Crypto Update for 2.6.29

Herbert Xu

unread,

Dec 24, 2008, 7:20:06 PM12/24/08

to

Hi Linus:

Here is the crypto update for 2.6.29:

The main change is the introduction of the shash algorithm type.
It's meant to replace the existing hash type as the main interface
for synchronous hash operations. Its key feature is support for
simultaneous operations on a single tfm where previously multiple
tfm objects had to be allocated. A large chunk of the changes
here are simply conversions of existing hash algorithms to use
the new interface. In particular, the crc32c algorithm has been
converted, which means that the libcrc32c interface can now use
the crypto interface, giving it access to Intel's new CRC32C
instruction.

Apart from that there is the usual collection of bug fixes and
updates to algorithms and drivers.

Adrian-Ken Rueegsegger (10):
libcrc32c: Fix "crc32c undefined" compilation error
crypto: sha1 - Switch to shash
crypto: md4 - Switch to shash
crypto: md5 - Switch to shash
crypto: sha256 - Switch to shash
crypto: tgr192 - Switch to shash
crypto: wp512 - Switch to shash
crypto: michael_mic - Switch to shash
crypto: sha512 - Move message schedule W[80] to static percpu area
crypto: sha512 - Switch to shash

Evgeniy Polyakov (3):
crypto: hifn - Disable driver when physical size exceeds 32 bits
crypto: hifn_795x - Fix queue management
crypto: hifn_795x - Use softirq kernel mapping in bh context

Geert Uytterhoeven (2):
crypto: testmgr - Validate output length in (de)compression tests
crypto: testmgr - Correct comment about deflate parameters

Harvey Harrison (3):
crypto: camellia - use kernel-provided bitops, unaligned access
crypto: remove uses of __constant_{endian} helpers
crypto: salsa20 - Remove private wrappers around various operations

Herbert Xu (21):
crypto: padlock - Avoid resetting cword on successive operations
crypto: api - Move type exit function into crypto_tfm
crypto: api - Rebirth of crypto_alloc_tfm
crypto: hash - Add shash interface
crypto: hash - Export shash through ahash
crypto: hash - Add import/export interface
crypto: api - Call type show function before legacy for proc
crypto: hash - Export shash through hash
crypto: crc32c - Switch to shash
crypto: crc32c-intel - Switch to shash
crypto: crc32c - Test descriptor context format
libcrc32c: Move implementation to crypto crc32c
libcrc32c: Add crc32c_le macro
libcrc32c: Select CRYPTO in Kconfig
crypto: hash - Make setkey optional
crypto: null - Switch to shash
crypto: rmd128 - Switch to shash
crypto: rmd160 - Switch to shash
crypto: rmd256 - Switch to shash
crypto: rmd320 - Switch to shash
crypto: aes - Precompute tables

Ingo Molnar (1):
crypto: testmgr - Fix error flow of test_comp

Jarod Wilson (3):
crypto: ansi_cprng - Avoid incorrect extra call to _get_more_prng_bytes
crypto: ansi_cprng - fix inverted DT increment routine
crypto: des3_ede - permit weak keys unless REQ_WEAK_KEY set

Julia Lawall (1):
crypto: md4 - Use ARRAY_SIZE

Kent Liu (1):
crypto: crc32c-intel - Update copyright head

Kim Phillips (2):
crypto: talitos - Pass correct interrupt status to error handler
crypto: talitos - Perform auth check in h/w if on sec 2.1 and above

Lee Nipper (2):
crypto: talitos - Implement done interrupt mitigation
crypto: talitos - Ack done interrupt in isr instead of tasklet

Neil Horman (2):
crypto: testmgr - Trigger a panic when self test fails in FIPS mode
crypto: ansi_cprng - Allow resetting of DT value

Patrick McHardy (5):
crypto: hifn_795x - Fix DMA setup
crypto: hifn_795x - Don't copy src sg list
crypto: hifn_795x - Fix request context corruption
crypto: hifn_795x - Fix queue processing
crypto: hifn_795x - Remove some unused cruft

Vishnu Suresh (1):
crypto: talitos - Preempt overflow interrupts off-by-one fix

Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <her...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majo...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Herbert Xu

unread,

Dec 24, 2008, 7:30:09 PM12/24/08

to

Hi Linus:

Here is the crypto update for 2.6.29:

The main change is the introduction of the shash algorithm type.
It's meant to replace the existing hash type as the main interface
for synchronous hash operations. Its key feature is support for
simultaneous operations on a single tfm where previously multiple
tfm objects had to be allocated. A large chunk of the changes
here are simply conversions of existing hash algorithms to use
the new interface. In particular, the crc32c algorithm has been
converted, which means that the libcrc32c interface can now use
the crypto interface, giving it access to Intel's new CRC32C
instruction.

Apart from that there is the usual collection of bug fixes and
updates to algorithms and drivers.

Now with the pull location :)

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Herbert Xu

unread,

Mar 24, 2009, 1:00:08 AM3/24/09

to

Hi Linus:

Here is the crypto update for 2.6.30:

* A new compression interface that supports "compress as you go".
- This includes a patch to move nlattr from net into lib.
* Support for the Intel AES instruction.
* More shash algorithm conversions.
* Multithreaded software crypto through cryptd.
* AMCC crypto driver.
* timeriomem RNG driver.
* Random fixes.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Adrian-Ken Rueegsegger (1):
crypto: Fix dead links

Alexander Clouter (1):
hwrng: timeriomem - New driver

Geert Uytterhoeven (5):
netlink: Move netlink attribute parsing support to lib
crypto: compress - Add pcomp interface
crypto: testmgr - Add support for the pcomp interface
crypto: zlib - New zlib crypto module, using pcomp
crypto: testmgr - add zlib test

Heiko Carstens (1):
hwrng: timeriomem - Breaks an allyesconfig build on s390:

Herbert Xu (10):
crypto: shash - Remove superfluous check in init_tfm
crypto: shash - Add crypto_shash_blocksize
crypto: sha-s390 - Switch to shash
crypto: api - crypto_alg_mod_lookup either tested or untested
crypto: api - Fix crypto_alloc_tfm/create_create_tfm return convention
crypto: skcipher - Avoid infinite loop when cipher fails selftest
crypto: aead - Avoid infinite loop when nivaead fails selftest
crypto: testmgr - Test skciphers with no IVs
nlattr: Fix build error with NET off
crypto: sha512-s390 - Add missing block size

Huang Ying (7):
crypto: aes - Move key_length in struct crypto_aes_ctx to be the last field
crypto: aes - Export x86 AES encrypt/decrypt functions
crypto: cryptd - Add support to access underlying blkcipher
crypto: aes-ni - Add support to Intel AES-NI instructions for x86_64 platform
crypto: api - Use dedicated workqueue for crypto subsystem
crypto: cryptd - Per-CPU thread implementation based on kcrypto_wq
crypto: chainiv - Use kcrypto_wq instead of keventd_wq

James Hsiao (1):
crypto: amcc - Add crypt4xx driver

Neil Horman (3):
crypto: ansi_cprng - Force reset on allocation
crypto: ansi_cprng - Panic on CPRNG test failure when in FIPS mode
crypto: ansi_cprng - Add maintainer

MAINTAINERS | 6 +
arch/powerpc/boot/dts/canyonlands.dts | 7 +
arch/powerpc/boot/dts/kilauea.dts | 7 +
arch/s390/crypto/sha.h | 6 +-
arch/s390/crypto/sha1_s390.c | 40 +-
arch/s390/crypto/sha256_s390.c | 40 +-
arch/s390/crypto/sha512_s390.c | 81 +-
arch/s390/crypto/sha_common.c | 20 +-
arch/x86/crypto/Makefile | 3 +
arch/x86/crypto/aes-i586-asm_32.S | 18 +-
arch/x86/crypto/aes-x86_64-asm_64.S | 6 +-
arch/x86/crypto/aes_glue.c | 20 +-
arch/x86/crypto/aesni-intel_asm.S | 896 +++++++++++++++++++++
arch/x86/crypto/aesni-intel_glue.c | 461 +++++++++++
arch/x86/include/asm/aes.h | 11 +
arch/x86/include/asm/cpufeature.h | 1 +
crypto/Kconfig | 44 +
crypto/Makefile | 5 +
crypto/ablkcipher.c | 19 +
crypto/aead.c | 16 +
crypto/algboss.c | 20 +-
crypto/ansi_cprng.c | 17 +-
crypto/api.c | 17 +-
crypto/blkcipher.c | 2 +-
crypto/chainiv.c | 3 +-
crypto/cryptd.c | 237 +++---
crypto/crypto_wq.c | 38 +
crypto/gf128mul.c | 2 +-
crypto/internal.h | 6 +-
crypto/pcompress.c | 97 +++
crypto/sha256_generic.c | 2 +-
crypto/shash.c | 20 +-
crypto/tcrypt.c | 6 +-
crypto/testmgr.c | 198 +++++
crypto/testmgr.h | 147 ++++
crypto/zlib.c | 378 +++++++++
drivers/char/hw_random/Kconfig | 14 +
drivers/char/hw_random/Makefile | 1 +
drivers/char/hw_random/timeriomem-rng.c | 151 ++++
drivers/crypto/Kconfig | 15 +-
drivers/crypto/Makefile | 1 +
drivers/crypto/amcc/Makefile | 2 +
drivers/crypto/amcc/crypto4xx_alg.c | 293 +++++++
drivers/crypto/amcc/crypto4xx_core.c | 1310 +++++++++++++++++++++++++++++++
drivers/crypto/amcc/crypto4xx_core.h | 177 +++++
drivers/crypto/amcc/crypto4xx_reg_def.h | 284 +++++++
drivers/crypto/amcc/crypto4xx_sa.c | 108 +++
drivers/crypto/amcc/crypto4xx_sa.h | 243 ++++++
include/crypto/aes.h | 6 +-
include/crypto/compress.h | 145 ++++
include/crypto/cryptd.h | 27 +
include/crypto/crypto_wq.h | 7 +
include/crypto/hash.h | 5 +
include/crypto/internal/compress.h | 28 +
include/linux/crypto.h | 4 +-
include/linux/timeriomem-rng.h | 21 +
lib/Kconfig | 6 +
lib/Makefile | 2 +
net/netlink/attr.c => lib/nlattr.c | 20 +-
net/Kconfig | 1 +
net/netlink/Makefile | 2 +-
61 files changed, 5506 insertions(+), 264 deletions(-)
create mode 100644 arch/x86/crypto/aesni-intel_asm.S
create mode 100644 arch/x86/crypto/aesni-intel_glue.c
create mode 100644 arch/x86/include/asm/aes.h
create mode 100644 crypto/crypto_wq.c
create mode 100644 crypto/pcompress.c
create mode 100644 crypto/zlib.c
create mode 100644 drivers/char/hw_random/timeriomem-rng.c
create mode 100644 drivers/crypto/amcc/Makefile
create mode 100644 drivers/crypto/amcc/crypto4xx_alg.c
create mode 100644 drivers/crypto/amcc/crypto4xx_core.c
create mode 100644 drivers/crypto/amcc/crypto4xx_core.h
create mode 100644 drivers/crypto/amcc/crypto4xx_reg_def.h
create mode 100644 drivers/crypto/amcc/crypto4xx_sa.c
create mode 100644 drivers/crypto/amcc/crypto4xx_sa.h
create mode 100644 include/crypto/compress.h
create mode 100644 include/crypto/cryptd.h
create mode 100644 include/crypto/crypto_wq.h
create mode 100644 include/crypto/internal/compress.h
create mode 100644 include/linux/timeriomem-rng.h
rename net/netlink/attr.c => lib/nlattr.c (99%)

Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <her...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--

Herbert Xu

unread,

Apr 2, 2009, 2:20:12 AM4/2/09

to

Hi Linus:

This push fixes three bugs/regressions:

* IO address handling fix in timeriomem.
* Crash due to incorrect SG handling in ixp4xx.
* Crypto API (shash) bug that can lead to a CRC32C crash.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Alexander Clouter (1):
hwrng: timeriomem - Use phys address rather than virt

Christian Hohnstaedt (1):
crypto: ixp4xx - Fix handling of chained sg buffers

Yehuda Sadeh (1):
crypto: shash - Fix unaligned calculation with short length

crypto/shash.c | 3 +
drivers/char/hw_random/timeriomem-rng.c | 39 ++++++-
drivers/crypto/ixp4xx_crypto.c | 182 +++++++++++--------------------
include/linux/timeriomem-rng.h | 2 +-
4 files changed, 102 insertions(+), 124 deletions(-)

Herbert Xu

unread,

May 17, 2009, 6:30:16 PM5/17/09

to

Hi Linus:

This push fixes a few bugs/regressions:

* Check firmware before claiming algorithm support in ixp4xx.
* Fix autoloading of optimised AES modules.
* Fix eseqiv IV generation.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Christian Hohnstaedt (1):
crypto: ixp4xx - check firmware for crypto support

Herbert Xu (2):
crypto: api - Fix algorithm module auto-loading
crypto: padlock - Revert aes-all alias to aes

Steffen Klassert (1):
crypto: eseqiv - Fix IV generation for sync algorithms

crypto/api.c | 3 ++-
crypto/eseqiv.c | 3 ++-
drivers/crypto/ixp4xx_crypto.c | 33 ++++++++++++++++++++++++++++++++-
drivers/crypto/padlock-aes.c | 2 +-
4 files changed, 37 insertions(+), 4 deletions(-)

Herbert Xu

unread,

May 31, 2009, 9:20:08 AM5/31/09

to

Hi Linus:

This push fixes a regression that triggers with SLAB debugging on,
where the new ahash code fails to handle sg entries that cross page
boundaries which are generated by kmalloc.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Herbert Xu (1):
crypto: hash - Fix handling of sg entry that crosses page boundary

crypto/ahash.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)

Herbert Xu

unread,

Jun 12, 2009, 10:10:08 PM6/12/09

to

Hi Linus:

Here is the crypto update for 2.6.31:

* 64-bit VIA crypto/RNG support.
* More operation modes added for Intel AES.
* New test vectors for CCM/CTR/RNG.
* Slight change to the compress API for squashfs.
* Talitos fixes/clean-ups.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Alex Riesen (1):
crypto: api - Use formatting of module name

Alexander Clouter (1):
hwrng: timeriomem - Fix potential oops (request_mem_region/__devinit)

Frank Seidel (1):
crypto: tcrypt - Reduce stack size

Geert Uytterhoeven (3):
crypto: testmgr - Kill test_comp() sparse warnings
crypto: pcomp - pcompress.c should include crypto/internal/compress.h
crypto: compress - Return produced bytes in crypto_{,de}compress_{update,final}

Harald Welte (3):
hwrng: via_rng - The VIA Hardware RNG driver is for the CPU, not Chipset
hwrng: via_rng - Support VIA Nano hardware RNG
hwrng: via_rng - Support VIA Nano hardware RNG on X86_64 builds

Herbert Xu (4):
crypto: padlock - Restore dependency on x86
crypto: testmgr - Dynamically allocate xbuf and axbuf
crypto: testmgr - Check all test vector lengths
crypto: testmgr - Allow hash test vectors longer than a page

Huang Ying (3):
crypto: cryptd - Use nivcipher in cryptd_alloc_ablkcipher
crypto: fpu - Add template for blkcipher touching FPU
crypto: aes-ni - Add support for more modes

Jarod Wilson (10):
crypto: testmgr - Handle AEAD test vectors expected to fail verification
crypto: testmgr - Add self-tests for rfc4309(ccm(aes))
crypto: testmgr - Add infrastructure for ansi_cprng self-tests
crypto: testmgr - Add ansi_cprng test vectors
crypto: testmgr - Catch base cipher self-test failures in fips mode
crypto: testmgr - Print self-test pass notices in fips mode
crypto: testmgr - Add ctr(aes) test vectors
crypto: testmgr - Mark algs allowed in fips mode
crypto: testmgr - Skip algs not flagged fips_allowed in fips mode
crypto: tcrypt - Do not exit on success in fips mode

Johannes Weiner (1):
crypto: api - Use kzfree

Kim Phillips (3):
crypto: talitos - Whitespace/codingstyle/overrun lines cleanup
crypto: talitos - containerof related codingstyle
crypto: talitos - Avoid unnecessary decrypt check

Lee Nipper (2):
crypto: talitos - scaffolding for new algorithm types
crypto: talitos - Add ablkcipher algorithms

Mike Frysinger (1):
crypto: hifn_795x - fix __dev{init,exit} markings

Sebastian Andrzej Siewior (1):
crypto: padlock - Enable on x86_64

Uwe Kleine-K�nig (1):
hwrng: omap - Move probe function to .devinit.text

Herbert Xu

unread,

Jun 21, 2009, 10:10:12 AM6/21/09

to

Hi Linus:

This push fixes a number of regressions for hardware AES:

* Spurious page faults with AES on Via Nano.
* Fix broken decryption with Intel AES.
* Fix atomic sleep with Intel AES.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Chuck Ebbert (2):
crypto: padlock-aes - work around Nano CPU errata in ECB mode
crypto: padlock-aes - work around Nano CPU errata in CBC mode

