aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
AgeCommit message (Collapse)AuthorFilesLines
2009-07-14crypto: hash - Zap unaligned buffersHerbert Xu2-5/+12
Some unaligned buffers on the stack weren't zapped properly which may cause secret data to be leaked. This patch fixes them by doing a zero memset. It is also possible for us to place random kernel stack contents in the digest buffer if a digest operation fails. This is fixed by only copying if the operation succeeded. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-14crypto: ahash - Remove old_ahash_algHerbert Xu2-29/+0
Now that all ahash implementations have been converted to the new ahash type, we can remove old_ahash_alg and its associated support. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-14crypto: cryptd - Switch to new style ahashHerbert Xu1-27/+37
This patch changes cryptd to use the new style ahash type. In particular, the instance is enlarged to encapsulate the new ahash_alg structure. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-14crypto: cryptd - Switch to template create APIHerbert Xu2-27/+29
This patch changes cryptd to use the template->create function instead of alloc in anticipation for the switch to new style ahash algorithms. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-14crypto: tcrypt - Add mask parameterHerbert Xu1-3/+6
This patch adds a mask parameter to complement the existing type parameter. This is useful when instantiating algorithms that require a mask other than the default, e.g., ahash algorithms. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-14crypto: ahash - Add instance/spawn supportHerbert Xu1-0/+72
This patch adds support for creating ahash instances and using ahash as spawns. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-14crypto: ahash - Convert to new style algorithmsHerbert Xu2-31/+59
This patch converts crypto_ahash to the new style. The old ahash algorithm type is retained until the existing ahash implementations are also converted. All ahash users will automatically get the new crypto_ahash type. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-14crypto: api - Remove frontend argument from extsize/init_tfmHerbert Xu3-10/+6
As the extsize and init_tfm functions belong to the frontend the frontend argument is superfluous. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-14crypto: cryptd - Use crypto_ahash_set_reqsizeHerbert Xu1-2/+3
This patch makes cryptd use crypto_ahash_set_reqsize to avoid accessing crypto_ahash directly. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-14crypto: cryptd - Use shash algorithmsHerbert Xu1-80/+84
This patch changes cryptd to use shash algorithms instead of the legacy hash interface. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-14crypto: shash - Export async functionsHerbert Xu1-20/+22
This patch exports the async functions so that they can be reused by cryptd when it switches over to using shash. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-14crypto: hash - Remove legacy hash/digest implementaionHerbert Xu3-34/+3
This patch removes the implementation of hash and digest now that no algorithms use them anymore. The interface though will remain until the users are converted across. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-14crypto: authenc - Remove reference to crypto_hashHerbert Xu1-5/+1
Now that there are no more legacy hash implementations we can remove the reference to crypto_hash. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-14crypto: xcbc - Switch to shashHerbert Xu1-148/+87
This patch converts the xcbc algorithm to the new shash type. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-14crypto: hmac - Switch to shashHerbert Xu1-157/+114
This patch changes hmac to the new shash interface. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-14crypto: shash - Make descsize a run-time attributeHerbert Xu1-11/+28
This patch changes descsize to a run-time attribute so that implementations can change it in their init functions. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-12crypto: shash - Move null setkey check to registration timeHerbert Xu1-3/+8
This patch moves the run-time null setkey check to shash_prepare_alg just like we did for finup/digest. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-11crypto: sha256_generic - Add export/import supportHerbert Xu1-12/+25
This patch adds export/import support to sha256_generic. The exported type is defined by struct sha256_state, which is basically the entire descriptor state of sha256_generic. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-11crypto: sha256_generic - Use 64-bit counter like sha1Herbert Xu1-35/+30
