crypto ahash error handling

Hello, When using crypto ahash API, is it necessary/mandatory to call crypto_ahash_final() if crypto_ahash_update() returns error... Basically it might happen after several calls while calculating hash if HW error happens. It is not possible to continue hash calculation. it is necessary to reset

Re: [PATCH 4/4] crypto: algif_skcipher - User-space interface for skcipher operations

Hmm, can you show me your test program and how you determined that it was leaking pages? The test program below runs 1000 encryptions: # grep nr_free /proc/vmstat nr_free_pages 11031 # ./test ... # grep nr_free /proc/vmstat nr_free_pages 10026 # ./test ... # grep nr_free /proc/vmstat

[PATCH v1.2 1/4] lib: hex2bin converts ascii hexadecimal string to binary

Similar to the kgdb_hex2mem() code, hex2bin converts a string to binary using the hex_to_bin() library call. Signed-off-by: Mimi Zohar zo...@us.ibm.com Acked-by: Serge E. Hallyn se...@hallyn.com --- include/linux/kernel.h |1 + lib/hexdump.c | 16 2 files changed,

[PATCH v1.2 0/4] keys: trusted and encrypted keys

The major change, since the previous posting, are serveral new trusted-key options (migratable, pcrlock, keyhandle, keyauth, blobauth), described below, based on suggestions by Jason Gunthorpe. By default, trusted keys work as previously described. Trusted and Encrypted Keys are two new key

[PATCH v1.2 3/4] keys: add new trusted key-type

Defines a new kernel key-type called 'trusted'. Trusted keys are random number symmetric keys, generated and RSA-sealed by the TPM. The TPM only unseals the keys, if the boot PCRs and other criteria match. Userspace can only ever see encrypted blobs. Based on suggestions by Jason Gunthorpe,

[PATCH v1.2 2/4] key: add tpm_send command

Add internal kernel tpm_send() command used to seal/unseal keys. Signed-off-by: David Safford saff...@watson.ibm.com Reviewd-by: Mimi Zohar zo...@watson.ibm.com Acked-by: Rajiv Andrade sra...@linux.vnet.ibm.com Acked-by: Serge E. Hallyn se...@hallyn.com --- drivers/char/tpm/tpm.c | 17

[PATCH v1.2 4/4] keys: add new key-type encrypted

Defines a new kernel key-type called 'encrypted'. Encrypted keys are kernel generated random numbers, which are encrypted/decrypted with a 'trusted' symmetric key. Encrypted keys are created/encrypted/decrypted in the kernel. Userspace only ever sees/stores encrypted blobs. Changelog: - allocate

Re: [PATCH v1.2 3/4] keys: add new trusted key-type

On Mon, Nov 08, 2010 at 10:30:45AM -0500, Mimi Zohar wrote: pcrlock=nextends the designated PCR 'n' with a random value, so that a key sealed to that PCR may not be unsealed again until after a reboot. Nice, but this seems very strange to me, since it has nothing

Re: [PATCH v1.2 3/4] keys: add new trusted key-type

On Mon, 2010-11-08 at 10:09 -0700, Jason Gunthorpe wrote: On Mon, Nov 08, 2010 at 10:30:45AM -0500, Mimi Zohar wrote: pcrlock=nextends the designated PCR 'n' with a random value, so that a key sealed to that PCR may not be unsealed again until after a reboot.

Re: [PATCH v1.2 3/4] keys: add new trusted key-type

On Mon, Nov 08, 2010 at 01:18:33PM -0500, David Safford wrote: This is strictly for convenience in initramfs, so that the trusted key can be loaded and locked in a single command, with no need for an additional application to extend a PCR. As the the TPM driver already has support for