Huang Ying (3):
crypto: aes-ni - Fix cbc mode IV saving
crypto: aes-ni - Do not sleep when using the FPU
crypto: aes-ni - Remove CRYPTO_TFM_REQ_MAY_SLEEP from fpu template

arch/x86/crypto/aesni-intel_asm.S | 5 +-
arch/x86/crypto/aesni-intel_glue.c | 4 +
arch/x86/crypto/fpu.c | 4 +-
drivers/crypto/padlock-aes.c | 138 +++++++++++++++++++++++++----------
4 files changed, 107 insertions(+), 44 deletions(-)

Cheers,

Herbert Xu

unread,

Sep 2, 2009, 6:10:06 PM9/2/09

to

Hi Linus:

This push fixes a serious regression for IPsec when using the
chainiv algorithm. We were checking for NULL after converting a
pointer that can be NULL to its container, which means that
the NULL pointer check is useless. This would occur when the
chainiv backlog queue is depleted. The result is a crash.

Based on the one report received it does not occur all the time
though, possibly because we only use the backlog when two CPUs
try to push data through a single SA at the same time, which is
rare.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Herbert Xu (1):
crypto: skcipher - Fix skcipher_dequeue_givcrypt NULL test

crypto/algapi.c | 11 +++++++++--
include/crypto/algapi.h | 1 +
include/crypto/internal/skcipher.h | 4 ++--
3 files changed, 12 insertions(+), 4 deletions(-)

Thanks,

Herbert Xu

unread,

Sep 10, 2009, 10:20:06 AM9/10/09

to

Hi Linus:

Here is the crypto update for 2.6.32:

* Completed hash algorithm transition to shash.
* Convert IPsec over to lockless ahash interface.
* Split GHASH from GCM.
* Orion5X crypto engine support.
* Minor fixes/updates.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Christian Kujau (1):
crypto: rng - Fix typo

Herbert Xu (75):
crypto: ansi_cprng - Do not select FIPS
crypto: tcrypt - Fix module return code when testing by name
crypto: testmgr - Remove hash size check
crypto: skcipher - Fix request for sync algorithms
crypto: skcipher - Change default sync geniv on SMP to eseqiv
crypto: testmgr - Allow implementation-specific tests
crypto: api - Add new template create function
crypto: api - Add crypto_alloc_instance2
crypto: shash - Add shash_instance
crypto: api - Add new style spawn support
crypto: shash - Add spawn support
crypto: api - Add crypto_attr_alg2 helper
crypto: shash - Add shash_attr_alg2 helper
crypto: shash - Add shash_register_instance
crypto: shash - Add crypto_shash_ctx_aligned
crypto: shash - Add __crypto_shash_cast
crypto: shash - Use finup in default digest
crypto: shash - Propagate reinit return value
crypto: shash - Add shash_instance_ctx
crypto: api - Fix crypto_drop_spawn crash on blank spawns
crypto: shash - Export/import hash state only
crypto: shash - Move finup/digest null checks to registration time
crypto: sha1_generic - Add export/import support
crypto: sha256_generic - Use 64-bit counter like sha1
crypto: sha256_generic - Add export/import support
crypto: sha1-s390 - Add export/import support
crypto: sha256-s390 - Add export/import support
crypto: padlock - Use shash fallback for sha
crypto: shash - Move null setkey check to registration time
crypto: async - Use kzfree for requests
crypto: shash - Make descsize a run-time attribute
crypto: padlock - Switch sha to shash
crypto: hmac - Switch to shash
crypto: xcbc - Switch to shash
crypto: authenc - Remove reference to crypto_hash
crypto: hash - Remove legacy hash/digest implementaion
crypto: shash - Export async functions
crypto: cryptd - Use shash algorithms
crypto: ahash - Add crypto_ahash_set_reqsize
crypto: cryptd - Use crypto_ahash_set_reqsize
crypto: crypto4xx - Use crypto_ahash_set_reqsize
crypto: api - Remove frontend argument from extsize/init_tfm
crypto: ahash - Convert to new style algorithms
crypto: ahash - Add instance/spawn support
crypto: tcrypt - Add mask parameter
crypto: hash - Add helpers to free spawns
crypto: cryptd - Switch to template create API
crypto: cryptd - Switch to new style ahash
crypto: crypto4xx - Switch to new style ahash
crypto: ahash - Remove old_ahash_alg
crypto: hash - Zap unaligned buffers
crypto: shash - Fix alignment in unaligned operations
crypto: ahash - Use GFP_KERNEL in unaligned setkey
crypto: ahash - Add unaligned handling and default operations
crypto: crypto4xx - Disable SHA implementation
crypto: hmac - Fix incorrect error value when creating instance
crypto: xcbc - Fix incorrect error value when creating instance
crypto: padlock - Fix compile error on i386
crypto: ahash - Fix setkey crash
crypto: shash - Fix digest size offset
crypto: shash - Fix async finup handling of null digest
crypto: padlock - Fix hashing of partial blocks
crypto: cryptd - Add finup/export/import for hash
crypto: xcbc - Use crypto_xor
crypto: xcbc - Fix shash conversion
crypto: sha512 - Export struct sha512_state
crypto: sha512_generic - Use 64-bit counters
crypto: sha512-s390 - Add export/import support
crypto: shash - Require all algorithms to support export/import
crypto: hmac - Prehash ipad/opad
crypto: api - Fix aligned ctx helper
Revert crypto: fips - Select CPRNG
crypto: ctr - Use chainiv on raw counter mode
crypto: blkcipher - Do not use eseqiv on stream ciphers
crypto: api - Do not displace newly registered algorithms

Huang Ying (3):
crypto: ghash - Add GHASH digest algorithm for GCM
crypto: gcm - Use GHASH digest algorithm
crypto: cryptd - Add support to access underlaying shash

