Eric Lee / smarc-fsl-linux-kernel

26 Jul, 2019

1 commit

  • 9552389c4   crypto: fips - add FIPS test failure notification chain ... Browse Code »

    Crypto test failures in FIPS mode cause an immediate panic, but
    on some system the cryptographic boundary extends beyond just
    the Linux controlled domain.

    Add a simple atomic notification chain to allow interested parties
    to register to receive notification prior to us kicking the bucket.

    Signed-off-by: Gilad Ben-Yossef
    Signed-off-by: Herbert Xu

    Gilad Ben-Yossef
     

31 May, 2019

1 commit

  • 2874c5fd2   treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 ... Browse Code »

    Based on 1 normalized pattern(s):

    this program is free software you can redistribute it and or modify
    it under the terms of the gnu general public license as published by
    the free software foundation either version 2 of the license or at
    your option any later version

    extracted by the scancode license scanner the SPDX license identifier

    GPL-2.0-or-later

    has been chosen to replace the boilerplate/reference in 3029 file(s).

    Signed-off-by: Thomas Gleixner
    Reviewed-by: Allison Randal
    Cc: linux-spdx@vger.kernel.org
    Link: https://lkml.kernel.org/r/20190527070032.746973796@linutronix.de
    Signed-off-by: Greg Kroah-Hartman

    Thomas Gleixner
     

18 Apr, 2019

1 commit

  • c4741b230   crypto: run initcalls for generic implementations earlier ... Browse Code »

    Use subsys_initcall for registration of all templates and generic
    algorithm implementations, rather than module_init. Then change
    cryptomgr to use arch_initcall, to place it before the subsys_initcalls.

    This is needed so that when both a generic and optimized implementation
    of an algorithm are built into the kernel (not loadable modules), the
    generic implementation is registered before the optimized one.
    Otherwise, the self-tests for the optimized implementation are unable to
    allocate the generic implementation for the new comparison fuzz tests.

    Note that on arm, a side effect of this change is that self-tests for
    generic implementations may run before the unaligned access handler has
    been installed. So, unaligned accesses will crash the kernel. This is
    arguably a good thing as it makes it easier to detect that type of bug.

    Signed-off-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Eric Biggers
     

23 Apr, 2015

2 commits

  • 94072cb20   crypto: fips - Move fips_enabled sysctl into fips.c ... Browse Code »

    There is currently a large ifdef FIPS code section in proc.c.
    Ostensibly it's there because the fips_enabled sysctl sits under
    /proc/sys/crypto. However, no other crypto sysctls exist.

    In fact, the whole ethos of the crypto API is against such user
    interfaces so this patch moves all the FIPS sysctl code over to
    fips.c.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • 76450f93f   crypto: fips - Remove bogus inclusion of internal.h ... Browse Code »

    The header file internal.h is only meant for internal crypto API
    implementors such as rng.c. So fips has no business in including
    it.

    This patch removes that inclusions and instead adds inclusions of
    the actual features used by fips.

    Signed-off-by: Herbert Xu

    Herbert Xu
     

29 Aug, 2008

1 commit

  • ccb778e18   crypto: api - Add fips_enable flag ... Browse Code »

    Add the ability to turn FIPS-compliant mode on or off at boot

    In order to be FIPS compliant, several check may need to be preformed that may
    be construed as unusefull in a non-compliant mode. This patch allows us to set
    a kernel flag incating that we are running in a fips-compliant mode from boot
    up. It also exports that mode information to user space via a sysctl
    (/proc/sys/crypto/fips_enabled).

    Tested successfully by me.

    Signed-off-by: Neil Horman
    Signed-off-by: Herbert Xu

    Neil Horman