This patch replaces the two 32-bit counter code in sha256_generic with the simpler 64-bit counter code from sha1. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-11crypto: sha1_generic - Add export/import supportHerbert Xu1-16/+25
This patch adds export/import support to sha1_generic. The exported type is defined by struct sha1_state, which is basically the entire descriptor state of sha1_generic. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-11crypto: shash - Move finup/digest null checks to registration timeHerbert Xu1-4/+6
This patch moves the run-time null finup/digest checks to the shash_prepare_alg function which is run at registration time. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-11crypto: shash - Export/import hash state onlyHerbert Xu1-11/+14
This patch replaces the full descriptor export with an export of the partial hash state. This allows the use of a consistent export format across all implementations of a given algorithm. This is useful because a number of cases require the use of the partial hash state, e.g., PadLock can use the SHA1 hash state to get around the fact that it can only hash contiguous data chunks. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-09crypto: api - Fix crypto_drop_spawn crash on blank spawnsHerbert Xu1-0/+3
This patch allows crypto_drop_spawn to be called on spawns that have not been initialised or have failed initialisation. This fixes potential crashes during initialisation without adding special case code. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-08crypto: shash - Propagate reinit return valueHerbert Xu1-1/+1
This patch fixes crypto_shash_import to propagate the value returned by reinit. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-08crypto: shash - Use finup in default digestHerbert Xu1-2/+1
This patch simplifies the default digest function by using finup. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-08crypto: shash - Add shash_register_instanceHerbert Xu1-1/+25
This patch adds shash_register_instance so that shash instances can be registered without bypassing the shash checks applied to normal algorithms. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-08crypto: shash - Add shash_attr_alg2 helperHerbert Xu1-0/+10
This patch adds the helper shash_attr_alg2 which locates a shash algorithm based on the information in the given attribute. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-08crypto: api - Add crypto_attr_alg2 helperHerbert Xu3-12/+30
This patch adds the helper crypto_attr_alg2 which is similar to crypto_attr_alg but takes an extra frontend argument. This is intended to be used by new style algorithm types such as shash. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-08crypto: shash - Add spawn supportHerbert Xu1-0/+9
This patch adds the functions needed to create and use shash spawns, i.e., to use shash algorithms in a template. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-08crypto: api - Add new style spawn supportHerbert Xu1-3/+52
This patch modifies the spawn infrastructure to support new style algorithms like shash. In particular, this means storing the frontend type in the spawn and using crypto_create_tfm to allocate the tfm. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-08crypto: shash - Add shash_instanceHerbert Xu1-0/+7
This patch adds shash_instance and the associated alloc/free functions. This is meant to be an instance that with a shash algorithm under it. Note that the instance itself doesn't have to be shash. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-07crypto: api - Add crypto_alloc_instance2Herbert Xu1-6/+31
This patch adds a new argument to crypto_alloc_instance which sets aside some space before the instance for use by algorithms such as shash that place type-specific data before crypto_alg. For compatibility the function has been renamed so that existing users aren't affected. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-07crypto: api - Add new template create functionHerbert Xu1-0/+5
This patch introduces the template->create function intended to replace the existing alloc function. The intention is for create to handle the registration directly, whereas currently the caller of alloc has to handle the registration. This allows type-specific code to be run prior to registration. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-03crypto: ansi_prng - alloc cipher just in initSebastian Andrzej Siewior1-17/+8
