memset(tweak, 0, AES_BLOCK_SIZE);
                aes_p8_encrypt(iv, tweak, &ctx->tweak_key);
diff --git a/drivers/crypto/vmx/ghash.c b/drivers/crypto/vmx/ghash.c
index 6c999cb01b80..27a94a119009 100644
--- a/drivers/crypto/vmx/ghash.c
+++ b/drivers/crypto/vmx/ghash.c
@@ -26,16 +26,13 @@
 #include <linux/hardirq.h>
 #include <asm/switch_to.h>
 #include <crypto/aes.h>
+#include <crypto/ghash.h>
 #include <crypto/scatterwalk.h>
 #include <crypto/internal/hash.h>
 #include <crypto/b128ops.h>
 #define IN_INTERRUPT in_interrupt()
-#define GHASH_BLOCK_SIZE (16)
-#define GHASH_DIGEST_SIZE (16)
-#define GHASH_KEY_LEN (16)
 void gcm_init_p8(u128 htable[16], const u64 Xi[2]);
 void gcm_gmult_p8(u64 Xi[2], const u128 htable[16]);
 void gcm_ghash_p8(u64 Xi[2], const u128 htable[16],
@@ -55,16 +52,11 @@ struct p8_ghash_desc_ctx {
 static int p8_ghash_init_tfm(struct crypto_tfm *tfm)
 {
-        const char *alg;
+        const char *alg = "ghash-generic";
        struct crypto_shash *fallback;
        struct crypto_shash *shash_tfm = __crypto_shash_cast(tfm);
        struct p8_ghash_ctx *ctx = crypto_tfm_ctx(tfm);
-        if (!(alg = crypto_tfm_alg_name(tfm))) {
-                printk(KERN_ERR "Failed to get algorithm name.\n");
-                return -ENOENT;
-        }
        fallback = crypto_alloc_shash(alg, 0, CRYPTO_ALG_NEED_FALLBACK);
        if (IS_ERR(fallback)) {
                printk(KERN_ERR
@@ -78,10 +70,18 @@ static int p8_ghash_init_tfm(struct crypto_tfm *tfm)
        crypto_shash_set_flags(fallback,
                               crypto_shash_get_flags((struct crypto_shash
                                                       *) tfm));
-        ctx->fallback = fallback;
-        shash_tfm->descsize = sizeof(struct p8_ghash_desc_ctx)
+        /* Check if the descsize defined in the algorithm is still enough. */
-            + crypto_shash_descsize(fallback);
+        if (shash_tfm->descsize < sizeof(struct p8_ghash_desc_ctx)
+            + crypto_shash_descsize(fallback)) {
+                printk(KERN_ERR
+                       "Desc size of the fallback implementation (%s) does not match the expected value: %lu vs %u\n",
+                       alg,
+                       shash_tfm->descsize - sizeof(struct p8_ghash_desc_ctx),
+                       crypto_shash_descsize(fallback));
+                return -EINVAL;
+        }
+        ctx->fallback = fallback;
        return 0;
 }
@@ -113,7 +113,7 @@ static int p8_ghash_setkey(struct crypto_shash *tfm, const u8 *key,
 {
        struct p8_ghash_ctx *ctx = crypto_tfm_ctx(crypto_shash_tfm(tfm));
-        if (keylen != GHASH_KEY_LEN)
+        if (keylen != GHASH_BLOCK_SIZE)
                return -EINVAL;
        preempt_disable();
@@ -211,7 +211,8 @@ struct shash_alg p8_ghash_alg = {
        .update = p8_ghash_update,
        .final = p8_ghash_final,
        .setkey = p8_ghash_setkey,
-        .descsize = sizeof(struct p8_ghash_desc_ctx),
+        .descsize = sizeof(struct p8_ghash_desc_ctx)
+                + sizeof(struct ghash_desc_ctx),
        .base = {
                 .cra_name = "ghash",
                 .cra_driver_name = "p8_ghash",
diff --git a/include/crypto/ghash.h b/include/crypto/ghash.h
new file mode 100644
index 000000000000..2a61c9bbab8f
--- /dev/null
+++ b/include/crypto/ghash.h
@@ -0,0 +1,23 @@
+/*
+ * Common values for GHASH algorithms
+ */
+#ifndef __CRYPTO_GHASH_H__
+#define __CRYPTO_GHASH_H__
+#include <linux/types.h>
+#include <crypto/gf128mul.h>
+#define GHASH_BLOCK_SIZE        16
+#define GHASH_DIGEST_SIZE       16
+struct ghash_ctx {
+        struct gf128mul_4k *gf128;
+};
+struct ghash_desc_ctx {
+        u8 buffer[GHASH_BLOCK_SIZE];
+        u32 bytes;
+};
+#endif
diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index 5adbfc32242f..17a06105ccb6 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -29,6 +29,7 @@
 #include <linux/rcupdate.h>
 #include <linux/scatterlist.h>
 #include <linux/ctype.h>
+#include <crypto/aes.h>
 #include <crypto/hash.h>
 #include <crypto/sha.h>
 #include <crypto/skcipher.h>
@@ -478,6 +479,7 @@ static int derived_key_encrypt(struct encrypted_key_payload *epayload,
        struct crypto_skcipher *tfm;
        struct skcipher_request *req;
        unsigned int encrypted_datalen;
+        u8 iv[AES_BLOCK_SIZE];
        unsigned int padlen;
        char pad[16];
        int ret;
@@ -500,8 +502,8 @@ static int derived_key_encrypt(struct encrypted_key_payload *epayload,
        sg_init_table(sg_out, 1);
        sg_set_buf(sg_out, epayload->encrypted_data, encrypted_datalen);
-        skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen,
+        memcpy(iv, epayload->iv, sizeof(iv));
-                                   epayload->iv);
+        skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen, iv);
        ret = crypto_skcipher_encrypt(req);
        tfm = crypto_skcipher_reqtfm(req);
        skcipher_request_free(req);
@@ -581,6 +583,7 @@ static int derived_key_decrypt(struct encrypted_key_payload *epayload,
        struct crypto_skcipher *tfm;
        struct skcipher_request *req;
        unsigned int encrypted_datalen;
+        u8 iv[AES_BLOCK_SIZE];
        char pad[16];
        int ret;
@@ -599,8 +602,8 @@ static int derived_key_decrypt(struct encrypted_key_payload *epayload,
                   epayload->decrypted_datalen);
        sg_set_buf(&sg_out[1], pad, sizeof pad);
-        skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen,
+        memcpy(iv, epayload->iv, sizeof(iv));
-                                   epayload->iv);
+        skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen, iv);
        ret = crypto_skcipher_decrypt(req);
        tfm = crypto_skcipher_reqtfm(req);
        skcipher_request_free(req);