Discussion:
Crypto Update for 2.6.29
Herbert Xu
2008-12-25 00:17:24 UTC
Permalink
Hi Linus:

Here is the crypto update for 2.6.29:

The main change is the introduction of the shash algorithm type.
It's meant to replace the existing hash type as the main interface
for synchronous hash operations. Its key feature is support for
simultaneous operations on a single tfm where previously multiple
tfm objects had to be allocated. A large chunk of the changes
here are simply conversions of existing hash algorithms to use
the new interface. In particular, the crc32c algorithm has been
converted, which means that the libcrc32c interface can now use
the crypto interface, giving it access to Intel's new CRC32C
instruction.

Apart from that there is the usual collection of bug fixes and
updates to algorithms and drivers.

Adrian-Ken Rueegsegger (10):
libcrc32c: Fix "crc32c undefined" compilation error
crypto: sha1 - Switch to shash
crypto: md4 - Switch to shash
crypto: md5 - Switch to shash
crypto: sha256 - Switch to shash
crypto: tgr192 - Switch to shash
crypto: wp512 - Switch to shash
crypto: michael_mic - Switch to shash
crypto: sha512 - Move message schedule W[80] to static percpu area
crypto: sha512 - Switch to shash

Evgeniy Polyakov (3):
crypto: hifn - Disable driver when physical size exceeds 32 bits
crypto: hifn_795x - Fix queue management
crypto: hifn_795x - Use softirq kernel mapping in bh context

Geert Uytterhoeven (2):
crypto: testmgr - Validate output length in (de)compression tests
crypto: testmgr - Correct comment about deflate parameters

Harvey Harrison (3):
crypto: camellia - use kernel-provided bitops, unaligned access
crypto: remove uses of __constant_{endian} helpers
crypto: salsa20 - Remove private wrappers around various operations

Herbert Xu (21):
crypto: padlock - Avoid resetting cword on successive operations
crypto: api - Move type exit function into crypto_tfm
crypto: api - Rebirth of crypto_alloc_tfm
crypto: hash - Add shash interface
crypto: hash - Export shash through ahash
crypto: hash - Add import/export interface
crypto: api - Call type show function before legacy for proc
crypto: hash - Export shash through hash
crypto: crc32c - Switch to shash
crypto: crc32c-intel - Switch to shash
crypto: crc32c - Test descriptor context format
libcrc32c: Move implementation to crypto crc32c
libcrc32c: Add crc32c_le macro
libcrc32c: Select CRYPTO in Kconfig
crypto: hash - Make setkey optional
crypto: null - Switch to shash
crypto: rmd128 - Switch to shash
crypto: rmd160 - Switch to shash
crypto: rmd256 - Switch to shash
crypto: rmd320 - Switch to shash
crypto: aes - Precompute tables

Ingo Molnar (1):
crypto: testmgr - Fix error flow of test_comp

Jarod Wilson (3):
crypto: ansi_cprng - Avoid incorrect extra call to _get_more_prng_bytes
crypto: ansi_cprng - fix inverted DT increment routine
crypto: des3_ede - permit weak keys unless REQ_WEAK_KEY set

Julia Lawall (1):
crypto: md4 - Use ARRAY_SIZE

Kent Liu (1):
crypto: crc32c-intel - Update copyright head

Kim Phillips (2):
crypto: talitos - Pass correct interrupt status to error handler
crypto: talitos - Perform auth check in h/w if on sec 2.1 and above

Lee Nipper (2):
crypto: talitos - Implement done interrupt mitigation
crypto: talitos - Ack done interrupt in isr instead of tasklet

Neil Horman (2):
crypto: testmgr - Trigger a panic when self test fails in FIPS mode
crypto: ansi_cprng - Allow resetting of DT value

Patrick McHardy (5):
crypto: hifn_795x - Fix DMA setup
crypto: hifn_795x - Don't copy src sg list
crypto: hifn_795x - Fix request context corruption
crypto: hifn_795x - Fix queue processing
crypto: hifn_795x - Remove some unused cruft

Vishnu Suresh (1):
crypto: talitos - Preempt overflow interrupts off-by-one fix

arch/x86/crypto/crc32c-intel.c | 121 +++---
crypto/Kconfig | 29 +-
crypto/Makefile | 1 +
crypto/aes_generic.c | 1145 ++++++++++++++++++++++++++++++++++++----
crypto/ahash.c | 38 ++-
crypto/ansi_cprng.c | 35 +-
crypto/api.c | 121 ++++-
crypto/authenc.c | 3 +
crypto/camellia.c | 84 ++--
crypto/crc32c.c | 290 ++++++-----
crypto/crypto_null.c | 64 ++-
crypto/des_generic.c | 5 +-
crypto/fcrypt.c | 8 +-
crypto/hmac.c | 10 +-
crypto/internal.h | 2 +
crypto/md4.c | 56 ++-
crypto/md5.c | 50 +-
crypto/michael_mic.c | 72 ++--
crypto/proc.c | 20 +-
crypto/rmd128.c | 61 ++-
crypto/rmd160.c | 61 ++-
crypto/rmd256.c | 61 ++-
crypto/rmd320.c | 61 ++-
crypto/salsa20_generic.c | 75 ++--
crypto/sha1_generic.c | 56 ++-
crypto/sha256_generic.c | 104 ++--
crypto/sha512_generic.c | 127 +++---
crypto/shash.c | 508 ++++++++++++++++++
crypto/testmgr.c | 76 +++-
crypto/testmgr.h | 2 +-
crypto/tgr192.c | 135 +++---
crypto/wp512.c | 121 +++--
drivers/crypto/hifn_795x.c | 494 ++++++++---------
drivers/crypto/padlock-aes.c | 52 ++-
drivers/crypto/talitos.c | 153 ++++--
drivers/crypto/talitos.h | 85 ++--
include/crypto/aes.h | 8 +-
include/crypto/algapi.h | 16 +-
include/crypto/hash.h | 125 +++++
include/crypto/internal/hash.h | 16 +-
include/linux/crc32c.h | 6 +-
include/linux/crypto.h | 10 +-
lib/Kconfig | 2 +
lib/libcrc32c.c | 182 ++------
44 files changed, 3331 insertions(+), 1420 deletions(-)
create mode 100644 crypto/shash.c

Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Herbert Xu
2008-12-25 00:20:20 UTC
Permalink
Hi Linus:

Here is the crypto update for 2.6.29:

The main change is the introduction of the shash algorithm type.
It's meant to replace the existing hash type as the main interface
for synchronous hash operations. Its key feature is support for
simultaneous operations on a single tfm where previously multiple
tfm objects had to be allocated. A large chunk of the changes
here are simply conversions of existing hash algorithms to use
the new interface. In particular, the crc32c algorithm has been
converted, which means that the libcrc32c interface can now use
the crypto interface, giving it access to Intel's new CRC32C
instruction.

Apart from that there is the usual collection of bug fixes and
updates to algorithms and drivers.

Now with the pull location :)

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Adrian-Ken Rueegsegger (10):
libcrc32c: Fix "crc32c undefined" compilation error
crypto: sha1 - Switch to shash
crypto: md4 - Switch to shash
crypto: md5 - Switch to shash
crypto: sha256 - Switch to shash
crypto: tgr192 - Switch to shash
crypto: wp512 - Switch to shash
crypto: michael_mic - Switch to shash
crypto: sha512 - Move message schedule W[80] to static percpu area
crypto: sha512 - Switch to shash

Evgeniy Polyakov (3):
crypto: hifn - Disable driver when physical size exceeds 32 bits
crypto: hifn_795x - Fix queue management
crypto: hifn_795x - Use softirq kernel mapping in bh context

Geert Uytterhoeven (2):
crypto: testmgr - Validate output length in (de)compression tests
crypto: testmgr - Correct comment about deflate parameters

Harvey Harrison (3):
crypto: camellia - use kernel-provided bitops, unaligned access
crypto: remove uses of __constant_{endian} helpers
crypto: salsa20 - Remove private wrappers around various operations

Herbert Xu (21):
crypto: padlock - Avoid resetting cword on successive operations
crypto: api - Move type exit function into crypto_tfm
crypto: api - Rebirth of crypto_alloc_tfm
crypto: hash - Add shash interface
crypto: hash - Export shash through ahash
crypto: hash - Add import/export interface
crypto: api - Call type show function before legacy for proc
crypto: hash - Export shash through hash
crypto: crc32c - Switch to shash
crypto: crc32c-intel - Switch to shash
crypto: crc32c - Test descriptor context format
libcrc32c: Move implementation to crypto crc32c
libcrc32c: Add crc32c_le macro
libcrc32c: Select CRYPTO in Kconfig
crypto: hash - Make setkey optional
crypto: null - Switch to shash
crypto: rmd128 - Switch to shash
crypto: rmd160 - Switch to shash
crypto: rmd256 - Switch to shash
crypto: rmd320 - Switch to shash
crypto: aes - Precompute tables

Ingo Molnar (1):
crypto: testmgr - Fix error flow of test_comp

Jarod Wilson (3):
crypto: ansi_cprng - Avoid incorrect extra call to _get_more_prng_bytes
crypto: ansi_cprng - fix inverted DT increment routine
crypto: des3_ede - permit weak keys unless REQ_WEAK_KEY set

Julia Lawall (1):
crypto: md4 - Use ARRAY_SIZE

Kent Liu (1):
crypto: crc32c-intel - Update copyright head

Kim Phillips (2):
crypto: talitos - Pass correct interrupt status to error handler
crypto: talitos - Perform auth check in h/w if on sec 2.1 and above

Lee Nipper (2):
crypto: talitos - Implement done interrupt mitigation
crypto: talitos - Ack done interrupt in isr instead of tasklet

Neil Horman (2):
crypto: testmgr - Trigger a panic when self test fails in FIPS mode
crypto: ansi_cprng - Allow resetting of DT value

Patrick McHardy (5):
crypto: hifn_795x - Fix DMA setup
crypto: hifn_795x - Don't copy src sg list
crypto: hifn_795x - Fix request context corruption
crypto: hifn_795x - Fix queue processing
crypto: hifn_795x - Remove some unused cruft

Vishnu Suresh (1):
crypto: talitos - Preempt overflow interrupts off-by-one fix

arch/x86/crypto/crc32c-intel.c | 121 +++---
crypto/Kconfig | 29 +-
crypto/Makefile | 1 +
crypto/aes_generic.c | 1145 ++++++++++++++++++++++++++++++++++++----
crypto/ahash.c | 38 ++-
crypto/ansi_cprng.c | 35 +-
crypto/api.c | 121 ++++-
crypto/authenc.c | 3 +
crypto/camellia.c | 84 ++--
crypto/crc32c.c | 290 ++++++-----
crypto/crypto_null.c | 64 ++-
crypto/des_generic.c | 5 +-
crypto/fcrypt.c | 8 +-
crypto/hmac.c | 10 +-
crypto/internal.h | 2 +
crypto/md4.c | 56 ++-
crypto/md5.c | 50 +-
crypto/michael_mic.c | 72 ++--
crypto/proc.c | 20 +-
crypto/rmd128.c | 61 ++-
crypto/rmd160.c | 61 ++-
crypto/rmd256.c | 61 ++-
crypto/rmd320.c | 61 ++-
crypto/salsa20_generic.c | 75 ++--
crypto/sha1_generic.c | 56 ++-
crypto/sha256_generic.c | 104 ++--
crypto/sha512_generic.c | 127 +++---
crypto/shash.c | 508 ++++++++++++++++++
crypto/testmgr.c | 76 +++-
crypto/testmgr.h | 2 +-
crypto/tgr192.c | 135 +++---
crypto/wp512.c | 121 +++--
drivers/crypto/hifn_795x.c | 494 ++++++++---------
drivers/crypto/padlock-aes.c | 52 ++-
drivers/crypto/talitos.c | 153 ++++--
drivers/crypto/talitos.h | 85 ++--
include/crypto/aes.h | 8 +-
include/crypto/algapi.h | 16 +-
include/crypto/hash.h | 125 +++++
include/crypto/internal/hash.h | 16 +-
include/linux/crc32c.h | 6 +-
include/linux/crypto.h | 10 +-
lib/Kconfig | 2 +
lib/libcrc32c.c | 182 ++------
44 files changed, 3331 insertions(+), 1420 deletions(-)
create mode 100644 crypto/shash.c
Post by Herbert Xu
Thanks,
--
Visit Openswan at http://www.openswan.org/
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Herbert Xu
2009-03-24 04:49:32 UTC
Permalink
Hi Linus:

Here is the crypto update for 2.6.30:

* A new compression interface that supports "compress as you go".
- This includes a patch to move nlattr from net into lib.
* Support for the Intel AES instruction.
* More shash algorithm conversions.
* Multithreaded software crypto through cryptd.
* AMCC crypto driver.
* timeriomem RNG driver.
* Random fixes.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Adrian-Ken Rueegsegger (1):
crypto: Fix dead links

Alexander Clouter (1):
hwrng: timeriomem - New driver

Geert Uytterhoeven (5):
netlink: Move netlink attribute parsing support to lib
crypto: compress - Add pcomp interface
crypto: testmgr - Add support for the pcomp interface
crypto: zlib - New zlib crypto module, using pcomp
crypto: testmgr - add zlib test

Heiko Carstens (1):
hwrng: timeriomem - Breaks an allyesconfig build on s390:

Herbert Xu (10):
crypto: shash - Remove superfluous check in init_tfm
crypto: shash - Add crypto_shash_blocksize
crypto: sha-s390 - Switch to shash
crypto: api - crypto_alg_mod_lookup either tested or untested
crypto: api - Fix crypto_alloc_tfm/create_create_tfm return convention
crypto: skcipher - Avoid infinite loop when cipher fails selftest
crypto: aead - Avoid infinite loop when nivaead fails selftest
crypto: testmgr - Test skciphers with no IVs
nlattr: Fix build error with NET off
crypto: sha512-s390 - Add missing block size

Huang Ying (7):
crypto: aes - Move key_length in struct crypto_aes_ctx to be the last field
crypto: aes - Export x86 AES encrypt/decrypt functions
crypto: cryptd - Add support to access underlying blkcipher
crypto: aes-ni - Add support to Intel AES-NI instructions for x86_64 platform
crypto: api - Use dedicated workqueue for crypto subsystem
crypto: cryptd - Per-CPU thread implementation based on kcrypto_wq
crypto: chainiv - Use kcrypto_wq instead of keventd_wq

James Hsiao (1):
crypto: amcc - Add crypt4xx driver

Neil Horman (3):
crypto: ansi_cprng - Force reset on allocation
crypto: ansi_cprng - Panic on CPRNG test failure when in FIPS mode
crypto: ansi_cprng - Add maintainer

MAINTAINERS | 6 +
arch/powerpc/boot/dts/canyonlands.dts | 7 +
arch/powerpc/boot/dts/kilauea.dts | 7 +
arch/s390/crypto/sha.h | 6 +-
arch/s390/crypto/sha1_s390.c | 40 +-
arch/s390/crypto/sha256_s390.c | 40 +-
arch/s390/crypto/sha512_s390.c | 81 +-
arch/s390/crypto/sha_common.c | 20 +-
arch/x86/crypto/Makefile | 3 +
arch/x86/crypto/aes-i586-asm_32.S | 18 +-
arch/x86/crypto/aes-x86_64-asm_64.S | 6 +-
arch/x86/crypto/aes_glue.c | 20 +-
arch/x86/crypto/aesni-intel_asm.S | 896 +++++++++++++++++++++
arch/x86/crypto/aesni-intel_glue.c | 461 +++++++++++
arch/x86/include/asm/aes.h | 11 +
arch/x86/include/asm/cpufeature.h | 1 +
crypto/Kconfig | 44 +
crypto/Makefile | 5 +
crypto/ablkcipher.c | 19 +
crypto/aead.c | 16 +
crypto/algboss.c | 20 +-
crypto/ansi_cprng.c | 17 +-
crypto/api.c | 17 +-
crypto/blkcipher.c | 2 +-
crypto/chainiv.c | 3 +-
crypto/cryptd.c | 237 +++---
crypto/crypto_wq.c | 38 +
crypto/gf128mul.c | 2 +-
crypto/internal.h | 6 +-
crypto/pcompress.c | 97 +++
crypto/sha256_generic.c | 2 +-
crypto/shash.c | 20 +-
crypto/tcrypt.c | 6 +-
crypto/testmgr.c | 198 +++++
crypto/testmgr.h | 147 ++++
crypto/zlib.c | 378 +++++++++
drivers/char/hw_random/Kconfig | 14 +
drivers/char/hw_random/Makefile | 1 +
drivers/char/hw_random/timeriomem-rng.c | 151 ++++
drivers/crypto/Kconfig | 15 +-
drivers/crypto/Makefile | 1 +
drivers/crypto/amcc/Makefile | 2 +
drivers/crypto/amcc/crypto4xx_alg.c | 293 +++++++
drivers/crypto/amcc/crypto4xx_core.c | 1310 +++++++++++++++++++++++++++++++
drivers/crypto/amcc/crypto4xx_core.h | 177 +++++
drivers/crypto/amcc/crypto4xx_reg_def.h | 284 +++++++
drivers/crypto/amcc/crypto4xx_sa.c | 108 +++
drivers/crypto/amcc/crypto4xx_sa.h | 243 ++++++
include/crypto/aes.h | 6 +-
include/crypto/compress.h | 145 ++++
include/crypto/cryptd.h | 27 +
include/crypto/crypto_wq.h | 7 +
include/crypto/hash.h | 5 +
include/crypto/internal/compress.h | 28 +
include/linux/crypto.h | 4 +-
include/linux/timeriomem-rng.h | 21 +
lib/Kconfig | 6 +
lib/Makefile | 2 +
net/netlink/attr.c => lib/nlattr.c | 20 +-
net/Kconfig | 1 +
net/netlink/Makefile | 2 +-
61 files changed, 5506 insertions(+), 264 deletions(-)
create mode 100644 arch/x86/crypto/aesni-intel_asm.S
create mode 100644 arch/x86/crypto/aesni-intel_glue.c
create mode 100644 arch/x86/include/asm/aes.h
create mode 100644 crypto/crypto_wq.c
create mode 100644 crypto/pcompress.c
create mode 100644 crypto/zlib.c
create mode 100644 drivers/char/hw_random/timeriomem-rng.c
create mode 100644 drivers/crypto/amcc/Makefile
create mode 100644 drivers/crypto/amcc/crypto4xx_alg.c
create mode 100644 drivers/crypto/amcc/crypto4xx_core.c
create mode 100644 drivers/crypto/amcc/crypto4xx_core.h
create mode 100644 drivers/crypto/amcc/crypto4xx_reg_def.h
create mode 100644 drivers/crypto/amcc/crypto4xx_sa.c
create mode 100644 drivers/crypto/amcc/crypto4xx_sa.h
create mode 100644 include/crypto/compress.h
create mode 100644 include/crypto/cryptd.h
create mode 100644 include/crypto/crypto_wq.h
create mode 100644 include/crypto/internal/compress.h
create mode 100644 include/linux/timeriomem-rng.h
rename net/netlink/attr.c => lib/nlattr.c (99%)

Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Herbert Xu
2009-04-02 06:14:13 UTC
Permalink
Hi Linus:

This push fixes three bugs/regressions:

* IO address handling fix in timeriomem.
* Crash due to incorrect SG handling in ixp4xx.
* Crypto API (shash) bug that can lead to a CRC32C crash.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Alexander Clouter (1):
hwrng: timeriomem - Use phys address rather than virt

Christian Hohnstaedt (1):
crypto: ixp4xx - Fix handling of chained sg buffers

Yehuda Sadeh (1):
crypto: shash - Fix unaligned calculation with short length

crypto/shash.c | 3 +
drivers/char/hw_random/timeriomem-rng.c | 39 ++++++-
drivers/crypto/ixp4xx_crypto.c | 182 +++++++++++--------------------
include/linux/timeriomem-rng.h | 2 +-
4 files changed, 102 insertions(+), 124 deletions(-)

Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Herbert Xu
2009-05-17 22:28:18 UTC
Permalink
Hi Linus:

This push fixes a few bugs/regressions:

* Check firmware before claiming algorithm support in ixp4xx.
* Fix autoloading of optimised AES modules.
* Fix eseqiv IV generation.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Christian Hohnstaedt (1):
crypto: ixp4xx - check firmware for crypto support

Herbert Xu (2):
crypto: api - Fix algorithm module auto-loading
crypto: padlock - Revert aes-all alias to aes

Steffen Klassert (1):
crypto: eseqiv - Fix IV generation for sync algorithms

crypto/api.c | 3 ++-
crypto/eseqiv.c | 3 ++-
drivers/crypto/ixp4xx_crypto.c | 33 ++++++++++++++++++++++++++++++++-
drivers/crypto/padlock-aes.c | 2 +-
4 files changed, 37 insertions(+), 4 deletions(-)

Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Herbert Xu
2009-05-31 13:12:38 UTC
Permalink
Hi Linus:

This push fixes a regression that triggers with SLAB debugging on,
where the new ahash code fails to handle sg entries that cross page
boundaries which are generated by kmalloc.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Herbert Xu (1):
crypto: hash - Fix handling of sg entry that crosses page boundary

crypto/ahash.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)

Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Herbert Xu
2009-06-13 02:05:12 UTC
Permalink
Hi Linus:

Here is the crypto update for 2.6.31:

* 64-bit VIA crypto/RNG support.
* More operation modes added for Intel AES.
* New test vectors for CCM/CTR/RNG.
* Slight change to the compress API for squashfs.
* Talitos fixes/clean-ups.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Alex Riesen (1):
crypto: api - Use formatting of module name

Alexander Clouter (1):
hwrng: timeriomem - Fix potential oops (request_mem_region/__devi=
nit)

=46rank Seidel (1):
crypto: tcrypt - Reduce stack size

Geert Uytterhoeven (3):
crypto: testmgr - Kill test_comp() sparse warnings
crypto: pcomp - pcompress.c should include crypto/internal/compre=
ss.h
crypto: compress - Return produced bytes in crypto_{,de}compress_=
{update,final}

Harald Welte (3):
hwrng: via_rng - The VIA Hardware RNG driver is for the CPU, not =
Chipset
hwrng: via_rng - Support VIA Nano hardware RNG
hwrng: via_rng - Support VIA Nano hardware RNG on X86_64 builds

Herbert Xu (4):
crypto: padlock - Restore dependency on x86
crypto: testmgr - Dynamically allocate xbuf and axbuf
crypto: testmgr - Check all test vector lengths
crypto: testmgr - Allow hash test vectors longer than a page