As reported by Eric Sesterhenn the re-allocation of the cipher in reset leads to: |BUG: sleeping function called from invalid context at kernel/rwsem.c:21 |in_atomic(): 1, irqs_disabled(): 0, pid: 4926, name: modprobe |INFO: lockdep is turned off. |Pid: 4926, comm: modprobe Tainted: G M 2.6.31-rc1-22297-g5298976 #24 |Call Trace: | [<c011dd93>] __might_sleep+0xf9/0x101 | [<c0777aa0>] down_read+0x16/0x68 | [<c048bf04>] crypto_alg_lookup+0x16/0x34 | [<c048bf52>] crypto_larval_lookup+0x30/0xf9 | [<c048c038>] crypto_alg_mod_lookup+0x1d/0x62 | [<c048c13e>] crypto_alloc_base+0x1e/0x64 | [<c04bf991>] reset_prng_context+0xab/0x13f | [<c04e5cfc>] ? __spin_lock_init+0x27/0x51 | [<c04bfce1>] cprng_init+0x2a/0x42 | [<c048bb4c>] __crypto_alloc_tfm+0xfa/0x128 | [<c048c153>] crypto_alloc_base+0x33/0x64 | [<c04933c9>] alg_test_cprng+0x30/0x1f4 | [<c0493329>] alg_test+0x12f/0x19f | [<c0177f1f>] ? __alloc_pages_nodemask+0x14d/0x481 | [<d09219e2>] do_test+0xf9d/0x163f [tcrypt] | [<d0920de6>] do_test+0x3a1/0x163f [tcrypt] | [<d0926035>] tcrypt_mod_init+0x35/0x7c [tcrypt] | [<c010113c>] _stext+0x54/0x12c | [<d0926000>] ? tcrypt_mod_init+0x0/0x7c [tcrypt] | [<c01398a3>] ? up_read+0x16/0x2b | [<c0139fc4>] ? __blocking_notifier_call_chain+0x40/0x4c | [<c014ee8d>] sys_init_module+0xa9/0x1bf | [<c010292b>] sysenter_do_call+0x12/0x32 because a spin lock is held and crypto_alloc_base() may sleep. There is no reason to re-allocate the cipher, the state is resetted in ->setkey(). This patches makes the cipher allocation a one time thing and moves it to init. Reported-by: Eric Sesterhenn <eric.sesterhenn@lsexperts.de> Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-03crypto: ansi_prng - Use just a BH lockSebastian Andrzej Siewior1-5/+4
The current code uses a mix of sping_lock() & spin_lock_irqsave(). This can lead to deadlock with the correct timming & cprng_get_random() + cprng_reset() sequence. I've converted them to bottom half locks since all three user grab just a BH lock so this runs probably in softirq :) Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-02crypto: testmgr - Allow implementation-specific testsHerbert Xu1-4/+13
This patch adds the support for testing specific implementations. This should only be used in very specific situations. Right now this means specific implementations of random number generators. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-01dmaengine: move HIGHMEM64G restriction to ASYNC_TX_DMADan Williams1-1/+1
On HIGHMEM64G systems dma_addr_t is known to be larger than (void *) which precludes async_xor from performing dma address conversions by reusing the input parameter address list. However, other parts of the dmaengine infrastructure do not suffer this constraint, so the HIGHMEM64G restriction can be down-levelled. Signed-off-by: Dan Williams <dan.j.williams@intel.com>
2009-06-25crypto: skcipher - Change default sync geniv on SMP to eseqivHerbert Xu1-1/+19
As it stands we use chainiv for sync algorithms and eseqiv for async algorithms. However, when there is more than one CPU chainiv forces all processing to be serialised which is usually not what you want. Also, the added overhead of eseqiv isn't that great. Therefore this patch changes the default sync geniv on SMP machines to eseqiv. For the odd situation where the overhead is unacceptable then chainiv is still available as an option. Note that on UP machines chainiv is still preferred over eseqiv for sync algorithms. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-06-25crypto: skcipher - Fix request for sync algorithmsHerbert Xu1-1/+2
When a sync givcipher algorithm is requested, if an async version of the same algorithm already exists, then we will loop forever without ever constructing the sync version based on a blkcipher. This is because we did not include the requested type/mask when getting a larval for the geniv algorithm that is to be constructed. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-06-24crypto: testmgr - Remove hash size checkHerbert Xu1-4/+0
Until hash test vectors grow longer than 256 bytes, the only purpose of the check is to generate a gcc warning. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-06-21crypto: fips - Select CPRNGNeil Horman1-0/+1
The ANSI CPRNG has no dependence on FIPS support. FIPS support however, requires the use of the CPRNG. Adjust that depedency relationship in Kconfig. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-06-19crypto: tcrypt - Fix module return code when testing by nameHerbert Xu1-1/+1
