30 Nov, 2010

2 commits

• bc97e57eb   crypto: algif_skcipher - Handle unaligned receive buffer ... Browse Code »

  As it is if user-space passes through a receive buffer that's not
  aligned to to the cipher block size, we'll end up encrypting or
  decrypting a partial block which causes a spurious EINVAL to be
  returned.

  This patch fixes this by moving the partial block test after the
  af_alg_make_sg call.

  Signed-off-by: Herbert Xu

  Herbert Xu

  2010-11-30 17:04:31 +0800  
• 0f6bb83cb   crypto: algif_skcipher - Fixed overflow when sndbuf is page aligned ... Browse Code »

  When sk_sndbuf is not a multiple of PAGE_SIZE, the limit tests
  in sendmsg fail as the limit variable becomes negative and we're
  using an unsigned comparison.

  The same thing can happen if sk_sndbuf is lowered after a sendmsg
  call.

  This patch fixes this by always taking the signed maximum of limit
  and 0 before we perform the comparison.

  It also rounds the value of sk_sndbuf down to a multiple of PAGE_SIZE
  so that we don't end up allocating a page only to use a small number
  of bytes in it because we're bound by sk_sndbuf.

  Signed-off-by: Herbert Xu

  Herbert Xu

  2010-11-30 16:49:02 +0800  

28 Nov, 2010

1 commit

• c762be637   crypto: algif_skcipher - Pass on error from af_alg_make_sg ... Browse Code »

  The error returned from af_alg_make_sg is currently lost and we
  always pass on -EINVAL. This patch pases on the underlying error.

  Signed-off-by: Herbert Xu

  Herbert Xu

  2010-11-28 16:28:01 +0800  

26 Nov, 2010

1 commit

• 8ff590903   crypto: algif_skcipher - User-space interface for skcipher operations ... Browse Code »

  This patch adds the af_alg plugin for symmetric key ciphers,
  corresponding to the ablkcipher kernel operation type.

  Keys can optionally be set through the setsockopt interface.

  Once a sendmsg call occurs without MSG_MORE no further writes
  may be made to the socket until all previous data has been read.

  IVs and and whether encryption/decryption is performed can be
  set through the setsockopt interface or as a control message
  to sendmsg.

  The interface is completely synchronous, all operations are
  carried out in recvmsg(2) and will complete prior to the system
  call returning.

  The splice(2) interface support reading the user-space data directly
  without copying (except that the Crypto API itself may copy the data
  if alignment is off).

  The recvmsg(2) interface supports directly writing to user-space
  without additional copying, i.e., the kernel crypto interface will
  receive the user-space address as its output SG list.

  Thakns to Miloslav Trmac for reviewing this and contributing
  fixes and improvements.

  Signed-off-by: Herbert Xu
  Acked-by: David S. Miller

  Herbert Xu

  2010-11-26 20:53:59 +0800