Huang Ying (3):
crypto: cryptd - Use nivcipher in cryptd_alloc_ablkcipher
crypto: fpu - Add template for blkcipher touching FPU
crypto: aes-ni - Add support for more modes

Jarod Wilson (10):
crypto: testmgr - Handle AEAD test vectors expected to fail verif=
ication
crypto: testmgr - Add self-tests for rfc4309(ccm(aes))
crypto: testmgr - Add infrastructure for ansi_cprng self-tests
crypto: testmgr - Add ansi_cprng test vectors
crypto: testmgr - Catch base cipher self-test failures in fips mo=
de
crypto: testmgr - Print self-test pass notices in fips mode
crypto: testmgr - Add ctr(aes) test vectors
crypto: testmgr - Mark algs allowed in fips mode
crypto: testmgr - Skip algs not flagged fips_allowed in fips mode
crypto: tcrypt - Do not exit on success in fips mode

Johannes Weiner (1):
crypto: api - Use kzfree

Kim Phillips (3):
crypto: talitos - Whitespace/codingstyle/overrun lines cleanup
crypto: talitos - containerof related codingstyle
crypto: talitos - Avoid unnecessary decrypt check

Lee Nipper (2):
crypto: talitos - scaffolding for new algorithm types
crypto: talitos - Add ablkcipher algorithms

Mike Frysinger (1):
crypto: hifn_795x - fix __dev{init,exit} markings

Sebastian Andrzej Siewior (1):
crypto: padlock - Enable on x86_64

Uwe Kleine-K=F6nig (1):
hwrng: omap - Move probe function to .devinit.text

arch/x86/crypto/Makefile | 2 +
arch/x86/crypto/aesni-intel_glue.c | 267 ++++++++++++-
arch/x86/crypto/fpu.c | 166 +++++++
crypto/Kconfig | 10 +
crypto/algboss.c | 18 +-
crypto/api.c | 14 +-
crypto/cryptd.c | 14 +-
crypto/internal.h | 3 -
crypto/pcompress.c | 1 +
crypto/tcrypt.c | 183 +++++----
crypto/testmgr.c | 470 ++++++++++++++++-----
crypto/testmgr.h | 645 +++++++++++++++++++++++=
+++++-
crypto/zlib.c | 24 +-
drivers/char/hw_random/Kconfig | 2 +-
drivers/char/hw_random/omap-rng.c | 2 +-
drivers/char/hw_random/timeriomem-rng.c | 26 +-
drivers/char/hw_random/via-rng.c | 15 +-
drivers/crypto/Kconfig | 2 +-
drivers/crypto/hifn_795x.c | 8 +-
drivers/crypto/padlock-aes.c | 13 +
drivers/crypto/talitos.c | 713 ++++++++++++++++++++++-=
--------
21 files changed, 2141 insertions(+), 457 deletions(-)
=20
Thanks,
--=20
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto"=
in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Herbert Xu
2009-06-21 14:09:24 UTC
Permalink
Hi Linus:

This push fixes a number of regressions for hardware AES:

* Spurious page faults with AES on Via Nano.
* Fix broken decryption with Intel AES.
* Fix atomic sleep with Intel AES.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Chuck Ebbert (2):
crypto: padlock-aes - work around Nano CPU errata in ECB mode
crypto: padlock-aes - work around Nano CPU errata in CBC mode

Huang Ying (3):
crypto: aes-ni - Fix cbc mode IV saving
crypto: aes-ni - Do not sleep when using the FPU
crypto: aes-ni - Remove CRYPTO_TFM_REQ_MAY_SLEEP from fpu template

arch/x86/crypto/aesni-intel_asm.S | 5 +-
arch/x86/crypto/aesni-intel_glue.c | 4 +
arch/x86/crypto/fpu.c | 4 +-
drivers/crypto/padlock-aes.c | 138 +++++++++++++++++++++++++----------
4 files changed, 107 insertions(+), 44 deletions(-)

Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Herbert Xu
2009-09-02 22:03:27 UTC
Permalink
Hi Linus:

This push fixes a serious regression for IPsec when using the
chainiv algorithm. We were checking for NULL after converting a
pointer that can be NULL to its container, which means that
the NULL pointer check is useless. This would occur when the
chainiv backlog queue is depleted. The result is a crash.

Based on the one report received it does not occur all the time
though, possibly because we only use the backlog when two CPUs
try to push data through a single SA at the same time, which is
rare.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Herbert Xu (1):
crypto: skcipher - Fix skcipher_dequeue_givcrypt NULL test

crypto/algapi.c | 11 +++++++++--
include/crypto/algapi.h | 1 +
include/crypto/internal/skcipher.h | 4 ++--
3 files changed, 12 insertions(+), 4 deletions(-)

Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Herbert Xu
2009-09-10 14:19:05 UTC
Permalink
Hi Linus:

Here is the crypto update for 2.6.32:

* Completed hash algorithm transition to shash.
* Convert IPsec over to lockless ahash interface.
* Split GHASH from GCM.
* Orion5X crypto engine support.
* Minor fixes/updates.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Christian Kujau (1):
crypto: rng - Fix typo

Herbert Xu (75):
crypto: ansi_cprng - Do not select FIPS
crypto: tcrypt - Fix module return code when testing by name
crypto: testmgr - Remove hash size check
crypto: skcipher - Fix request for sync algorithms
crypto: skcipher - Change default sync geniv on SMP to eseqiv
crypto: testmgr - Allow implementation-specific tests
crypto: api - Add new template create function
crypto: api - Add crypto_alloc_instance2
crypto: shash - Add shash_instance
crypto: api - Add new style spawn support
crypto: shash - Add spawn support
crypto: api - Add crypto_attr_alg2 helper
crypto: shash - Add shash_attr_alg2 helper
crypto: shash - Add shash_register_instance
crypto: shash - Add crypto_shash_ctx_aligned
crypto: shash - Add __crypto_shash_cast
crypto: shash - Use finup in default digest
crypto: shash - Propagate reinit return value
crypto: shash - Add shash_instance_ctx
crypto: api - Fix crypto_drop_spawn crash on blank spawns
crypto: shash - Export/import hash state only
crypto: shash - Move finup/digest null checks to registration time
crypto: sha1_generic - Add export/import support
crypto: sha256_generic - Use 64-bit counter like sha1
crypto: sha256_generic - Add export/import support
crypto: sha1-s390 - Add export/import support
crypto: sha256-s390 - Add export/import support
crypto: padlock - Use shash fallback for sha
crypto: shash - Move null setkey check to registration time
crypto: async - Use kzfree for requests
crypto: shash - Make descsize a run-time attribute
crypto: padlock - Switch sha to shash
crypto: hmac - Switch to shash
crypto: xcbc - Switch to shash
crypto: authenc - Remove reference to crypto_hash
crypto: hash - Remove legacy hash/digest implementaion
crypto: shash - Export async functions
crypto: cryptd - Use shash algorithms
crypto: ahash - Add crypto_ahash_set_reqsize
crypto: cryptd - Use crypto_ahash_set_reqsize
crypto: crypto4xx - Use crypto_ahash_set_reqsize
crypto: api - Remove frontend argument from extsize/init_tfm
crypto: ahash - Convert to new style algorithms
crypto: ahash - Add instance/spawn support
crypto: tcrypt - Add mask parameter
crypto: hash - Add helpers to free spawns
crypto: cryptd - Switch to template create API
crypto: cryptd - Switch to new style ahash
crypto: crypto4xx - Switch to new style ahash
crypto: ahash - Remove old_ahash_alg
crypto: hash - Zap unaligned buffers
crypto: shash - Fix alignment in unaligned operations
crypto: ahash - Use GFP_KERNEL in unaligned setkey
crypto: ahash - Add unaligned handling and default operations
crypto: crypto4xx - Disable SHA implementation
crypto: hmac - Fix incorrect error value when creating instance
crypto: xcbc - Fix incorrect error value when creating instance
crypto: padlock - Fix compile error on i386
crypto: ahash - Fix setkey crash
crypto: shash - Fix digest size offset
crypto: shash - Fix async finup handling of null digest
crypto: padlock - Fix hashing of partial blocks
crypto: cryptd - Add finup/export/import for hash
crypto: xcbc - Use crypto_xor
crypto: xcbc - Fix shash conversion
crypto: sha512 - Export struct sha512_state
crypto: sha512_generic - Use 64-bit counters
crypto: sha512-s390 - Add export/import support
crypto: shash - Require all algorithms to support export/import
crypto: hmac - Prehash ipad/opad
crypto: api - Fix aligned ctx helper
Revert crypto: fips - Select CPRNG
crypto: ctr - Use chainiv on raw counter mode
crypto: blkcipher - Do not use eseqiv on stream ciphers
crypto: api - Do not displace newly registered algorithms

Huang Ying (3):
crypto: ghash - Add GHASH digest algorithm for GCM
crypto: gcm - Use GHASH digest algorithm
crypto: cryptd - Add support to access underlaying shash

Jan Glauber (1):
crypto: sha-s390 - Fix warnings in import function

Jarod Wilson (1):
crypto: des_s390 - Permit weak keys unless REQ_WEAK_KEY set

Joe Perches (1):
hwrng: Use PCI_VDEVICE

Kim Phillips (3):
crypto: talitos - simplify hmac data size calculation
crypto: talitos - align locks on cache lines
crypto: talitos - add support for 36 bit addressing

Neil Horman (3):
random: Add optional continuous repetition test to entropy store based rngs
crypto: fips - Select CPRNG
crypto: fips - Depend on ansi_cprng

Phil Carmody (1):
crypto: aes - Undefined behaviour in crypto_aes_expand_key

Roland Dreier (1):
crypto: aes-ni - Don't print message with KERN_ERR on old system

Sachin Sant (1):
crypto: s390 - Fix sha build failure

Sebastian Andrzej Siewior (3):
crypto: ansi_prng - Use just a BH lock
crypto: ansi_prng - alloc cipher just in init
crypto: mv_cesa - Add support for Orion5X crypto engine

Shane Wang (1):
crypto: vmac - New hash algorithm for intel_txt support

Steffen Klassert (7):
crypto: tcrypt - Test algorithms by name
crypto: cryptd - Fix uninitialized return value
crypto: ahash - Use GFP_KERNEL on allocation if the request can sleep
crypto: shash - Test for the algorithms import function before exporting it
crypto: authenc - Convert to ahash
crypto: xcbc - Fix alignment calculation of xcbc_tfm_ctx
crypto: ansi_cprng - Fix module initialization

arch/s390/crypto/des_s390.c | 11 +-
arch/s390/crypto/sha1_s390.c | 26 ++
arch/s390/crypto/sha256_s390.c | 26 ++
arch/s390/crypto/sha512_s390.c | 36 ++
arch/x86/crypto/aesni-intel_glue.c | 2 +-
crypto/Kconfig | 30 ++-
crypto/Makefile | 5 +-
crypto/ablkcipher.c | 29 ++-
crypto/aes_generic.c | 9 +-
crypto/ahash.c | 336 +++++++++++++++--
crypto/algapi.c | 180 ++++++++--
crypto/algboss.c | 5 +
crypto/ansi_cprng.c | 43 +--
crypto/api.c | 54 ++--
crypto/authenc.c | 358 ++++++++++++++----
crypto/cryptd.c | 321 +++++++++++------
crypto/ctr.c | 2 +
crypto/gcm.c | 580 ++++++++++++++++++++---------
crypto/ghash-generic.c | 170 +++++++++
crypto/hmac.c | 302 +++++++--------
crypto/internal.h | 28 +--
crypto/pcompress.c | 6 +-
crypto/rng.c | 2 +-
crypto/sha1_generic.c | 41 ++-
crypto/sha256_generic.c | 100 +++---
crypto/sha512_generic.c | 48 +--
crypto/shash.c | 270 ++++++++++----
crypto/tcrypt.c | 22 +-
crypto/testmgr.c | 30 ++-
crypto/testmgr.h | 16 +
crypto/vmac.c | 678 ++++++++++++++++++++++++++++++++++
crypto/xcbc.c | 370 +++++++------------
drivers/char/hw_random/amd-rng.c | 4 +-
drivers/char/hw_random/geode-rng.c | 3 +-
drivers/char/random.c | 14 +
drivers/crypto/Kconfig | 15 +-
drivers/crypto/Makefile | 1 +
drivers/crypto/amcc/crypto4xx_alg.c | 3 +-
drivers/crypto/amcc/crypto4xx_core.c | 73 ++--
drivers/crypto/amcc/crypto4xx_core.h | 25 ++-
drivers/crypto/mv_cesa.c | 606 ++++++++++++++++++++++++++++++
drivers/crypto/mv_cesa.h | 119 ++++++
drivers/crypto/padlock-sha.c | 329 +++++++++--------
drivers/crypto/talitos.c | 216 +++++------
drivers/crypto/talitos.h | 1 +
include/crypto/algapi.h | 37 ++-
include/crypto/cryptd.h | 17 +
include/crypto/hash.h | 147 +++++---
include/crypto/internal/hash.h | 147 +++++++-
include/crypto/sha.h | 20 +
include/crypto/vmac.h | 61 +++
include/linux/crypto.h | 43 +--
include/linux/fips.h | 10 +
53 files changed, 4515 insertions(+), 1512 deletions(-)

Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Herbert Xu
2009-10-20 06:54:42 UTC
Permalink
Hi Linus:

This push fixes a regression in the padlock-sha driver that causes
faults on 32-bit VIA processors.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Herbert Xu (1):
crypto: padlock-sha - Fix stack alignment

drivers/crypto/padlock-sha.c | 14 ++++++++++++--
1 files changed, 12 insertions(+), 2 deletions(-)

Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Herbert Xu
2009-10-20 07:26:50 UTC
Permalink
Post by Herbert Xu
This push fixes a regression in the padlock-sha driver that causes
faults on 32-bit VIA processors.
I've just added another regression fix that's specific to the
Intel AESNI instruction where the FPU test was reversed.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Herbert Xu (1):
crypto: padlock-sha - Fix stack alignment

Huang Ying (1):
crypto: aesni-intel - Fix irq_fpu_usable usage

arch/x86/crypto/aesni-intel_glue.c | 10 +++++-----
drivers/crypto/padlock-sha.c | 14 ++++++++++++--
2 files changed, 17 insertions(+), 7 deletions(-)

Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Herbert Xu
2009-11-23 12:05:14 UTC
Permalink
Hi Linus:

This push fixes a crash in the gcm driver when used in conjunction
with an asynchronous cipher (e.g., aesni-intel).

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Huang Ying (1):
crypto: gcm - fix another complete call in complete fuction

crypto/gcm.c | 107 +++++++++++++++++++++++++++++++++++++++------------------
1 files changed, 73 insertions(+), 34 deletions(-)

Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Herbert Xu
2009-12-30 02:12:53 UTC
Permalink
Hi Linus:

This push fixes a regression in the hardware RNG core introduced
by the recent API change.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Herbert Xu (1):
hwrng: core - Fix double unlock in rng_dev_read

drivers/char/hw_random/core.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)

Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Herbert Xu
2010-02-01 19:52:04 UTC
Permalink
Hi Linus:

This push fixes a couple of serious bugs:

* UBIFS assertion failure caused by /dev/random (since forever)
* Broken hmac support in padlock-sha (since 2.6.32)


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Herbert Xu (2):
crypto: padlock-sha - Add import/export support
random: Remove unused inode variable

Matt Mackall (1):
random: drop weird m_time/a_time manipulation

drivers/char/random.c | 9 ---------
drivers/crypto/padlock-sha.c | 23 +++++++++++++++++++++++
2 files changed, 23 insertions(+), 9 deletions(-)

Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Herbert Xu
2010-03-05 07:10:43 UTC
Permalink
Hi Linus:

This push fixes three regressions and an older bug:

* The new padata system crashes during init on certain configurations.
* Fixed hmac(md5) broken by recent md5 update.
* Fixed authenc broken by ahash conversion.
* Fixed handling of unaligned buffers in hash API.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Herbert Xu (1):
crypto: md5 - Set statesize

Steffen Klassert (3):
crypto: authenc - Use correct ahash complete functions
crypto: authenc - Move saved IV in front of the ablkcipher reques=
t
padata: Allocate the cpumask for the padata instance

Szilveszter =D6rd=F6g (1):
crypto: hash - Fix handling of unaligned buffers

crypto/ahash.c | 1 -
crypto/authenc.c | 27 +++++++++++++++------------
crypto/md5.c | 1 +
kernel/padata.c | 8 +++++++-
4 files changed, 23 insertions(+), 14 deletions(-)

Thanks,
--=20
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto"=
in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Herbert Xu
2010-04-27 13:55:47 UTC
Permalink
Hi Linus:

This push fixes an IPsec crash when an async hash driver is used.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Herbert Xu (1):
crypto: authenc - Add EINPROGRESS check

crypto/authenc.c | 16 +++++++++++-----
1 files changed, 11 insertions(+), 5 deletions(-)

Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Herbert Xu
2010-06-03 10:05:50 UTC
Permalink
Hi Linus:

This push fixes build failures for of_device drivers as well as
a couple of bugs in the n2 driver.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Anatolij Gustschin (1):
crypto: crypto4xx - Fix build breakage

David S. Miller (3):
n2_crypto: Fix build after of_device/of_platform_driver changes.
n2_crypto: Fix MAU kmem_cache name.
n2_crypto: Plumb fallback ahash requests properly.

drivers/crypto/amcc/crypto4xx_core.c | 6 +-
drivers/crypto/n2_core.c | 123 ++++++++++++++++++----------------
2 files changed, 68 insertions(+), 61 deletions(-)

Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Linus Torvalds
2010-06-03 16:26:38 UTC
Permalink
Post by Herbert Xu
Please pull from
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
"Already up-to-date." Forgot to push? (I also checked master, so it's not
that mirroring is slow)

Linus
Herbert Xu
2010-06-03 21:56:48 UTC
Permalink
Post by Linus Torvalds
Post by Herbert Xu
Please pull from
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
"Already up-to-date." Forgot to push? (I also checked master, so it's not
that mirroring is slow)
Sorry, I pushed my tree to my home directory on master but not
to /pub :)

Should work now.

Thanks!
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2010-07-16 02:26:48 UTC
Permalink
Hi Linus:

This push fixes a crash in the new ablkcipher walking code used by
async block ciphers.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Jiri Slaby (1):
crypto: skcipher - avoid NULL dereference

crypto/ablkcipher.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

Thanks,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2010-07-22 05:50:43 UTC
Permalink
Hi Linus:

This push fixes a bug in the talito hash driver that causes too
much data to be copied.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Lee Nipper (1):
crypto: talitos - fix bug in sg_copy_end_to_buffer

drivers/crypto/talitos.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)

Thanks,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Lee Nipper
2010-07-23 05:17:59 UTC
Permalink
Post by Herbert Xu
This push fixes a bug in the talito hash driver that causes too
much data to be copied.
Please pull from
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
or
master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
=A0 =A0 =A0crypto: talitos - fix bug in sg_copy_end_to_buffer
=A0drivers/crypto/talitos.c | =A0 =A06 +++++-
=A01 files changed, 5 insertions(+), 1 deletions(-)
Thanks Herbert.

But I am curious why this patch

http://www.mail-archive.com/linux-***@vger.kernel.org/msg04660.html

wasn't nudged along too. It also fixed a talitos problem with ahash.
I don't mind if it needs to wait until later; I'm just curious.

Thanks again,

Lee
Herbert Xu
2010-07-23 07:27:46 UTC
Permalink
Post by Lee Nipper
But I am curious why this patch
wasn't nudged along too. It also fixed a talitos problem with ahash.
I don't mind if it needs to wait until later; I'm just curious.
If it causes a crash or has other serious implications then I will
push it. However, if it simply results in a broken hash computation,
a failure that should be fairly obvious, then it can wait til the
next cycle.

When I looked at it previously I thought it fell into the latter
category, but I might be mistaken.

Cheers,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Lee Nipper
2010-07-23 13:17:59 UTC
Permalink
Post by Herbert Xu
If it causes a crash or has other serious implications then I will
push it. =A0However, if it simply results in a broken hash computatio=
n,
Post by Herbert Xu
a failure that should be fairly obvious, then it can wait til the
next cycle.
When I looked at it previously I thought it fell into the latter
category, but I might be mistaken.
That's right. It's just a hash thing.
Thanks,

Lee
Herbert Xu
2010-09-03 06:00:55 UTC
Permalink
Hi Linus:

This push fixes a bug in the new ahash walking code, as well as
the self-test disabling option. The self-test disabling options
is now enabled by default as requested.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Herbert Xu (2):
crypto: testmgr - Fix test disabling option
crypto: testmgr - Default to no tests

Szilveszter =D6rd=F6g (1):
crypto: hash - Fix handling of small unaligned buffers

crypto/Kconfig | 8 ++++----
crypto/ahash.c | 7 +++++--
crypto/algboss.c | 8 ++++----
crypto/testmgr.c | 4 ++--
4 files changed, 15 insertions(+), 12 deletions(-)

Thanks,
--=20
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2010-09-03 11:07:22 UTC
Permalink
Post by Herbert Xu
=20
This push fixes a bug in the new ahash walking code, as well as
the self-test disabling option. The self-test disabling options
is now enabled by default as requested.
I missed a changeset in the push request. This also includes a
revert of a bogus cast removal patch.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Herbert Xu (3):
crypto: testmgr - Fix test disabling option
crypto: testmgr - Default to no tests
Revert "hwrng: n2-drv - remove casts from void*"

Szilveszter =D6rd=F6g (1):
crypto: hash - Fix handling of small unaligned buffers

crypto/Kconfig | 8 ++++----
crypto/ahash.c | 7 +++++--
crypto/algboss.c | 8 ++++----
crypto/testmgr.c | 4 ++--
drivers/char/hw_random/n2-drv.c | 2 +-
5 files changed, 16 insertions(+), 13 deletions(-)

Thanks,
--=20
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2010-12-15 11:50:35 UTC
Permalink
Hi Linus:

This push fixes a build problem under certain configurations due
to a missing include.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Randy Dunlap (1):
crypto: ghash-intel - ghash-clmulni-intel_glue needs err.h

arch/x86/crypto/ghash-clmulni-intel_glue.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)

Thanks,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Linus Torvalds
2010-12-15 20:40:48 UTC
Permalink
On Wed, Dec 15, 2010 at 3:50 AM, Herbert Xu
Post by Herbert Xu
This push fixes a build problem under certain configurations due
to a missing include.
Please pull from
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
You have a bad repo. Git says:

fatal: loose object 52f6c5ad430e41736133acac179607b224eaaa11 (stored
in ./objects/52/f6c5ad430e41736133acac179607b224eaaa11) is corrupted

and it doesn't really seem to be corrupt as much as just unreadable
(ie you've made it readable only by yourself).

