31 Mar, 2007
2 commits
-
On platforms where flush_dcache_page is needed we're currently flushing
the next page right than the one we've just processed. This patch fixes
the off-by-one error.Signed-off-by: Herbert Xu
-
In the scatterwalk_copychunks loop, We should be advancing by
len_this_page and not nbytes. The latter is the total length.Signed-off-by: Herbert Xu
21 Mar, 2007
2 commits
-
This patch fixes loading the tcrypt module while deflate isn't available
at all (isn't build).Signed-off-by: Sebastian Siewior
Signed-off-by: Herbert Xu -
In the loop in scatterwalk_copychunks(), if walk->offset is zero,
then scatterwalk_pagedone rounds that up to the nearest page boundary:walk->offset += PAGE_SIZE - 1;
walk->offset &= PAGE_MASK;which is a no-op in this case, so we don't advance to the next element
of the scatterlist array:if (walk->offset >= walk->sg->offset + walk->sg->length)
scatterwalk_start(walk, sg_next(walk->sg));and we end up copying the same data twice.
It appears that other callers of scatterwalk_{page}done first advance
walk->offset, so I believe that's the correct thing to do here.This caused a bug in NFS when run with krb5p security, which would
cause some writes to fail with permissions errors--for example, writes
of less than 8 bytes (the des blocksize) at the start of a file.A git-bisect shows the bug was originally introduced by
5c64097aa0f6dc4f27718ef47ca9a12538d62860, first in 2.6.19-rc1.Signed-off-by: "J. Bruce Fields"
Signed-off-by: Herbert Xu
13 Feb, 2007
1 commit
-
Many struct file_operations in the kernel can be "const". Marking them const
moves these to the .rodata section, which avoids false sharing with potential
dirty data. In addition it'll catch accidental writes at compile time to
these shared resources.Signed-off-by: Arjan van de Ven
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
09 Feb, 2007
1 commit
-
Conflicts:
crypto/Kconfig
07 Feb, 2007
12 commits
-
This patch adds the code of Camellia code for testing module.
Signed-off-by: Noriaki TAKAMIYA
Signed-off-by: Herbert Xu -
This patch adds the main code of Camellia cipher algorithm.
Signed-off-by: Noriaki TAKAMIYA
Signed-off-by: Herbert Xu -
This patch adds the Kconfig entry for Camellia.
Signed-off-by: Noriaki TAKAMIYA
Signed-off-by: Herbert Xu -
This patch changes xcbc to use the new cipher encryt_one interface.
Signed-off-by: Herbert Xu
-
This patch adds support for multiple frontend types for each backend
algorithm by passing the type and mask through to the backend type
init function.Signed-off-by: Herbert Xu
-
This patch allows spawns of specific types (e.g., cipher) to be allocated.
Signed-off-by: Herbert Xu
-
This patch removes the old cipher interface and related code.
Signed-off-by: Herbert Xu
-
The crypto_comp conversion missed the last remaining crypto_alloc_tfm
call. This patch replaces it with crypto_alloc_comp.Signed-off-by: Herbert Xu
-
Add a crypto module to provide FCrypt encryption as used by RxRPC.
Signed-Off-By: David Howells
Signed-off-by: Herbert Xu -
Add PCBC crypto template support as used by RxRPC.
Signed-Off-By: David Howells
Signed-off-by: Herbert Xu -
This patch adds tests for SHA384 HMAC and SHA512 HMAC to the tcrypt module. Test data was taken from
RFC4231. This patch is a follow-up to the discovery (bug 7646) that the kernel SHA384 HMAC
implementation was not generating proper SHA384 HMACs.Signed-off-by: Andrew Donofrio
Signed-off-by: Herbert Xu -
Using blkcipher/hash crypto operations in hard IRQ context can lead
to random memory corruption due to the reuse of kmap_atomic slots.
Since crypto operations were never meant to be used in hard IRQ
contexts, this patch checks for such usage and returns an error
before kmap_atomic is performed.Signed-off-by: Herbert Xu
06 Feb, 2007
1 commit
-
This patch moves the config options for the s390 crypto instructions
to the standard "Hardware crypto devices" menu. In addition some
cleanup has been done: use a flag for supported keylengths, add a
warning about machien limitation, return ENOTSUPP in case the
hardware has no support, remove superfluous printks and update
email addresses.Signed-off-by: Jan Glauber
Signed-off-by: Martin Schwidefsky
14 Dec, 2006
1 commit
-
Remove useless includes of linux/io.h, don't even try to build iomap_copy
on uml (it doesn't have readb() et.al., so...)Signed-off-by: Al Viro
Acked-by: Jeff Dike
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
12 Dec, 2006
1 commit
-
The SHA384 block size should be 128 bytes, not 96 bytes. This was
spotted by Andrew Donofrio.Fortunately the block size isn't actually used anywhere so this typo
has had no real impact.Signed-off-by: Herbert Xu
07 Dec, 2006
8 commits
-
Fixes:
crypto/lrw.c:99: warning: conflicting types for built-in function ‘round’
Signed-off-by: David S. Miller
-
Do modprobe tcrypt mode=10 to check the included test vectors, they are
from: http://grouper.ieee.org/groups/1619/email/pdf00017.pdf and from
http://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html.To make the last test vector fit, I had to increase the buffer size of
input and result to 512 bytes.Signed-off-by: Rik Snel
Signed-off-by: Herbert Xu -
Main module, this implements the Liskov Rivest Wagner block cipher mode
in the new blockcipher API. The implementation is based on ecb.c.The LRW-32-AES specification I used can be found at:
http://grouper.ieee.org/groups/1619/email/pdf00017.pdfIt implements the optimization specified as optional in the
specification, and in addition it uses optimized multiplication
routines from gf128mul.c.Since gf128mul.[ch] is not tested on bigendian, this cipher mode
may currently fail badly on bigendian machines.Signed-off-by: Rik Snel
Signed-off-by: Herbert Xu -
A lot of cypher modes need multiplications in GF(2^128). LRW, ABL, GCM...
