17 Mar, 2011

1 commit

  • * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6: (1480 commits)
    bonding: enable netpoll without checking link status
    xfrm: Refcount destination entry on xfrm_lookup
    net: introduce rx_handler results and logic around that
    bonding: get rid of IFF_SLAVE_INACTIVE netdev->priv_flag
    bonding: wrap slave state work
    net: get rid of multiple bond-related netdevice->priv_flags
    bonding: register slave pointer for rx_handler
    be2net: Bump up the version number
    be2net: Copyright notice change. Update to Emulex instead of ServerEngines
    e1000e: fix kconfig for crc32 dependency
    netfilter ebtables: fix xt_AUDIT to work with ebtables
    xen network backend driver
    bonding: Improve syslog message at device creation time
    bonding: Call netif_carrier_off after register_netdevice
    bonding: Incorrect TX queue offset
    net_sched: fix ip_tos2prio
    xfrm: fix __xfrm_route_forward()
    be2net: Fix UDP packet detected status in RX compl
    Phonet: fix aligned-mode pipe socket buffer header reserve
    netxen: support for GbE port settings
    ...

    Fix up conflicts in drivers/staging/brcm80211/brcmsmac/wl_mac80211.c
    with the staging updates.

    Linus Torvalds
     

14 Mar, 2011

1 commit


04 Mar, 2011

1 commit

  • Commit da7f033ddc9fdeb (”crypto: cryptomgr - Add test infrastructure”) added a
    const to variable which is later used as target buffer of memcpy.

    crypto/tcrypt.c:217:12: warning: passing 'const char (*)[128]' to parameter of type 'void *' discards qualifiers
    memset(&iv, 0xff, iv_len);

    crypto/tcrypt.c:test_cipher_speed()

    - unsigned char *key, iv[128];
    + const char *key, iv[128];
    ...
    memset(&iv, 0xff, iv_len);

    Signed-off-by: David Sterba
    Signed-off-by: Herbert Xu

    David Sterba
     

17 Feb, 2011

1 commit


29 Jan, 2011

3 commits

  • A self-test failure in fips mode means a panic. Well, gcm(aes)
    self-tests currently fail in fips mode, as gcm is dependent on ghash,
    which semi-recently got self-test vectors added, but wasn't marked as a
    fips_allowed algorithm. Because of gcm's dependence on what is now seen
    as a non-fips_allowed algorithm, its self-tests refuse to run.
    Previously, ghash got a pass in fips mode, due to the lack of any test
    vectors at all, and thus gcm self-tests were able to run. After this
    patch, a 'modprobe tcrypt mode=35' no longer panics in fips mode, and
    successful self-test of gcm(aes) is reported.

    Signed-off-by: Jarod Wilson
    Signed-off-by: Herbert Xu

    Jarod Wilson
     
  • We (Red Hat) are intending to include dm-crypt functionality, using
    xts(aes) for disk encryption, as part of an upcoming FIPS-140-2
    certification effort, and xts(aes) *is* on the list of possible
    mode/cipher combinations that can be certified. To make that possible, we
    need to mark xts(aes) as fips_allowed in the crypto subsystem.

    A 'modprobe tcrypt mode=10' in fips mode shows xts(aes) self-tests
    passing successfully after this change.

    Signed-off-by: Jarod Wilson
    Signed-off-by: Herbert Xu

    Jarod Wilson
     
  • Signed-off-by: Davidlohr Bueso
    Acked-by: David S. Miller
    Signed-off-by: Herbert Xu

    Davidlohr Bueso
     

14 Jan, 2011

1 commit

  • * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (46 commits)
    hwrng: via_rng - Fix memory scribbling on some CPUs
    crypto: padlock - Move padlock.h into include/crypto
    hwrng: via_rng - Fix asm constraints
    crypto: n2 - use __devexit not __exit in n2_unregister_algs
    crypto: mark crypto workqueues CPU_INTENSIVE
    crypto: mv_cesa - dont return PTR_ERR() of wrong pointer
    crypto: ripemd - Set module author and update email address
    crypto: omap-sham - backlog handling fix
    crypto: gf128mul - Remove experimental tag
    crypto: af_alg - fix af_alg memory_allocated data type
    crypto: aesni-intel - Fixed build with binutils 2.16
    crypto: af_alg - Make sure sk_security is initialized on accept()ed sockets
    net: Add missing lockdep class names for af_alg
    include: Install linux/if_alg.h for user-space crypto API
    crypto: omap-aes - checkpatch --file warning fixes
    crypto: omap-aes - initialize aes module once per request
    crypto: omap-aes - unnecessary code removed
    crypto: omap-aes - error handling implementation improved
    crypto: omap-aes - redundant locking is removed
    crypto: omap-aes - DMA initialization fixes for OMAP off mode
    ...