There's a few other objects like that too. How do you push to your
repo, and what changed?

Linus
Herbert Xu
2010-12-16 00:49:38 UTC
Permalink
Post by Linus Torvalds
There's a few other objects like that too. How do you push to your
repo, and what changed?
Oops, I've fixed that now. I use rsync to copy files across so
it's my end that has changed. And indeed I've just done an upgrade.
Sorry.
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2010-12-16 00:58:13 UTC
Permalink
Post by Herbert Xu
Post by Linus Torvalds
There's a few other objects like that too. How do you push to your
repo, and what changed?
Oops, I've fixed that now. I use rsync to copy files across so
it's my end that has changed. And indeed I've just done an upgrade.
Sorry.
OK it should be fixed for got now. I suspect what has changed
is that git is now using my umask by default.

Thanks,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2011-02-16 05:39:11 UTC
Permalink
Hi Linus:

This push fixes an ancient bug in s390's implementation of SHA
that manifests itself only under certain conditions. This bug
causes the generation of incorrect hashes, and potentially memory
corruption.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Herbert Xu (1):
crypto: sha-s390 - Reset index after processing partial block

arch/s390/crypto/sha_common.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)

Thanks,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2011-03-28 07:13:22 UTC
Permalink
Hi Linus:

This push fixes a bug in the aesni-intel driver that may cause
incorrect results for certain input sizes.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Tadeusz Struk (1):
crypto: aesni-intel - fixed problem with packets that are not multiple of 64bytes

arch/x86/crypto/aesni-intel_asm.S | 5 ++++-
arch/x86/crypto/aesni-intel_glue.c | 14 ++++++++++++--
2 files changed, 16 insertions(+), 3 deletions(-)

Thanks,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2011-06-29 23:51:53 UTC
Permalink
Hi Linus:

This push fixes a memory corruption bug due to undersized kmalloc
in the caam driver. The patch has actually been in my tree for
a month but I had incorrectly placed it in the tree for linux-next.
Sorry about that.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Kim Phillips (1):
crypto: caam - fix operator precedence in shared descriptor allocation

drivers/crypto/caam/caamalg.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)

Thanks,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2011-10-21 08:22:59 UTC
Permalink
Hi Linus:

This push fixes a NULL-pointer dereference that can be triggered
from user-space.

Please pull from

git://github.com/herbertx/crypto.git


Nick Bowler (1):
crypto: ghash - Avoid null pointer dereference if no key is set

crypto/ghash-generic.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)

Thanks,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
David Rientjes
2011-10-21 09:41:54 UTC
Permalink
Post by Herbert Xu
This push fixes a NULL-pointer dereference that can be triggered
from user-space.
Please pull from
git://github.com/herbertx/crypto.git
Hi Herbert,

When I pull from this, I also get

commit 9c129165af0225c63c37d1896ac9b0d34e48b69f
Author: Jamie Iles <***@jamieiles.com>
Date: Mon Jun 6 12:31:17 2011 +0100

crypto: picoxcell - fix possible invalid pointer dereference

which looks unrelated?
Herbert Xu
2011-10-21 11:35:01 UTC
Permalink
Post by David Rientjes
Post by Herbert Xu
This push fixes a NULL-pointer dereference that can be triggered
from user-space.
Please pull from
git://github.com/herbertx/crypto.git
Hi Herbert,
When I pull from this, I also get
commit 9c129165af0225c63c37d1896ac9b0d34e48b69f
Date: Mon Jun 6 12:31:17 2011 +0100
crypto: picoxcell - fix possible invalid pointer dereference
which looks unrelated?
Sorry, I seem to have based it on a dirty tree. It should be
fixed now.

Thanks!
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2011-11-10 23:00:14 UTC
Permalink
Hi Linus:

This push fixes a build problem with NET disabled and potential
lock mismatch in the new configuration interface.

Please pull from

git://github.com/herbertx/crypto.git


The top commit object is

commit 3acc84739dd5d746840f881ad4d60bd2a428f1dd
Author: Herbert Xu <***@gondor.apana.org.au>
Date: Thu Nov 3 23:46:07 2011 +1100

crypto: algapi - Fix build problem with NET disabled

The report functions use NLA_PUT so we need to ensure that NET
is enabled.

Reported-by: Luis Henriques <***@camandro.org>
Signed-off-by: Herbert Xu <***@gondor.apana.org.au>


Herbert Xu (1):
crypto: algapi - Fix build problem with NET disabled

Jonathan Corbet (1):
crypto: user - Fix rwsem leak in crypto_user

crypto/ablkcipher.c | 14 ++++++++++++++
crypto/aead.c | 14 ++++++++++++++
crypto/ahash.c | 7 +++++++
crypto/blkcipher.c | 7 +++++++
crypto/crypto_user.c | 3 ---
crypto/pcompress.c | 7 +++++++
crypto/rng.c | 7 +++++++
crypto/shash.c | 7 +++++++
8 files changed, 63 insertions(+), 3 deletions(-)

Thanks,
- --
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2011-11-26 02:34:14 UTC
Permalink
Hi Linus:

This push fixes a problem with mv_cesa the driver where it makes
incorrect hashes on input chunks greater than 1920 bytes.

Please pull from

git://github.com/herbertx/crypto.git


The top commit object is

commit 274252862f386b7868f35bf5ceaa5391a8ccfdf3
Author: Phil Sutter <***@viprinet.com>
Date: Wed Nov 16 18:28:01 2011 +0100

crypto: mv_cesa - fix hashing of chunks > 1920 bytes


Phil Sutter (1):
crypto: mv_cesa - fix hashing of chunks > 1920 bytes

drivers/crypto/mv_cesa.c | 12 +++++++-----
1 files changed, 7 insertions(+), 5 deletions(-)

Thanks,
- --
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2012-01-26 02:43:42 UTC
Permalink
Hi Linus:

This push fixes a race condition in sha512 that affects users
who use it in process context and softirq context concurrently,
in particular, this affects IPsec. The result of the race is
the production of incorrect hashes, which for IPsec leands to
loss of connectivity.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Alexey Dobriyan (2):
crypto: sha512 - make it work, undo percpu message schedule
crypto: sha512 - reduce stack usage to safe number

crypto/sha512_generic.c | 62 +++++++++++++++++++++++++---------------------
1 files changed, 34 insertions(+), 28 deletions(-)

Thanks,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Linus Torvalds
2012-01-26 03:35:19 UTC
Permalink
This post might be inappropriate. Click to display it.
Herbert Xu
2012-01-26 04:07:04 UTC
Permalink
Post by Linus Torvalds
Ugh. This once more has the crazy signed integer modulus operator,
which can be quite expensive depending on whether the compiler can
tell whether it is always positive or not.
Oops, I had incorrectly applied the first patch in the thread.

I've fixed it in the tree now.
Post by Linus Torvalds
We also avoid the problem with absolutely horrible gcc register usage
We could certainly do something like that. Although I'd be
more comfortable with pushing this through linux-next, OK?


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Alexey Dobriyan (2):
crypto: sha512 - make it work, undo percpu message schedule
crypto: sha512 - reduce stack usage to safe number

Herbert Xu (1):
crypto: sha512 - Use binary and instead of modulus

crypto/sha512_generic.c | 62 +++++++++++++++++++++++++---------------------
1 files changed, 34 insertions(+), 28 deletions(-)

Thanks,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Linus Torvalds
2012-01-26 04:16:54 UTC
Permalink
Post by Herbert Xu
Oops, I had incorrectly applied the first patch in the thread.
I've fixed it in the tree now.
Oh well, I already pulled your tree. I just wanted to voice a few
comments on it.
Post by Herbert Xu
We also avoid the problem with absolutely horrible gcc register usag=
e
Post by Herbert Xu
We could certainly do something like that. =A0Although I'd be
more comfortable with pushing this through linux-next, OK?
Absolutely.

Linus
Herbert Xu
2012-02-14 03:35:04 UTC
Permalink
Hi Linus:

This push updates the sha512 fix so that it doesn't cause excessive
stack usage on i386. This is done by reverting to the original
code, and avoiding the W duplication by moving its initialisation
into the loop.

As the underlying code is in fact the one that we have used for years,
I'm pushing this now instead of postponing to the next cycle.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Herbert Xu (2):
crypto: sha512 - Use binary and instead of modulus
crypto: sha512 - Avoid stack bloat on i386

crypto/sha512_generic.c | 70 ++++++++++++++++++++++-------------------------
1 files changed, 33 insertions(+), 37 deletions(-)

Thanks,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2012-02-16 05:32:00 UTC
Permalink
Hi Linus:

Dave reported that even with the latest stack bloat reduction
fix for i386, the stack usage of sha512 still exceeded 1024 bytes
on sparc32. However, with Alexey's ror64 patch applied, the stack
usage goes back down to a more respectable 824.

So I've moved the ror64 patch from cryptodev to crypto and I'm
pushing it to you now.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Alexey Dobriyan (1):
crypto: sha512 - use standard ror64()

crypto/sha512_generic.c | 13 ++++---------
include/linux/bitops.h | 20 ++++++++++++++++++++
2 files changed, 24 insertions(+), 9 deletions(-)

Thanks,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2012-03-03 05:36:09 UTC
Permalink
Hi Linus:

This push fixes a bug in mv_cesa that causes all hash operations
that supply data on a final operation to fail.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Phil Sutter (1):
crypto: mv_cesa - fix final callback not ignoring input data

drivers/crypto/mv_cesa.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)

Thanks,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2012-03-22 01:20:46 UTC
Permalink
Hi Linus:

This push fixes a build problem where two crypto modules both
try to export the same symbols (which shouldn't have been exported
in the first place).

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Jussi Kivilinna (2):
crypto: camellia-x86_64 - module init/exit functions should be static
crypto: twofish-x86_64-3way - module init/exit functions should be static

arch/x86/crypto/camellia_glue.c | 4 ++--
arch/x86/crypto/twofish_glue_3way.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)

Thanks,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2012-04-02 09:45:16 UTC
Permalink
Hi Linus:

This push fixes a number of issues:

* Fix for CPU hotplug hang in padata.
* Avoid using cpu_active inappropriately in pcrypt and padata.
* Fix for user-space algorithm lookup hang with IV generators.
* Fix for netlink dump of algorithms where stuff went missing due
to incorrect calculation of message size.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Steffen Klassert (6):
padata: Add a reference to the api documentation
padata: Use the online cpumask as the default
padata: Fix cpu hotplug
crypto: pcrypt - Use the online cpumask as the default
crypto: user - Fix lookup of algorithms with IV generator
crypto: user - Fix size of netlink dump message

crypto/ablkcipher.c | 4 +-
crypto/aead.c | 4 +-
crypto/crypto_user.c | 80 +++++++++++++++++++++++++++++++++++-
crypto/pcrypt.c | 8 ++--
include/crypto/internal/aead.h | 2 +
include/crypto/internal/skcipher.h | 2 +
include/linux/cryptouser.h | 3 +
kernel/padata.c | 13 ++++--
8 files changed, 103 insertions(+), 13 deletions(-)

Thanks,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2012-04-20 14:16:08 UTC
Permalink
Hi Linus:

This push fixes a number of issues:

* Locking fix for talitos driver.
* Fix 64-bit counter overflow in SHA-512.
* Build fix for ixp4xx.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Horia Geanta (1):
crypto: talitos - properly lock access to global talitos register=
s

Kent Yoder (1):
crypto: sha512 - Fix byte counter overflow in SHA-512

Micha=C5=82 Wr=C3=B3bel (1):
crypto: ixp4xx - include fix

crypto/sha512_generic.c | 2 +-
drivers/crypto/ixp4xx_crypto.c | 1 +
drivers/crypto/talitos.c | 20 +++++++++++++++++---
3 files changed, 19 insertions(+), 4 deletions(-)
=20
Thanks,
--=20
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Chuck Ebbert
2010-09-04 10:45:01 UTC
Permalink
On Fri, 3 Sep 2010 14:00:55 +0800
Post by Herbert Xu
Please pull from
=20
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
=20
or
=20
master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
=20
=20
crypto: testmgr - Fix test disabling option
crypto: testmgr - Default to no tests
=20
crypto: hash - Fix handling of small unaligned buffers
=20
What happened to my minor fix?

[ http://marc.info/?l=3Dlinux-crypto-vger&m=3D128311860504202&w=3D2 ]

I never got a reply about it.
Herbert Xu
2010-09-04 12:22:45 UTC
Permalink
Post by Chuck Ebbert
On Fri, 3 Sep 2010 14:00:55 +0800
=20
Post by Herbert Xu
Please pull from
=20
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.gi=
t
Post by Chuck Ebbert
Post by Herbert Xu
=20
or
=20
master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
=20
=20
crypto: testmgr - Fix test disabling option
crypto: testmgr - Default to no tests
=20
crypto: hash - Fix handling of small unaligned buffers
=20
=20
What happened to my minor fix?
=20
[ http://marc.info/?l=3Dlinux-crypto-vger&m=3D128311860504202&w=3D2 =
]
Post by Chuck Ebbert
=20
I never got a reply about it.
Hmm I did send you a reply.

Anyway it's in cryptodev-2.6.

Cheers,
--=20
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2010-11-13 12:59:59 UTC
Permalink
Hi Linus:

This push fixes a couple of bugs in hardware crypto support:

* VIA Padlock had a serious problem dealing with odd-block-sized
input for AES-CBC which causes memory overwrites beyond the
end of the output buffer. Luckily the main user which is IPsec
has plenty of padding that avoids any serious consequences.
* Null check on the wrong variable in Sparc n2.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Herbert Xu (1):
crypto: padlock - Fix AES-CBC handling on odd-block-sized input

Nicolas Kaiser (1):
crypto: n2 - dubious error check

drivers/crypto/n2_core.c | 2 +-
drivers/crypto/padlock-aes.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)

Thanks,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2009-12-04 13:55:30 UTC
Permalink
Hi Linus:

Here is the crypto update for 2.6.33:

* Removal of legacy hash code.
* New ghash (part of GCM) driver using Intel hardware support.
* Hardware RNG driver API update.
* Random fixes.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Benjamin Gilbert (3):
crypto: hash - Remove legacy hash/digest code
crypto: api - Remove digest case from procfs show handler
crypto: hash - Remove cra_u.{digest,hash}

Felipe Contreras (1):
crypto: testmgr - Fix warning

Herbert Xu (2):
crypto: ghash-intel - Hard-code pshufb
crypto: ghash-intel - Add PSHUFB macros

Huang Ying (6):
crypto: ghash - Add PCLMULQDQ accelerated implementation
crypto: ghash-intel - Fix building failure on x86_32
crypto: ghash-intel - Fix irq_fpu_usable usage
x86: Generate .byte code for some new instructions via gas macro
crypto: aesni-intel - Use gas macro for AES-NI instructions
crypto: ghash-clmulni-intel - Use gas macro for PCLMULQDQ-NI and PSHUFB

Ian Molton (3):
hwrng: virtio-rng - Convert to new API
hwrng: core - Prevent too-small buffer sizes
hwrng: core - Replace u32 in driver API with byte array

Jaswinder Singh Rajput (1):
crypto: ansi_cprng - Move FIPS functions under CONFIG_CRYPTO_FIPS

Jiri Kosina (1):
crypto: ghash-clmulni-intel - Put proper .data section in place

Neil Horman (1):
crypto: ansi_cprng - Add FIPS wrapper

Roel Kluin (1):
crypto: ansi_cprng - Fix test in get_prng_bytes

Youquan, Song (1):
crypto: testmgr - Add ghash algorithm test before provide to users

arch/x86/crypto/Makefile | 3
arch/x86/crypto/aesni-intel_asm.S | 517 +++++++++--------------------
arch/x86/crypto/ghash-clmulni-intel_asm.S | 157 ++++++++
arch/x86/crypto/ghash-clmulni-intel_glue.c | 333 ++++++++++++++++++
arch/x86/include/asm/cpufeature.h | 1
arch/x86/include/asm/i387.h | 7
arch/x86/include/asm/inst.h | 150 ++++++++
crypto/Kconfig | 9
crypto/ansi_cprng.c | 82 +++-
crypto/cryptd.c | 7
crypto/digest.c | 240 -------------
crypto/hash.c | 183 ----------
crypto/proc.c | 7
crypto/testmgr.c | 11
crypto/testmgr.h | 15
drivers/char/hw_random/core.c | 110 +++---
drivers/char/hw_random/virtio-rng.c | 78 +---
include/crypto/algapi.h | 1
include/crypto/cryptd.h | 1
include/linux/crypto.h | 27 -
include/linux/hw_random.h | 7
21 files changed, 1034 insertions(+), 912 deletions(-)

Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Herbert Xu
2010-02-26 00:49:14 UTC
Permalink
Hi Linus:

Here is the crypto update for 2.6.34:

* New pcrypt module to spread crypto work across CPUs.
* Added RFC4543 GCM support.
* Added nomadik RNG driver.
* MD5 export/import support.
* Random fixes.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Alessandro Rubini (2):
hwrng: nomadik - Add hardware RNG driver
hwrng: nomadik - Add platform device for rng in cpu-8815

Max Vozeler (1):
crypto: md5 - Add export support

M=E1rton N=E9meth (1):
crypto: Make Open Firmware device id constant

Richard Hartmann (19):
crypto: ablkcipher - Fix checkpatch errors
crypto: aead - Fix checkpatch errors
crypto: blowfish - Fix checkpatch errors
crypto: algapi - Fix checkpatch errors
crypto: anubis - Fix checkpatch errors
crypto: api - Fix checkpatch errors
crypto: authenc - Fix checkpatch errors
crypto: camellia - Fix checkpatch errors
crypto: cast5 - Fix checkpatch errors
crypto: cast6 - Fix checkpatch errors
crypto: compress - Fix checkpatch errors
crypto: crc32 - Fix checkpatch errors
crypto: cipher - Fix checkpatch errors
crypto: crypto_null - Fix checkpatch errors
crypto: deflate - Fix checkpatch errors
crypto: des_generic - Fix checkpatch errors
crypto: ecb - Fix checkpatch errors
crypto: fcrypt - Fix checkpatch errors
crypto: aes_generic - Fix checkpatch errors

Roel Kluin (3):
crypto: aes_s390 - access .cip instead of .blk in cipher mode
crypto: geode-aes - access .cip instead of .blk in cipher mode
crypto: geode-aes - Fix cip/blk confusion

Steffen Klassert (3):
padata: Generic parallelization/serialization interface
crypto: pcrypt - Add pcrypt crypto parallelization wrapper
crypto: pcrypt - call the complete function on error

Tobias Brunner (1):
crypto: gcm - Add RFC4543 wrapper for GCM

Youquan, Song (1):
crypto: testmgr - Fix complain about lack test for internal used =
algorithm

arch/arm/mach-nomadik/cpu-8815.c | 8 +
arch/s390/crypto/aes_s390.c | 6 +-
crypto/Kconfig | 10 +
crypto/Makefile | 1 +
crypto/ablkcipher.c | 4 +-
crypto/aead.c | 4 +-
crypto/aes_generic.c | 4 +-
crypto/algapi.c | 4 +-
crypto/anubis.c | 22 +-
crypto/api.c | 13 +-
crypto/authenc.c | 10 +-
crypto/blowfish.c | 18 +-
crypto/camellia.c | 616 +++++++++++++++-----------=
----
crypto/cast5.c | 14 +-
crypto/cast6.c | 122 +++---
crypto/cipher.c | 2 +-
crypto/compress.c | 4 +-
crypto/crc32c.c | 6 +-
crypto/crypto_null.c | 8 +-
crypto/deflate.c | 20 +-
crypto/des_generic.c | 3 +-
crypto/ecb.c | 2 +-
crypto/fcrypt.c | 6 +-
crypto/gcm.c | 287 ++++++++++++++
crypto/md5.c | 40 ++-
crypto/pcrypt.c | 445 ++++++++++++++++++++++
crypto/testmgr.c | 84 ++++
drivers/char/hw_random/Kconfig | 12 +
drivers/char/hw_random/Makefile | 1 +
drivers/char/hw_random/nomadik-rng.c | 103 +++++
drivers/crypto/amcc/crypto4xx_core.c | 2 +-
drivers/crypto/geode-aes.c | 8 +-
drivers/crypto/talitos.c | 2 +-
include/crypto/md5.h | 17 +
include/crypto/pcrypt.h | 51 +++
include/linux/padata.h | 88 +++++
include/linux/pfkeyv2.h | 1 +
init/Kconfig | 4 +
kernel/Makefile | 1 +
kernel/padata.c | 690 ++++++++++++++++++++++++++=
++++++++
net/xfrm/xfrm_algo.c | 16 +
41 files changed, 2293 insertions(+), 466 deletions(-)

Thanks,
--=20
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto"=
in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Ingo Molnar
2010-03-01 07:50:24 UTC
Permalink
Hi,
Post by Herbert Xu
crypto: pcrypt - Add pcrypt crypto parallelization wrapper
-tip testing started triggering the following frequent boot crash yesterday,
on 64-bit x86:

| calling pcrypt_init+0x0/0xee @ 1
| BUG: unable to handle kernel NULL pointer dereference at (null)
| IP: [<ffffffff8126550b>] memcpy+0xb/0xb0
| Call Trace:
| [<ffffffff810c2f38>] ? padata_alloc+0x98/0x150
| [<ffffffff82158c51>] ? pcrypt_init+0x0/0xee
| [<ffffffff82158ccc>] pcrypt_init+0x7b/0xee

( Full oops attached below. Config attached as well. )

I have bisected it back to the following upstream commit:

|
| 5068c7a883d1694f0fb3631b664827644153cd08 is the first bad commit
| commit 5068c7a883d1694f0fb3631b664827644153cd08
| Author: Steffen Klassert <***@secunet.com>
| Date: Thu Jan 7 15:57:19 2010 +1100
|
| crypto: pcrypt - Add pcrypt crypto parallelization wrapper
|

And have confirmed it via more testing that reverting the following two
commits:

5a1436b: crypto: pcrypt - call the complete function on error
5068c7a: crypto: pcrypt - Add pcrypt crypto parallelization wrapper

Solves the crash. I have pushed out the reverts into tip:out-of-tree for now,
and can test any real fix as well.

