- 07 Jan, 2011 3 commits
-
-
Herbert Xu authored
It has been reported that on at least one Nano CPU the xstore instruction will write as many as 16 bytes of data to the output buffer. This causes memory corruption as we use rng->priv which is only 4-8 bytes long. This patch fixes this by using an intermediate buffer on the stack with at least 16 bytes and aligned to a 16-byte boundary. The problem was observed on the following processor: processor : 0 vendor_id : CentaurHauls cpu family : 6 model : 15 model name : VIA Nano processor U2250 (1.6GHz Capable) stepping : 3 cpu MHz : 1600.000 cache size : 1024 KB fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 10 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush acpi mmx fxsr sse sse2 ss tm syscall nx lm constant_tsc up rep_good pni monitor vmx est tm2 ssse3 cx16 xtpr rng rng_en ace ace_en ace2 phe phe_en lahf_lm bogomips : 3192.08 clflush size : 64 cache_alignment : 128 address sizes : 36 bits physical, 48 bits virtual power management: Tested-by:
Mario 'BitKoenig' Holbe <Mario.Holbe@TU-Ilmenau.DE> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
Herbert Xu authored
This patch moves padlock.h from drivers/crypto into include/crypto so that it may be used by the via-rng driver. Signed-off-by: -
Herbert Xu authored
The inline asm to invoke xstore did not specify the constraints correctly. In particular, dx/di should have been marked as output registers as well as input as they're modified by xstore. Thanks to Mario Holbe for creating this patch and testing it. Tested-by:
-
- 06 Jan, 2011 1 commit
-
-
Dennis Gilmore authored
fixes fedora sparc build failure, thanks to kylem for helping with debugging Signed-off-by:
Dennis Gilmore <dgilmore@redhat.com> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by:
-
- 04 Jan, 2011 3 commits
-
-
Tejun Heo authored
kcrypto_wq and pcrypt->wq's are used to run ciphers and may consume considerable amount of CPU cycles. Mark both as CPU_INTENSIVE so that they don't block other work items. As the workqueues are primarily used to burn CPU cycles, concurrency levels shouldn't matter much and are left at 1. A higher value may be beneficial and needs investigation. Signed-off-by:
Tejun Heo <tj@kernel.org> Signed-off-by:
-
Roel Kluin authored
Fix a PTR_ERR() return of the wrong pointer Signed-off-by:
Roel Kluin <roel.kluin@gmail.com> Signed-off-by:
-
Adrian-Ken Rueegsegger authored
Signed-off-by:
Adrian-Ken Rueegsegger <ken@codelabs.ch> Signed-off-by:
-
- 29 Dec, 2010 1 commit
-
-
Dmitry Kasatkin authored
Previous commit "removed redundant locking" introduced a bug in handling backlog. In certain cases, when async request complete callback will call complete() on -EINPROGRESS code, it will cause uncompleted requests. It does not happen in implementation similar to crypto test manager, but it will happen in implementation similar to dm-crypt. Backlog needs to be checked before dequeuing next request. Signed-off-by:
Dmitry Kasatkin <dmitry.kasatkin@nokia.com> Signed-off-by:
-
- 28 Dec, 2010 1 commit
-
-
Herbert Xu authored
This feature no longer needs the experimental tag. Reported-by:
Toralf Förster <toralf.foerster@gmx.de> Signed-off-by:
-
- 21 Dec, 2010 1 commit
-
-
Randy Dunlap authored
Change data type to fix warning: crypto/af_alg.c:35: warning: initialization from incompatible pointer type Signed-off-by:
Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by:
-
- 13 Dec, 2010 1 commit
-
-
Tadeusz Struk authored
This patch fixes the problem with 2.16 binutils. Signed-off-by:
Aidan O'Mahony <aidan.o.mahony@intel.com> Signed-off-by:
Adrian Hoban <adrian.hoban@intel.com> Signed-off-by:
Gabriele Paoloni <gabriele.paoloni@intel.com> Signed-off-by:
Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by:
-
- 08 Dec, 2010 2 commits
-
-
Miloslav Trmač authored
Signed-off-by:
Miloslav Trmač <mitr@redhat.com> Signed-off-by:
-
Miloslav Trmač authored
Signed-off-by:
-
- 03 Dec, 2010 1 commit
-
-
Miloslav Trmač authored
Signed-off-by:
-
- 02 Dec, 2010 8 commits
-
-
Dmitry Kasatkin authored
Signed-off-by:
-
Dmitry Kasatkin authored
AES module was initialized for every DMA transaction. That is redundant. Now it is initialized once per request. Signed-off-by:
-
Dmitry Kasatkin authored