    Linus Torvalds
     

04 Jan, 2011

2 commits


28 Dec, 2010

1 commit


21 Dec, 2010

1 commit


08 Dec, 2010

1 commit


02 Dec, 2010

1 commit


30 Nov, 2010

2 commits

  • As it is if user-space passes through a receive buffer that's not
    aligned to to the cipher block size, we'll end up encrypting or
    decrypting a partial block which causes a spurious EINVAL to be
    returned.

    This patch fixes this by moving the partial block test after the
    af_alg_make_sg call.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • When sk_sndbuf is not a multiple of PAGE_SIZE, the limit tests
    in sendmsg fail as the limit variable becomes negative and we're
    using an unsigned comparison.

    The same thing can happen if sk_sndbuf is lowered after a sendmsg
    call.

    This patch fixes this by always taking the signed maximum of limit
    and 0 before we perform the comparison.

    It also rounds the value of sk_sndbuf down to a multiple of PAGE_SIZE
    so that we don't end up allocating a page only to use a small number
    of bytes in it because we're bound by sk_sndbuf.

    Signed-off-by: Herbert Xu

    Herbert Xu
     

29 Nov, 2010

1 commit

  • Add missing dependency on NET since we require sockets for our
    interface.

    Should really be a select but kconfig doesn't like that:

    net/Kconfig:6:error: found recursive dependency: NET -> NETWORK_FILESYSTEMS -> AFS_FS -> AF_RXRPC -> CRYPTO -> CRYPTO_USER_API_HASH -> CRYPTO_USER_API -> NET

    Reported-by: Zimny Lech
    Signed-off-by: Herbert Xu

    Herbert Xu
     

28 Nov, 2010

1 commit


27 Nov, 2010

3 commits

  • The AES-NI instructions are also available in legacy mode so the 32-bit
    architecture may profit from those, too.

    To illustrate the performance gain here's a short summary of a dm-crypt
    speed test on a Core i7 M620 running at 2.67GHz comparing both assembler
    implementations:

    x86: i568 aes-ni delta
    ECB, 256 bit: 93.8 MB/s 123.3 MB/s +31.4%
    CBC, 256 bit: 84.8 MB/s 262.3 MB/s +209.3%
    LRW, 256 bit: 108.6 MB/s 222.1 MB/s +104.5%
    XTS, 256 bit: 105.0 MB/s 205.5 MB/s +95.7%

    Additionally, due to some minor optimizations, the 64-bit version also
    got a minor performance gain as seen below:

    x86-64: old impl. new impl. delta
    ECB, 256 bit: 121.1 MB/s 123.0 MB/s +1.5%
    CBC, 256 bit: 285.3 MB/s 290.8 MB/s +1.9%
    LRW, 256 bit: 263.7 MB/s 265.3 MB/s +0.6%
    XTS, 256 bit: 251.1 MB/s 255.3 MB/s +1.7%

    Signed-off-by: Mathias Krause
    Reviewed-by: Huang Ying
    Signed-off-by: Herbert Xu

    Mathias Krause
     
  • Changed Makefile to use -y instead of -objs.

    Signed-off-by: Tracey Dent
    Signed-off-by: Herbert Xu

    Tracey Dent
     
  • Signed-off-by: Joe Perches
    Signed-off-by: Herbert Xu

    Joe Perches
     

26 Nov, 2010

1 commit

  • This patch adds the af_alg plugin for symmetric key ciphers,
    corresponding to the ablkcipher kernel operation type.

    Keys can optionally be set through the setsockopt interface.

    Once a sendmsg call occurs without MSG_MORE no further writes
    may be made to the socket until all previous data has been read.

    IVs and and whether encryption/decryption is performed can be
    set through the setsockopt interface or as a control message
    to sendmsg.

    The interface is completely synchronous, all operations are
    carried out in recvmsg(2) and will complete prior to the system
    call returning.

    The splice(2) interface support reading the user-space data directly
    without copying (except that the Crypto API itself may copy the data
    if alignment is off).

    The recvmsg(2) interface supports directly writing to user-space
    without additional copying, i.e., the kernel crypto interface will
    receive the user-space address as its output SG list.

    Thakns to Miloslav Trmac for reviewing this and contributing
    fixes and improvements.

    Signed-off-by: Herbert Xu
    Acked-by: David S. Miller

    Herbert Xu
     

19 Nov, 2010

2 commits

  • This patch adds the af_alg plugin for hash, corresponding to
    the ahash kernel operation type.

    Keys can optionally be set through the setsockopt interface.

    Each sendmsg call will finalise the hash unless sent with a MSG_MORE
    flag.