Thanks,

Ingo

-------------->
Calling crypto_ctr_module_init+0x0/0x3e @ 1
initcall crypto_ctr_module_init+0x0/0x3e returned 0 after 0 usecs
calling pcrypt_init+0x0/0xee @ 1
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<ffffffff8126550b>] memcpy+0xb/0xb0
PGD 0
Oops: 0002 [#1] SMP
last sysfs file:
CPU 1
Modules linked in:

Pid: 1, comm: swapper Not tainted 2.6.33-01768-g43a834d #19338 A8N-E/System Product Name
RIP: 0010:[<ffffffff8126550b>] [<ffffffff8126550b>] memcpy+0xb/0xb0
RSP: 0018:ffff88003f875e88 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffffff81f5f740 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff81f5f740 RDI: 0000000000000000
RBP: ffff88003f875ec0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88003e5317b0
R13: ffff88003f97a690 R14: ffff88003e5317b0 R15: ffff88003f9287d0
FS: 0000000000000000(0000) GS:ffff880004200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000000 CR3: 0000000001be8000 CR4: 00000000000006a0
DR0: ffffffff82c160bc DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Process swapper (pid: 1, threadinfo ffff88003f874000, task ffff88003f878000)
Stack:
ffffffff810c2f38 ffff880000000018 ffffffff81f5f740 ffffffff82158c51
<0> 00000001552321fe 0000000000000002 0000000000000000 ffff88003f875ee0
<0> ffffffff82158ccc 00000001552321fe 0000000000000000 ffff88003f875f10
Call Trace:
[<ffffffff810c2f38>] ? padata_alloc+0x98/0x150
[<ffffffff82158c51>] ? pcrypt_init+0x0/0xee
[<ffffffff82158ccc>] pcrypt_init+0x7b/0xee
[<ffffffff810001dc>] do_one_initcall+0x3c/0x200
[<ffffffff8213e73c>] kernel_init+0x161/0x1b7
[<ffffffff81004184>] kernel_thread_helper+0x4/0x10
[<ffffffff817d2150>] ? restore_args+0x0/0x30
[<ffffffff8213e5db>] ? kernel_init+0x0/0x1b7
[<ffffffff81004180>] ? kernel_thread_helper+0x0/0x10
Code: 81 ea d8 1f 00 00 48 3b 42 20 73 07 48 8b 50 f9 31 c0 c3 31 d2 48 c7 c0 f2 ff ff ff c3 90 90 90 48 89 f8 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 c3 8b 1e 4c 8b 46 08 4c 89 1f 4c 89 47 08
RIP [<ffffffff8126550b>] memcpy+0xb/0xb0
RSP <ffff88003f875e88>
CR2: 0000000000000000
---[ end trace 5a5d197966b56a2e ]---
swapper used greatest stack depth: 5016 bytes left
Kernel panic - not syncing: Attempted to kill init!
Steffen Klassert
2010-03-01 14:55:19 UTC
Permalink
Hi.
Post by Ingo Molnar
Hi,
Post by Herbert Xu
crypto: pcrypt - Add pcrypt crypto parallelization wrapper
-tip testing started triggering the following frequent boot crash yesterday,
| BUG: unable to handle kernel NULL pointer dereference at (null)
| IP: [<ffffffff8126550b>] memcpy+0xb/0xb0
| [<ffffffff810c2f38>] ? padata_alloc+0x98/0x150
| [<ffffffff82158c51>] ? pcrypt_init+0x0/0xee
| [<ffffffff82158ccc>] pcrypt_init+0x7b/0xee
Ugh, it seems that I forgot to allocate one of the cpumasks. Looking at the
configs of my test systems I noticed, that CONFIG_CPUMASK_OFFSTACK was
not set on all the configs, so I did not notice it.

The patch below fixes the boot crash if CONFIG_CPUMASK_OFFSTACK is
enabled on my test systems. Does the patch fix it for you too?

Thanks,

Steffen

Subject: [PATCH] padata: allocate the cpumask for the padata instance

The cpumask of the padata instance was used without allocated.
This caused boot crashes if CONFIG_CPUMASK_OFFSTACK is enabled.
This patch fixes this by doing proper allocation for this cpumask.

Signed-off-by: Steffen Klassert <***@secunet.com>
---
kernel/padata.c | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)

diff --git a/kernel/padata.c b/kernel/padata.c
index 6f9bcb8..93caf65 100644
--- a/kernel/padata.c
+++ b/kernel/padata.c
@@ -642,6 +642,9 @@ struct padata_instance *padata_alloc(const struct cpumask *cpumask,
if (!pd)
goto err_free_inst;

+ if (!alloc_cpumask_var(&pinst->cpumask, GFP_KERNEL))
+ goto err_free_pd;
+
rcu_assign_pointer(pinst->pd, pd);

pinst->wq = wq;
@@ -654,12 +657,14 @@ struct padata_instance *padata_alloc(const struct cpumask *cpumask,
pinst->cpu_notifier.priority = 0;
err = register_hotcpu_notifier(&pinst->cpu_notifier);
if (err)
- goto err_free_pd;
+ goto err_free_cpumask;

mutex_init(&pinst->lock);

return pinst;

+err_free_cpumask:
+ free_cpumask_var(pinst->cpumask);
err_free_pd:
padata_free_pd(pd);
err_free_inst:
@@ -685,6 +690,7 @@ void padata_free(struct padata_instance *pinst)

unregister_hotcpu_notifier(&pinst->cpu_notifier);
padata_free_pd(pinst->pd);
+ free_cpumask_var(pinst->cpumask);
kfree(pinst);
}
EXPORT_SYMBOL(padata_free);
--
1.5.6.5

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Herbert Xu
2010-03-03 14:42:40 UTC
Permalink
Post by Steffen Klassert
Post by Ingo Molnar
Post by Herbert Xu
crypto: pcrypt - Add pcrypt crypto parallelization wrapper
-tip testing started triggering the following frequent boot crash yesterday,
| BUG: unable to handle kernel NULL pointer dereference at (null)
| IP: [<ffffffff8126550b>] memcpy+0xb/0xb0
| [<ffffffff810c2f38>] ? padata_alloc+0x98/0x150
| [<ffffffff82158c51>] ? pcrypt_init+0x0/0xee
| [<ffffffff82158ccc>] pcrypt_init+0x7b/0xee
Ugh, it seems that I forgot to allocate one of the cpumasks. Looking at the
configs of my test systems I noticed, that CONFIG_CPUMASK_OFFSTACK was
not set on all the configs, so I did not notice it.
The patch below fixes the boot crash if CONFIG_CPUMASK_OFFSTACK is
enabled on my test systems. Does the patch fix it for you too?
Ingo, any luck with this patch from Steffen?

Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Ingo Molnar
2010-03-04 03:00:52 UTC
Permalink
Post by Herbert Xu
Post by Steffen Klassert
Post by Ingo Molnar
Post by Herbert Xu
crypto: pcrypt - Add pcrypt crypto parallelization wrapper
-tip testing started triggering the following frequent boot crash yesterday,
| BUG: unable to handle kernel NULL pointer dereference at (null)
| IP: [<ffffffff8126550b>] memcpy+0xb/0xb0
| [<ffffffff810c2f38>] ? padata_alloc+0x98/0x150
| [<ffffffff82158c51>] ? pcrypt_init+0x0/0xee
| [<ffffffff82158ccc>] pcrypt_init+0x7b/0xee
Ugh, it seems that I forgot to allocate one of the cpumasks. Looking at the
configs of my test systems I noticed, that CONFIG_CPUMASK_OFFSTACK was
not set on all the configs, so I did not notice it.
The patch below fixes the boot crash if CONFIG_CPUMASK_OFFSTACK is
enabled on my test systems. Does the patch fix it for you too?
Ingo, any luck with this patch from Steffen?
I'm still busy with the merge window - please dont wait for me and consider it
fixed, i'll re-report if there's still any problems.

Thanks,

Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Herbert Xu
2010-03-04 05:31:04 UTC
Permalink
Post by Ingo Molnar
I'm still busy with the merge window - please dont wait for me and consider it
fixed, i'll re-report if there's still any problems.
OK, I'll apply the patch.

Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Herbert Xu
2010-05-19 02:06:03 UTC
Permalink
Hi Linus:

Here is the crypto update for 2.6.35:

* Hardware hash support in mv_cesa.
* Hardware hash support in omap.
* VMAC now works on big-endian.
* Random fixes.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Chihau Chau (1):
crypto: geode-aes - Fix some code style issues

Dan Carpenter (2):
crypto: pcrypt - Handle crypto_get_attr_type errors
crypto: algapi - Remove unneeded null check

Dmitry Kasatkin (3):
crypto: omap - Updates omap sham device related platform code
crypto: omap - sha1 & md5 driver
crypto: omap - OMAP macros corrected

Henrik Kretzschmar (1):
padata: Section cleanup

Herbert Xu (1):
Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6

Huang Ying (4):
crypto: aesni-intel - Add AES-NI accelerated CTR mode
crypto: tcrypt - Speed testing support for ghash
crypto: aesni-intel - Fix CTR optimization build failure with gas 2.16.1
crypto: aesni-intel - Fix another CTR build failure with gas 2.16.1

Richard Hartmann (1):
crypto: internal - Fix checkpatch errors

Shane Wang (1):
crypto: vmac - Fix big-endian support

Steffen Klassert (5):
padata: Dont scale the parallel objects with the cpus
padata: cpu hotplug code should depend on CONFIG_HOTPLUG_CPU
padata: Remove superfluous might_sleep
padata: Initialize the padata queues only for the used cpus
padata: Use get_online_cpus/put_online_cpus

Tobias Klauser (1):
crypto: mv_cesa - Use resource_size

Uri Simchoni (10):
crypto: mv_cesa - Invoke the user callback from a softirq context
crypto: mv_cesa - Remove compiler warning in mv_cesa driver
crypto: mv_cesa - Fix situation where the dest sglist is organized differently than the source sglist
crypto: mv_cesa - Fix situations where the src sglist spans more data than the request asks for
crypto: mv_cesa - Enqueue generic async requests
crypto: mv_cesa - Rename a variable to a more suitable name
crypto: mv_cesa - Execute some code via function pointers rathr than direct calls
crypto: mv_cesa - Make the copy-back of data optional
crypto: mv_cesa - Support processing of data from previous requests
crypto: mv_cesa - Add sha1 and hmac(sha1) async hash drivers

arch/arm/mach-omap2/clock2420_data.c | 2 +-
arch/arm/mach-omap2/clock2430_data.c | 2 +-
arch/arm/mach-omap2/clock3xxx_data.c | 2 +-
arch/arm/mach-omap2/devices.c | 58 ++-
arch/arm/plat-omap/include/plat/omap34xx.h | 5 +
arch/x86/crypto/aesni-intel_asm.S | 115 +++
arch/x86/crypto/aesni-intel_glue.c | 130 +++-
arch/x86/include/asm/inst.h | 96 ++-
crypto/algapi.c | 2 +-
crypto/internal.h | 2 +-
crypto/pcrypt.c | 11 +-
crypto/tcrypt.c | 7 +
crypto/tcrypt.h | 29 +
crypto/testmgr.h | 64 ++-
crypto/vmac.c | 75 +-
drivers/crypto/Kconfig | 9 +
drivers/crypto/Makefile | 2 +
drivers/crypto/geode-aes.c | 36 +-
drivers/crypto/mv_cesa.c | 692 ++++++++++++++--
drivers/crypto/mv_cesa.h | 40 +-
drivers/crypto/omap-sham.c | 1259 ++++++++++++++++++++++++++++
kernel/padata.c | 56 +-
22 files changed, 2497 insertions(+), 197 deletions(-)

Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2010-05-21 10:44:05 UTC
Permalink
Hi Linus:

Here is a revised crypto update for 2.6.35:

* Hardware hash support in mv_cesa.
* Hardware hash support in omap.
* Hardware hash support in talitos.
* Hardware hash/cipher support for Niagara2.
* Hardware support for CTR mode in aesni.
* VMAC now works on big-endian.
* Updates to padata.
* Misc fixes.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Chihau Chau (1):
crypto: geode-aes - Fix some code style issues

Dan Carpenter (2):
crypto: pcrypt - Handle crypto_get_attr_type errors
crypto: algapi - Remove unneeded null check

David S. Miller (6):
crypto: hifn_795x - Rename ablkcipher_walk to hifn_cipher_walk
crypto: scatterwalk - Fix scatterwalk_done() test
crypto: tcrypt - Add speed tests for async hashing
crypto: testmgr - Add testing for async hashing and update/final
crypto: skcipher - Add ablkcipher_walk interfaces
crypto: n2 - Add Niagara2 crypto driver

Dmitry Kasatkin (3):
crypto: omap - Updates omap sham device related platform code
crypto: omap - sha1 & md5 driver
crypto: omap - OMAP macros corrected

Henrik Kretzschmar (1):
padata: Section cleanup

Herbert Xu (2):
Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6
crypto: shash - Remove usage of CRYPTO_MINALIGN

Huang Ying (4):
crypto: aesni-intel - Add AES-NI accelerated CTR mode
crypto: tcrypt - Speed testing support for ghash
crypto: aesni-intel - Fix CTR optimization build failure with gas 2.16.1
crypto: aesni-intel - Fix another CTR build failure with gas 2.16.1

Kim Phillips (1):
crypto: talitos - add support for sha224

Lee Nipper (3):
crypto: talitos - prepare for adding ahash algorithms
crypto: talitos - second prepare step for adding ahash algorithms
crypto: talitos - add hash algorithms

Matt Mackall (1):
random: simplify fips mode

Richard Hartmann (1):
crypto: internal - Fix checkpatch errors

Shane Wang (1):
crypto: vmac - Fix big-endian support

Shikhar Khattar (1):
crypto: authenc - Fix cryptlen calculation

Steffen Klassert (9):
padata: Dont scale the parallel objects with the cpus
padata: cpu hotplug code should depend on CONFIG_HOTPLUG_CPU
padata: Remove superfluous might_sleep
padata: Initialize the padata queues only for the used cpus
padata: Use get_online_cpus/put_online_cpus
padata: Use a timer to handle remaining objects in the reorder queues
padata: Flush the padata queues actively
padata: Add some code comments
padata: Use get_online_cpus/put_online_cpus in padata_free

Tobias Klauser (1):
crypto: mv_cesa - Use resource_size

Uri Simchoni (10):
crypto: mv_cesa - Invoke the user callback from a softirq context
crypto: mv_cesa - Remove compiler warning in mv_cesa driver
crypto: mv_cesa - Fix situation where the dest sglist is organized differently than the source sglist
crypto: mv_cesa - Fix situations where the src sglist spans more data than the request asks for
crypto: mv_cesa - Enqueue generic async requests
crypto: mv_cesa - Rename a variable to a more suitable name
crypto: mv_cesa - Execute some code via function pointers rathr than direct calls
crypto: mv_cesa - Make the copy-back of data optional
crypto: mv_cesa - Support processing of data from previous requests
crypto: mv_cesa - Add sha1 and hmac(sha1) async hash drivers

arch/arm/mach-omap2/clock2420_data.c | 2 +-
arch/arm/mach-omap2/clock2430_data.c | 2 +-
arch/arm/mach-omap2/clock3xxx_data.c | 2 +-
arch/arm/mach-omap2/devices.c | 58 +-
arch/arm/plat-omap/include/plat/omap34xx.h | 5 +
arch/x86/crypto/aesni-intel_asm.S | 115 ++
arch/x86/crypto/aesni-intel_glue.c | 130 ++-
arch/x86/include/asm/inst.h | 96 ++-
crypto/ablkcipher.c | 277 ++++
crypto/algapi.c | 2 +-
crypto/authenc.c | 8 +-
crypto/internal.h | 2 +-
crypto/pcrypt.c | 11 +-
crypto/scatterwalk.c | 2 +-
crypto/shash.c | 2 +-
crypto/tcrypt.c | 343 +++++-
crypto/tcrypt.h | 29 +
crypto/testmgr.c | 66 +-
crypto/testmgr.h | 64 +-
crypto/vmac.c | 75 +-
drivers/char/random.c | 10 +-
drivers/crypto/Kconfig | 21 +
drivers/crypto/Makefile | 4 +
drivers/crypto/geode-aes.c | 36 +-
drivers/crypto/hifn_795x.c | 18 +-
drivers/crypto/mv_cesa.c | 692 +++++++++-
drivers/crypto/mv_cesa.h | 40 +-
drivers/crypto/n2_asm.S | 95 ++
drivers/crypto/n2_core.c | 2083 ++++++++++++++++++++++++++++
drivers/crypto/n2_core.h | 231 +++
drivers/crypto/omap-sham.c | 1259 +++++++++++++++++
drivers/crypto/talitos.c | 699 +++++++++-
drivers/crypto/talitos.h | 12 +-
include/crypto/algapi.h | 40 +
include/linux/padata.h | 55 +
kernel/padata.c | 185 ++-
36 files changed, 6456 insertions(+), 315 deletions(-)

Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2010-08-04 14:04:48 UTC
Permalink
Hi Linus:

Here is the crypto update for 2.6.36:

* HMAC support for Niagara2.
* Talitos ahash bug fix.
* Adds sysfs interface to padata/pcrypt.
* Fixes/clean-ups for padata/pcrypt.
* Misc fixes.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Alexander Shishkin (1):
crypto: testmgr - add an option to disable cryptoalgos' self-tests

Andrea Gelmini (1):
crypto: des_s390 - Checkpatch cleanup

Dan Carpenter (2):
crypto: mv_cesa - fixup error handling in mv_probe()
padata: add parenthesis in MAX_SEQ_NR macro

Dan Kruchinin (3):
padata: Make two separate cpumasks
padata: Added sysfs primitives to padata subsystem
pcrypt: Added sysfs interface to pcrypt

David S. Miller (4):
n2_crypto: Kill n2_base_ctx and helpers.
n2_crypto: Log algorithm success/failure in kernel log.
n2_crypto: Make ahash parameterization explicit.
n2_crypto: Add HMAC support.

Herbert Xu (2):
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/crypto-2.6
crypto: pcomp - Fix illegal Kconfig configuration

Huang Weiyi (1):
crypto: omap - remove unused #include <linux/version.h>

Jan Glauber (2):
crypto: des_s390: remove des3_ede128 mode
crypto: des_s390: use generic weak key check

Joachim Fritschi (1):
crypto: twofish: Rename twofish to twofish_generic and add an alias

Julia Lawall (1):
crypto: Use ERR_CAST

Justin P. Mattock (1):
crypto: hifn_795x - Remove unused ctx variable

Kulikov Vasiliy (1):
hwrng: n2-drv - remove casts from void*

Lee Nipper (1):
crypto: talitos - fix ahash for multiple of blocksize

Peter Huewe (1):
crypto: geode_aes - Convert pci_table entries to PCI_VDEVICE (if PCI_ANY_ID is used)

Richard Kennedy (1):
random: Reorder struct entropy_store to remove padding on 64bits

Steffen Klassert (17):
padata: Check for valid padata instance on start
padata: Block until the instance is unused on stop
padata: Handle empty padata cpumasks
padata: make padata_do_parallel to return zero on success
padata: simplify serialization mechanism
padata: update documentation
padata: Fix cpu index counting
padata: Allocate cpumask dependend recources in any case
padata: Check for valid cpumasks
crypto: pcrypt - Dont calulate a callback cpu on empty callback cpumask
padata: Rename padata_alloc functions
padata: Rearrange set_cpumask functions
padata: Pass the padata cpumasks to the cpumask_change_notifier chain
crypto: pcrypt - Rename pcrypt_instance
crypto: pcrypt - Update pcrypt cpumask according to the padata cpumask notifier
padata: Remove padata_get_cpumask
padata: update API documentation

Documentation/padata.txt | 97 +++-
arch/s390/crypto/Makefile | 2 +-
arch/s390/crypto/crypto_des.h | 2 +-
arch/s390/crypto/des_s390.c | 238 +---------
crypto/Kconfig | 15 +-
crypto/Makefile | 4 +-
crypto/algboss.c | 4 +
crypto/authenc.c | 2 +-
crypto/ctr.c | 2 +-
crypto/pcrypt.c | 241 ++++++++---
crypto/testmgr.c | 14 +
crypto/{twofish.c => twofish_generic.c} | 1 +
crypto/xts.c | 2 +-
drivers/char/hw_random/n2-drv.c | 2 +-
drivers/char/random.c | 2 +-
drivers/crypto/geode-aes.c | 2 +-
drivers/crypto/hifn_795x.c | 4 -
drivers/crypto/mv_cesa.c | 10 +-
drivers/crypto/n2_core.c | 417 ++++++++++++-----
drivers/crypto/omap-sham.c | 1 -
drivers/crypto/talitos.c | 77 ++--
include/linux/padata.h | 121 ++++--
kernel/padata.c | 755 +++++++++++++++++++++++--------
23 files changed, 1307 insertions(+), 708 deletions(-)

Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2010-10-24 06:16:25 UTC
Permalink
Hi Linus:

Here is the crypto update for 2.6.37:

* cryptd now supports AEAD.
* OMAP2/3 AES support.
* Mark Steffen Klassert as maintainer for padata/pcrypt.
* Misc fixes.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Adrian Hoban (1):
crypto: cryptd - Adding the AEAD interface type support to cryptd

Chuck Ebbert (1):
crypto: fips - FIPS requires algorithm self-tests

David S. Miller (1):
crypto: n2_crypto - Niagara2 driver needs to depend upon CRYPTO_DES

Dmitry Kasatkin (2):
crypto: updates to enable omap aes
crypto: omap-aes - OMAP2/3 AES hw accelerator driver

Justin P. Mattock (1):
crypto: Kconfig - update broken web addresses

Kim Phillips (3):
crypto: talitos - fix warning: 'alg' may be used uninitialized in this function
crypto: talitos - fix checkpatch warning
crypto: talitos - sparse check endian fixes

Namhyung Kim (1):
padata: add missing __percpu markup in include/linux/padata.h

Samu Onkalo (1):
crypto: omap-sham - Adjust DMA parameters

Steffen Klassert (1):
MAINTAINERS: Add maintainer entries for padata/pcrypt

Tejun Heo (1):
crypto: hifn_795x - use cancel_delayed_work_sync()

Tracey Dent (1):
crypto: Makefile - replace the use of <module>-objs with <module>-y