Key and IV should always be set before AES operation. So no need to check if it has changed or not. Signed-off-by:
-
Dmitry Kasatkin authored
Previous version had not error handling. Request could remain uncompleted. Also in the case of DMA error, FLAGS_INIT is unset and accelerator will be initialized again. Buffer size allignment is checked. Signed-off-by:
-
Dmitry Kasatkin authored
Submitting request involved double locking for enqueuing and dequeuing. Now it is done under the same lock. FLAGS_BUSY is now handled under the same lock. Signed-off-by:
-
Dmitry Kasatkin authored
DMA parameters for constant data were initialized during driver probe(). It seems that those settings sometimes are lost when devices goes to off mode. This patch makes DMA initialization just before use. It solves off mode problems. Signed-off-by:
-
Steffen Klassert authored
Use scatterwalk_crypto_chain in favor of locally defined chaining functions. Signed-off-by:
Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by:
-
Steffen Klassert authored
A lot of crypto algorithms implement their own chaining function. So add a generic one that can be used from all the algorithms that need scatterlist chaining. Signed-off-by:
-
- 30 Nov, 2010 2 commits
-
-
Herbert Xu authored
As it is if user-space passes through a receive buffer that's not aligned to to the cipher block size, we'll end up encrypting or decrypting a partial block which causes a spurious EINVAL to be returned. This patch fixes this by moving the partial block test after the af_alg_make_sg call. Signed-off-by: -
Herbert Xu authored
When sk_sndbuf is not a multiple of PAGE_SIZE, the limit tests in sendmsg fail as the limit variable becomes negative and we're using an unsigned comparison. The same thing can happen if sk_sndbuf is lowered after a sendmsg call. This patch fixes this by always taking the signed maximum of limit and 0 before we perform the comparison. It also rounds the value of sk_sndbuf down to a multiple of PAGE_SIZE so that we don't end up allocating a page only to use a small number of bytes in it because we're bound by sk_sndbuf. Signed-off-by:
-
- 29 Nov, 2010 2 commits
-
-
Herbert Xu authored
Add missing dependency on NET since we require sockets for our interface. Should really be a select but kconfig doesn't like that: net/Kconfig:6:error: found recursive dependency: NET -> NETWORK_FILESYSTEMS -> AFS_FS -> AF_RXRPC -> CRYPTO -> CRYPTO_USER_API_HASH -> CRYPTO_USER_API -> NET Reported-by:
Zimny Lech <napohybelskurwysynom2010@gmail.com> Signed-off-by:
-
Mathias Krause authored
Exclude AES-GCM code for x86-32 due to heavy usage of 64-bit registers not available on x86-32. While at it, fixed unregister order in aesni_exit(). Signed-off-by:
Mathias Krause <minipli@googlemail.com> Signed-off-by:
-
- 28 Nov, 2010 1 commit
-
-
Herbert Xu authored
The error returned from af_alg_make_sg is currently lost and we always pass on -EINVAL. This patch pases on the underlying error. Signed-off-by:
-
- 27 Nov, 2010 11 commits
-
-
Dmitry Kasatkin authored
If scatterlist have more than one entry, current driver uses aligned buffer to copy data to to accelerator to tackle possible issues with DMA and SHA buffer alignment. This commit adds more intelligence to verify SG alignment and possibility to use DMA directly on the data without using copy buffer. Signed-off-by:
-
Dmitry Kasatkin authored
bufcnt is 0 if it was no update requests before, which is exact meaning of FLAGS_FIRST. Signed-off-by:
-
Dmitry Kasatkin authored
Hash-in-progress is now stored in hw format. Only on final call, hash is converted to correct format. Speedup copy procedure and will allow to use OMAP burst mode. Signed-off-by:
-
Dmitry Kasatkin authored
According to the Herbert Xu, client may not always call crypto_ahash_final(). In the case of error in hash calculation resources will be automatically cleaned up. But if no hash calculation error happens and client will not call crypto_ahash_final() at all, then internal buffer will not be freed, and clocks will not be disabled. This patch provides support for atomic crypto_ahash_update() call. Clocks are now enabled and disabled per update request. Data buffer is now allocated as a part of request context. Client is obligated to free it with crypto_free_ahash(). Signed-off-by:
-
Dmitry Kasatkin authored
