- 02 Oct, 2014 3 commits
-
-
Mathias Krause authored
The defines for xkey3, xkey6 and xkey9 are not used in the code. They're probably left overs from merging the three source files for 128, 192 and 256 bit AES. They can safely be removed. Signed-off-by: Mathias Krause <minipli@googlemail.com> Cc: Chandramouli Narayanan <mouli@linux.intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Mathias Krause authored
The "by8" CTR AVX implementation fails to propperly handle counter overflows. That was the reason it got disabled in commit 7da4b29d ("crypto: aesni - disable "by8" AVX CTR optimization"). Fix the overflow handling by incrementing the counter block as a double quad word, i.e. a 128 bit, and testing for overflows afterwards. We need to use VPTEST to do so as VPADD* does not set the flags itself and silently drops the carry bit. As this change adds branches to the hot path, minor performance regressions might be a side effect. But, OTOH, we now have a conforming implementation -- the preferable goal. A tcrypt test on a SandyBridge system (i7-2620M) showed almost identical numbers for the old and this version with differences within the noise range. A dm-crypt test with the fixed version gave even slightly better results for this version. So the performance impact might not be as big as expected. Tested-by: Romain Francoise <romain@orebokech.com> Signed-off-by: Mathias Krause <minipli@googlemail.com> Cc: Chandramouli Narayanan <mouli@linux.intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Sudip Mukherjee authored
as pr_* macros are more preffered over printk, so printk replaced with corresponding pr_* macros Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
- 24 Sep, 2014 2 commits
-
-
Tadeusz Struk authored
Removed additional bufer for HW state for partial requests, which are not going to be supported. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Tadeusz Struk authored
Fix typo. resp_hanlder should be resp_handler Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
- 15 Sep, 2014 1 commit
-
-
Nitesh Narayan Lal authored
CAAM's memory is broken into following address blocks: Block Included Registers 0 General Registers 1-4 Job ring registers 6 RTIC registers 7 QI registers 8 DECO and CCB Size of the above stated blocks varies in various platforms. The block size can be 4K or 64K. The block size can be dynamically determined by reading CTPR register in CAAM. This patch initializes the block addresses dynamically based on the value read from this register. Signed-off-by: Ruchika Gupta <r66431@freescale.com> Signed-off-by: Nitesh Narayan Lal <b44382@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
- 05 Sep, 2014 3 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6Herbert Xu authored
Merging the crypto tree for 3.17 in order to resolve the conflict on the 32-bit DRBG overflow fix.
-
Stephan Mueller authored
The drbg_healthcheck() contained a test to call the DRBG with an uninitialized DRBG cipher handle. As this is an inappropriate use of the kernel crypto API to try to generate random numbers before initialization, checks verifying for an initialized DRBG have been removed in previous patches. Now, the drbg_healthcheck test must also be removed. Changes V2: Added patch marker to email subject line. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Herbert Xu authored
This is a backport of commit b9347aff. This backport is needed as without it the code will crash on 32-bit systems. The maximum values for additional input string or generated blocks is larger than 1<<32. To ensure a sensible value on 32 bit systems, return SIZE_MAX on 32 bit systems. This value is lower than the maximum allowed values defined in SP800-90A. The standard allow lower maximum values, but not larger values. SIZE_MAX - 1 is used for drbg_max_addtl to allow drbg_healthcheck_sanity to check the enforcement of the variable without wrapping. Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Reported-by: kbuild test robot <fengguang.wu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
- 04 Sep, 2014 2 commits
-
-
Ted Percival authored
Signed-off-by: Ted Percival <ted@tedp.id.au> Acked-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Ondrej Kozina authored
On archs with PAGE_SIZE >= 64 KiB the function skcipher_alloc_sgl() fails with -ENOMEM no matter what user space actually requested. This is caused by the fact sock_kmalloc call inside the function tried to allocate more memory than allowed by the default kernel socket buffer size (kernel param net.core.optmem_max). Signed-off-by: Ondrej Kozina <okozina@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
- 29 Aug, 2014 7 commits
-
-
Feng Kan authored
This adds random number generator dts node to APM X-Gene platform. Signed-off-by: Feng Kan <fkan@apm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Feng Kan authored
Add X-Gene SoC RNG driver documentation. Signed-off-by: Feng Kan <fkan@apm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Feng Kan authored
This adds the APM X-Gene SoC RNG support. Signed-off-by: Feng Kan <fkan@apm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Rasmus Villemoes authored
Clearly this was meant to be an include guard, but the #define was missing. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
KOVACS Krisztian authored
This patch adds a simple test vector for the lz4 and lz4hc compression algorithms. Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