MAINTAINERS | 16 +
arch/arm/mach-omap2/clock2420_data.c | 2 +-
arch/arm/mach-omap2/clock2430_data.c | 2 +-
arch/arm/mach-omap2/clock3xxx_data.c | 2 +-
arch/arm/mach-omap2/devices.c | 71 +++
crypto/Kconfig | 21 +-
crypto/cryptd.c | 206 ++++++++-
drivers/crypto/Kconfig | 9 +
drivers/crypto/Makefile | 3 +-
drivers/crypto/amcc/Makefile | 2 +-
drivers/crypto/hifn_795x.c | 3 +-
drivers/crypto/omap-aes.c | 948 ++++++++++++++++++++++++++++++++++
drivers/crypto/omap-sham.c | 6 +-
drivers/crypto/talitos.c | 29 +-
include/crypto/cryptd.h | 24 +
include/linux/padata.h | 4 +-
16 files changed, 1310 insertions(+), 38 deletions(-)

Thanks,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2011-01-06 00:01:57 UTC
Permalink
Hi Linus:

Here is the crypto update for 2.6.38:

* Crypto API interface for user-space (hash + skcipher)
* Fixes for new OMAP driver.
* 32-bit support in aesni-intel.
* GCM support in aesni-intel.
* Misc fixes.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Adrian Hoban (1):
crypto: rfc4106 - Extending the RC4106 AES-GCM test vectors

Adrian-Ken Rueegsegger (1):
crypto: ripemd - Set module author and update email address

Dmitry Kasatkin (15):
crypto: omap-sham - uses digest buffer in request context
crypto: omap-sham - DMA initialization fixes for off mode
crypto: omap-sham - error handling improved
crypto: omap-sham - removed redundunt locking
crypto: omap-sham - crypto_ahash_final() now not need to be calle=
d.
crypto: omap-sham - hash-in-progress is stored in hw format
crypto: omap-sham - FLAGS_FIRST is redundant and removed
crypto: omap-sham - zero-copy scatterlist handling
crypto: omap-aes - DMA initialization fixes for OMAP off mode
crypto: omap-aes - redundant locking is removed
crypto: omap-aes - error handling implementation improved
crypto: omap-aes - unnecessary code removed
crypto: omap-aes - initialize aes module once per request
crypto: omap-aes - checkpatch --file warning fixes
crypto: omap-sham - backlog handling fix

Herbert Xu (10):
crypto: hash - Fix async import on shash algorithm
net - Add AF_ALG macros
crypto: af_alg - User-space interface for Crypto API
crypto: algif_hash - User-space interface for hash operations
crypto: algif_skcipher - User-space interface for skcipher operat=
ions
crypto: algif_skcipher - Pass on error from af_alg_make_sg
crypto: af_alg - Add dependency on NET
crypto: algif_skcipher - Fixed overflow when sndbuf is page align=
ed
crypto: algif_skcipher - Handle unaligned receive buffer
crypto: gf128mul - Remove experimental tag

Joe Perches (1):
crypto: Use vzalloc

Mathias Krause (2):
crypto: aesni-intel - Ported implementation to x86-32
crypto: aesni-intel - Fixed build error on x86-32

Miloslav Trma=C4=8D (3):
include: Install linux/if_alg.h for user-space crypto API
net: Add missing lockdep class names for af_alg
crypto: af_alg - Make sure sk_security is initialized on accept()=
ed sockets

Nicolas Kaiser (1):
crypto: cast5 - simplify if-statements

Randy Dunlap (1):
crypto: af_alg - fix af_alg memory_allocated data type

Roel Kluin (1):
crypto: mv_cesa - dont return PTR_ERR() of wrong pointer

Steffen Klassert (2):
crypto: scatterwalk - Add scatterwalk_crypto_chain helper
crypto: Use scatterwalk_crypto_chain

Tadeusz Struk (2):
crypto: aesni-intel - RFC4106 AES-GCM Driver Using Intel New Inst=
ructions
crypto: aesni-intel - Fixed build with binutils 2.16

Tejun Heo (1):
crypto: mark crypto workqueues CPU_INTENSIVE

Tracey Dent (1):
crypto: Makefile clean up

arch/x86/crypto/aesni-intel_asm.S | 1832 ++++++++++++++++++++++++++++=
+++++++-
arch/x86/crypto/aesni-intel_glue.c | 540 +++++++++++-
crypto/Kconfig | 34 +-
crypto/Makefile | 17 +-
crypto/af_alg.c | 483 ++++++++++
crypto/algif_hash.c | 319 +++++++
crypto/algif_skcipher.c | 632 +++++++++++++
crypto/authenc.c | 22 +-
crypto/cast5.c | 74 +-
crypto/crypto_wq.c | 3 +-
crypto/deflate.c | 3 +-
crypto/eseqiv.c | 18 +-
crypto/gcm.c | 19 +-
crypto/pcrypt.c | 3 +-
crypto/rmd128.c | 3 +-
crypto/rmd160.c | 3 +-
crypto/rmd256.c | 3 +-
crypto/rmd320.c | 3 +-
crypto/shash.c | 8 +-
crypto/tcrypt.c | 11 +
crypto/testmgr.c | 24 +
crypto/testmgr.h | 361 +++++++
crypto/zlib.c | 3 +-
drivers/crypto/mv_cesa.c | 2 +-
drivers/crypto/omap-aes.c | 260 +++---
drivers/crypto/omap-sham.c | 374 +++++----
include/crypto/if_alg.h | 92 ++
include/crypto/scatterwalk.h | 15 +
include/linux/Kbuild | 1 +
include/linux/if_alg.h | 40 +
include/linux/socket.h | 5 +-
net/core/sock.c | 6 +-
32 files changed, 4763 insertions(+), 450 deletions(-)
=20
Thanks,
--=20
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Linus Torvalds
2011-01-06 18:05:46 UTC
Permalink
Post by Herbert Xu
* Crypto API interface for user-space (hash + skcipher)
Is there really any point to this? And can we get more explanation of
what the interface is, and who would use it?

If you need crypto in user space, it's almost invariably better done
in user space. If the CPU can do crypto on its own, and doesn't expose
those instructions to user space, it's just a stupid CPU - and the
user/kernel transfer is likely going to make it slower than a pure
software approach for any but the biggest transfers.

And if the crypto engine is off-chip, the sw version is going to be
faster anyway except for possible async versions that are hard to
interface to user space.

So I really need more convincing about the whole user-space interface.
Adding new interfaces willy-nilly isn't a good idea. They need damn
good reasons.

Linus
Herbert Xu
2011-01-06 21:16:46 UTC
Permalink
Post by Linus Torvalds
Is there really any point to this? And can we get more explanation of
what the interface is, and who would use it?
I think you've answered it yourself in the third paragraph :)
Post by Linus Torvalds
If you need crypto in user space, it's almost invariably better done
in user space. If the CPU can do crypto on its own, and doesn't expose
those instructions to user space, it's just a stupid CPU - and the
user/kernel transfer is likely going to make it slower than a pure
software approach for any but the biggest transfers.
I agree completely.
Post by Linus Torvalds
And if the crypto engine is off-chip, the sw version is going to be
faster anyway except for possible async versions that are hard to
interface to user space.
So I really need more convincing about the whole user-space interface.
Adding new interfaces willy-nilly isn't a good idea. They need damn
good reasons.
Right. This purpose of this interface is to access the async
hardware crypto drivers that we have added over the past years.

For a modern x86-64 CPU it isn't interesting at all. It's mainly
for other architectures where the CPU may not be able to keep up
with say 10Gb/s IPsec traffic and the encryption and/or hashing
must be offloaded.

This is also why only hash and skcipher are supported as they
are the main algorithm types supported by teh current async
drivers in the kernel.

Cheers,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Linus Torvalds
2011-01-06 21:23:19 UTC
Permalink
Post by Herbert Xu
Post by Linus Torvalds
Is there really any point to this? And can we get more explanation of
what the interface is, and who would use it?
I think you've answered it yourself in the third paragraph :)
No I didn't.

What part of "can we get more explanation of what the interface is" is unclear?

Explanations of interface. Code. Who uses it? What are the actual
performance benefits on real code?

Quite frankly, asynchronous external devices using DMA or similar are
seldom real performance improvements. The bus and cache traffic tends
to overwhelm any other advantage, and commonly the result is (a) lower
performance with (b) better-looking profiles.

But "better-looking profiles" isn't actually a real advantage.

And I really do want to hear about new kernel interfaces. What _are_
the interfaces, and what are the advantages to them.

Linus
Herbert Xu
2011-01-06 21:39:32 UTC
Permalink
Post by Linus Torvalds
Explanations of interface. Code. Who uses it? What are the actual
performance benefits on real code?
You snipped out the bit in my reply where I expanded on it:

: Right. This purpose of this interface is to access the async
: hardware crypto drivers that we have added over the past years.
:
: For a modern x86-64 CPU it isn't interesting at all. It's mainly
: for other architectures where the CPU may not be able to keep up
: with say 10Gb/s IPsec traffic and the encryption and/or hashing
: must be offloaded.
:
: This is also why only hash and skcipher are supported as they
: are the main algorithm types supported by teh current async
: drivers in the kernel.

The interface is meant to be used by those whose CPU either cannot
provide adequate performance for encryption/hashing, or where they
need to preverse the CPU power for other tasks. This is most
likely to be used on a non-x86 architecture, as most of our async
crypto drivers are for non-x86 architectures.

Users can be anything performing bulk encryptiong/hashing in user-
space, e.g., SSL (although there are plans to implement SSL in
the kernel as well), SSH, etc.

Here is the original cover email for the patches:

: On Tue, Sep 07, 2010 at 04:42:13PM +0800, Herbert Xu wrote:
: >
: > This is what I am proposing for the Crypto API user-interface.
: >
: > Note that this is the interface for operations. There will be
: > a separate interface (most likely netlink) for configuring crypto
: > algorithms, e.g., picking a specific AES implementation as the
: > system default.
:
: OK I've gone ahead and implemented the user-space API for hashes
: and ciphers.
:
: To recap this interface is designed to allow user-space programs
: to access hardware cryptographic accelerators that we have added
: to the kernel.
:
: The intended usage scenario is where a large amount of data needs
: to be processed where the benefits offered by hardware acceleration
: that is normally unavailable in user-space (as opposed to ones
: such as the Intel AES instruction which may be used directly from
: user-space) outweigh the overhead of going through the kernel.
:
: In order to further minimise the overhead in these cases, this
: interface offers the option of avoiding copying data between
: user-space and the kernel where possible and appropriate. For
: ciphers this means the use of the splice(2) interface instead of
: sendmsg(2)
:
: Here is a sample hash program (note that these only illustrate
: what the interface looks like and are not meant to be good examples
: of coding :)
:
: int main(void)
: {
: int opfd;
: int tfmfd;
: struct sockaddr_alg sa = {
: .salg_family = AF_ALG,
: .salg_type = "hash",
: .salg_name = "sha1"
: };
: char buf[20];
: int i;
:
: tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
:
: bind(tfmfd, (struct sockaddr *)&sa, sizeof(sa));
:
: opfd = accept(tfmfd, NULL, 0);
:
: write(opfd, "abc", 3);
: read(opfd, buf, 20);
:
: for (i = 0; i < 20; i++) {
: printf("%02x", (unsigned char)buf[i]);
: }
: printf("\n");
:
: close(opfd);
: close(tfmfd);
:
: return 0;
: }
:
: And here is one for ciphers:
:
: int main(void)
: {
: int opfd;
: int tfmfd;
: struct sockaddr_alg sa = {
: .salg_family = AF_ALG,
: .salg_type = "skcipher",
: .salg_name = "cbc(aes)"
: };
: struct msghdr msg = {};
: struct cmsghdr *cmsg;
: char cbuf[CMSG_SPACE(4) + CMSG_SPACE(20)];
: char buf[16];
: struct af_alg_iv *iv;
: struct iovec iov;
: int i;
:
: tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
:
: bind(tfmfd, (struct sockaddr *)&sa, sizeof(sa));
:
: setsockopt(tfmfd, SOL_ALG, ALG_SET_KEY,
: "\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
: "\x51\x2e\x03\xd5\x34\x12\x00\x06", 16);
:
: opfd = accept(tfmfd, NULL, 0);
:
: msg.msg_control = cbuf;
: msg.msg_controllen = sizeof(cbuf);
:
: cmsg = CMSG_FIRSTHDR(&msg);
: cmsg->cmsg_level = SOL_ALG;
: cmsg->cmsg_type = ALG_SET_OP;
: cmsg->cmsg_len = CMSG_LEN(4);
: *(__u32 *)CMSG_DATA(cmsg) = ALG_OP_ENCRYPT;
:
: cmsg = CMSG_NXTHDR(&msg, cmsg);
: cmsg->cmsg_level = SOL_ALG;
: cmsg->cmsg_type = ALG_SET_IV;
: cmsg->cmsg_len = CMSG_LEN(20);
: iv = (void *)CMSG_DATA(cmsg);
: iv->ivlen = 16;
: memcpy(iv->iv, "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
: "\xb4\x22\xda\x80\x2c\x9f\xac\x41", 16);
:
: iov.iov_base = "Single block msg";
: iov.iov_len = 16;
:
: msg.msg_iov = &iov;
: msg.msg_iovlen = 1;
:
: sendmsg(opfd, &msg, 0);
: read(opfd, buf, 16);
:
: for (i = 0; i < 16; i++) {
: printf("%02x", (unsigned char)buf[i]);
: }
: printf("\n");
:
: close(opfd);
: close(tfmfd);
:
: return 0;
: }

Cheers,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Linus Torvalds
2011-01-06 22:13:17 UTC
Permalink
Post by Herbert Xu
Post by Linus Torvalds
Explanations of interface. Code. Who uses it? What are the actual
performance benefits on real code?
You didn't expand on it AT ALL.

You just mentioned "the interface". I haven't seen WHAT THAT INTERFACE IS!

How hard is that to understand?
Post by Herbert Xu
: Here is a sample hash program (note that these only illustrate
: what the interface looks like and are not meant to be good examples
: of coding :)
But I'm still missing the part where you show that there is any actual
use case that makes sense, and that actually improves performance.
Maybe it's been posted somewhere else, but the thing is, you're asking
_me_ to pull, and as a result you need to convince _me_ that this is a
good idea. So if it's been posted/discussed extensively elsewhere,
please point to those discussions.

I really don't like adding interfaces that don't have hard uses
associated with them. We've done it in the past, and it tends to be a
morass and a bad idea. That's been true even when the idea has been my
own, and thus obviously genius-level and clearly the RightThing(tm),
like "splice()". And it's why I push back on new interfaces when I see
them.

Btw, it doesn't have to be about performance per se. Does this allow
people to use keys without actually _seeing_ those keys? Your example
implies that that is not the case, but that's actually one of the few
reasons to actually support a kernel crypto interface - the ability to
have private personal keys around, but not having to actually let
possibly untrusted programs see them.

For example of why something like that matters, I can well see myself
using some program to encrypt things. But maybe I don't trust that
program enough to give it my actual private keys. In that case, kernel
support is a real feature.

But in your example, it looks like you just give it the key. Which to
me means that you're totally missing one of the major reasons for
having a separate protection domain.

And that makes me think that the interface is bad. And that's why it's
a big change to go from "internal kernel crypto interface" to "actual
user-space interface to the kernel crypto engine". The first one can
be fixed. The second one cannot.

So I'm not necessarily hung up on "performance", but I am hung up on
"there needs to be a point", and "the interface needs to be
-correct-". Performance would be one such point. Not just 'the
hardware is there'. I know the hardware exists, but I'm not at all
convinced that DMA with all the cacheflushing will ever actully be
faster the the CPU. And if it can, I want to hear about the real-world
situation where it actually is used.

Linus
Herbert Xu
2011-01-06 22:30:42 UTC
Permalink
Post by Linus Torvalds
But I'm still missing the part where you show that there is any actual
use case that makes sense, and that actually improves performance.
Maybe it's been posted somewhere else, but the thing is, you're asking
_me_ to pull, and as a result you need to convince _me_ that this is a
good idea. So if it's been posted/discussed extensively elsewhere,
please point to those discussions.
The main use-case is bulk encryption/hashing in user-space. For
example, on Sparc Niagara2 you need to use SPU (Stream Processing
Unit) in order to do crypto at 10Gb/s over the network. Because
of the hardware design, it is difficult to make use of the SPU
directly in user-space, unless you dedicate the SPU to one single
thread/user.

That is why we need a crypto driver in the kernel as well as a
user-space interface exporting it, to make available a single
piece of hardware resource so that it may be used by multiple
users in user-space.

The same applies to most of the drivers in drivers/crypto, e.g.,
omap provides ARM crypto acceleration providing crypto throughput
that simply cannot be achieved by the CPU itself.

The actual encryption in user-space would be anything that is
done in bulk, such as SSH or SSL. In fact, the intention is
to implement it just once in a library such as libssl where it
could then be used automatically by all appliations.
Post by Linus Torvalds
But in your example, it looks like you just give it the key. Which to
me means that you're totally missing one of the major reasons for
having a separate protection domain.
Providing such separation is not the primary objective of this API,
which is providing user-space access to off-chip crypto hardware.

However, this is something that has been considered and can be
easily added. The idea is to first add symmetric key storage
capability to the existing in-kernel keyring API. Once that is
done we can easily add a new setsockopt to the crypto user-interface
that retrieves the key from the kernel keyring instead of getting
it directly from user-space.

Cheers,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
David Miller
2011-01-06 22:33:33 UTC
Permalink
From: Herbert Xu <***@gondor.apana.org.au>
Date: Fri, 7 Jan 2011 09:30:42 +1100
Post by Herbert Xu
Post by Linus Torvalds
But I'm still missing the part where you show that there is any actual
use case that makes sense, and that actually improves performance.
Maybe it's been posted somewhere else, but the thing is, you're asking
_me_ to pull, and as a result you need to convince _me_ that this is a
good idea. So if it's been posted/discussed extensively elsewhere,
please point to those discussions.
The main use-case is bulk encryption/hashing in user-space. For
example, on Sparc Niagara2 you need to use SPU (Stream Processing
Unit) in order to do crypto at 10Gb/s over the network. Because
of the hardware design, it is difficult to make use of the SPU
directly in user-space, unless you dedicate the SPU to one single
thread/user.
The N2 SPU is not accessible at all from userspace.
Post by Herbert Xu
However, this is something that has been considered and can be
easily added. The idea is to first add symmetric key storage
capability to the existing in-kernel keyring API. Once that is
done we can easily add a new setsockopt to the crypto user-interface
that retrieves the key from the kernel keyring instead of getting
it directly from user-space.
That indeed would be real interesting.
Herbert Xu
2011-01-06 22:53:01 UTC
Permalink
Can you do the "bypass directly to the TCP stream" with the interface
you added? It isn't at all obvious how it would work.
Yes it can. The interface allows zero-copy in both directions
using the splice interface. Here is a sample program demonstrating
zero-copy in-place encryption. It doesn't send the result over TCP
but I'm sure you can imagine what that would look like.

Note that the final read(2) looks like it copies, but it doesn't.
The read(2) will setup SG lists using the user-space address and
place the encryption result in there directly. In this case as
the source/destination addresses are identical, it performs in-place
encryption.

#include <fcntl.h>
#include <stdio.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <linux/splice.h>
#include <linux/types.h>
#include <linux/af_alg.h>

static char buf[4096] __attribute__((__aligned__(4096)));

int main(void)
{
int opfd;
int tfmfd;
struct sockaddr_alg sa = {
.salg_family = AF_ALG,
.salg_type = "skcipher",
.salg_name = "cbc(aes)"
};
struct msghdr msg = {};
struct cmsghdr *cmsg;
char cbuf[CMSG_SPACE(4) + CMSG_SPACE(20)];
struct aes_iv {
__u32 len;
__u8 iv[16];
} *iv;
struct iovec iov;
int i;
int pipes[2];

pipe(pipes);

tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);

bind(tfmfd, (struct sockaddr *)&sa, sizeof(sa));

setsockopt(tfmfd, SOL_ALG, ALG_SET_KEY,
"\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
"\x51\x2e\x03\xd5\x34\x12\x00\x06", 16);

opfd = accept(tfmfd, NULL, 0);

msg.msg_control = cbuf;
msg.msg_controllen = sizeof(cbuf);

cmsg = CMSG_FIRSTHDR(&msg);
cmsg->cmsg_level = SOL_ALG;
cmsg->cmsg_type = ALG_SET_OP;
cmsg->cmsg_len = CMSG_LEN(4);
*(__u32 *)CMSG_DATA(cmsg) = ALG_OP_ENCRYPT;

cmsg = CMSG_NXTHDR(&msg, cmsg);
cmsg->cmsg_level = SOL_ALG;
cmsg->cmsg_type = ALG_SET_IV;
cmsg->cmsg_len = CMSG_LEN(20);
iv = (void *)CMSG_DATA(cmsg);
iv->len = 16;
memcpy(iv->iv, "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
"\xb4\x22\xda\x80\x2c\x9f\xac\x41", 16);

memcpy(buf, "Single block msg", 16);

iov.iov_base = buf;
iov.iov_len = 4096;

msg.msg_iovlen = 0;
msg.msg_flags = MSG_MORE;

sendmsg(opfd, &msg, 0);
vmsplice(pipes[1], &iov, 1, SPLICE_F_GIFT);
splice(pipes[0], NULL, opfd, NULL, 16, 0);
read(opfd, buf, 16);

for (i = 0; i < 16; i++) {
printf("%02x", (unsigned char)buf[i]);
}
printf("\n");

close(opfd);
close(tfmfd);

return 0;

Cheers,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Linus Torvalds
2011-01-06 23:25:32 UTC
Permalink
Can you do the "bypass directly to the TCP stream" with the interfac=
e
you added? It isn't at all obvious how it would work.
Yes it can. =A0The interface allows zero-copy in both directions
using the splice interface. =A0Here is a sample program demonstrating
zero-copy in-place encryption. =A0It doesn't send the result over TCP
but I'm sure you can imagine what that would look like.
Ok. So can we actually get numbers for this?

Put another way: I really really REALLY don't want to merge new
user-space interfaces that don't actually work in reality. But if this
allows direct encryption to a network interface, and it actually is
able to saturate 10Gb on niagara (unlike a user-mode encryption thing,
I assume, since those things are dog slow), then that would certainly
be a good real-life test.

But I really don't want to merge it unless it has had at least
real-life testing of actually doing better than regular sw user-space
encryption.

I realize that on PC's, it's unlikely to ever help. So I'm not asking
for "show me how this helps on my hardware". But I do want to get some
case on _some_ actual hardware where it works on a real load.