Jan Glauber (1):
crypto: sha-s390 - Fix warnings in import function

Jarod Wilson (1):
crypto: des_s390 - Permit weak keys unless REQ_WEAK_KEY set

Joe Perches (1):
hwrng: Use PCI_VDEVICE

Kim Phillips (3):
crypto: talitos - simplify hmac data size calculation
crypto: talitos - align locks on cache lines
crypto: talitos - add support for 36 bit addressing

Neil Horman (3):
random: Add optional continuous repetition test to entropy store based rngs
crypto: fips - Select CPRNG
crypto: fips - Depend on ansi_cprng

Phil Carmody (1):
crypto: aes - Undefined behaviour in crypto_aes_expand_key

Roland Dreier (1):
crypto: aes-ni - Don't print message with KERN_ERR on old system

Sachin Sant (1):
crypto: s390 - Fix sha build failure

Sebastian Andrzej Siewior (3):
crypto: ansi_prng - Use just a BH lock
crypto: ansi_prng - alloc cipher just in init
crypto: mv_cesa - Add support for Orion5X crypto engine

Shane Wang (1):
crypto: vmac - New hash algorithm for intel_txt support

Steffen Klassert (7):
crypto: tcrypt - Test algorithms by name
crypto: cryptd - Fix uninitialized return value
crypto: ahash - Use GFP_KERNEL on allocation if the request can sleep
crypto: shash - Test for the algorithms import function before exporting it
crypto: authenc - Convert to ahash
crypto: xcbc - Fix alignment calculation of xcbc_tfm_ctx
crypto: ansi_cprng - Fix module initialization

drivers/crypto/Kconfig | 15 +-
drivers/crypto/Makefile | 1 +

Herbert Xu

unread,

Oct 20, 2009, 3:00:01 AM10/20/09

to

Hi Linus:

This push fixes a regression in the padlock-sha driver that causes
faults on 32-bit VIA processors.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Herbert Xu (1):
crypto: padlock-sha - Fix stack alignment

drivers/crypto/padlock-sha.c | 14 ++++++++++++--
1 files changed, 12 insertions(+), 2 deletions(-)

Herbert Xu

unread,

Oct 20, 2009, 3:30:01 AM10/20/09

to

Hi Linus:

> This push fixes a regression in the padlock-sha driver that causes
> faults on 32-bit VIA processors.

I've just added another regression fix that's specific to the
Intel AESNI instruction where the FPU test was reversed.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Herbert Xu (1):
crypto: padlock-sha - Fix stack alignment

Huang Ying (1):
crypto: aesni-intel - Fix irq_fpu_usable usage

arch/x86/crypto/aesni-intel_glue.c | 10 +++++-----
drivers/crypto/padlock-sha.c | 14 ++++++++++++--
2 files changed, 17 insertions(+), 7 deletions(-)

Herbert Xu

unread,

Nov 23, 2009, 7:10:01 AM11/23/09

to

Hi Linus:

This push fixes a crash in the gcm driver when used in conjunction
with an asynchronous cipher (e.g., aesni-intel).

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Huang Ying (1):
crypto: gcm - fix another complete call in complete fuction

crypto/gcm.c | 107 +++++++++++++++++++++++++++++++++++++++------------------
1 files changed, 73 insertions(+), 34 deletions(-)

Herbert Xu

unread,

Dec 4, 2009, 9:00:02 AM12/4/09

to

Hi Linus:

Here is the crypto update for 2.6.33:

* Removal of legacy hash code.
* New ghash (part of GCM) driver using Intel hardware support.
* Hardware RNG driver API update.
* Random fixes.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Benjamin Gilbert (3):
crypto: hash - Remove legacy hash/digest code
crypto: api - Remove digest case from procfs show handler
crypto: hash - Remove cra_u.{digest,hash}

Felipe Contreras (1):
crypto: testmgr - Fix warning

Herbert Xu (2):
crypto: ghash-intel - Hard-code pshufb
crypto: ghash-intel - Add PSHUFB macros

Huang Ying (6):
crypto: ghash - Add PCLMULQDQ accelerated implementation
crypto: ghash-intel - Fix building failure on x86_32
crypto: ghash-intel - Fix irq_fpu_usable usage
x86: Generate .byte code for some new instructions via gas macro
crypto: aesni-intel - Use gas macro for AES-NI instructions
crypto: ghash-clmulni-intel - Use gas macro for PCLMULQDQ-NI and PSHUFB

Ian Molton (3):
hwrng: virtio-rng - Convert to new API
hwrng: core - Prevent too-small buffer sizes
hwrng: core - Replace u32 in driver API with byte array

Jaswinder Singh Rajput (1):
crypto: ansi_cprng - Move FIPS functions under CONFIG_CRYPTO_FIPS

Jiri Kosina (1):
crypto: ghash-clmulni-intel - Put proper .data section in place

Neil Horman (1):
crypto: ansi_cprng - Add FIPS wrapper

Roel Kluin (1):
crypto: ansi_cprng - Fix test in get_prng_bytes

Youquan, Song (1):
crypto: testmgr - Add ghash algorithm test before provide to users

Herbert Xu

unread,

Dec 29, 2009, 9:20:01 PM12/29/09

to

Hi Linus:

This push fixes a regression in the hardware RNG core introduced
by the recent API change.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Herbert Xu (1):
hwrng: core - Fix double unlock in rng_dev_read

drivers/char/hw_random/core.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)

Herbert Xu

unread,

Feb 1, 2010, 3:00:02 PM2/1/10

to

Hi Linus:

This push fixes a couple of serious bugs:

* UBIFS assertion failure caused by /dev/random (since forever)
* Broken hmac support in padlock-sha (since 2.6.32)

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Herbert Xu (2):
crypto: padlock-sha - Add import/export support
random: Remove unused inode variable