KOVACS Krisztian authored
The lz4 library has two functions for decompression, with slightly different signatures and behaviour. The lz4_decompress_crypto() function seemed to be using the one that assumes that the decompressed length is known in advance. This patch switches to the other decompression function and makes sure that the length of the decompressed output is properly returned to the caller. The same issue was present in the lz4hc algorithm. Coincidentally, this change also makes very basic lz4 and lz4hc compression tests in testmgr pass. Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Alexander Gordeev authored
As result of deprecation of MSI-X/MSI enablement functions pci_enable_msix() and pci_enable_msi_block() all drivers using these two interfaces need to be updated to use the new pci_enable_msi_range() or pci_enable_msi_exact() and pci_enable_msix_range() or pci_enable_msix_exact() interfaces. Cc: Tadeusz Struk <tadeusz.struk@intel.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Cc: qat-linux@intel.com Cc: linux-crypto@vger.kernel.org Cc: linux-pci@vger.kernel.org Signed-off-by: Alexander Gordeev <agordeev@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
- 26 Aug, 2014 4 commits
-
-
Stephan Mueller authored
The maximum values for additional input string or generated blocks is larger than 1<<32. To ensure a sensible value on 32 bit systems, return SIZE_MAX on 32 bit systems. This value is lower than the maximum allowed values defined in SP800-90A. The standard allow lower maximum values, but not larger values. SIZE_MAX - 1 is used for drbg_max_addtl to allow drbg_healthcheck_sanity to check the enforcement of the variable without wrapping. Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Reported-by: kbuild test robot <fengguang.wu@intel.com> Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Stephan Mueller authored
The sparse tool complained that the cpu_to_be[32|64] functions return __be[32|64] instead of __u32 or __u64. The patch replaces the __u32 and __u64 with __be32 and __be64. Reported-by: kbuild test robot <fengguang.wu@intel.com> Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Fengguang Wu authored
CC: Tim Chen <tim.c.chen@linux.intel.com> CC: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Fengguang Wu authored
CC: Tim Chen <tim.c.chen@linux.intel.com> CC: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
- 25 Aug, 2014 18 commits
-
-
Stephan Mueller authored
During creation of the DRBG shadow state, it is ensured that the DRBG state structure is already allocated. Thus, a sanity check for verifying that the structure is allocated is removed. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Stephan Mueller authored
SP800-90A mandates several hard-coded values. The old drbg_cores allows the setting of these values per DRBG implementation. However, due to the hard requirement of SP800-90A, these values are now returned globally for each DRBG. The ability to set such values per DRBG is therefore removed. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Stephan Mueller authored
The drbg_make_shadow function contains sanity checks which are not needed as the function is invoked at times where it is ensured that the checked-for variables are available. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Stephan Mueller authored
When allocating V, C, the zeroization is only needed when allocating a new instance of the DRBG, i.e. when performing an initial seeding. For all other allocations, the memcpy implemented in drbg_copy_drbg ensures that the memory is filled with the correct information. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Stephan Mueller authored
Remove memset(0) which is not needed due to the kzalloc of the memory. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Stephan Mueller authored
The crypto_init and crypto_fini functions are always implemented. Thus, there is no need for a protecting check. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Stephan Mueller authored
The kzfree function already performs the NULL pointer check. Therefore, the DRBG code does not need to implement such check. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Stephan Mueller authored
The DRBG requires the conversion of an integer into a string representation of that integer. The previous implementation converted the given integer byte-wise. However, the kernel offers the cpu_to_be function which already re-arranges the memory representation of an integer such that it applies when interpreting the same memory as character string. The change therefore uses an integer-cast / union of the target character array together with the cpu_to_be function to convert an integer into its string representation. Tests show that the Hash and CTR DRBG implementations (the HMAC DRBG does not require such conversion) is about 10% faster (or requires less computing power, respectively). Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Cristian Stoica authored
buf_0 and buf_1 in caam_hash_state are not next to each other. Accessing buf_1 is incorrect from &buf_0 with an offset of only size_of(buf_0). The same issue is also with buflen_0 and buflen_1 Cc: <stable@vger.kernel.org> # 3.13+ Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Cristian Stoica authored