Linus
Herbert Xu
2011-01-07 00:14:59 UTC
Permalink
Post by Linus Torvalds
Ok. So can we actually get numbers for this?
As you alluded to, we need real non-x86 hardware to get some
proper numbers. Unfortunately I'm currently a continent away
from my async hardware so all I can give you are software
numbers.

Anyway, here is a test program that does a set number (1024 * 1024)
of 4096-byte (total 4GB) encryptions with libssl and kernel crypto.
The result on my Core 2 (in a KVM VM FWIW) is:

lenny0:~# time ./test_crypto > /dev/null

real 0m30.340s
user 0m0.172s
sys 0m30.166s
lenny0:~# time ./test_crypto software > /dev/null

real 0m34.555s
user 0m34.550s
sys 0m0.004s
lenny0:~#

I'm not claiming these numbers make any sense but this is just
a ballpark figure.

Dave, can you run this program on your N2 and see what it shows?

#include <fcntl.h>
#include <openssl/aes.h>
#include <stdio.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <linux/types.h>

#define AF_ALG 38
#define SOL_ALG 279

#define SPLICE_F_GIFT (0x08) /* pages passed in are a gift */

struct sockaddr_alg {
__u16 salg_family;
__u8 salg_type[14];
__u32 salg_feat;
__u32 salg_mask;
__u8 salg_name[64];
};

struct af_alg_iv {
__u32 ivlen;
__u8 iv[0];
};

/* Socket options */
#define ALG_SET_KEY 1
#define ALG_SET_IV 2
#define ALG_SET_OP 3

/* Operations */
#define ALG_OP_DECRYPT 0
#define ALG_OP_ENCRYPT 1

static char buf[4096] __attribute__((__aligned__(4096)));

static void crypt_ssl(const char *key, char *iv, int i)
{
AES_KEY akey;

AES_set_encrypt_key(key, 128, &akey);

while (i--)
AES_cbc_encrypt(buf, buf, 4096, &akey, iv, 1);
}

static void crypt_kernel(const char *key, char *oiv, int i)
{
int opfd;
int tfmfd;
struct sockaddr_alg sa = {
.salg_family = AF_ALG,
.salg_type = "skcipher",
.salg_name = "cbc(aes)"
};
struct msghdr msg = {};
struct cmsghdr *cmsg;
char cbuf[CMSG_SPACE(4) + CMSG_SPACE(20)] = {};
struct aes_iv {
__u32 len;
__u8 iv[16];
} *iv;
struct iovec iov;
int pipes[2];

pipe(pipes);

tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);

bind(tfmfd, (struct sockaddr *)&sa, sizeof(sa));

setsockopt(tfmfd, SOL_ALG, ALG_SET_KEY, key, 16);

opfd = accept(tfmfd, NULL, 0);

msg.msg_control = cbuf;
msg.msg_controllen = sizeof(cbuf);

cmsg = CMSG_FIRSTHDR(&msg);
cmsg->cmsg_level = SOL_ALG;
cmsg->cmsg_type = ALG_SET_OP;
cmsg->cmsg_len = CMSG_LEN(4);
*(__u32 *)CMSG_DATA(cmsg) = ALG_OP_ENCRYPT;

cmsg = CMSG_NXTHDR(&msg, cmsg);
cmsg->cmsg_level = SOL_ALG;
cmsg->cmsg_type = ALG_SET_IV;
cmsg->cmsg_len = CMSG_LEN(20);
iv = (void *)CMSG_DATA(cmsg);
iv->len = 16;
memcpy(iv->iv, oiv, 16);

iov.iov_base = buf;
iov.iov_len = 4096;

msg.msg_iovlen = 0;
msg.msg_flags = MSG_MORE;

while (i--) {
sendmsg(opfd, &msg, 0);
vmsplice(pipes[1], &iov, 1, SPLICE_F_GIFT);
splice(pipes[0], NULL, opfd, NULL, 4096, 0);
read(opfd, buf, 4096);
}

close(opfd);
close(tfmfd);
close(pipes[0]);
close(pipes[1]);
}

int main(int argc, char **argv)
{
int i;

const char key[16] =
"\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
"\x51\x2e\x03\xd5\x34\x12\x00\x06";
char iv[16] =
"\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
"\xb4\x22\xda\x80\x2c\x9f\xac\x41";

memcpy(buf, "Single block msg", 16);

if (argc > 1)
crypt_ssl(key, iv, 1024 * 1024);
else
crypt_kernel(key, iv, 1024 * 1024);

for (i = 0; i < 4096; i++) {
printf("%02x", (unsigned char)buf[i]);
}
printf("\n");

return 0;
}

Thanks,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
David Miller
2011-01-07 02:43:02 UTC
Permalink
From: Herbert Xu <***@gondor.apana.org.au>
Date: Fri, 7 Jan 2011 11:14:59 +1100
Post by Herbert Xu
Anyway, here is a test program that does a set number (1024 * 1024)
of 4096-byte (total 4GB) encryptions with libssl and kernel crypto.
lenny0:~# time ./test_crypto > /dev/null
real 0m30.340s
user 0m0.172s
sys 0m30.166s
lenny0:~# time ./test_crypto software > /dev/null
real 0m34.555s
user 0m34.550s
sys 0m0.004s
lenny0:~#
I'm not claiming these numbers make any sense but this is just
a ballpark figure.
Dave, can you run this program on your N2 and see what it shows?
Sure, here goes, BTW I had to change the buffer size to 8192 since
vmsplice requires page aligned operation (I was getting -EINVAL
otherwise):

***@maramba:~$ time ./crypto_user_test >/dev/null

real 0m46.586s
user 0m3.280s
sys 0m43.230s
***@maramba:~$ time ./crypto_user_test software >/dev/null

real 10m40.336s
user 10m40.540s
sys 0m0.000s
***@maramba:~$

What's that, something like a factor of 13 faster? :-)
Herbert Xu
2011-01-07 03:04:39 UTC
Permalink
Post by David Miller
real 0m46.586s
user 0m3.280s
sys 0m43.230s
real 10m40.336s
user 10m40.540s
sys 0m0.000s
What's that, something like a factor of 13 faster? :-)
Heh, I missed the leading 1 in your second result and was about
to spill my drink :)

Thanks!
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Pavel Roskin
2011-01-07 02:39:28 UTC
Permalink
Post by Herbert Xu
setsockopt(tfmfd, SOL_ALG, ALG_SET_KEY,
"\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
"\x51\x2e\x03\xd5\x34\x12\x00\x06", 16);
By the way, is it a good idea to use setsockopt() this way? Some keys
may be large. And if AEAD is supported, will it use setsockopt() for
the unencrypted authenticated data?

Maybe some variation of write() or sendto() would be more appropriate?
--
Regards,
Pavel Roskin
Herbert Xu
2011-01-07 03:03:49 UTC
Permalink
Post by Pavel Roskin
By the way, is it a good idea to use setsockopt() this way? Some keys
may be large. And if AEAD is supported, will it use setsockopt() for
the unencrypted authenticated data?
For large keys (i.e., asymmetric key crypto) the kernel keyring API
would be the obvious way of passing them around.

For AEAD the AD would be passed around through send/splice.

Cheers,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Linus Torvalds
2011-01-06 22:43:35 UTC
Permalink
The main use-case is bulk encryption/hashing in user-space. =A0For
example, on Sparc Niagara2 you need to use SPU (Stream Processing
Unit) in order to do crypto at 10Gb/s over the network.
Umm. But doesn't that require that the data then be sent to the network=
?

Why would a user-space -> crypto engine -> user space -> network chip
thing ever be good enough? Niagara is so slow that the whole bounce
thing will totally negate all the SPU advantages.

Your interface doesn't seem to support the use case that you actually
want, which is to avoid the bouncing back and forth between user space
buffers.

And if you bounce back and forth, I bet you can't get that 10Gb/s anywa=
y.

Can you do the "bypass directly to the TCP stream" with the interface
you added? It isn't at all obvious how it would work.

So let me repeat ONE MORE TIME:

- I understand that your interface can use the hw that exists

- but I still want real-world use cases to show that it actually
works and makes sense in practice.

Don't give me "we could use the SPU" crap. Give me "this program
actually uses the SPU and gets better performance thanks to it, and
here are the numbers".

Linus
Neil Horman
2011-01-07 12:04:51 UTC
Permalink
Post by Linus Torvalds
Post by Herbert Xu
Post by Linus Torvalds
Explanations of interface. Code. Who uses it? What are the actual
performance benefits on real code?
You didn't expand on it AT ALL.
You just mentioned "the interface". I haven't seen WHAT THAT INTERFACE IS!
How hard is that to understand?
Post by Herbert Xu
: Here is a sample hash program (note that these only illustrate
: what the interface looks like and are not meant to be good examples
: of coding :)
But I'm still missing the part where you show that there is any actual
use case that makes sense, and that actually improves performance.
Maybe it's been posted somewhere else, but the thing is, you're asking
_me_ to pull, and as a result you need to convince _me_ that this is a
good idea. So if it's been posted/discussed extensively elsewhere,
please point to those discussions.
I really don't like adding interfaces that don't have hard uses
associated with them. We've done it in the past, and it tends to be a
morass and a bad idea. That's been true even when the idea has been my
own, and thus obviously genius-level and clearly the RightThing(tm),
like "splice()". And it's why I push back on new interfaces when I see
them.
Btw, it doesn't have to be about performance per se. Does this allow
people to use keys without actually _seeing_ those keys? Your example
implies that that is not the case, but that's actually one of the few
reasons to actually support a kernel crypto interface - the ability to
have private personal keys around, but not having to actually let
possibly untrusted programs see them.
This actually is an indirect feature of this interface. Using it, you can open
a algorithm socket, select a specific alg, assign a key, and then pass that
socket descriptor over a unix socket to an another process using an
SCM_RIGHTS ancilliary message. The receiving process can then use children
acceppted from that passed socket to preform the configured crypto operation
without any knoweldge of the keys used in it. I can write a demo app if you
like.

Regards
Neil
Nikos Mavrogiannopoulos
2011-01-08 13:23:04 UTC
Permalink
Post by Linus Torvalds
Btw, it doesn't have to be about performance per se. Does this allow
people to use keys without actually _seeing_ those keys? Your exampl=
e
Post by Linus Torvalds
implies that that is not the case, but that's actually one of the fe=
w
Post by Linus Torvalds
reasons to actually support a kernel crypto interface - the ability =
to
Post by Linus Torvalds
have private personal keys around, but not having to actually let
possibly untrusted programs see them.
This actually is an indirect feature of this interface. =C2=A0Using i=
t, you can open
a algorithm socket, select a specific alg, assign a key, and then pas=
s that
socket descriptor over a unix socket to an another process using an
SCM_RIGHTS ancilliary message. =C2=A0The receiving process can then u=
se children
acceppted from that passed socket to preform the configured crypto op=
eration
without any knoweldge of the keys used in it. =C2=A0I can write a dem=
o app if you
like.
Several things have to be considered when extending an interface like
that. For example, do the algorithm implementations protect against
timing attacks, or keys can be recovered, using them? What is the
purpose of cryptographic key separation? If long term keys are to be
protected, then it makes sense to support RSA, DSA keys in addition to
symmetric keys (e.g. microsoft only supports assymetric keys for
separation, since symmetric ones are rarely used as long term keys -
[in TLS-PSK]).

Some of these issues are discussed in my report on a user-space crypto
interface that specifically targeted separation and speed at [0].

regards,
Nikos

[0]. https://www.cosic.esat.kuleuven.be/publications/article-1490.pdf
Neil Horman
2011-01-10 12:03:02 UTC
Permalink
On Sat, Jan 08, 2011 at 03:23:04PM +0200, Nikos Mavrogiannopoulos wrote=
Post by Nikos Mavrogiannopoulos
=20
Btw, it doesn't have to be about performance per se. Does this all=
ow
Post by Nikos Mavrogiannopoulos
people to use keys without actually _seeing_ those keys? Your exam=
ple
Post by Nikos Mavrogiannopoulos
implies that that is not the case, but that's actually one of the =
few
Post by Nikos Mavrogiannopoulos
reasons to actually support a kernel crypto interface - the abilit=
y to
Post by Nikos Mavrogiannopoulos
have private personal keys around, but not having to actually let
possibly untrusted programs see them.
This actually is an indirect feature of this interface. =A0Using it=
, you can open
Post by Nikos Mavrogiannopoulos
a algorithm socket, select a specific alg, assign a key, and then p=
ass that
Post by Nikos Mavrogiannopoulos
socket descriptor over a unix socket to an another process using an
SCM_RIGHTS ancilliary message. =A0The receiving process can then us=
e children
Post by Nikos Mavrogiannopoulos
acceppted from that passed socket to preform the configured crypto =
operation
Post by Nikos Mavrogiannopoulos
without any knoweldge of the keys used in it. =A0I can write a demo=
app if you
Post by Nikos Mavrogiannopoulos
like.
=20
Several things have to be considered when extending an interface like
that. For example, do the algorithm implementations protect against
timing attacks, or keys can be recovered, using them? What is the
No, the kernel does not implement any protection against timing attacks=
in the
algorithms per-se, but preforming a timing attack against a kernel cryp=
to
operation is going to be near impossible anyway, as precise timing meas=
urements
are going to get obscured by interupts, scheduling jitter, lock content=
ion, and
various other factors that will make measuring syscall time fairly usel=
ess.
Post by Nikos Mavrogiannopoulos
purpose of cryptographic key separation? If long term keys are to be
My only purpose was to answer Linus' question. He wondered if other us=
er space
programs could use instances of cyrpto algs over this interface without=
needing
to hold key data. I was illustrating how that could be done.

Neil
Dag Arne Osvik
2011-01-10 19:05:30 UTC
Permalink
On Sat, Jan 08, 2011 at 03:23:04PM +0200, Nikos Mavrogiannopoulos wro=
=20
Post by Linus Torvalds
Btw, it doesn't have to be about performance per se. Does this
allow people to use keys without actually _seeing_ those keys?
Your example implies that that is not the case, but that's
actually one of the few reasons to actually support a kernel
crypto interface - the ability to have private personal keys
around, but not having to actually let possibly untrusted progr=
ams
Post by Linus Torvalds
see them.
This actually is an indirect feature of this interface. =C2=A0Usi=
ng it,
you can open a algorithm socket, select a specific alg, assign a
key, and then pass that socket descriptor over a unix socket to a=
n
another process using an SCM_RIGHTS ancilliary message. =C2=A0The
receiving process can then use children acceppted from that passe=
d
socket to preform the configured crypto operation without any
knoweldge of the keys used in it. =C2=A0I can write a demo app if=
you
like.
=20
Several things have to be considered when extending an interface li=
ke
that. For example, do the algorithm implementations protect against
timing attacks, or keys can be recovered, using them? What is the
No, the kernel does not implement any protection against timing attac=
ks
in the algorithms per-se, but preforming a timing attack against a
kernel crypto operation is going to be near impossible anyway, as
precise timing measurements are going to get obscured by interupts,
scheduling jitter, lock contention, and various other factors that wi=
ll
make measuring syscall time fairly useless.
Let me just point out that this is not near impossible at all; instead =
it has already been done more than 6 years ago. And it's not only sysca=
ll time that leaks information. One practical example is recovery of a =
full AES key in a couple of seconds, using cache attacks against an enc=
rypted file system. AES-NI is immune to this kind of attack, but other =
algorithms typically implemented using lookup tables are at risk.

Dag Arne
Herbert Xu
2011-01-06 21:49:55 UTC
Permalink
Are there any chances AEAD will be supported? Is the API extendable to
allow that?
Yes we can support AEAD. However, as there weren't any existing
user-space users that could benefit immediately, I have not added
it at this point in time.

When combined-mode support in async hardware becomes more common
this could change of course.

Cheers,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Pavel Roskin
2011-01-06 21:46:02 UTC
Permalink
Post by Herbert Xu
This is also why only hash and skcipher are supported as they
are the main algorithm types supported by teh current async
drivers in the kernel.
Are there any chances AEAD will be supported? Is the API extendable to
allow that?

If I remember correctly, the original patch was simply a port of FreeBSD
/dev/crypto, which doesn't support AEAD.
--
Regards,
Pavel Roskin
Mihai Donțu
2011-01-06 23:02:25 UTC
Permalink
Post by Herbert Xu
This is also why only hash and skcipher are supported as they
are the main algorithm types supported by teh current async
drivers in the kernel.
=20
Are there any chances AEAD will be supported? Is the API extendable =
to
allow that?
=20
If I remember correctly, the original patch was simply a port of Free=
BSD
/dev/crypto, which doesn't support AEAD.
If it's meant to work like the FreeBSD /dev/crypto, then maybe this[1] =
paper=20
is worth mentionning, which includes some performance numbers. There wa=
s a=20
single thing that drew my attention, from "Drawbacks and problems [of=20
userspace crypto]": "Lots of scary code-duplication".

[1] http://www.paeps.cx/pubs/crypto_acceleration/slides.pdf

--=20
Mihai Don=C8=9Bu
Herbert Xu
2011-01-13 01:44:15 UTC
Permalink
Hi Linus:

Here is an updated to the crypto pull request for 2.6.38:

* Crypto API interface for user-space (hash + skcipher)

This interface is intended to provide access of kernel
hardware crypto drivers to user-space applications. It
presents the kernel crypto API via a socket interface.

It is only meant to be used for bulk crypto operations,
i.e., if you're doing less than a page's worth of data,
then this is not for you.

For bulk data processing the performance is similar to
that in the kernel when zero-copy is used in both
directions.

* Memory corruption fix for via_rng.
* Fixes for new OMAP driver.
* 32-bit support in aesni-intel.
* GCM support in aesni-intel.
* Misc fixes.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Adrian Hoban (1):
crypto: rfc4106 - Extending the RC4106 AES-GCM test vectors

Adrian-Ken Rueegsegger (1):
crypto: ripemd - Set module author and update email address

Dennis Gilmore (1):
crypto: n2 - use __devexit not __exit in n2_unregister_algs

Dmitry Kasatkin (15):
crypto: omap-sham - uses digest buffer in request context
crypto: omap-sham - DMA initialization fixes for off mode
crypto: omap-sham - error handling improved
crypto: omap-sham - removed redundunt locking
crypto: omap-sham - crypto_ahash_final() now not need to be calle=
d.
crypto: omap-sham - hash-in-progress is stored in hw format
crypto: omap-sham - FLAGS_FIRST is redundant and removed
crypto: omap-sham - zero-copy scatterlist handling
crypto: omap-aes - DMA initialization fixes for OMAP off mode
crypto: omap-aes - redundant locking is removed
crypto: omap-aes - error handling implementation improved
crypto: omap-aes - unnecessary code removed
crypto: omap-aes - initialize aes module once per request
crypto: omap-aes - checkpatch --file warning fixes
crypto: omap-sham - backlog handling fix

Herbert Xu (13):
crypto: hash - Fix async import on shash algorithm
net - Add AF_ALG macros
crypto: af_alg - User-space interface for Crypto API
crypto: algif_hash - User-space interface for hash operations
crypto: algif_skcipher - User-space interface for skcipher operat=
ions
crypto: algif_skcipher - Pass on error from af_alg_make_sg
crypto: af_alg - Add dependency on NET
crypto: algif_skcipher - Fixed overflow when sndbuf is page align=
ed
crypto: algif_skcipher - Handle unaligned receive buffer
crypto: gf128mul - Remove experimental tag
hwrng: via_rng - Fix asm constraints
crypto: padlock - Move padlock.h into include/crypto
hwrng: via_rng - Fix memory scribbling on some CPUs

Joe Perches (1):
crypto: Use vzalloc

Mathias Krause (2):
crypto: aesni-intel - Ported implementation to x86-32
crypto: aesni-intel - Fixed build error on x86-32

Miloslav Trma=C4=8D (3):
include: Install linux/if_alg.h for user-space crypto API
net: Add missing lockdep class names for af_alg
crypto: af_alg - Make sure sk_security is initialized on accept()=
ed sockets

Nicolas Kaiser (1):
crypto: cast5 - simplify if-statements

Randy Dunlap (1):
crypto: af_alg - fix af_alg memory_allocated data type

Roel Kluin (1):
crypto: mv_cesa - dont return PTR_ERR() of wrong pointer

Steffen Klassert (2):
crypto: scatterwalk - Add scatterwalk_crypto_chain helper
crypto: Use scatterwalk_crypto_chain

Tadeusz Struk (2):
crypto: aesni-intel - RFC4106 AES-GCM Driver Using Intel New Inst=
ructions
crypto: aesni-intel - Fixed build with binutils 2.16

Tejun Heo (1):
crypto: mark crypto workqueues CPU_INTENSIVE

Tracey Dent (1):
crypto: Makefile clean up

arch/x86/crypto/aesni-intel_asm.S | 1832 +++++++++++++++++++++++++=
+++++++-
arch/x86/crypto/aesni-intel_glue.c | 540 ++++++++++-
crypto/Kconfig | 34 +-
crypto/Makefile | 17 +-
crypto/af_alg.c | 483 +++++++++
crypto/algif_hash.c | 319 ++++++
crypto/algif_skcipher.c | 632 ++++++++++++
crypto/authenc.c | 22 +-
crypto/cast5.c | 74 +-
crypto/crypto_wq.c | 3 +-
crypto/deflate.c | 3 +-
crypto/eseqiv.c | 18 +-
crypto/gcm.c | 19 +-
crypto/pcrypt.c | 3 +-
crypto/rmd128.c | 3 +-
crypto/rmd160.c | 3 +-
crypto/rmd256.c | 3 +-
crypto/rmd320.c | 3 +-
crypto/shash.c | 8 +-
crypto/tcrypt.c | 11 +
crypto/testmgr.c | 24 +
crypto/testmgr.h | 361 +++++++
crypto/zlib.c | 3 +-
drivers/char/hw_random/via-rng.c | 10 +-
drivers/crypto/mv_cesa.c | 2 +-
drivers/crypto/n2_core.c | 2 +-
drivers/crypto/omap-aes.c | 260 +++---
drivers/crypto/omap-sham.c | 374 ++++---
drivers/crypto/padlock-aes.c | 2 +-
drivers/crypto/padlock-sha.c | 8 +-
include/crypto/if_alg.h | 92 ++
{drivers =3D> include}/crypto/padlock.h | 8 +-
include/crypto/scatterwalk.h | 15 +
include/linux/Kbuild | 1 +
include/linux/if_alg.h | 40 +
include/linux/socket.h | 5 +-
net/core/sock.c | 6 +-
37 files changed, 4779 insertions(+), 464 deletions(-)

