Herbert Xu [Wed, 22 Jul 2009 04:37:06 +0000 (12:37 +0800)]
crypto: shash - Require all algorithms to support export/import
This patch provides a default export/import function for all
shash algorithms. It simply copies the descriptor context as
is done by sha1_generic.
This in essence means that all existing shash algorithms now
support export/import. This is something that will be depended
upon in implementations such as hmac. Therefore all new shash
and ahash implementations must support export/import.
For those that cannot obtain a partial result, padlock-sha's
fallback model should be used so that a partial result is always
available.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Wed, 22 Jul 2009 04:29:41 +0000 (12:29 +0800)]
crypto: sha512-s390 - Add export/import support
This patch adds export/import support to sha512-s390 (which includes
sha384-s390). The exported type is defined by struct sha512_state,
which is basically the entire descriptor state of sha512_generic.
Since sha512-s390 only supports a 64-bit byte count the import
function will reject anything that exceeds that.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Wed, 22 Jul 2009 03:48:18 +0000 (11:48 +0800)]
crypto: sha512 - Export struct sha512_state
This patch renames struct sha512_ctx and exports it as struct
sha512_state so that other sha512 implementations can use it
as the reference structure for exporting their state.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Wed, 22 Jul 2009 06:37:15 +0000 (14:37 +0800)]
crypto: xcbc - Fix shash conversion
Although xcbc was converted to shash, it didn't obey the new
requirement that all hash state must be stored in the descriptor
rather than the transform.
This patch fixes this issue and also optimises away the rekeying
by precomputing K2 and K3 within setkey.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Thu, 16 Jul 2009 02:33:27 +0000 (10:33 +0800)]
crypto: padlock - Fix hashing of partial blocks
When we encounter partial blocks in finup, we'll invoke the xsha
instruction with a bogus count that is not a multiple of the block
size. This patch fixes it.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Wed, 15 Jul 2009 13:16:05 +0000 (21:16 +0800)]
crypto: shash - Fix digest size offset
When an shash algorithm is exported as ahash, ahash will access
its digest size through hash_alg_common. That's why the shash
layout needs to match hash_alg_common. This wasn't the case
because the alignment weren't identical.
This patch fixes the problem.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Wed, 15 Jul 2009 12:39:05 +0000 (20:39 +0800)]
crypto: ahash - Fix setkey crash
When the alignment check was made unconditional for ahash we
may end up crashing on shash algorithms because we're always
calling alg->setkey instead of tfm->setkey.
This patch fixes it.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Wed, 15 Jul 2009 10:37:48 +0000 (18:37 +0800)]
crypto: padlock - Fix compile error on i386
The previous change to allow hashing from states other than the
initial broke compilation on i386 because the inline assembly
tried to squeeze a u64 into a 32-bit register. As we've already
checked for 32-bit overflows we can simply truncate it to u32,
or unsigned long so that we don't truncate at all on x86-64.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Wed, 15 Jul 2009 07:11:08 +0000 (15:11 +0800)]
crypto: crypto4xx - Disable SHA implementation
The crypto4xx SHA implementation keeps the hash state in the tfm
data structure. This breaks a fundamental requirement of ahash
implementations that they must be reentrant.
This patch disables the broken implementation.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Wed, 15 Jul 2009 04:40:40 +0000 (12:40 +0800)]
crypto: ahash - Add unaligned handling and default operations
This patch exports the finup operation where available and adds
a default finup operation for ahash. The operations final, finup
and digest also will now deal with unaligned result pointers by
copying it. Finally export/import operations are will now be
exported too.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 14 Jul 2009 13:48:35 +0000 (21:48 +0800)]
crypto: ahash - Use GFP_KERNEL in unaligned setkey
We currently use GFP_ATOMIC in the unaligned setkey function
to allocate the temporary aligned buffer. Since setkey must
be called in a sleepable context, we can use GFP_KERNEL instead.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 14 Jul 2009 13:43:56 +0000 (21:43 +0800)]
crypto: shash - Fix alignment in unaligned operations
When we encounter an unaligned pointer we are supposed to copy
it to a temporary aligned location. However the temporary buffer
isn't aligned properly. This patch fixes that.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 14 Jul 2009 13:35:36 +0000 (21:35 +0800)]
crypto: hash - Zap unaligned buffers
Some unaligned buffers on the stack weren't zapped properly which
may cause secret data to be leaked. This patch fixes them by doing
a zero memset.
