Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v3.0.61 2010-03-10T10:24:46Z 2010-03-10T10:24:46Z Richard Hartmann richih.mailinglist@gmail.com 2010-03-10T10:24:46Z urn:sha1:269ab459da46ae37979a0d16307d1fcaa05600b2 Signed-off-by: Richard Hartmann <richih.mailinglist@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2009-07-14T10:45:45Z Herbert Xu herbert@gondor.apana.org.au 2009-07-14T10:45:45Z urn:sha1:9cd899a32f611eb6328014f1d9e0ba31977812d9 This patch changes cryptd to use the template->create function instead of alloc in anticipation for the switch to new style ahash algorithms. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2009-07-14T04:58:07Z Herbert Xu herbert@gondor.apana.org.au 2009-07-12T05:58:04Z urn:sha1:6941c3a0aabb6ad4167827360f384e9daed7dd7f This patch removes the implementation of hash and digest now that no algorithms use them anymore. The interface though will remain until the users are converted across. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2009-07-08T10:58:29Z Herbert Xu herbert@gondor.apana.org.au 2009-07-08T09:53:16Z urn:sha1:d06854f0243d91badabaab14503f7f3bb770061d This patch adds the helper crypto_attr_alg2 which is similar to crypto_attr_alg but takes an extra frontend argument. This is intended to be used by new style algorithm types such as shash. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2009-06-18T11:50:21Z Neil Horman nhorman@tuxdriver.com 2009-06-18T11:50:21Z urn:sha1:5b739ef8a4e8cf5201d21abff897e292c232477b FIPS-140 requires that all random number generators implement continuous self tests in which each extracted block of data is compared against the last block for repetition. The ansi_cprng implements such a test, but it would be nice if the hw rng's did the same thing. Obviously its not something thats always needed, but it seems like it would be a nice feature to have on occasion. I've written the below patch which allows individual entropy stores to be flagged as desiring a continuous test to be run on them as is extracted. By default this option is off, but is enabled in the event that fips mode is selected during bootup. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Acked-by: Matt Mackall <mpm@selenic.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2009-06-02T04:04:45Z Herbert Xu herbert@gondor.apana.org.au 2009-05-06T06:15:47Z urn:sha1:f8b0d4d09dc9d0a73fcdcf6c2724650529ec417d We currently allocate temporary memory that is used for testing statically. This renders the testing engine non-reentrant. As algorithms may nest, i.e., one may construct another in order to carry out a part of its operation, this is unacceptable. For example, it has been reported that an AEAD implementation allocates a cipher in its setkey function, which causes it to fail during testing as the temporary memory is overwritten. This patch replaces the static memory with dynamically allocated buffers. We need a maximum of 16 pages so this slightly increases the chances of an algorithm failing due to memory shortage. However, as testing usually occurs at registration, this shouldn't be a big problem. Reported-by: Shasi Pulijala <spulijala@amcc.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2009-02-18T08:56:59Z Herbert Xu herbert@gondor.apana.org.au 2009-02-18T08:56:59Z urn:sha1:3f683d6175748ef9daf4698d9ef5a488dd037063 This is based on a report and patch by Geert Uytterhoeven. The functions crypto_alloc_tfm and create_create_tfm return a pointer that needs to be adjusted by the caller when successful and otherwise an error value. This means that the caller has to check for the error and only perform the adjustment if the pointer returned is valid. Since all callers want to make the adjustment and we know how to adjust it ourselves, it's much easier to just return adjusted pointer directly. The only caveat is that we have to return a void * instead of struct crypto_tfm *. However, this isn't that bad because both of these functions are for internal use only (by types code like shash.c, not even algorithms code). This patch also moves crypto_alloc_tfm into crypto/internal.h (crypto_create_tfm is already there) to reflect this. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2008-12-25T00:01:24Z Herbert Xu herbert@gondor.apana.org.au 2008-09-20T21:52:53Z urn:sha1:7b0bac64cd5b74d6f1147524c26216de13a501fd This patch reintroduces a completely revamped crypto_alloc_tfm. The biggest change is that we now take two crypto_type objects when allocating a tfm, a frontend and a backend. In fact this simply formalises what we've been doing behind the API's back. For example, as it stands crypto_alloc_ahash may use an actual ahash algorithm or a crypto_hash algorithm. Putting this in the API allows us to do this much more cleanly. The existing types will be converted across gradually. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2008-08-29T05:50:02Z Neil Horman nhorman@tuxdriver.com 2008-08-05T06:13:08Z urn:sha1:ccb778e1841ce04b4c10b39f0dd2558ab2c6dcd4 Add the ability to turn FIPS-compliant mode on or off at boot In order to be FIPS compliant, several check may need to be preformed that may be construed as unusefull in a non-compliant mode. This patch allows us to set a kernel flag incating that we are running in a fips-compliant mode from boot up. It also exports that mode information to user space via a sysctl (/proc/sys/crypto/fips_enabled). Tested successfully by me. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2008-08-29T05:49:57Z Herbert Xu herbert@gondor.apana.org.au 2008-08-03T13:15:23Z urn:sha1:73d3864a4823abda19ebc4387b6ddcbf416e3a77 This patch makes use of the new testing infrastructure by requiring algorithms to pass a run-time test before they're made available to users. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>