Thanks,
--=20
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2011-03-15 14:59:40 UTC
Permalink
Hi Linus:

Here is the crypto update for 2.6.39:

* New picoxcell crypto driver.
* New picoxcell RNG driver.
* Added SHA test vectors to detect bugs such as the recent one on s390.
* Memory leaks fixes on error path in aesni-intel.
* xts(aes) and ghash are now available in FIPS mode.
* Misc fixes.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


David Sterba (1):
crypto: tcrypt - do not attempt to write to readonly variable

Davidlohr Bueso (1):
crypto: skcipher - remove redundant NULL check

Herbert Xu (1):
crypto: sha1 - Add test vector to test partial block processing

Jamie Iles (4):
hwrng: pixocell - add support for picoxcell TRNG
crypto: omap-aes - don't treat NULL clk as an error
crypto: omap-sham - don't treat NULL clk as an error
crypto: picoxcell - add support for the picoxcell crypto engines

Jarod Wilson (3):
crypto: testmgr - mark xts(aes) as fips_allowed
crypto: testmgr - mark ghash as fips_allowed
random: update interface comments to reflect reality

Jesper Juhl (2):
crypto: aesni-intel - Don't leak memory in rfc4106_set_hash_subkey
crypto: aesni-intel - Fix remaining leak in rfc4106_set_hash_key

Julia Lawall (1):
hwrng: omap - Convert release_resource to release_region/release_mem_region

arch/x86/crypto/aesni-intel_glue.c | 24 +-
crypto/ablkcipher.c | 3 +-
crypto/tcrypt.c | 3 +-
crypto/testmgr.c | 2 +
crypto/testmgr.h | 30 +-
drivers/char/hw_random/Kconfig | 12 +
drivers/char/hw_random/Makefile | 1 +
drivers/char/hw_random/omap-rng.c | 14 +-
drivers/char/hw_random/picoxcell-rng.c | 208 ++++
drivers/char/random.c | 13 +-
drivers/crypto/Kconfig | 17 +
drivers/crypto/Makefile | 2 +-
drivers/crypto/omap-aes.c | 4 +-
drivers/crypto/omap-sham.c | 4 +-
drivers/crypto/picoxcell_crypto.c | 1867 ++++++++++++++++++++++++++++++++
drivers/crypto/picoxcell_crypto_regs.h | 128 +++
16 files changed, 2299 insertions(+), 33 deletions(-)

Thanks,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2011-05-20 23:54:09 UTC
Permalink
Hi Linus:

Here is the crypto update for 2.6.40:

* New Freescale SEC4/CAAM driver.
* New S5PV210 advanced crypto engine driver.
* Support for EMU chips on omap.
* SHA-128/256 support for VIA Nano.
* Native XTS/GHASH/CTR support on s390.
* New test vector for AES-OFB.
* Make aesni-intel build on 32-bit again.
* SHA1 fixes for omap.
* Bug fixes for mv_cesa.
* AMD RNG support on Maple PPC boards.
* Misc fixes.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Andy Lutomirski (1):
crypto: aesni-intel - Merge with fpu.ko

Brilly Wu (1):
crypto: padlock - Add SHA-1/256 module for VIA Nano

Dan Carpenter (2):
crypto: caam - dereferencing ERR_PTR on allocation failure
crypto: caam - ARRAY_SIZE() vs sizeof()

Dmitry Eremin-Solenikov (2):
hwrng: amd - manage resource allocation
hwrng: amd - enable AMD hw rnd driver for Maple PPC boards

Dmitry Kasatkin (3):
crypto: omap-sham - remove debug print
crypto: omap-sham - enable driver for EMU chips
crypto: omap-sham - hmac calculation bug fix for sha1 base hash

Gerald Schaefer (3):
crypto: s390 - add System z hardware support for XTS mode
crypto: s390 - add System z hardware support for GHASH
crypto: s390 - add System z hardware support for CTR mode

Jamie Iles (1):
crypto: picoxcell - fix possible status FIFO overflow

Jan Glauber (4):
crypto: s390 - extend crypto facility check
crypto: s390 - cleanup DES code
crypto: s390 - cleanup s390 Kconfig options
crypto: tcrypt - CTR mode speed test for AES

Julia Lawall (1):
crypto: caam - introduce missing kfree

Kim Phillips (13):
crypto: caam - Add support for the Freescale SEC4/CAAM
crypto: caam - standardize device tree naming convention to utilize '-vX.Y'
crypto: caam - de-CHIP-ify device tree compatibles
crypto: caam - handle interrupt lines shared across rings
crypto: caam - fix queue interface detection
crypto: caam - remove WAIT-FOR-COMPLETIONs from givencrypt descriptor
crypto: caam - remove duplicate dev_err
crypto: caam - remove unused keylen from session context
crypto: caam - fix printk recursion for long error texts
crypto: caam - platform_bus_type migration
crypto: caam - fix decryption shared vs. non-shared key setting
crypto: caam - remove unused authkeylen from caam_ctx
crypto: caam - add support for sha512 variants of existing AEAD algorithms

Markku Kylanpaa (1):
crypto: omap-sham - fix concurrent sha1 calculations

Phil Sutter (10):
crypto: mv_cesa - use ablkcipher_request_cast instead of the manual container_of
crypto: mv_cesa - the descriptor pointer register needs to be set just once
crypto: mv_cesa - drop this call to mv_hash_final from mv_hash_finup
crypto: mv_cesa - print a warning when registration of AES algos fail
crypto: mv_cesa - no need to save digest state after the last chunk
crypto: mv_cesa - refactor copy_src_to_buf()
crypto: mv_cesa - fill inner/outer IV fields only in HMAC case
crypto: mv_cesa - move digest state initialisation to a better place
crypto: mv_cesa - copy remaining bytes to SRAM only when needed
crypto: mv_cesa - make count_sgs() null-pointer proof

Puneet Saxena (1):
crypto: testmgr - add support for aes ofb mode

Randy Dunlap (1):
crypto: aesni-intel - fix aesni build on i386

Vladimir Zapolskiy (1):
crypto: s5p-sss - add S5PV210 advanced crypto engine support

.../devicetree/bindings/crypto/fsl-sec4.txt | 397 +++++
arch/powerpc/boot/dts/p4080ds.dts | 86 +-
arch/s390/crypto/Makefile | 1 +
arch/s390/crypto/aes_s390.c | 383 +++++-
arch/s390/crypto/crypt_s390.h | 112 ++-
arch/s390/crypto/des_check_key.c | 132 --
arch/s390/crypto/des_s390.c | 370 ++++--
arch/s390/crypto/ghash_s390.c | 162 ++
arch/s390/crypto/prng.c | 2 +-
arch/s390/crypto/sha1_s390.c | 2 +-
arch/s390/crypto/sha256_s390.c | 2 +-
arch/s390/crypto/sha512_s390.c | 2 +-
arch/x86/crypto/Makefile | 4 +-
arch/x86/crypto/aesni-intel_glue.c | 9 +
arch/x86/crypto/fpu.c | 10 +-
crypto/Kconfig | 6 -
crypto/tcrypt.c | 4 +
crypto/testmgr.c | 16 +
crypto/testmgr.h | 60 +
drivers/char/hw_random/Kconfig | 2 +-
drivers/char/hw_random/amd-rng.c | 9 +
drivers/crypto/Kconfig | 65 +-
drivers/crypto/Makefile | 2 +
drivers/crypto/caam/Kconfig | 72 +
drivers/crypto/caam/Makefile | 8 +
drivers/crypto/caam/caamalg.c | 1268 ++++++++++++++++
drivers/crypto/caam/compat.h | 35 +
drivers/crypto/caam/ctrl.c | 269 ++++
drivers/crypto/caam/desc.h | 1605 ++++++++++++++++++++
drivers/crypto/caam/desc_constr.h | 205 +++
drivers/crypto/caam/error.c | 248 +++
drivers/crypto/caam/error.h | 11 +
drivers/crypto/caam/intern.h | 113 ++
drivers/crypto/caam/jr.c | 517 +++++++
drivers/crypto/caam/jr.h | 21 +
drivers/crypto/caam/regs.h | 663 ++++++++
drivers/crypto/mv_cesa.c | 97 +-
drivers/crypto/omap-sham.c | 78 +-
drivers/crypto/padlock-sha.c | 269 ++++-
drivers/crypto/picoxcell_crypto.c | 64 +-
drivers/crypto/s5p-sss.c | 701 +++++++++
41 files changed, 7660 insertions(+), 422 deletions(-)

Thanks,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2011-07-24 01:17:52 UTC
Permalink
This post might be inappropriate. Click to display it.
Herbert Xu
2011-10-31 04:09:52 UTC
Permalink
Hi Linus:

Here is the crypto update for 3.2:

* User-space interface for algorithm selection/configuration
* SSSE3 implementation of SHA1.
* X86-64 assembly implementation of blowfish.
* X86-64 assembly implementation of twofish.
* Misc fixes.


Please pull from

git://github.com/herbertx/crypto.git


The top commit object is

commit ea8bdfcff17599e5d80f93e2ae194fbbab7f8d5e
Author: Herbert Xu <***@gondor.apana.org.au>
Date: Wed Oct 26 17:15:10 2011 +0200

crypto: user - Add dependency on NET

Alexey Dobriyan (1):
crypto: whirlpool - count rounds from 0

H Hartley Sweeten (1):
crypto: aes-x86 - quiet sparse noise about symbol not declared

Herbert Xu (4):
crypto: sha - Fix build error due to crypto_sha1_update
crypto: cryptd - Use subsys_initcall to prevent races with aesni
crypto: user - Initialise match in crypto_alg_match
crypto: user - Add dependency on NET

Jamie Iles (5):
crypto: picoxcell - convert to platform ID table
crypto: picoxcell - add connection ID to the clock name
crypto: picoxcell - support for device tree matching
crypto: picoxcell - fix possible invalid pointer dereference
crypto: picoxcell - add dependency on HAVE_CLK

Jonathan Nieder (1):
crypto: padlock-aes - Make module loading even quieter when hardware is missing

Jussi Kivilinna (13):
crypto: blowfish - split generic and common c code
crypto: blowfish - rename C-version to blowfish_generic
crypto: tcrypt - add ctr(blowfish) speed test
crypto: blowfish - add x86_64 assembly implementation
crypto: blowfish-x86_64 - improve x86_64 blowfish 4-way performance
crypto: blowfish-x86_64 - add credits
crypto: tcrypt - add ctr(twofish) speed test
crypto: twofish-x86-asm - make assembler functions use twofish_ctx instead of crypto_tfm
crypto: twofish - add 3-way parallel x86_64 assembler implemention
crypto: blowfish-x86_64 - fix ctr blocksize to 1
crypto: twofish-x86_64-3way - fix ctr blocksize to 1
crypto: testmgr - add blowfish test-vectors
crypto: testmgr - add twofish tests

Kim Phillips (1):
crypto: talitos - handle descriptor not found in error path

Mathias Krause (2):
crypto: sha1 - export sha1_update for reuse
crypto: sha1 - SSSE3 based SHA1 implementation for x86-64

Richard Weinberger (1):
crypto: Make hifn_795x build depend on !ARCH_DMA_ADDR_T_64BIT

Steffen Klassert (17):
crypto: Add a flag to identify crypto instances
crypto: Export crypto_remove_spawns
crypto: Export crypto_remove_final
crypto: Add userspace configuration API
crypto: Add a report function pointer to crypto_type
crypto: Add userspace report for larval type algorithms
crypto: Add userspace report for shash type algorithms
crypto: Add userspace report for ahash type algorithms
crypto: Add userspace report for blkcipher type algorithms
crypto: Add userspace report for ablkcipher type algorithms
crypto: Add userspace report for givcipher type algorithms
crypto: Add userspace report for aead type algorithms
crypto: Add userspace report for nivaead type algorithms
crypto: Add userspace report for pcompress type algorithms
crypto: Add userspace report for rng type algorithms
crypto: Add userspace report for cipher type algorithms
crypto: Add userspace report for compress type algorithms

Thomas Meyer (1):
crypto: n2 - Fix a get/put_cpu() imbalance

.../devicetree/bindings/crypto/picochip-spacc.txt | 23 +
arch/x86/crypto/Makefile | 12 +
arch/x86/crypto/aes_glue.c | 1 +
arch/x86/crypto/blowfish-x86_64-asm_64.S | 390 ++++++++++++++
arch/x86/crypto/blowfish_glue.c | 492 +++++++++++++++++
arch/x86/crypto/sha1_ssse3_asm.S | 558 ++++++++++++++++++++
arch/x86/crypto/sha1_ssse3_glue.c | 240 +++++++++
arch/x86/crypto/twofish-i586-asm_32.S | 10 +-
arch/x86/crypto/twofish-x86_64-asm_64-3way.S | 316 +++++++++++
arch/x86/crypto/twofish-x86_64-asm_64.S | 6 +-
arch/x86/crypto/twofish_glue.c | 12 +-
arch/x86/crypto/twofish_glue_3way.c | 472 +++++++++++++++++
arch/x86/include/asm/cpufeature.h | 3 +
crypto/Kconfig | 63 +++
crypto/Makefile | 4 +-
crypto/ablkcipher.c | 48 ++
crypto/aead.c | 48 ++
crypto/ahash.c | 21 +
crypto/algapi.c | 12 +-
crypto/blkcipher.c | 25 +
crypto/{blowfish.c => blowfish_common.c} | 98 +----
crypto/blowfish_generic.c | 142 +++++
crypto/cryptd.c | 2 +-
crypto/crypto_user.c | 438 +++++++++++++++
crypto/internal.h | 3 +
crypto/pcompress.c | 18 +
crypto/rng.c | 20 +
crypto/sha1_generic.c | 9 +-
crypto/shash.c | 21 +
crypto/tcrypt.c | 10 +
crypto/testmgr.c | 30 +
crypto/testmgr.h | 398 ++++++++++++++-
crypto/wp512.c | 18 +-
drivers/crypto/Kconfig | 3 +-
drivers/crypto/hifn_795x.c | 6 +-
drivers/crypto/n2_core.c | 4 +-
drivers/crypto/padlock-aes.c | 4 +-
drivers/crypto/picoxcell_crypto.c | 121 ++---
drivers/crypto/talitos.c | 18 +-
include/crypto/algapi.h | 2 +
include/crypto/blowfish.h | 23 +
include/crypto/sha.h | 5 +
include/linux/crypto.h | 5 +
include/linux/cryptouser.h | 102 ++++
include/linux/netlink.h | 1 +
45 files changed, 4049 insertions(+), 208 deletions(-)

Thanks,
- --
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Randy Dunlap
2011-10-31 16:42:52 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
* User-space interface for algorithm selection/configuration
* SSSE3 implementation of SHA1.
* X86-64 assembly implementation of blowfish.
* X86-64 assembly implementation of twofish.
* Misc fixes.
Please pull from
git://github.com/herbertx/crypto.git
The top commit object is
commit ea8bdfcff17599e5d80f93e2ae194fbbab7f8d5e
Date: Wed Oct 26 17:15:10 2011 +0200
crypto: user - Add dependency on NET
crypto: sha - Fix build error due to crypto_sha1_update
crypto: cryptd - Use subsys_initcall to prevent races with aesni
crypto: user - Initialise match in crypto_alg_match
crypto: user - Add dependency on NET
Actually adds "select NET", a reverse dependency. :(

Linus was quite vocal about not allowing MD to select BLOCK.
See https://lkml.org/lkml/2011/8/10/527
and https://lkml.org/lkml/2011/8/10/533

To me this is very similar.
--
~Randy
*** Remember to use Documentation/SubmitChecklist when testing your code ***
Linus Torvalds
2011-10-31 17:16:55 UTC
Permalink
Actually adds "select NET", a reverse dependency. =A0:(
Linus was quite vocal about not allowing MD to select BLOCK.
See https://lkml.org/lkml/2011/8/10/527
and https://lkml.org/lkml/2011/8/10/533
To me this is very similar.
I do agree.

"select" makes sense when it's a way for a user to not have to care
about some small helper thing that is really not obvious for a casual
user.

But darn it, if somebody has said "no networking", then some random
small feature shouldn't suddenly select it.

IOW, it's about "relative importance". We should use "select" when
some feature that should be user-visible selects some details. And we
should use "depends on" when there's a major subsystem that some small
detail depends on.

So classic and obvious uses where "select" is appropriate is when a
driver needs some helper library to work (eg "select FW_LOADER" or
"select CRC32").

And a classic and obvious case where "depends on" is the appropriate
choice is when it depends on a major subsystem ("depends on PCI" or
"depends on USB" or "depends on X86").

And I think "NET" definitely falls into that second category - exactly
the same way "BLOCK" fell into it. You don't "select" major subsystems
- if somebody turned off the subsystem, we turn off the stuff that
depends on it.

(Of course, in reality, pretty much nobody turns off NET, I suspect.
But if some embedded place really doesn't want it, then damn it, we
shouldn't ask about the odd crypto user interfaces, because they
really aren't major enough, and the embedded platform is clearly
trying very hard to run small).

Linus
Herbert Xu
2011-11-01 03:48:32 UTC
Permalink
Post by Linus Torvalds
Actually adds "select NET", a reverse dependency. =A0:(
Linus was quite vocal about not allowing MD to select BLOCK.
See https://lkml.org/lkml/2011/8/10/527
and https://lkml.org/lkml/2011/8/10/533
To me this is very similar.
=20
I do agree.
OK, I've turned it into a depends_on.

Here is the crypto update for 3.2:

* User-space interface for algorithm selection/configuration
* SSSE3 implementation of SHA1.
* X86-64 assembly implementation of blowfish.
* X86-64 assembly implementation of twofish.
* Misc fixes.


Please pull from

git://github.com/herbertx/crypto.git


The top commit object is

commit 5db017aa2809c49ca0a43b0f3ed1267e6be60883
Author: Herbert Xu <***@gondor.apana.org.au>
Date: Tue Nov 1 12:12:43 2011 +1100

crypto: user - Depend on NET instead of selecting it

Alexey Dobriyan (1):
crypto: whirlpool - count rounds from 0

H Hartley Sweeten (1):
crypto: aes-x86 - quiet sparse noise about symbol not declared

Herbert Xu (5):
crypto: sha - Fix build error due to crypto_sha1_update
crypto: cryptd - Use subsys_initcall to prevent races with aesni
crypto: user - Initialise match in crypto_alg_match
crypto: user - Add dependency on NET
crypto: user - Depend on NET instead of selecting it

Jamie Iles (5):
crypto: picoxcell - convert to platform ID table
crypto: picoxcell - add connection ID to the clock name
crypto: picoxcell - support for device tree matching
crypto: picoxcell - fix possible invalid pointer dereference
crypto: picoxcell - add dependency on HAVE_CLK

Jonathan Nieder (1):
crypto: padlock-aes - Make module loading even quieter when hardw=
are is missing

Jussi Kivilinna (13):
crypto: blowfish - split generic and common c code
crypto: blowfish - rename C-version to blowfish_generic
crypto: tcrypt - add ctr(blowfish) speed test
crypto: blowfish - add x86_64 assembly implementation
crypto: blowfish-x86_64 - improve x86_64 blowfish 4-way performan=
ce
crypto: blowfish-x86_64 - add credits
crypto: tcrypt - add ctr(twofish) speed test
crypto: twofish-x86-asm - make assembler functions use twofish_ct=
x instead of crypto_tfm
crypto: twofish - add 3-way parallel x86_64 assembler implementio=
n
crypto: blowfish-x86_64 - fix ctr blocksize to 1
crypto: twofish-x86_64-3way - fix ctr blocksize to 1
crypto: testmgr - add blowfish test-vectors
crypto: testmgr - add twofish tests

Kim Phillips (1):
crypto: talitos - handle descriptor not found in error path

Mathias Krause (2):
crypto: sha1 - export sha1_update for reuse
crypto: sha1 - SSSE3 based SHA1 implementation for x86-64

Richard Weinberger (1):
crypto: Make hifn_795x build depend on !ARCH_DMA_ADDR_T_64BIT

Steffen Klassert (17):
crypto: Add a flag to identify crypto instances
crypto: Export crypto_remove_spawns
crypto: Export crypto_remove_final
crypto: Add userspace configuration API
crypto: Add a report function pointer to crypto_type
crypto: Add userspace report for larval type algorithms
crypto: Add userspace report for shash type algorithms
crypto: Add userspace report for ahash type algorithms
crypto: Add userspace report for blkcipher type algorithms
crypto: Add userspace report for ablkcipher type algorithms
crypto: Add userspace report for givcipher type algorithms
crypto: Add userspace report for aead type algorithms
crypto: Add userspace report for nivaead type algorithms
crypto: Add userspace report for pcompress type algorithms
crypto: Add userspace report for rng type algorithms
crypto: Add userspace report for cipher type algorithms
crypto: Add userspace report for compress type algorithms

Thomas Meyer (1):
crypto: n2 - Fix a get/put_cpu() imbalance

.../devicetree/bindings/crypto/picochip-spacc.txt | 23 +
arch/x86/crypto/Makefile | 12 +
arch/x86/crypto/aes_glue.c | 1 +
arch/x86/crypto/blowfish-x86_64-asm_64.S | 390 ++++++++++++=
++
arch/x86/crypto/blowfish_glue.c | 492 ++++++++++++=
+++++
arch/x86/crypto/sha1_ssse3_asm.S | 558 ++++++++++++=
++++++++
arch/x86/crypto/sha1_ssse3_glue.c | 240 +++++++++
arch/x86/crypto/twofish-i586-asm_32.S | 10 +-
arch/x86/crypto/twofish-x86_64-asm_64-3way.S | 316 +++++++++++
arch/x86/crypto/twofish-x86_64-asm_64.S | 6 +-
arch/x86/crypto/twofish_glue.c | 12 +-
arch/x86/crypto/twofish_glue_3way.c | 472 ++++++++++++=
+++++
arch/x86/include/asm/cpufeature.h | 3 +
crypto/Kconfig | 63 +++
crypto/Makefile | 4 +-
crypto/ablkcipher.c | 48 ++
crypto/aead.c | 48 ++
crypto/ahash.c | 21 +
crypto/algapi.c | 12 +-
crypto/blkcipher.c | 25 +
crypto/{blowfish.c =3D> blowfish_common.c} | 98 +----
crypto/blowfish_generic.c | 142 +++++
crypto/cryptd.c | 2 +-
crypto/crypto_user.c | 438 ++++++++++++=
+++
crypto/internal.h | 3 +
crypto/pcompress.c | 18 +
crypto/rng.c | 20 +
crypto/sha1_generic.c | 9 +-
crypto/shash.c | 21 +
crypto/tcrypt.c | 10 +
crypto/testmgr.c | 30 +
crypto/testmgr.h | 398 ++++++++++++=
++-
crypto/wp512.c | 18 +-
drivers/crypto/Kconfig | 3 +-
drivers/crypto/hifn_795x.c | 6 +-
drivers/crypto/n2_core.c | 4 +-
drivers/crypto/padlock-aes.c | 4 +-
drivers/crypto/picoxcell_crypto.c | 121 ++---
drivers/crypto/talitos.c | 18 +-
include/crypto/algapi.h | 2 +
include/crypto/blowfish.h | 23 +
include/crypto/sha.h | 5 +
include/linux/crypto.h | 5 +
include/linux/cryptouser.h | 102 ++++
include/linux/netlink.h | 1 +
45 files changed, 4049 insertions(+), 208 deletions(-)