I use functions from this library in my LRW implementation and I will
also use them in my ABL (Arbitrary Block Length, an unencumbered (correct
me if I am wrong, wide block cipher mode).Elements of GF(2^128) must be presented as u128 *, it encourages automatic
and proper alignment.The library contains support for two different representations of GF(2^128),
see the comment in gf128mul.h. There different levels of optimization
(memory/speed tradeoff).The code is based on work by Dr Brian Gladman. Notable changes:
- deletion of two optimization modes
- change from u32 to u64 for faster handling on 64bit machines
- support for 'bbe' representation in addition to the, already implemented,
'lle' representation.
- move 'inline void' functions from header to 'static void' in the
source file
- update to use the linux coding style conventionsThe original can be found at:
http://fp.gladman.plus.com/AES/modes.vc8.19-06-06.zipThe copyright (and GPL statement) of the original author is preserved.
Signed-off-by: Rik Snel
Signed-off-by: Herbert Xu -
This patch removes the following no longer used functions:
- api.c: crypto_alg_available()
- digest.c: crypto_digest_init()
- digest.c: crypto_digest_update()
- digest.c: crypto_digest_final()
- digest.c: crypto_digest_digest()Signed-off-by: Adrian Bunk
Signed-off-by: Herbert Xu -
On Tue, Nov 14, 2006 at 01:41:25AM -0800, Andrew Morton wrote:
>...
> Changes since 2.6.19-rc5-mm2:
>...
> git-cryptodev.patch
>...
> git trees
>...This patch makes some needlessly global code static.
Signed-off-by: Adrian Bunk
Signed-off-by: Herbert Xu -
est vectors of XCBC with AES-128.
Signed-off-by: Kazunori MIYAZAWA
Signed-off-by: Herbert Xu -
This is core code of XCBC.
XCBC is an algorithm that forms a MAC algorithm out of a cipher algorithm.
For example, AES-XCBC-MAC is a MAC algorithm based on the AES cipher
algorithm.Signed-off-by: Kazunori MIYAZAWA
Signed-off-by: Herbert Xu
22 Nov, 2006
1 commit
-
Pass the work_struct pointer to the work function rather than context data.
The work function can use container_of() to work out the data.For the cases where the container of the work_struct may go away the moment the
pending bit is cleared, it is made possible to defer the release of the
structure by deferring the clearing of the pending bit.To make this work, an extra flag is introduced into the management side of the
work_struct. This governs auto-release of the structure upon execution.Ordinarily, the work queue executor would release the work_struct for further
scheduling or deallocation by clearing the pending bit prior to jumping to the
work function. This means that, unless the driver makes some guarantee itself
that the work_struct won't go away, the work function may not access anything
else in the work_struct or its container lest they be deallocated.. This is a
problem if the auxiliary data is taken away (as done by the last patch).However, if the pending bit is *not* cleared before jumping to the work
function, then the work function *may* access the work_struct and its container
with no problems. But then the work function must itself release the
work_struct by calling work_release().In most cases, automatic release is fine, so this is the default. Special
initiators exist for the non-auto-release case (ending in _NAR).Signed-Off-By: David Howells
16 Oct, 2006
1 commit
-
Since cryptomgr is the only way to construct algorithm instances
for now it makes sense to let the templates depend on it as
otherwise it may be left off inadvertently.Signed-off-by: Herbert Xu
11 Oct, 2006
2 commits
-
This patch makes crypto_alloc_base() return proper return value.
- If kzalloc() failure happens within __crypto_alloc_tfm(),
crypto_alloc_base() returns NULL. But crypto_alloc_base()
is supposed to return error code as pointer. So this patch
makes it return -ENOMEM in that case.- crypto_alloc_base() is suppose to return -EINTR, if it is
interrupted by signal. But it may not return -EINTR.Signed-off-by: Akinobu Mita
Signed-off-by: Herbert Xu -
Signed-off-by: Alexey Dobriyan
Signed-off-by: Al Viro
Signed-off-by: Linus Torvalds
24 Sep, 2006
2 commits
-
The error return values are truncated by unlikely so we need to
save it first. Thanks to Kyle Moffett for spotting this.Signed-off-by: Herbert Xu
Signed-off-by: Linus Torvalds -
The crypto_hash_update call in hmac_init gave the number 1
instead of the length of the sg list in bytes. This is a
missed conversion from the digest => hash change.As tcrypt only tests crypto_hash_digest it didn't catch this.
Signed-off-by: Herbert Xu
Signed-off-by: Linus Torvalds
21 Sep, 2006
5 commits
-
This patch converts all users to use the new crypto_comp type and the
crypto_has_* functions.Signed-off-by: Herbert Xu
-
This patch adds the crypto_comp type to complete the compile-time checking
conversion. The functions crypto_has_alg and crypto_has_cipher, etc. are
also added to replace crypto_alg_available.Signed-off-by: Herbert Xu
-
This patch removes the old HMAC implementation now that nobody uses it
anymore.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
This patch converts tcrypt to use the new HMAC template rather than the
hard-coded version of HMAC. It also converts all digest users to use
the new cipher interface.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
This patch rewrites HMAC as a crypto template. This means that HMAC is no
longer a hard-coded part of the API. It's now a template that generates
standard digest algorithms like any other.The old HMAC is preserved until all current users are converted.
The same structure can be used by other MACs such as AES-XCBC-MAC.
Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller