Age | Commit message (Collapse) | Author | Files | Lines |
|
The RNG may not be available during early boot, e.g., the relevant
modules may not be included in the initramfs. As the RNG Is only
needed for IPsec, we should not let this prevent use of ciphers
without IV generators, e.g., for disk encryption.
This patch postpones the RNG allocation to the init function so
that one failure during early boot does not make the RNG unavailable
for all subsequent users of the same cipher.
More importantly, it lets the cipher live even if RNG allocation
fails. Of course we no longer offer IV generation and which will
fail with an error if invoked. But all other cipher capabilities
will function as usual.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
This patch adds a new crypto_user command that allows the admin to
delete the crypto system RNG. Note that this can only be done if
the RNG is currently not in use. The next time it is used a new
system RNG will be allocated.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
The header file cryptouser.h only contains information that is
exported to user-space.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
Currently we free the default RNG when its use count hits zero.
This was OK when the IV generators would latch onto the RNG at
instance creation time and keep it until the instance is torn
down.
Now that IV generators only keep the RNG reference during init
time this scheme causes the default RNG to come and go at a high
frequencey. This is highly undesirable as we want to keep a single
RNG in use unless the admin wants it to be removed.
This patch changes the scheme so that the system RNG once allocated
is never removed unless a specifically requested.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
Currently for skcipher IV generators they must provide givencrypt
as that is the whole point. We are currently replacing skcipher
IV generators with explicit IV generators. In order to maintain
backwards compatibility, we need to allow the IV generators to
still function as a normal skcipher when the RNG Is not present
(e.g., in the initramfs during boot). IOW everything but givencrypt
and givdecrypt will still work but those two will fail.
Therefore this patch assigns a default givencrypt that simply
returns an error should it be NULL.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
clk_prepare_enable() may fail, so we should better check its return value
and propagate it in the case of error.
Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
Should be CRYPTO_AKCIPHER instead of AKCIPHER
Reported-by: Andreas Ruprecht <andreas.ruprecht@fau.de>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
The picoXcell hardware crypto accelerator driver was using an
older version of the clk framework, and not (un)preparing the
clock before enabling/disabling it. This change uses the handy
clk_prepare_enable function to interact with the current clk
framework correctly.
Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
The nx driver reads two crucial paramters from the firmware for
each crypto algorithm, the maximum SG list length and byte limit.
Unfortunately those two parameters may be bogus, or worse they
may be absent altogether. When this happens the algorithms will
still register successfully but will fail when used or tested.
This patch adds checks to report any firmware entries which are
found to be bogus, and avoid registering algorithms which have
bogus parameters. A warning is also printed when an algorithm
is not registered because of this as there may have been no firmware
entries for it at all.
Reported-by: Ondrej Moriš <omoris@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|