It is also possible for us to place random kernel stack contents
in the digest buffer if a digest operation fails. This is fixed
by only copying if the operation succeeded.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 14 Jul 2009 12:21:46 +0000 (20:21 +0800)]
crypto: crypto4xx - Switch to new style ahash
This patch changes crypto4xx to use the new style ahash type.
In particular, we now use ahash_alg to define ahash algorithms
instead of crypto_alg.
This is achieved by introducing a union that encapsulates the
new type and the existing crypto_alg structure. They're told
apart through a u32 field containing the type value.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 14 Jul 2009 08:06:54 +0000 (16:06 +0800)]
crypto: tcrypt - Add mask parameter
This patch adds a mask parameter to complement the existing type
parameter. This is useful when instantiating algorithms that
require a mask other than the default, e.g., ahash algorithms.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 14 Jul 2009 04:28:26 +0000 (12:28 +0800)]
crypto: ahash - Convert to new style algorithms
This patch converts crypto_ahash to the new style. The old ahash
algorithm type is retained until the existing ahash implementations
are also converted. All ahash users will automatically get the
new crypto_ahash type.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch removes the implementation of hash and digest now that
no algorithms use them anymore. The interface though will remain
until the users are converted across.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Sat, 11 Jul 2009 10:16:16 +0000 (18:16 +0800)]
crypto: padlock - Switch sha to shash
This patch converts the padlock-sha implementation to shash.
In doing so the existing mechanism of storing the data until
final is no longer viable as we do not have a way of allocating
data in crypto_shash_init and then reliably freeing it.
This is just as well because a better way of handling the problem
is to hash everything but the last chunk using normal sha code
and then provide the intermediate result to the padlock device.
This is good enough because the primary application of padlock-sha
is IPsec and there the data is laid out in the form of an hmac
header followed by the rest of the packet. In essence we can
provide all the data to the padlock as the hmac header only needs
to be hashed once.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Sat, 11 Jul 2009 14:22:14 +0000 (22:22 +0800)]
crypto: async - Use kzfree for requests
This patch changes the kfree call to kzfree for async requests.
As the request may contain sensitive data it needs to be zeroed
before it can be reallocated by others.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Fri, 10 Jul 2009 05:20:32 +0000 (13:20 +0800)]
crypto: sha256-s390 - Add export/import support
This patch adds export/import support to sha256-s390. The exported
type is defined by struct sha256_state, which is basically the entire
descriptor state of sha256_generic.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Fri, 10 Jul 2009 05:18:26 +0000 (13:18 +0800)]
crypto: sha1-s390 - Add export/import support
This patch adds export/import support to sha1-s390. The exported
type is defined by struct sha1_state, which is basically the entire
descriptor state of sha1_generic.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Fri, 10 Jul 2009 05:00:27 +0000 (13:00 +0800)]
crypto: sha256_generic - Add export/import support
This patch adds export/import support to sha256_generic. The exported
type is defined by struct sha256_state, which is basically the entire
descriptor state of sha256_generic.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Thu, 9 Jul 2009 13:27:13 +0000 (21:27 +0800)]
crypto: sha1_generic - Add export/import support
This patch adds export/import support to sha1_generic. The exported
type is defined by struct sha1_state, which is basically the entire
descriptor state of sha1_generic.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Thu, 9 Jul 2009 12:30:57 +0000 (20:30 +0800)]
crypto: shash - Export/import hash state only
This patch replaces the full descriptor export with an export of
the partial hash state. This allows the use of a consistent export
format across all implementations of a given algorithm.
This is useful because a number of cases require the use of the
partial hash state, e.g., PadLock can use the SHA1 hash state
to get around the fact that it can only hash contiguous data
chunks.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Thu, 9 Jul 2009 03:34:06 +0000 (11:34 +0800)]
crypto: api - Fix crypto_drop_spawn crash on blank spawns
This patch allows crypto_drop_spawn to be called on spawns that
have not been initialised or have failed initialisation. This
fixes potential crashes during initialisation without adding
special case code.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Wed, 8 Jul 2009 09:53:16 +0000 (17:53 +0800)]
crypto: api - Add crypto_attr_alg2 helper
This patch adds the helper crypto_attr_alg2 which is similar to
crypto_attr_alg but takes an extra frontend argument. This is
intended to be used by new style algorithm types such as shash.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Wed, 8 Jul 2009 07:55:52 +0000 (15:55 +0800)]
crypto: api - Add new style spawn support
This patch modifies the spawn infrastructure to support new style
algorithms like shash. In particular, this means storing the
frontend type in the spawn and using crypto_create_tfm to allocate
the tfm.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 7 Jul 2009 07:17:12 +0000 (15:17 +0800)]
crypto: shash - Add shash_instance
This patch adds shash_instance and the associated alloc/free
functions. This is meant to be an instance that with a shash
algorithm under it. Note that the instance itself doesn't have
to be shash.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 7 Jul 2009 06:07:37 +0000 (14:07 +0800)]
crypto: api - Add crypto_alloc_instance2
This patch adds a new argument to crypto_alloc_instance which
sets aside some space before the instance for use by algorithms
such as shash that place type-specific data before crypto_alg.
For compatibility the function has been renamed so that existing
users aren't affected.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 7 Jul 2009 04:30:33 +0000 (12:30 +0800)]
crypto: api - Add new template create function
This patch introduces the template->create function intended
to replace the existing alloc function. The intention is for
create to handle the registration directly, whereas currently
the caller of alloc has to handle the registration.
This allows type-specific code to be run prior to registration.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
As reported by Eric Sesterhenn the re-allocation of the cipher in reset leads
to:
|BUG: sleeping function called from invalid context at kernel/rwsem.c:21
|in_atomic(): 1, irqs_disabled(): 0, pid: 4926, name: modprobe
|INFO: lockdep is turned off.
|Pid: 4926, comm: modprobe Tainted: G M 2.6.31-rc1-22297-g5298976 #24
|Call Trace:
| [<c011dd93>] __might_sleep+0xf9/0x101
| [<c0777aa0>] down_read+0x16/0x68
| [<c048bf04>] crypto_alg_lookup+0x16/0x34
| [<c048bf52>] crypto_larval_lookup+0x30/0xf9
| [<c048c038>] crypto_alg_mod_lookup+0x1d/0x62
| [<c048c13e>] crypto_alloc_base+0x1e/0x64
| [<c04bf991>] reset_prng_context+0xab/0x13f
| [<c04e5cfc>] ? __spin_lock_init+0x27/0x51
| [<c04bfce1>] cprng_init+0x2a/0x42
| [<c048bb4c>] __crypto_alloc_tfm+0xfa/0x128
| [<c048c153>] crypto_alloc_base+0x33/0x64
| [<c04933c9>] alg_test_cprng+0x30/0x1f4
| [<c0493329>] alg_test+0x12f/0x19f
| [<c0177f1f>] ? __alloc_pages_nodemask+0x14d/0x481
| [<d09219e2>] do_test+0xf9d/0x163f [tcrypt]
| [<d0920de6>] do_test+0x3a1/0x163f [tcrypt]
| [<d0926035>] tcrypt_mod_init+0x35/0x7c [tcrypt]
| [<c010113c>] _stext+0x54/0x12c
| [<d0926000>] ? tcrypt_mod_init+0x0/0x7c [tcrypt]
| [<c01398a3>] ? up_read+0x16/0x2b
| [<c0139fc4>] ? __blocking_notifier_call_chain+0x40/0x4c
| [<c014ee8d>] sys_init_module+0xa9/0x1bf
| [<c010292b>] sysenter_do_call+0x12/0x32
because a spin lock is held and crypto_alloc_base() may sleep.
There is no reason to re-allocate the cipher, the state is resetted in
->setkey(). This patches makes the cipher allocation a one time thing and
moves it to init.
Reported-by: Eric Sesterhenn <eric.sesterhenn@lsexperts.de> Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The current code uses a mix of sping_lock() & spin_lock_irqsave(). This can
lead to deadlock with the correct timming & cprng_get_random() + cprng_reset()
sequence.
I've converted them to bottom half locks since all three user grab just a BH
lock so this runs probably in softirq :)
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch adds the support for testing specific implementations.
This should only be used in very specific situations. Right now
this means specific implementations of random number generators.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Thu, 25 Jun 2009 10:43:48 +0000 (18:43 +0800)]
crypto: skcipher - Change default sync geniv on SMP to eseqiv
As it stands we use chainiv for sync algorithms and eseqiv for
async algorithms. However, when there is more than one CPU
chainiv forces all processing to be serialised which is usually
not what you want. Also, the added overhead of eseqiv isn't that
great.
Therefore this patch changes the default sync geniv on SMP machines
to eseqiv. For the odd situation where the overhead is unacceptable
then chainiv is still available as an option.
Note that on UP machines chainiv is still preferred over eseqiv
for sync algorithms.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Thu, 25 Jun 2009 06:46:31 +0000 (14:46 +0800)]
crypto: skcipher - Fix request for sync algorithms
When a sync givcipher algorithm is requested, if an async version
of the same algorithm already exists, then we will loop forever
without ever constructing the sync version based on a blkcipher.
This is because we did not include the requested type/mask when
getting a larval for the geniv algorithm that is to be constructed.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Roland Dreier [Wed, 24 Jun 2009 05:42:40 +0000 (13:42 +0800)]
crypto: aes-ni - Don't print message with KERN_ERR on old system
When the aes-intel module is loaded on a system that does not have the
AES instructions, it prints
Intel AES-NI instructions are not detected.
at level KERN_ERR. Since aes-intel is aliased to "aes" it will be tried
whenever anything uses AES and spam the console. This doesn't match
existing practice for how to handle "no hardware" when initializing a
module, so downgrade the message to KERN_INFO.
Signed-off-by: Roland Dreier <rolandd@cisco.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Steffen Klassert [Fri, 19 Jun 2009 11:46:53 +0000 (19:46 +0800)]
crypto: tcrypt - Test algorithms by name
This adds the 'alg' module parameter to be able to test an
algorithm by name. If the algorithm type is not ad-hoc
clear for a algorithm (e.g. pcrypt, cryptd) it is possilbe
to set the algorithm type with the 'type' module parameter.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Jarod Wilson [Thu, 18 Jun 2009 11:52:59 +0000 (19:52 +0800)]
crypto: des_s390 - Permit weak keys unless REQ_WEAK_KEY set
Just started running fips cavs test vectors through an s390x system
for giggles, and discovered that I missed patching s390's arch-specific
des3 implementation w/an earlier des3 patch to permit weak keys.
This change adds the same flag tweaks as ad79cdd77fc1466e45cf923890f66bcfe7c43f12 (crypto: des3_ede - permit
weak keys unless REQ_WEAK_KEY set) for s390's des3 implementation,
yields expected test results now.
Signed-off-by: Jarod Wilson <jarod@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Neil Horman [Thu, 18 Jun 2009 11:50:21 +0000 (19:50 +0800)]
random: Add optional continuous repetition test to entropy store based rngs
FIPS-140 requires that all random number generators implement continuous self
tests in which each extracted block of data is compared against the last block
for repetition. The ansi_cprng implements such a test, but it would be nice if
the hw rng's did the same thing. Obviously its not something thats always
needed, but it seems like it would be a nice feature to have on occasion. I've
written the below patch which allows individual entropy stores to be flagged as
desiring a continuous test to be run on them as is extracted. By default this
option is off, but is enabled in the event that fips mode is selected during
bootup.
Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Acked-by: Matt Mackall <mpm@selenic.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Huang Ying [Thu, 18 Jun 2009 11:41:27 +0000 (19:41 +0800)]
crypto: aes-ni - Do not sleep when using the FPU
Because AES-NI instructions will touch XMM state, corresponding code
must be enclosed within kernel_fpu_begin/end, which used
preempt_disable/enable. So sleep should be prevented between
kernel_fpu_begin/end.
Signed-off-by: Huang Ying <ying.huang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Chuck Ebbert [Thu, 18 Jun 2009 11:24:10 +0000 (19:24 +0800)]
crypto: padlock-aes - work around Nano CPU errata in ECB mode
The VIA Nano processor has a bug that makes it prefetch extra data
during encryption operations, causing spurious page faults. Extend
existing workarounds for ECB mode to copy the data to an temporary
buffer to avoid the problem.
Signed-off-by: Chuck Ebbert <cebbert@redhat.com> Acked-by: Harald Welte <HaraldWelte@viatech.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Matthew Wilcox [Wed, 17 Jun 2009 20:33:36 +0000 (16:33 -0400)]
ia64: Fix resource assignment for root busses
ia64 was assigning resources to root busses after allocations had
been made for child busses. Calling pcibios_setup_root_windows() from
pcibios_fixup_bus() solves this problem by assigning the resources to
the root bus before child busses are scanned.
Signed-off-by: Matthew Wilcox <willy@linux.intel.com> Tested-by: Andrew Patterson <andrew.patterson@hp.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Matthew Wilcox [Wed, 17 Jun 2009 20:33:33 +0000 (16:33 -0400)]
Fix pci_claim_resource
Instead of starting from the iomem or ioport roots, start from the
parent bus' resources. This fixes a bug where child resources would
appear above their parents resources if they had the same size.
Signed-off-by: Matthew Wilcox <willy@linux.intel.com> Tested-by: Andrew Patterson <andrew.patterson@hp.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Wed, 17 Jun 2009 18:53:48 +0000 (11:53 -0700)]
Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6:
[IA64] Convert ia64 to use int-ll64.h
[IA64] Fix build error in paravirt_patchlist.c
[IA64] ia64 does not need umount2() syscall
[IA64] hook up new rt_tgsigqueueinfo syscall
[IA64] msi_ia64.c dmar_msi_type should be static
[IA64] remove obsolete hw_interrupt_type
[IA64] remove obsolete irq_desc_t typedef
[IA64] remove obsolete no_irq_type
[IA64] unexport fpswa.h
Linus Torvalds [Wed, 17 Jun 2009 17:42:21 +0000 (10:42 -0700)]
Merge branch 'kmemleak' of git://linux-arm.org/linux-2.6
* 'kmemleak' of git://linux-arm.org/linux-2.6:
kmemleak: Fix some typos in comments
kmemleak: Rename kmemleak_panic to kmemleak_stop
kmemleak: Only use GFP_KERNEL|GFP_ATOMIC for the internal allocations
Samuel Ortiz [Mon, 15 Jun 2009 16:04:54 +0000 (18:04 +0200)]
mfd: early init for MFD running regulators
For MFDs running regulator cores, we really want them to be brought up early
during boot.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Acked-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Acked-by: Mike Rapoport <mike@compulab.co.il>
Philipp Zabel [Fri, 5 Jun 2009 16:31:02 +0000 (18:31 +0200)]
mfd: asic3: add clock handling for MFD cells
Since ASIC3 has to work on both PXA and S3C and since their
struct clk implementations differ, we can't register out
clocks with the clkdev mechanism (yet?).
For now we have to keep clock handling internal to this
driver and enable/disable the clocks via the
mfd_cell->enable/disable functions.
Signed-off-by: Philipp Zabel <philipp.zabel@gmail.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
projects / mv-sheeva.git / log