1. 21 Oct, 2011 23 commits
  2. 20 Oct, 2011 1 commit
  3. 22 Sep, 2011 5 commits
  4. 20 Aug, 2011 1 commit
  5. 16 Aug, 2011 1 commit
    • Herbert Xu's avatar
      crypto: sha - Fix build error due to crypto_sha1_update · 4619b6bd
      Herbert Xu authored
      On Tue, Aug 16, 2011 at 03:22:34PM +1000, Stephen Rothwell wrote:
      >
      > After merging the final tree, today's linux-next build (powerpc
      > allyesconfig) produced this warning:
      >
      > In file included from security/integrity/ima/../integrity.h:16:0,
      >                  from security/integrity/ima/ima.h:27,
      >                  from security/integrity/ima/ima_policy.c:20:
      > include/crypto/sha.h:86:10: warning: 'struct shash_desc' declared inside parameter list
      > include/crypto/sha.h:86:10: warning: its scope is only this definition or declaration, which is probably not what you want
      >
      > Introduced by commit 7c390170 ("crypto: sha1 - export sha1_update for
      > reuse").  I guess you need to include crypto/hash.h in crypto/sha.h.
      
      This patch fixes this by providing a declaration for struct shash_desc.
      Reported-by: default avatarStephen Rothwell <sfr@canb.auug.org.au>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      4619b6bd
  6. 15 Aug, 2011 1 commit
  7. 10 Aug, 2011 6 commits
    • Mathias Krause's avatar
      crypto: sha1 - SSSE3 based SHA1 implementation for x86-64 · 66be8951
      Mathias Krause authored
      This is an assembler implementation of the SHA1 algorithm using the
      Supplemental SSE3 (SSSE3) instructions or, when available, the
      Advanced Vector Extensions (AVX).
      
      Testing with the tcrypt module shows the raw hash performance is up to
      2.3 times faster than the C implementation, using 8k data blocks on a
      Core 2 Duo T5500. For the smalest data set (16 byte) it is still 25%
      faster.
      
      Since this implementation uses SSE/YMM registers it cannot safely be
      used in every situation, e.g. while an IRQ interrupts a kernel thread.
      The implementation falls back to the generic SHA1 variant, if using
      the SSE/YMM registers is not possible.
      
      With this algorithm I was able to increase the throughput of a single
      IPsec link from 344 Mbit/s to 464 Mbit/s on a Core 2 Quad CPU using
      the SSSE3 variant -- a speedup of +34.8%.
      
      Saving and restoring SSE/YMM state might make the actual throughput
      fluctuate when there are FPU intensive userland applications running.
      For example, meassuring the performance using iperf2 directly on the
      machine under test gives wobbling numbers because iperf2 uses the FPU
      for each packet to check if the reporting interval has expired (in the
      above test I got min/max/avg: 402/484/464 MBit/s).
      
      Using this algorithm on a IPsec gateway gives much more reasonable and
      stable numbers, albeit not as high as in the directly connected case.
      Here is the result from an RFC 2544 test run with a EXFO Packet Blazer
      FTB-8510:
      
       frame size    sha1-generic     sha1-ssse3    delta
          64 byte     37.5 MBit/s    37.5 MBit/s     0.0%
         128 byte     56.3 MBit/s    62.5 MBit/s   +11.0%
         256 byte     87.5 MBit/s   100.0 MBit/s   +14.3%
         512 byte    131.3 MBit/s   150.0 MBit/s   +14.2%
        1024 byte    162.5 MBit/s   193.8 MBit/s   +19.3%
        1280 byte    175.0 MBit/s   212.5 MBit/s   +21.4%
        1420 byte    175.0 MBit/s   218.7 MBit/s   +25.0%
        1518 byte    150.0 MBit/s   181.2 MBit/s   +20.8%
      
      The throughput for the largest frame size is lower than for the
      previous size because the IP packets need to be fragmented in this
      case to make there way through the IPsec tunnel.
      Signed-off-by: default avatarMathias Krause <minipli@googlemail.com>
      Cc: Maxim Locktyukhin <maxim.locktyukhin@intel.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      66be8951
    • Mathias Krause's avatar
      crypto: sha1 - export sha1_update for reuse · 7c390170
      Mathias Krause authored
      Export the update function as crypto_sha1_update() to not have the need
      to reimplement the same algorithm for each SHA-1 implementation. This
      way the generic SHA-1 implementation can be used as fallback for other
      implementations that fail to run under certain circumstances, like the
      need for an FPU context while executing in IRQ context.
      Signed-off-by: default avatarMathias Krause <minipli@googlemail.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      7c390170
    • Jamie Iles's avatar
      crypto: picoxcell - fix possible invalid pointer dereference · b64dc04b
      Jamie Iles authored
      The completion callback will free the request so we must remove it from
      the completion list before calling the callback.
      
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarJamie Iles <jamie@jamieiles.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      b64dc04b
    • Jamie Iles's avatar
      crypto: picoxcell - support for device tree matching · 30343ef1
      Jamie Iles authored
      Allow the crypto engines to be matched from device tree bindings.
      
      Cc: devicetree-discuss@lists.ozlabs.org
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarJamie Iles <jamie@jamieiles.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      30343ef1
    • Jamie Iles's avatar
      crypto: picoxcell - add connection ID to the clock name · 4efae8c9
      Jamie Iles authored
      For using the device tree probing we use a connection ID for the
      clk_get() operation.
      
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarJamie Iles <jamie@jamieiles.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      4efae8c9
    • Jamie Iles's avatar
      crypto: picoxcell - convert to platform ID table · c3f4200f
      Jamie Iles authored
      Use a platform ID table and a single platform_driver.  It's neater and
      makes the device tree addition easier and more consistent.  Rename the
      match values to be inline with what they'll be in the device tree
      bindings.  There aren't any current in-tree users of the existing device
      names.
      
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarJamie Iles <jamie@jamieiles.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      c3f4200f
  8. 03 Aug, 2011 1 commit
    • Jonathan Nieder's avatar
      crypto: padlock-aes - Make module loading even quieter when hardware is missing · c39cc377
      Jonathan Nieder authored
      When loading aes via the module alias, a padlock module failing to
      load due to missing hardware is not particularly notable.  With
      v2.6.27-rc1~1107^2~14 (crypto: padlock - Make module loading quieter
      when hardware isn't available, 2008-07-03), the padlock-aes module
      suppresses the relevant messages when the "quiet" flag is in use; but
      better to suppress this particular message completely, since the
      administrator can already distinguish such errors by the absence of a
      message indicating initialization failing or succeeding.
      
      This avoids occasional messages in syslog of the form
      
      	padlock_aes: VIA PadLock not detected.
      Signed-off-by: default avatarJonathan Nieder <jrnieder@gmail.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      c39cc377
  9. 02 Aug, 2011 1 commit