1. 19 Jun, 2015 4 commits
    • Herbert Xu's avatar
      crypto: caam - Set last bit on src SG list · 7793bda8
      Herbert Xu authored
      The new aead_edesc_alloc left out the bit indicating the last
      entry on the source SG list.  This patch fixes it.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      7793bda8
    • Herbert Xu's avatar
      crypto: caam - Reintroduce DESC_MAX_USED_BYTES · 87e51b07
      Herbert Xu authored
      I incorrectly removed DESC_MAX_USED_BYTES when enlarging the size
      of the shared descriptor buffers, thus making it four times larger
      than what is necessary.  This patch restores the division by four
      calculation.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      87e51b07
    • Herbert Xu's avatar
      crypto: aead - Fix aead_instance struct size · f5d8660a
      Herbert Xu authored
      The struct aead_instance is meant to extend struct crypto_instance
      by incorporating the extra members of struct aead_alg.  However,
      the current layout which is copied from shash/ahash does not specify
      the struct fully.  In particular only aead_alg is present.
      
      For shash/ahash this works because users there add extra headroom
      to sizeof(struct crypto_instance) when allocating the instance.
      Unfortunately for aead, this bit was lost when the new aead_instance
      was added.
      
      Rather than fixing it like shash/ahash, this patch simply expands
      struct aead_instance to contain what is supposed to be there, i.e.,
      adding struct crypto_instance.
      
      In order to not break existing AEAD users, this is done through an
      anonymous union.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      f5d8660a
    • Herbert Xu's avatar
      crypto: api - Add CRYPTO_MINALIGN_ATTR to struct crypto_alg · edf18b91
      Herbert Xu authored
      The struct crypto_alg is embedded into various type-specific structs
      such as aead_alg.  This is then used as part of instances such as
      struct aead_instance.  It is also embedded into the generic struct
      crypto_instance.  In order to ensure that struct aead_instance can
      be converted to struct crypto_instance when necessary, we need to
      ensure that crypto_alg is aligned properly.
      
      This patch adds an alignment attribute to struct crypto_alg to
      ensure this.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      edf18b91
  2. 18 Jun, 2015 4 commits
  3. 17 Jun, 2015 12 commits
  4. 16 Jun, 2015 5 commits
  5. 15 Jun, 2015 3 commits
    • Jeremiah Mahler's avatar
      crypto: aesni - fix crypto_fpu_exit() section mismatch · de1e0087
      Jeremiah Mahler authored
      The '__init aesni_init()' function calls the '__exit crypto_fpu_exit()'
      function directly.  Since they are in different sections, this generates
      a warning.
      
        make CONFIG_DEBUG_SECTION_MISMATCH=y
        ...
        WARNING: arch/x86/crypto/aesni-intel.o(.init.text+0x12b): Section
        mismatch in reference from the function init_module() to the function
        .exit.text:crypto_fpu_exit()
        The function __init init_module() references
        a function __exit crypto_fpu_exit().
        This is often seen when error handling in the init function
        uses functionality in the exit path.
        The fix is often to remove the __exit annotation of
        crypto_fpu_exit() so it may be used outside an exit section.
      
      Fix the warning by removing the __exit annotation.
      Signed-off-by: default avatarJeremiah Mahler <jmmahler@gmail.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      de1e0087
    • Dan Streetman's avatar
      crypto: nx - replace NX842_MEM_COMPRESS with function · 2c6f6eab
      Dan Streetman authored
      Replace the NX842_MEM_COMPRESS define with a function that returns the
      specific platform driver's required working memory size.
      
      The common nx-842.c driver refuses to load if there is no platform
      driver present, so instead of defining an approximate working memory
      size that's the maximum approximate size of both platform driver's
      size requirements, the platform driver can directly provide its
      specific, i.e. sizeof(struct nx842_workmem), size requirements which
      the 842-nx crypto compression driver will use.
      