Matt Mackall (1):
random: drop weird m_time/a_time manipulation

drivers/char/random.c | 9 ---------
drivers/crypto/padlock-sha.c | 23 +++++++++++++++++++++++
2 files changed, 23 insertions(+), 9 deletions(-)

Herbert Xu

unread,

Feb 25, 2010, 7:50:02 PM2/25/10

to

Hi Linus:

Here is the crypto update for 2.6.34:

* New pcrypt module to spread crypto work across CPUs.
* Added RFC4543 GCM support.
* Added nomadik RNG driver.
* MD5 export/import support.
* Random fixes.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Alessandro Rubini (2):
hwrng: nomadik - Add hardware RNG driver
hwrng: nomadik - Add platform device for rng in cpu-8815

Max Vozeler (1):
crypto: md5 - Add export support

M�rton N�meth (1):
crypto: Make Open Firmware device id constant

Richard Hartmann (19):
crypto: ablkcipher - Fix checkpatch errors
crypto: aead - Fix checkpatch errors
crypto: blowfish - Fix checkpatch errors
crypto: algapi - Fix checkpatch errors
crypto: anubis - Fix checkpatch errors
crypto: api - Fix checkpatch errors
crypto: authenc - Fix checkpatch errors
crypto: camellia - Fix checkpatch errors
crypto: cast5 - Fix checkpatch errors
crypto: cast6 - Fix checkpatch errors
crypto: compress - Fix checkpatch errors
crypto: crc32 - Fix checkpatch errors
crypto: cipher - Fix checkpatch errors
crypto: crypto_null - Fix checkpatch errors
crypto: deflate - Fix checkpatch errors
crypto: des_generic - Fix checkpatch errors
crypto: ecb - Fix checkpatch errors
crypto: fcrypt - Fix checkpatch errors
crypto: aes_generic - Fix checkpatch errors

Roel Kluin (3):
crypto: aes_s390 - access .cip instead of .blk in cipher mode
crypto: geode-aes - access .cip instead of .blk in cipher mode
crypto: geode-aes - Fix cip/blk confusion

Steffen Klassert (3):
padata: Generic parallelization/serialization interface
crypto: pcrypt - Add pcrypt crypto parallelization wrapper
crypto: pcrypt - call the complete function on error

Tobias Brunner (1):
crypto: gcm - Add RFC4543 wrapper for GCM

Youquan, Song (1):
crypto: testmgr - Fix complain about lack test for internal used algorithm

Ingo Molnar

unread,

Mar 1, 2010, 3:00:02 AM3/1/10

to

Hi,

* Herbert Xu <her...@gondor.apana.org.au> wrote:

> crypto: pcrypt - Add pcrypt crypto parallelization wrapper

-tip testing started triggering the following frequent boot crash yesterday,
on 64-bit x86:

( Full oops attached below. Config attached as well. )

I have bisected it back to the following upstream commit:

|
| 5068c7a883d1694f0fb3631b664827644153cd08 is the first bad commit
| commit 5068c7a883d1694f0fb3631b664827644153cd08
| Author: Steffen Klassert <steffen....@secunet.com>
| Date: Thu Jan 7 15:57:19 2010 +1100

|
| crypto: pcrypt - Add pcrypt crypto parallelization wrapper
|

And have confirmed it via more testing that reverting the following two
commits:

5a1436b: crypto: pcrypt - call the complete function on error
5068c7a: crypto: pcrypt - Add pcrypt crypto parallelization wrapper

Solves the crash. I have pushed out the reverts into tip:out-of-tree for now,
and can test any real fix as well.

Thanks,

Ingo

-------------->
Calling crypto_ctr_module_init+0x0/0x3e @ 1
initcall crypto_ctr_module_init+0x0/0x3e returned 0 after 0 usecs
calling pcrypt_init+0x0/0xee @ 1
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<ffffffff8126550b>] memcpy+0xb/0xb0
PGD 0
Oops: 0002 [#1] SMP
last sysfs file:
CPU 1
Modules linked in:

Pid: 1, comm: swapper Not tainted 2.6.33-01768-g43a834d #19338 A8N-E/System Product Name
RIP: 0010:[<ffffffff8126550b>] [<ffffffff8126550b>] memcpy+0xb/0xb0
RSP: 0018:ffff88003f875e88 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffffff81f5f740 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff81f5f740 RDI: 0000000000000000
RBP: ffff88003f875ec0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88003e5317b0
R13: ffff88003f97a690 R14: ffff88003e5317b0 R15: ffff88003f9287d0
FS: 0000000000000000(0000) GS:ffff880004200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000000 CR3: 0000000001be8000 CR4: 00000000000006a0
DR0: ffffffff82c160bc DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Process swapper (pid: 1, threadinfo ffff88003f874000, task ffff88003f878000)
Stack:
ffffffff810c2f38 ffff880000000018 ffffffff81f5f740 ffffffff82158c51
<0> 00000001552321fe 0000000000000002 0000000000000000 ffff88003f875ee0
<0> ffffffff82158ccc 00000001552321fe 0000000000000000 ffff88003f875f10
Call Trace:
[<ffffffff810c2f38>] ? padata_alloc+0x98/0x150
[<ffffffff82158c51>] ? pcrypt_init+0x0/0xee
[<ffffffff82158ccc>] pcrypt_init+0x7b/0xee
[<ffffffff810001dc>] do_one_initcall+0x3c/0x200
[<ffffffff8213e73c>] kernel_init+0x161/0x1b7
[<ffffffff81004184>] kernel_thread_helper+0x4/0x10
[<ffffffff817d2150>] ? restore_args+0x0/0x30
[<ffffffff8213e5db>] ? kernel_init+0x0/0x1b7
[<ffffffff81004180>] ? kernel_thread_helper+0x0/0x10
Code: 81 ea d8 1f 00 00 48 3b 42 20 73 07 48 8b 50 f9 31 c0 c3 31 d2 48 c7 c0 f2 ff ff ff c3 90 90 90 48 89 f8 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 c3 8b 1e 4c 8b 46 08 4c 89 1f 4c 89 47 08
RIP [<ffffffff8126550b>] memcpy+0xb/0xb0
RSP <ffff88003f875e88>
CR2: 0000000000000000
---[ end trace 5a5d197966b56a2e ]---
swapper used greatest stack depth: 5016 bytes left
Kernel panic - not syncing: Attempted to kill init!

config

Steffen Klassert

unread,

Mar 1, 2010, 10:30:02 AM3/1/10

to

Hi.