Replace equivalent (and partially incorrect) scatter-gather functions with ones from crypto-API. The replacement is motivated by page-faults in sg_copy_part triggered by successive calls to crypto_hash_update. The following fault appears after calling crypto_ahash_update twice, first with 13 and then with 285 bytes: Unable to handle kernel paging request for data at address 0x00000008 Faulting instruction address: 0xf9bf9a8c Oops: Kernel access of bad area, sig: 11 [#1] SMP NR_CPUS=8 CoreNet Generic Modules linked in: tcrypt(+) caamhash caam_jr caam tls CPU: 6 PID: 1497 Comm: cryptomgr_test Not tainted 3.12.19-rt30-QorIQ-SDK-V1.6+g9fda9f2 #75 task: e9308530 ti: e700e000 task.ti: e700e000 NIP: f9bf9a8c LR: f9bfcf28 CTR: c0019ea0 REGS: e700fb80 TRAP: 0300 Not tainted (3.12.19-rt30-QorIQ-SDK-V1.6+g9fda9f2) MSR: 00029002 <CE,EE,ME> CR: 44f92024 XER: 20000000 DEAR: 00000008, ESR: 00000000 GPR00: f9bfcf28 e700fc30 e9308530 e70b1e55 00000000 ffffffdd e70b1e54 0bebf888 GPR08: 902c7ef5 c0e771e2 00000002 00000888 c0019ea0 00000000 00000000 c07a4154 GPR16: c08d0000 e91a8f9c 00000001 e98fb400 00000100 e9c83028 e70b1e08 e70b1d48 GPR24: e992ce10 e70b1dc8 f9bfe4f4 e70b1e55 ffffffdd e70b1ce0 00000000 00000000 NIP [f9bf9a8c] sg_copy+0x1c/0x100 [caamhash] LR [f9bfcf28] ahash_update_no_ctx+0x628/0x660 [caamhash] Call Trace: [e700fc30] [f9bf9c50] sg_copy_part+0xe0/0x160 [caamhash] (unreliable) [e700fc50] [f9bfcf28] ahash_update_no_ctx+0x628/0x660 [caamhash] [e700fcb0] [f954e19c] crypto_tls_genicv+0x13c/0x300 [tls] [e700fd10] [f954e65c] crypto_tls_encrypt+0x5c/0x260 [tls] [e700fd40] [c02250ec] __test_aead.constprop.9+0x2bc/0xb70 [e700fe40] [c02259f0] alg_test_aead+0x50/0xc0 [e700fe60] [c02241e4] alg_test+0x114/0x2e0 [e700fee0] [c022276c] cryptomgr_test+0x4c/0x60 [e700fef0] [c004f658] kthread+0x98/0xa0 [e700ff40] [c000fd04] ret_from_kernel_thread+0x5c/0x64 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Wei Yongjun authored
In case of error, the function device_create() returns ERR_PTR() and never returns NULL. The NULL test in the return value check should be replaced with IS_ERR(). Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Alex Porosanu authored
The sampling of the oscillator can be done in multiple modes for generating the entropy value. By default, this is set to von Neumann. This patch changes the sampling to raw data, since it has been discovered that the generated entropy has a better 'quality'. Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Alex Porosanu authored
The entropy delay (the length in system clocks of each entropy sample) for the RNG4 block of CAAM is dependent on the frequency of the SoC. By elaborate methods, it has been determined that a good starting value for all platforms integrating the CAAM IP is 3200. Using a higher value has additional benefit of speeding up the process of instantiating the RNG, since the entropy delay will be increased and instantiation of the RNG state handles will be reattempted by the driver. If the starting value is low, for certain platforms, this can lead to a quite lengthy process. This patch changes the starting value of the length of the entropy sample to 3200 system clocks. In addition to this change, the attempted entropy delay values are now printed on the console upon initialization of the RNG block. While here, a safeguard for yielding the processor was added for ensuring that in very adverse cases, the CPU isn't hogged by the instantiation loop. Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Alex Porosanu authored
The rtfrqmax & rtfrqmin set the bounds of the expected frequency of the oscillator, when SEC runs at its maximum frequency. For certain platforms (f.i. T2080), the oscillator is very fast and thus if the SEC runs at a lower than normal frequency, the ring oscillator is incorrectly detected as being out of bounds. This patch effectively disables the maximum frequency check, by setting a high enough maximum allowable frequency for the oscillator. The reasoning behind this is that usually a broken oscillator will run too slow (i.e. not run at all) rather than run too fast. Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Cristian Stoica authored
The argument "req" of do_one_async_hash_op is not used by the function. This patch removes this argument and renames the function to match more closely its purpose. Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Tim Chen authored
This patch introduces the multi-buffer job manager which is responsible for submitting scatter-gather buffers from several SHA1 jobs to the multi-buffer algorithm. It also contains the flush routine to that's called by the crypto daemon to complete the job when no new jobs arrive before the deadline of maximum latency of a SHA1 crypto job. The SHA1 multi-buffer crypto algorithm is defined and initialized in this patch. Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Tim Chen authored
This patch introduces the assembly routines to do SHA1 computation on buffers belonging to serveral jobs at once. The assembly routines are optimized with AVX2 instructions that have 8 data lanes and using AVX2 registers. Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Tim Chen authored
This patch introduces the routines used to submit and flush buffers belonging to SHA1 crypto jobs to the SHA1 multibuffer algorithm. It is implemented mostly in assembly optimized with AVX2 instructions. Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-