      This saves memory by both reducing the required size of each driver
      to the specific sizeof() amount, as well as using the specific loaded
      platform driver's required amount, instead of the maximum of both.
      Signed-off-by: default avatarDan Streetman <ddstreet@ieee.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      2c6f6eab
    • Dan Streetman's avatar
      crypto: nx - move include/linux/nx842.h into drivers/crypto/nx/nx-842.h · 32be6d3e
      Dan Streetman authored
      Move the contents of the include/linux/nx842.h header file into the
      drivers/crypto/nx/nx-842.h header file.  Remove the nx842.h header
      file and its entry in the MAINTAINERS file.
      
      The include/linux/nx842.h header originally was there because the
      crypto/842.c driver needed it to communicate with the nx-842 hw
      driver.  However, that crypto compression driver was moved into
      the drivers/crypto/nx/ directory, and now can directly include the
      nx-842.h header.  Nothing else needs the public include/linux/nx842.h
      header file, as all use of the nx-842 hardware driver will be through
      the "842-nx" crypto compression driver, since the direct nx-842 api is
      very limited in the buffer alignments and sizes that it will accept,
      and the crypto compression interface handles those limitations and
      allows any alignment and size buffers.
      Signed-off-by: default avatarDan Streetman <ddstreet@ieee.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      32be6d3e
  6. 12 Jun, 2015 3 commits
  7. 11 Jun, 2015 2 commits
  8. 10 Jun, 2015 4 commits
    • Stephan Mueller's avatar
      crypto: drbg - reseed often if seedsource is degraded · 42ea507f
      Stephan Mueller authored
      As required by SP800-90A, the DRBG implements are reseeding threshold.
      This threshold is at 2**48 (64 bit) and 2**32 bit (32 bit) as
      implemented in drbg_max_requests.
      
      With the recently introduced changes, the DRBG is now always used as a
      stdrng which is initialized very early in the boot cycle. To ensure that
      sufficient entropy is present, the Jitter RNG is added to even provide
      entropy at early boot time.
      
      However, the 2nd seed source, the nonblocking pool, is usually
      degraded at that time. Therefore, the DRBG is seeded with the Jitter RNG
      (which I believe contains good entropy, which however is questioned by
      others) and is seeded with a degradded nonblocking pool. This seed is
      now used for quasi the lifetime of the system (2**48 requests is a lot).
      
      The patch now changes the reseed threshold as follows: up until the time
      the DRBG obtains a seed from a fully iniitialized nonblocking pool, the
      reseeding threshold is lowered such that the DRBG is forced to reseed
      itself resonably often. Once it obtains the seed from a fully
      initialized nonblocking pool, the reseed threshold is set to the value
      required by SP800-90A.
      Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      42ea507f
    • Herbert Xu's avatar
      random: Remove kernel blocking API · c2719503
      Herbert Xu authored
      This patch removes the kernel blocking API as it has been completely
      replaced by the callback API.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      c2719503
    • Stephan Mueller's avatar
      crypto: drbg - Use callback API for random readiness · 57225e67
      Stephan Mueller authored
      The get_blocking_random_bytes API is broken because the wait can
      be arbitrarily long (potentially forever) so there is no safe way
      of calling it from within the kernel.
      
      This patch replaces it with the new callback API which does not
      have this problem.
      
      The patch also removes the entropy buffer registered with the DRBG
      handle in favor of stack variables to hold the seed data.
      Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      57225e67
    • Herbert Xu's avatar
      random: Add callback API for random pool readiness · 205a525c
      Herbert Xu authored
      The get_blocking_random_bytes API is broken because the wait can
      be arbitrarily long (potentially forever) so there is no safe way
      of calling it from within the kernel.
      
      This patch replaces it with a callback API instead.  The callback
      is invoked potentially from interrupt context so the user needs
      to schedule their own work thread if necessary.
      
      In addition to adding callbacks, they can also be removed as
      otherwise this opens up a way for user-space to allocate kernel
      memory with no bound (by opening algif_rng descriptors and then
      closing them).
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      205a525c
  9. 09 Jun, 2015 3 commits