1. 22 Jun, 2015 8 commits
    • Herbert Xu's avatar
      crypto: echainiv - Only hold RNG during initialisation · 9fcc704d
      Herbert Xu authored
      
      
      This patch changes the RNG allocation so that we only hold a
      reference to the RNG during initialisation.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      9fcc704d
    • Herbert Xu's avatar
      crypto: seqiv - Add compatibility support without RNG · eeee12aa
      Herbert Xu authored
      
      
      When seqiv is used in compatibility mode, this patch allows it
      to function even when an RNG Is not available.  It also changes
      the RNG allocation for the new explicit seqiv interface so that
      we only hold a reference to the RNG during initialisation.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      eeee12aa
    • Herbert Xu's avatar
      crypto: eseqiv - Offer normal cipher functionality without RNG · 055906d1
      Herbert Xu authored
      
      
      The RNG may not be available during early boot, e.g., the relevant
      modules may not be included in the initramfs.  As the RNG Is only
      needed for IPsec, we should not let this prevent use of ciphers
      without IV generators, e.g., for disk encryption.
      
      This patch postpones the RNG allocation to the init function so
      that one failure during early boot does not make the RNG unavailable
      for all subsequent users of the same cipher.
      
      More importantly, it lets the cipher live even if RNG allocation
      fails.  Of course we no longer offer IV generation and which will
      fail with an error if invoked.  But all other cipher capabilities
      will function as usual.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      055906d1
    • Herbert Xu's avatar
      crypto: chainiv - Offer normal cipher functionality without RNG · 341476d6
      Herbert Xu authored
      
      
      The RNG may not be available during early boot, e.g., the relevant
      modules may not be included in the initramfs.  As the RNG Is only
      needed for IPsec, we should not let this prevent use of ciphers
      without IV generators, e.g., for disk encryption.
      
      This patch postpones the RNG allocation to the init function so
      that one failure during early boot does not make the RNG unavailable
      for all subsequent users of the same cipher.
      
      More importantly, it lets the cipher live even if RNG allocation
      fails.  Of course we no longer offer IV generation and which will
      fail with an error if invoked.  But all other cipher capabilities
      will function as usual.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      341476d6
    • Herbert Xu's avatar
      crypto: user - Add CRYPTO_MSG_DELRNG · 9aa867e4
      Herbert Xu authored
      
      
      This patch adds a new crypto_user command that allows the admin to
      delete the crypto system RNG.  Note that this can only be done if
      the RNG is currently not in use.  The next time it is used a new
      system RNG will be allocated.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      9aa867e4
    • Herbert Xu's avatar
      crypto: user - Move cryptouser.h to uapi · d0497524
      Herbert Xu authored
      
      
      The header file cryptouser.h only contains information that is
      exported to user-space.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      d0497524
    • Herbert Xu's avatar
      crypto: rng - Do not free default RNG when it becomes unused · 7cecadb7
      Herbert Xu authored
      
      
      Currently we free the default RNG when its use count hits zero.
      This was OK when the IV generators would latch onto the RNG at
      instance creation time and keep it until the instance is torn
      down.
      
      Now that IV generators only keep the RNG reference during init
      time this scheme causes the default RNG to come and go at a high
      frequencey.  This is highly undesirable as we want to keep a single
      RNG in use unless the admin wants it to be removed.
      
      This patch changes the scheme so that the system RNG once allocated
      is never removed unless a specifically requested.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      7cecadb7
    • Herbert Xu's avatar
      crypto: skcipher - Allow givencrypt to be NULL · 21dbd96f
      Herbert Xu authored
      
      
      Currently for skcipher IV generators they must provide givencrypt
      as that is the whole point.  We are currently replacing skcipher
      IV generators with explicit IV generators.  In order to maintain
      backwards compatibility, we need to allow the IV generators to
      still function as a normal skcipher when the RNG Is not present
      (e.g., in the initramfs during boot).  IOW everything but givencrypt
      and givdecrypt will still work but those two will fail.
      
      Therefore this patch assigns a default givencrypt that simply
      returns an error should it be NULL.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      21dbd96f
  2. 21 Jun, 2015 4 commits
  3. 19 Jun, 2015 21 commits
  4. 18 Jun, 2015 4 commits
  5. 17 Jun, 2015 3 commits