On Mon, Mar 01, 2010 at 08:50:24AM +0100, Ingo Molnar wrote:
>
> Hi,
>
> * Herbert Xu <her...@gondor.apana.org.au> wrote:
>
> > crypto: pcrypt - Add pcrypt crypto parallelization wrapper
>
> -tip testing started triggering the following frequent boot crash yesterday,
> on 64-bit x86:
>
> | calling pcrypt_init+0x0/0xee @ 1
> | BUG: unable to handle kernel NULL pointer dereference at (null)
> | IP: [<ffffffff8126550b>] memcpy+0xb/0xb0
> | Call Trace:
> | [<ffffffff810c2f38>] ? padata_alloc+0x98/0x150
> | [<ffffffff82158c51>] ? pcrypt_init+0x0/0xee
> | [<ffffffff82158ccc>] pcrypt_init+0x7b/0xee
>

Ugh, it seems that I forgot to allocate one of the cpumasks. Looking at the
configs of my test systems I noticed, that CONFIG_CPUMASK_OFFSTACK was
not set on all the configs, so I did not notice it.

The patch below fixes the boot crash if CONFIG_CPUMASK_OFFSTACK is
enabled on my test systems. Does the patch fix it for you too?

Thanks,

Steffen

Subject: [PATCH] padata: allocate the cpumask for the padata instance

The cpumask of the padata instance was used without allocated.
This caused boot crashes if CONFIG_CPUMASK_OFFSTACK is enabled.
This patch fixes this by doing proper allocation for this cpumask.

Signed-off-by: Steffen Klassert <steffen....@secunet.com>
---
kernel/padata.c | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)

diff --git a/kernel/padata.c b/kernel/padata.c
index 6f9bcb8..93caf65 100644
--- a/kernel/padata.c
+++ b/kernel/padata.c
@@ -642,6 +642,9 @@ struct padata_instance *padata_alloc(const struct cpumask *cpumask,
if (!pd)
goto err_free_inst;

+ if (!alloc_cpumask_var(&pinst->cpumask, GFP_KERNEL))
+ goto err_free_pd;
+
rcu_assign_pointer(pinst->pd, pd);

pinst->wq = wq;
@@ -654,12 +657,14 @@ struct padata_instance *padata_alloc(const struct cpumask *cpumask,
pinst->cpu_notifier.priority = 0;
err = register_hotcpu_notifier(&pinst->cpu_notifier);
if (err)
- goto err_free_pd;
+ goto err_free_cpumask;

mutex_init(&pinst->lock);

return pinst;

+err_free_cpumask:
+ free_cpumask_var(pinst->cpumask);
err_free_pd:
padata_free_pd(pd);
err_free_inst:
@@ -685,6 +690,7 @@ void padata_free(struct padata_instance *pinst)

unregister_hotcpu_notifier(&pinst->cpu_notifier);
padata_free_pd(pinst->pd);
+ free_cpumask_var(pinst->cpumask);
kfree(pinst);
}
EXPORT_SYMBOL(padata_free);
--
1.5.6.5

Herbert Xu

unread,

Mar 3, 2010, 9:50:02 AM3/3/10

to

On Mon, Mar 01, 2010 at 03:55:19PM +0100, Steffen Klassert wrote:
>
> On Mon, Mar 01, 2010 at 08:50:24AM +0100, Ingo Molnar wrote:
> >
> > * Herbert Xu <her...@gondor.apana.org.au> wrote:
> >
> > > crypto: pcrypt - Add pcrypt crypto parallelization wrapper
> >
> > -tip testing started triggering the following frequent boot crash yesterday,
> > on 64-bit x86:
> >
> > | calling pcrypt_init+0x0/0xee @ 1
> > | BUG: unable to handle kernel NULL pointer dereference at (null)
> > | IP: [<ffffffff8126550b>] memcpy+0xb/0xb0
> > | Call Trace:
> > | [<ffffffff810c2f38>] ? padata_alloc+0x98/0x150
> > | [<ffffffff82158c51>] ? pcrypt_init+0x0/0xee
> > | [<ffffffff82158ccc>] pcrypt_init+0x7b/0xee
> >
>
> Ugh, it seems that I forgot to allocate one of the cpumasks. Looking at the
> configs of my test systems I noticed, that CONFIG_CPUMASK_OFFSTACK was
> not set on all the configs, so I did not notice it.
>
> The patch below fixes the boot crash if CONFIG_CPUMASK_OFFSTACK is
> enabled on my test systems. Does the patch fix it for you too?

Ingo, any luck with this patch from Steffen?