Thanks,
- - --=20
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2012-01-06 04:12:50 UTC
Permalink
Hi Linus:

Here is the crypto update for 3.3:

* New test vectors (serpent, xts-twofish).
* Speed test for asynchronous ciphers.
* SSE2 assembly implementation of serpent.
* Support for LRW and XTS in X86-64 assembly implementation of twofish.
* More MD5 combos for caam.
* Channel remap on talitos for better affinity.
* Direct support for HMAC on talitos.
* Misc fixes.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Axel Lin (2):
char: hw_random: convert drivers/char/hw_random/* to use module_platform_driver()
crypto: convert drivers/crypto/* to use module_platform_driver()

Jamie Iles (1):
crypto: picoxcell - fix boolean and / or confusion

Jarod Wilson (1):
crypto: ansi_cprng - enforce key != seed in fips mode

Jussi Kivilinna (36):
crypto: testmgr - add new serpent test vectors
crypto: tcrypt - add test_acipher_speed
crypto: tcrypt - add serpent speed tests
crypto: serpent - export common functions for x86_64/i386-sse2 assembler implementations
crypto: serpent - rename module from serpent to serpent_generic
crypto: lrw - fix memleak
crypto: lrw - use blocksize constant
crypto: lrw - split gf128mul table initialization from setkey
crypto: lrw - add interface for parallelized cipher implementions
crypto: testmgr - add lrw(serpent) test vectors
crypto: tcrypt - add lrw(serpent) tests
crypto: testmgr - add lrw(twofish) test vectors
crypto: tcrypt - add lrw(twofish) tests
crypto: twofish-x86_64-3way - add lrw support
crypto: xts - use blocksize constant
crypto: xts: add interface for parallelized cipher implementations
crypto: testmgr - add xts(serpent) test vectors
crypto: tcrypt - add xts(serpent) tests
crypto: testmgr - add xts(twofish) test vectors
crypto: tcrypt - add xts(twofish) tests
crypto: twofish-x86_64-3way - add xts support
crypto: serpent - add 8-way parallel x86_64/SSE2 assembler implementation
crypto: serpent - add 4-way parallel i586/SSE2 assembler implementation
crypto: serpent-sse2 - add lrw support
crypto: serpent-sse2 - add xts support
crypto: serpent-sse2 - clear CRYPTO_TFM_REQ_MAY_SLEEP in lrw and xts modes
crypto: serpent - cleanup checkpatch errors and warnings
crypto: serpent - rename serpent.c to serpent_generic.c
crypto: serpent-sse2 - should select CRYPTO_CRYPTD
crypto: lrw - remove dependency on EXPERIMENTAL
crypto: xts - remove dependency on EXPERIMENTAL
crypto: twofish-x86_64-3way - select LRW and XTS
crypto: twofish-x86_64-3way - remove unneeded LRW/XTS #ifdefs
crypto: serpent-sse2 - select LRW and XTS
crypto: serpent-sse2 - remove unneeded LRW/XTS #ifdefs
crypto: gf128mul - remove leftover "(EXPERIMENTAL)" in Kconfig

Kim Phillips (11):
crypto: talitos - be less noisy on startup
crypto: talitos - prepare driver for channel remap support
crypto: talitos - support for channel remap and 2nd IRQ
crypto: caam - add support for MD5 algorithm variants
crypto: talitos - fix bad kfree
crypto: talitos - remove NO_IRQ references
crypto: talitos - convert talitos_error to struct device
crypto: caam - desc.h - convert spaces to tabs
crypto: caam - more desc.h cleanups
crypto: caam - fix polarity of "propagate error" logic
crypto: caam - remove DECO access initialization code

Lee Nipper (1):
crypto: talitos - add hmac algorithms

Steffen Klassert (1):
crypto: Unlink and free instances when deleted

***@vt.edu (1):
crypto: fix typo in crypto/Kconfig

arch/x86/crypto/Makefile | 4 +
arch/x86/crypto/serpent-sse2-i586-asm_32.S | 638 ++++++
arch/x86/crypto/serpent-sse2-x86_64-asm_64.S | 761 +++++++
arch/x86/crypto/serpent_sse2_glue.c | 1070 ++++++++++
arch/x86/crypto/twofish_glue_3way.c | 218 ++
arch/x86/include/asm/serpent.h | 63 +
crypto/Kconfig | 52 +-
crypto/Makefile | 2 +-
crypto/algapi.c | 29 +
crypto/ansi_cprng.c | 8 +
crypto/crypto_user.c | 2 +-
crypto/lrw.c | 156 ++-
crypto/serpent.c | 587 ------
crypto/serpent_generic.c | 684 +++++++
crypto/tcrypt.c | 310 +++
crypto/tcrypt.h | 2 +
crypto/testmgr.c | 150 ++
crypto/testmgr.h | 2759 +++++++++++++++++++++++++-
crypto/twofish_common.c | 13 +-
crypto/xts.c | 79 +-
drivers/char/hw_random/atmel-rng.c | 12 +-
drivers/char/hw_random/n2-drv.c | 13 +-
drivers/char/hw_random/octeon-rng.c | 13 +-
drivers/char/hw_random/pasemi-rng.c | 12 +-
drivers/char/hw_random/picoxcell-rng.c | 12 +-
drivers/char/hw_random/ppc4xx-rng.c | 12 +-
drivers/char/hw_random/timeriomem-rng.c | 13 +-
drivers/crypto/amcc/crypto4xx_core.c | 13 +-
drivers/crypto/caam/caamalg.c | 67 +-
drivers/crypto/caam/compat.h | 1 +
drivers/crypto/caam/ctrl.c | 26 +-
drivers/crypto/caam/desc.h | 2265 +++++++++++-----------
drivers/crypto/caam/desc_constr.h | 7 +-
drivers/crypto/caam/regs.h | 1 -
drivers/crypto/mv_cesa.c | 12 +-
drivers/crypto/picoxcell_crypto.c | 16 +-
drivers/crypto/s5p-sss.c | 13 +-
drivers/crypto/talitos.c | 493 ++++-
drivers/crypto/talitos.h | 45 +-
include/crypto/algapi.h | 1 +
include/crypto/lrw.h | 43 +
include/crypto/serpent.h | 27 +
include/crypto/twofish.h | 2 +
include/crypto/xts.h | 27 +
44 files changed, 8684 insertions(+), 2049 deletions(-)

Thanks,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2012-01-11 22:19:21 UTC
Permalink
Hi Linus:

This is a resend of the crypto update for 3.3:

* New test vectors (serpent, xts-twofish).
* Speed test for asynchronous ciphers.
* SSE2 assembly implementation of serpent.
* Support for LRW and XTS in X86-64 assembly implementation of twofish.
* More MD5 combos for caam.
* Channel remap on talitos for better affinity.
* Direct support for HMAC on talitos.
* Misc fixes.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Axel Lin (2):
char: hw_random: convert drivers/char/hw_random/* to use module_platform_driver()
crypto: convert drivers/crypto/* to use module_platform_driver()

Jamie Iles (1):
crypto: picoxcell - fix boolean and / or confusion

Jarod Wilson (1):
crypto: ansi_cprng - enforce key != seed in fips mode

Jussi Kivilinna (36):
crypto: testmgr - add new serpent test vectors
crypto: tcrypt - add test_acipher_speed
crypto: tcrypt - add serpent speed tests
crypto: serpent - export common functions for x86_64/i386-sse2 assembler implementations
crypto: serpent - rename module from serpent to serpent_generic
crypto: lrw - fix memleak
crypto: lrw - use blocksize constant
crypto: lrw - split gf128mul table initialization from setkey
crypto: lrw - add interface for parallelized cipher implementions
crypto: testmgr - add lrw(serpent) test vectors
crypto: tcrypt - add lrw(serpent) tests
crypto: testmgr - add lrw(twofish) test vectors
crypto: tcrypt - add lrw(twofish) tests
crypto: twofish-x86_64-3way - add lrw support
crypto: xts - use blocksize constant
crypto: xts: add interface for parallelized cipher implementations
crypto: testmgr - add xts(serpent) test vectors
crypto: tcrypt - add xts(serpent) tests
crypto: testmgr - add xts(twofish) test vectors
crypto: tcrypt - add xts(twofish) tests
crypto: twofish-x86_64-3way - add xts support
crypto: serpent - add 8-way parallel x86_64/SSE2 assembler implementation
crypto: serpent - add 4-way parallel i586/SSE2 assembler implementation
crypto: serpent-sse2 - add lrw support
crypto: serpent-sse2 - add xts support
crypto: serpent-sse2 - clear CRYPTO_TFM_REQ_MAY_SLEEP in lrw and xts modes
crypto: serpent - cleanup checkpatch errors and warnings
crypto: serpent - rename serpent.c to serpent_generic.c
crypto: serpent-sse2 - should select CRYPTO_CRYPTD
crypto: lrw - remove dependency on EXPERIMENTAL
crypto: xts - remove dependency on EXPERIMENTAL
crypto: twofish-x86_64-3way - select LRW and XTS
crypto: twofish-x86_64-3way - remove unneeded LRW/XTS #ifdefs
crypto: serpent-sse2 - select LRW and XTS
crypto: serpent-sse2 - remove unneeded LRW/XTS #ifdefs
crypto: gf128mul - remove leftover "(EXPERIMENTAL)" in Kconfig

Kim Phillips (11):
crypto: talitos - be less noisy on startup
crypto: talitos - prepare driver for channel remap support
crypto: talitos - support for channel remap and 2nd IRQ
crypto: caam - add support for MD5 algorithm variants
crypto: talitos - fix bad kfree
crypto: talitos - remove NO_IRQ references
crypto: talitos - convert talitos_error to struct device
crypto: caam - desc.h - convert spaces to tabs
crypto: caam - more desc.h cleanups
crypto: caam - fix polarity of "propagate error" logic
crypto: caam - remove DECO access initialization code

Lee Nipper (1):
crypto: talitos - add hmac algorithms

Steffen Klassert (1):
crypto: Unlink and free instances when deleted

***@vt.edu (1):
crypto: fix typo in crypto/Kconfig

arch/x86/crypto/Makefile | 4 +
arch/x86/crypto/serpent-sse2-i586-asm_32.S | 638 ++++++
arch/x86/crypto/serpent-sse2-x86_64-asm_64.S | 761 +++++++
arch/x86/crypto/serpent_sse2_glue.c | 1070 ++++++++++
arch/x86/crypto/twofish_glue_3way.c | 218 ++
arch/x86/include/asm/serpent.h | 63 +
crypto/Kconfig | 52 +-
crypto/Makefile | 2 +-
crypto/algapi.c | 29 +
crypto/ansi_cprng.c | 8 +
crypto/crypto_user.c | 2 +-
crypto/lrw.c | 156 ++-
crypto/serpent.c | 587 ------
crypto/serpent_generic.c | 684 +++++++
crypto/tcrypt.c | 310 +++
crypto/tcrypt.h | 2 +
crypto/testmgr.c | 150 ++
crypto/testmgr.h | 2759 +++++++++++++++++++++++++-
crypto/twofish_common.c | 13 +-
crypto/xts.c | 79 +-
drivers/char/hw_random/atmel-rng.c | 12 +-
drivers/char/hw_random/n2-drv.c | 13 +-
drivers/char/hw_random/octeon-rng.c | 13 +-
drivers/char/hw_random/pasemi-rng.c | 12 +-
drivers/char/hw_random/picoxcell-rng.c | 12 +-
drivers/char/hw_random/ppc4xx-rng.c | 12 +-
drivers/char/hw_random/timeriomem-rng.c | 13 +-
drivers/crypto/amcc/crypto4xx_core.c | 13 +-
drivers/crypto/caam/caamalg.c | 67 +-
drivers/crypto/caam/compat.h | 1 +
drivers/crypto/caam/ctrl.c | 26 +-
drivers/crypto/caam/desc.h | 2265 +++++++++++-----------
drivers/crypto/caam/desc_constr.h | 7 +-
drivers/crypto/caam/regs.h | 1 -
drivers/crypto/mv_cesa.c | 12 +-
drivers/crypto/picoxcell_crypto.c | 16 +-
drivers/crypto/s5p-sss.c | 13 +-
drivers/crypto/talitos.c | 493 ++++-
drivers/crypto/talitos.h | 45 +-
include/crypto/algapi.h | 1 +
include/crypto/lrw.h | 43 +
include/crypto/serpent.h | 27 +
include/crypto/twofish.h | 2 +
include/crypto/xts.h | 27 +
44 files changed, 8684 insertions(+), 2049 deletions(-)

Thanks,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2012-03-20 03:27:36 UTC
Permalink
Hi Linus:

Here is the crypto update for 3.4:

* sha512 bug fixes (already in your tree).
* SHA224/SHA384 AEAD support in caam.
* X86-64 optimised version of Camellia.
* Tegra AES support.
* Bulk algorithm registration interface to make driver registration easier.
* padata race fixes.
* Misc fixes.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Alexey Dobriyan (4):
crypto: sha512 - make it work, undo percpu message schedule
crypto: sha512 - reduce stack usage to safe number
crypto: sha512 - use standard ror64()
crypto: sha512 - use standard ror64()

Hemant Agrawal (1):
crypto: caam - add sha224 and sha384 variants to existing AEAD algorithms

Henning Heinold (1):
arm: tegra: export tegra_chip_uid

Herbert Xu (3):
crypto: sha512 - Use binary and instead of modulus
crypto: sha512 - Avoid stack bloat on i386
Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

Jesper Juhl (3):
crypto: In crypto_add_alg(), 'exact' wants to be initialized to 0
crypto: twofish-x86 - Remove dead code from twofish_glue_3way.c::init()
crypto: serpent-sse2 - remove dead code from serpent_sse2_glue.c::serpent_sse2_init()

Julia Lawall (2):
hwrng: tx4939 - use devm_request_and_ioremap
crypto: ixp4xx - convert GFP_KERNEL to GFP_ATOMIC

Jussi Kivilinna (16):
crypto: twofish-x86_64-3way - blacklist pentium4 and atom
crypto: blowfish-x86_64 - blacklist Pentium 4
crypto: serpent-sse2 - change transpose_4x4 to only use integer instructions
crypto: serpent-sse2 - use crypto_[un]register_algs
crypto: twofish-x86_64-3way - use crypto_[un]register_algs
crypto: blowfish-x86_64 - use crypto_[un]register_algs
crypto: serpent-sse2 - combine ablk_*_init functions
crypto: blowfish-x86_64 - set alignmask to zero
crypto: twofish-x86_64/i586 - set alignmask to zero
crypto: camellia - simplify key setup and CAMELLIA_ROUNDSM macro
crypto: testmgr - add more camellia test vectors
crypto: tcrypt - add more camellia tests
crypto: camellia - rename camellia module to camellia_generic
crypto: camellia - fix checkpatch warnings
crypto: camellia - rename camellia.c to camellia_generic.c
crypto: camellia - add assembler implementation for x86_64

Kim Phillips (2):
crypto: caam - be less noisy on startup
crypto: caam - fix gcc 4.6 warning

Mark Brown (1):
crypto: Add bulk algorithm registration interface

Nikos Mavrogiannopoulos (1):
crypto: Add CRYPTO_ALG_KERN_DRIVER_ONLY flag

Steffen Klassert (2):
padata: Fix race in the serialization path
padata: Fix race on sequence number wrap

Varun Wadekar (1):
crypto: driver for Tegra AES hardware

arch/arm/mach-tegra/fuse.c | 2 +
arch/x86/crypto/Makefile | 2 +
arch/x86/crypto/blowfish_glue.c | 191 ++--
arch/x86/crypto/camellia-x86_64-asm_64.S | 520 +++++++
arch/x86/crypto/camellia_glue.c | 1952 ++++++++++++++++++++++++++
arch/x86/crypto/serpent-sse2-i586-asm_32.S | 29 +-
arch/x86/crypto/serpent-sse2-x86_64-asm_64.S | 29 +-
arch/x86/crypto/serpent_sse2_glue.c | 394 ++----
arch/x86/crypto/twofish_glue.c | 2 +-
arch/x86/crypto/twofish_glue_3way.c | 265 ++--
crypto/Kconfig | 18 +
crypto/Makefile | 2 +-
crypto/algapi.c | 35 +
crypto/camellia.c | 1116 ---------------
crypto/camellia_generic.c | 1102 +++++++++++++++
crypto/crypto_user.c | 2 +-
crypto/sha512_generic.c | 59 +-
crypto/tcrypt.c | 12 +
crypto/testmgr.c | 45 +
crypto/testmgr.h | 1383 ++++++++++++++++++-
drivers/char/hw_random/tx4939-rng.c | 5 +-
drivers/crypto/Kconfig | 11 +
drivers/crypto/Makefile | 1 +
drivers/crypto/caam/caamalg.c | 126 ++-
drivers/crypto/caam/ctrl.c | 2 +-
drivers/crypto/geode-aes.c | 6 +-
drivers/crypto/hifn_795x.c | 3 +-
drivers/crypto/ixp4xx_crypto.c | 4 +-
drivers/crypto/mv_cesa.c | 12 +-
drivers/crypto/n2_core.c | 7 +-
drivers/crypto/omap-aes.c | 8 +-
drivers/crypto/omap-sham.c | 4 +
drivers/crypto/picoxcell_crypto.c | 46 +-
drivers/crypto/s5p-sss.c | 6 +-
drivers/crypto/talitos.c | 1 +
drivers/crypto/tegra-aes.c | 1096 +++++++++++++++
drivers/crypto/tegra-aes.h | 103 ++
include/linux/bitops.h | 20 +
include/linux/crypto.h | 7 +
include/linux/padata.h | 6 +-
kernel/padata.c | 44 +-
41 files changed, 6936 insertions(+), 1742 deletions(-)

Thanks,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu
2012-05-23 01:35:28 UTC
Permalink
Hi Linus:

Here is the crypto update for 3.5:

* New cipher/hash driver for ARM ux500.
* Code clean-up for aesni-intel.
* Misc fixes.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Andreas Westin (5):
crypto: ux500 - Add driver for CRYP hardware
crypto: ux500 - Add driver for HASH hardware
mach-ux500: crypto - core support for CRYP/HASH module.
crypto: ux500 - Update DMA handling for 3.4
crypto: ux500 - Cleanup hardware identification

Borislav Petkov (1):
crypto, xor: Sanitize checksumming function selection output

Julia Lawall (2):
crypto: crypto4xx - move up err_request_irq label
hwrng: omap - use devm_request_and_ioremap

Jussi Kivilinna (2):
crypto: aesni-intel - use crypto_[un]register_algs
crypto: aesni-intel - move more common code to ablk_init_common

Nicolas Ferre (1):
hwrng: Kconfig - modify default state for atmel-rng driver

Shengzhou Liu (1):
crypto: caam - add backward compatible string sec4.0

arch/arm/mach-ux500/board-mop500.c | 48
arch/arm/mach-ux500/clock.c | 18
arch/arm/mach-ux500/devices-common.h | 54
arch/arm/mach-ux500/devices-db8500.c | 3
arch/arm/mach-ux500/devices-db8500.h | 4
arch/arm/mach-ux500/include/mach/crypto-ux500.h | 22
arch/arm/mach-ux500/include/mach/devices.h | 3
arch/arm/mach-ux500/include/mach/hardware.h | 3
arch/x86/crypto/aesni-intel_glue.c | 827 +++------
crypto/xor.c | 5
drivers/char/hw_random/Kconfig | 2
drivers/char/hw_random/omap-rng.c | 22
drivers/crypto/Kconfig | 11
drivers/crypto/Makefile | 1
drivers/crypto/amcc/crypto4xx_core.c | 2
drivers/crypto/caam/caamalg.c | 14
drivers/crypto/caam/ctrl.c | 16
drivers/crypto/ux500/Kconfig | 30
drivers/crypto/ux500/Makefile | 8
drivers/crypto/ux500/cryp/Makefile | 13
drivers/crypto/ux500/cryp/cryp.c | 401 ++++
drivers/crypto/ux500/cryp/cryp.h | 308 +++
drivers/crypto/ux500/cryp/cryp_core.c | 1790 +++++++++++++++++++++
drivers/crypto/ux500/cryp/cryp_irq.c | 45
drivers/crypto/ux500/cryp/cryp_irq.h | 31
drivers/crypto/ux500/cryp/cryp_irqp.h | 125 +
drivers/crypto/ux500/cryp/cryp_p.h | 125 +
drivers/crypto/ux500/hash/Makefile | 11
drivers/crypto/ux500/hash/hash_alg.h | 395 ++++
drivers/crypto/ux500/hash/hash_core.c | 2031 +++++++++++++++++++++++-
30 files changed, 5819 insertions(+), 549 deletions(-)

Thanks,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Linus Torvalds
2012-05-23 23:06:35 UTC
Permalink
I pulled this, but quite frankly, some of it looks like utter garbage.

There's a declaration for dbx500_add_platform_device_noirq() that does
not exist and is not used anywhere. Why? It was added in commit
585d188f8072, and I see no rhyme or reason to it.

I only noticed because I happened to get a conflict due to the
location it was added. I removed it. WTF is going on?

Linus
Herbert Xu
2012-05-24 00:21:26 UTC
Permalink
Post by Linus Torvalds
I pulled this, but quite frankly, some of it looks like utter garbage.
There's a declaration for dbx500_add_platform_device_noirq() that does
not exist and is not used anywhere. Why? It was added in commit
585d188f8072, and I see no rhyme or reason to it.
I can't see why that was added there either.

Adding Arnd/Linus Walleij to see if they can tell us whether
it should go or stay.

Thanks,
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Loading...