    Partial hash states can be cloned using accept(2).

    The interface is completely synchronous, all operations will
    complete prior to the system call returning.

    Both sendmsg(2) and splice(2) support reading the user-space
    data directly without copying (except that the Crypto API itself
    may copy the data if alignment is off).

    For now only the splice(2) interface supports performing digest
    instead of init/update/final. In future the sendmsg(2) interface
    will also be modified to use digest/finup where possible so that
    hardware that cannot return a partial hash state can still benefit
    from this interface.

    Thakns to Miloslav Trmac for reviewing this and contributing
    fixes and improvements.

    Signed-off-by: Herbert Xu
    Acked-by: David S. Miller
    Tested-by: Martin Willi

    Herbert Xu
     
  • This patch creates the backbone of the user-space interface for
    the Crypto API, through a new socket family AF_ALG.

    Each session corresponds to one or more connections obtained from
    that socket. The number depends on the number of inputs/outputs
    of that particular type of operation. For most types there will
    be a s ingle connection/file descriptor that is used for both input
    and output. AEAD is one of the few that require two inputs.

    Each algorithm type will provide its own implementation that plugs
    into af_alg. They're keyed using a string such as "skcipher" or
    "hash".

    IOW this patch only contains the boring bits that is required
    to hold everything together.

    Thakns to Miloslav Trmac for reviewing this and contributing
    fixes and improvements.

    Signed-off-by: Herbert Xu
    Acked-by: David S. Miller
    Tested-by: Martin Willi

    Herbert Xu
     

13 Nov, 2010

2 commits

  • Updated RFC4106 AES-GCM testing. Some test vectors were taken from
    http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/
    gcm/gcm-test-vectors.tar.gz

    Signed-off-by: Adrian Hoban
    Signed-off-by: Tadeusz Struk
    Signed-off-by: Gabriele Paoloni
    Signed-off-by: Aidan O'Mahony
    Signed-off-by: Herbert Xu

    Adrian Hoban
     
  • I noticed that by factoring out common rounds from the
    branches of the if-statements in the encryption and
    decryption functions, the executable file size goes down
    significantly, for crypto/cast5.ko from 26688 bytes
    to 24336 bytes (amd64).

    On my test system, I saw a slight speedup. This is the
    first time I'm doing such a benchmark - I found a similar
    one on the crypto mailing list, and I hope I did it right?

    Before:
    # cryptsetup create dm-test /dev/hda2 -c cast5-cbc-plain -s 128
    Passsatz eingeben:
    # dd if=/dev/zero of=/dev/mapper/dm-test bs=1M count=50
    52428800 Bytes (52 MB) kopiert, 2,43484 s, 21,5 MB/s
    # dd if=/dev/zero of=/dev/mapper/dm-test bs=1M count=50
    52428800 Bytes (52 MB) kopiert, 2,4089 s, 21,8 MB/s
    # dd if=/dev/zero of=/dev/mapper/dm-test bs=1M count=50
    52428800 Bytes (52 MB) kopiert, 2,41091 s, 21,7 MB/s

    After:
    # cryptsetup create dm-test /dev/hda2 -c cast5-cbc-plain -s 128
    Passsatz eingeben:
    # dd if=/dev/zero of=/dev/mapper/dm-test bs=1M count=50
    52428800 Bytes (52 MB) kopiert, 2,38128 s, 22,0 MB/s
    # dd if=/dev/zero of=/dev/mapper/dm-test bs=1M count=50
    52428800 Bytes (52 MB) kopiert, 2,29486 s, 22,8 MB/s
    # dd if=/dev/zero of=/dev/mapper/dm-test bs=1M count=50
    52428800 Bytes (52 MB) kopiert, 2,37162 s, 22,1 MB/s

    Signed-off-by: Nicolas Kaiser
    Signed-off-by: Herbert Xu

    Nicolas Kaiser
     

12 Nov, 2010

1 commit


05 Nov, 2010

1 commit


28 Oct, 2010

1 commit

  • * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/async_tx: (48 commits)
    DMAENGINE: move COH901318 to arch_initcall
    dma: imx-dma: fix signedness bug
    dma/timberdale: simplify conditional
    ste_dma40: remove channel_type
    ste_dma40: remove enum for endianess
    ste_dma40: remove TIM_FOR_LINK option
    ste_dma40: move mode_opt to separate config
    ste_dma40: move channel mode to a separate field
    ste_dma40: move priority to separate field
    ste_dma40: add variable to indicate valid dma_cfg
    async_tx: make async_tx channel switching opt-in
    move async raid6 test to lib/Kconfig.debug
    dmaengine: Add Freescale i.MX1/21/27 DMA driver
    intel_mid_dma: change the slave interface
    intel_mid_dma: fix the WARN_ONs
    intel_mid_dma: Add sg list support to DMA driver
    intel_mid_dma: Allow DMAC2 to share interrupt
    intel_mid_dma: Allow IRQ sharing
    intel_mid_dma: Add runtime PM support
    DMAENGINE: define a dummy filter function for ste_dma40
    ...