We should return 0/-ENOENT instead of 1/0 when testing by name. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-06-19crypto: ansi_cprng - Do not select FIPSHerbert Xu1-1/+0
The RNG should work with FIPS disabled. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-06-19crypto: tcrypt - Test algorithms by nameSteffen Klassert1-1/+14
This adds the 'alg' module parameter to be able to test an algorithm by name. If the algorithm type is not ad-hoc clear for a algorithm (e.g. pcrypt, cryptd) it is possilbe to set the algorithm type with the 'type' module parameter. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-06-18random: Add optional continuous repetition test to entropy store based rngsNeil Horman1-6/+1
FIPS-140 requires that all random number generators implement continuous self tests in which each extracted block of data is compared against the last block for repetition. The ansi_cprng implements such a test, but it would be nice if the hw rng's did the same thing. Obviously its not something thats always needed, but it seems like it would be a nice feature to have on occasion. I've written the below patch which allows individual entropy stores to be flagged as desiring a continuous test to be run on them as is extracted. By default this option is off, but is enabled in the event that fips mode is selected during bootup. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Acked-by: Matt Mackall <mpm@selenic.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-06-15Merge commit 'linus/master' into HEADVegard Nossum10-233/+1149
Conflicts: MAINTAINERS Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
2009-06-15crypto: don't track xor test pages with kmemcheckVegard Nossum1-1/+6
The xor tests are run on uninitialized data, because it is doesn't really matter what the underlying data is. Annotate this false- positive warning. Acked-by: Pekka Enberg <penberg@cs.helsinki.fi> Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
2009-06-03async_xor: permit callers to pass in a 'dma/page scribble' regionDan Williams1-31/+29
async_xor() needs space to perform dma and page address conversions. In most cases the code can simply reuse the struct page * array because the size of the native pointer matches the size of a dma/page address. In order to support archs where sizeof(dma_addr_t) is larger than sizeof(struct page *), or to preserve the input parameters, we utilize a memory region passed in by the caller. Since the code is now prepared to handle the case where it cannot perform address conversions on the stack, we no longer need the !HIGHMEM64G dependency in drivers/dma/Kconfig. [ Impact: don't clobber input buffers for address conversions ] Reviewed-by: Andre Noll <maan@systemlinux.org> Acked-by: Maciej Sosnowski <maciej.sosnowski@intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
2009-06-03async_tx: structify submission arguments, add scribbleDan Williams4-114/+111
Prepare the api for the arrival of a new parameter, 'scribble'. This will allow callers to identify scratchpad memory for dma address or page address conversions. As this adds yet another parameter, take this opportunity to convert the common submission parameters (flags, dependency, callback, and callback argument) into an object that is passed by reference. Also, take this opportunity to fix up the kerneldoc and add notes about the relevant ASYNC_TX_* flags for each routine. [ Impact: moves api pass-by-value parameters to a pass-by-reference struct ] Signed-off-by: Andre Noll <maan@systemlinux.org> Acked-by: Maciej Sosnowski <maciej.sosnowski@intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
2009-06-03async_tx: kill ASYNC_TX_DEP_ACK flagDan Williams4-8/+6
In support of inter-channel chaining async_tx utilizes an ack flag to gate whether a dependent operation can be chained to another. While the flag is not set the chain can be considered open for appending. Setting the ack flag closes the chain and flags the descriptor for garbage collection. The ASYNC_TX_DEP_ACK flag essentially means "close the chain after adding this dependency". Since each operation can only have one child the api now implicitly sets the ack flag at dependency submission time. This removes an unnecessary management burden from clients of the api. [ Impact: clean up and enforce one dependency per operation ] Reviewed-by: Andre Noll <maan@systemlinux.org> Acked-by: Maciej Sosnowski <maciej.sosnowski@intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com>