Locking for queuing and dequeuing is combined. test_and_set_bit() is also replaced with checking under dd->lock. Signed-off-by:
-
Dmitry Kasatkin authored
Introduces DMA error handling. DMA error is returned as a result code of the hash request. Clients needs to handle error codes and may repeat hash calculation attempt. Also in the case of DMA error, SHAM module is set to be re-initialized again. It significantly improves stability against possible HW failures. Signed-off-by:
-
Dmitry Kasatkin authored
DMA parameters for constant data were initialized during driver probe(). It seems that those settings sometimes are lost when devices goes to off mode. This patch makes DMA initialization just before use. It solves off mode problems. Fixes: NB#202786 - Aegis & SHA1 block off mode changes Signed-off-by:
-
Dmitry Kasatkin authored
Currently driver storred digest results in req->results provided by the client. But some clients do not set it until final() call. It leads to crash. Changed to use internal buffer to store temporary digest results. Signed-off-by:
-
Mathias Krause authored
The AES-NI instructions are also available in legacy mode so the 32-bit architecture may profit from those, too. To illustrate the performance gain here's a short summary of a dm-crypt speed test on a Core i7 M620 running at 2.67GHz comparing both assembler implementations: x86: i568 aes-ni delta ECB, 256 bit: 93.8 MB/s 123.3 MB/s +31.4% CBC, 256 bit: 84.8 MB/s 262.3 MB/s +209.3% LRW, 256 bit: 108.6 MB/s 222.1 MB/s +104.5% XTS, 256 bit: 105.0 MB/s 205.5 MB/s +95.7% Additionally, due to some minor optimizations, the 64-bit version also got a minor performance gain as seen below: x86-64: old impl. new impl. delta ECB, 256 bit: 121.1 MB/s 123.0 MB/s +1.5% CBC, 256 bit: 285.3 MB/s 290.8 MB/s +1.9% LRW, 256 bit: 263.7 MB/s 265.3 MB/s +0.6% XTS, 256 bit: 251.1 MB/s 255.3 MB/s +1.7% Signed-off-by:
Huang Ying <ying.huang@intel.com> Signed-off-by:
-
Tracey Dent authored
Changed Makefile to use <modules>-y instead of <modules>-objs. Signed-off-by:
Tracey Dent <tdent48227@gmail.com> Signed-off-by:
-
Joe Perches authored
Signed-off-by:
Joe Perches <joe@perches.com> Signed-off-by:
-
- 26 Nov, 2010 1 commit
-
-
Herbert Xu authored
This patch adds the af_alg plugin for symmetric key ciphers, corresponding to the ablkcipher kernel operation type. Keys can optionally be set through the setsockopt interface. Once a sendmsg call occurs without MSG_MORE no further writes may be made to the socket until all previous data has been read. IVs and and whether encryption/decryption is performed can be set through the setsockopt interface or as a control message to sendmsg. The interface is completely synchronous, all operations are carried out in recvmsg(2) and will complete prior to the system call returning. The splice(2) interface support reading the user-space data directly without copying (except that the Crypto API itself may copy the data if alignment is off). The recvmsg(2) interface supports directly writing to user-space without additional copying, i.e., the kernel crypto interface will receive the user-space address as its output SG list. Thakns to Miloslav Trmac for reviewing this and contributing fixes and improvements. Signed-off-by:
David S. Miller <davem@davemloft.net>
-
- 19 Nov, 2010 1 commit
-
-
Herbert Xu authored
This patch adds the af_alg plugin for hash, corresponding to the ahash kernel operation type. Keys can optionally be set through the setsockopt interface. Each sendmsg call will finalise the hash unless sent with a MSG_MORE flag. Partial hash states can be cloned using accept(2). The interface is completely synchronous, all operations will complete prior to the system call returning. Both sendmsg(2) and splice(2) support reading the user-space data directly without copying (except that the Crypto API itself may copy the data if alignment is off). For now only the splice(2) interface supports performing digest instead of init/update/final. In future the sendmsg(2) interface will also be modified to use digest/finup where possible so that hardware that cannot return a partial hash state can still benefit from this interface. Thakns to Miloslav Trmac for reviewing this and contributing fixes and improvements. Signed-off-by:
Martin Willi <martin@strongswan.org>
-