    Linus Torvalds
     

27 Oct, 2010

1 commit

  • Ensure kmap_atomic() usage is strictly nested

    Signed-off-by: Peter Zijlstra
    Reviewed-by: Rik van Riel
    Acked-by: Chris Metcalf
    Cc: David Howells
    Cc: Hugh Dickins
    Cc: Ingo Molnar
    Cc: Thomas Gleixner
    Cc: "H. Peter Anvin"
    Cc: Steven Rostedt
    Cc: Russell King
    Cc: Ralf Baechle
    Cc: David Miller
    Cc: Paul Mackerras
    Cc: Benjamin Herrenschmidt
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Peter Zijlstra
     

25 Oct, 2010

1 commit

  • * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
    crypto: Makefile - replace the use of -objs with -y
    crypto: hifn_795x - use cancel_delayed_work_sync()
    crypto: talitos - sparse check endian fixes
    crypto: talitos - fix checkpatch warning
    crypto: talitos - fix warning: 'alg' may be used uninitialized in this function
    crypto: cryptd - Adding the AEAD interface type support to cryptd
    crypto: n2_crypto - Niagara2 driver needs to depend upon CRYPTO_DES
    crypto: Kconfig - update broken web addresses
    crypto: omap-sham - Adjust DMA parameters
    crypto: fips - FIPS requires algorithm self-tests
    crypto: omap-aes - OMAP2/3 AES hw accelerator driver
    crypto: updates to enable omap aes
    padata: add missing __percpu markup in include/linux/padata.h
    MAINTAINERS: Add maintainer entries for padata/pcrypt

    Linus Torvalds
     

08 Oct, 2010

1 commit

  • The prompt for "Self test for hardware accelerated raid6 recovery" does not
    belong in the top level configuration menu. All the options in
    crypto/async_tx/Kconfig are selected and do not depend on CRYPTO.
    Kconfig.debug seems like a reasonable fit.

    Cc: Herbert Xu
    Cc: David Woodhouse
    Signed-off-by: Dan Williams

    Dan Williams
     

07 Oct, 2010

1 commit


20 Sep, 2010

1 commit

  • This patch adds AEAD support into the cryptd framework. Having AEAD
    support in cryptd enables crypto drivers that use the AEAD
    interface type (such as the patch for AEAD based RFC4106 AES-GCM
    implementation using Intel New Instructions) to leverage cryptd for
    asynchronous processing.

    Signed-off-by: Adrian Hoban
    Signed-off-by: Tadeusz Struk
    Signed-off-by: Gabriele Paoloni
    Signed-off-by: Aidan O'Mahony
    Signed-off-by: Herbert Xu

    Adrian Hoban
     

12 Sep, 2010

1 commit

  • Below is a patch to update the broken web addresses, in crypto/*
    that I could locate. Some are just simple typos that needed to be
    fixed, and some had a change in location altogether..
    let me know if any of them need to be changed and such.

    Signed-off-by: Justin P. Mattock
    Signed-off-by: Herbert Xu

    Justin P. Mattock
     

08 Sep, 2010

1 commit


03 Sep, 2010

1 commit


09 Aug, 2010

1 commit


06 Aug, 2010

2 commits

  • On Thu, Aug 05, 2010 at 07:01:21PM -0700, Linus Torvalds wrote:
    > On Thu, Aug 5, 2010 at 6:40 PM, Herbert Xu wrote:
    > >
    > > -config CRYPTO_MANAGER_TESTS
    > > - bool "Run algolithms' self-tests"
    > > - default y
    > > - depends on CRYPTO_MANAGER2
    > > +config CRYPTO_MANAGER_DISABLE_TESTS
    > > + bool "Disable run-time self tests"
    > > + depends on CRYPTO_MANAGER2 && EMBEDDED
    >
    > Why do you still want to force-enable those tests? I was going to
    > complain about the "default y" anyway, now I'm _really_ complaining,
    > because you've now made it impossible to disable those tests. Why?

    As requested, this patch sets the default to y and removes the
    EMBEDDED dependency.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • This patch fixes a serious bug in the test disabling patch where
    it can cause an spurious load of the cryptomgr module even when
    it's compiled in.

    It also negates the test disabling option so that its absence
    causes tests to be enabled.

    The Kconfig option is also now behind EMBEDDED.

    Signed-off-by: Herbert Xu

    Herbert Xu