Cheers,

--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <her...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Ingo Molnar

unread,

Mar 3, 2010, 10:10:01 PM3/3/10

to

* Herbert Xu <her...@gondor.apana.org.au> wrote:

> On Mon, Mar 01, 2010 at 03:55:19PM +0100, Steffen Klassert wrote:
> >
> > On Mon, Mar 01, 2010 at 08:50:24AM +0100, Ingo Molnar wrote:
> > >
> > > * Herbert Xu <her...@gondor.apana.org.au> wrote:
> > >
> > > > crypto: pcrypt - Add pcrypt crypto parallelization wrapper
> > >
> > > -tip testing started triggering the following frequent boot crash yesterday,
> > > on 64-bit x86:
> > >
> > > | calling pcrypt_init+0x0/0xee @ 1
> > > | BUG: unable to handle kernel NULL pointer dereference at (null)
> > > | IP: [<ffffffff8126550b>] memcpy+0xb/0xb0
> > > | Call Trace:
> > > | [<ffffffff810c2f38>] ? padata_alloc+0x98/0x150
> > > | [<ffffffff82158c51>] ? pcrypt_init+0x0/0xee
> > > | [<ffffffff82158ccc>] pcrypt_init+0x7b/0xee
> > >
> >
> > Ugh, it seems that I forgot to allocate one of the cpumasks. Looking at the
> > configs of my test systems I noticed, that CONFIG_CPUMASK_OFFSTACK was
> > not set on all the configs, so I did not notice it.
> >
> > The patch below fixes the boot crash if CONFIG_CPUMASK_OFFSTACK is
> > enabled on my test systems. Does the patch fix it for you too?
>
> Ingo, any luck with this patch from Steffen?

I'm still busy with the merge window - please dont wait for me and consider it
fixed, i'll re-report if there's still any problems.

Thanks,

Ingo

Herbert Xu

unread,

Mar 4, 2010, 12:40:02 AM3/4/10

to

On Thu, Mar 04, 2010 at 04:00:52AM +0100, Ingo Molnar wrote:
>
> I'm still busy with the merge window - please dont wait for me and consider it
> fixed, i'll re-report if there's still any problems.

OK, I'll apply the patch.

Thanks,

--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <her...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Herbert Xu

unread,

Mar 5, 2010, 2:20:01 AM3/5/10

to

Hi Linus:

This push fixes three regressions and an older bug:

* The new padata system crashes during init on certain configurations.
* Fixed hmac(md5) broken by recent md5 update.
* Fixed authenc broken by ahash conversion.
* Fixed handling of unaligned buffers in hash API.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Herbert Xu (1):
crypto: md5 - Set statesize

Steffen Klassert (3):
crypto: authenc - Use correct ahash complete functions
crypto: authenc - Move saved IV in front of the ablkcipher request
padata: Allocate the cpumask for the padata instance

Szilveszter �rd�g (1):
crypto: hash - Fix handling of unaligned buffers

crypto/ahash.c | 1 -
crypto/authenc.c | 27 +++++++++++++++------------
crypto/md5.c | 1 +
kernel/padata.c | 8 +++++++-
4 files changed, 23 insertions(+), 14 deletions(-)

Herbert Xu

unread,

Apr 27, 2010, 10:00:02 AM4/27/10

to

Hi Linus:

This push fixes an IPsec crash when an async hash driver is used.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Herbert Xu (1):
crypto: authenc - Add EINPROGRESS check

crypto/authenc.c | 16 +++++++++++-----
1 files changed, 11 insertions(+), 5 deletions(-)

Herbert Xu

unread,

May 18, 2010, 10:10:02 PM5/18/10

to

Hi Linus:

Here is the crypto update for 2.6.35:

* Hardware hash support in mv_cesa.
* Hardware hash support in omap.
* VMAC now works on big-endian.
* Random fixes.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Chihau Chau (1):
crypto: geode-aes - Fix some code style issues

Dan Carpenter (2):
crypto: pcrypt - Handle crypto_get_attr_type errors
crypto: algapi - Remove unneeded null check

Dmitry Kasatkin (3):
crypto: omap - Updates omap sham device related platform code
crypto: omap - sha1 & md5 driver
crypto: omap - OMAP macros corrected

Henrik Kretzschmar (1):
padata: Section cleanup

Herbert Xu (1):
Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6

Huang Ying (4):
crypto: aesni-intel - Add AES-NI accelerated CTR mode
crypto: tcrypt - Speed testing support for ghash
crypto: aesni-intel - Fix CTR optimization build failure with gas 2.16.1
crypto: aesni-intel - Fix another CTR build failure with gas 2.16.1

Richard Hartmann (1):
crypto: internal - Fix checkpatch errors

Shane Wang (1):
crypto: vmac - Fix big-endian support

Steffen Klassert (5):
padata: Dont scale the parallel objects with the cpus
padata: cpu hotplug code should depend on CONFIG_HOTPLUG_CPU
padata: Remove superfluous might_sleep
padata: Initialize the padata queues only for the used cpus
padata: Use get_online_cpus/put_online_cpus

Tobias Klauser (1):
crypto: mv_cesa - Use resource_size

Uri Simchoni (10):
crypto: mv_cesa - Invoke the user callback from a softirq context
crypto: mv_cesa - Remove compiler warning in mv_cesa driver
crypto: mv_cesa - Fix situation where the dest sglist is organized differently than the source sglist
crypto: mv_cesa - Fix situations where the src sglist spans more data than the request asks for
crypto: mv_cesa - Enqueue generic async requests
crypto: mv_cesa - Rename a variable to a more suitable name
crypto: mv_cesa - Execute some code via function pointers rathr than direct calls
crypto: mv_cesa - Make the copy-back of data optional
crypto: mv_cesa - Support processing of data from previous requests
crypto: mv_cesa - Add sha1 and hmac(sha1) async hash drivers

Herbert Xu

unread,

May 21, 2010, 6:50:01 AM5/21/10

to

Hi Linus:

Here is a revised crypto update for 2.6.35:

* Hardware hash support in mv_cesa.
* Hardware hash support in omap.

* Hardware hash support in talitos.
* Hardware hash/cipher support for Niagara2.
* Hardware support for CTR mode in aesni.

* VMAC now works on big-endian.

* Updates to padata.
* Misc fixes.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Chihau Chau (1):
crypto: geode-aes - Fix some code style issues

Dan Carpenter (2):
crypto: pcrypt - Handle crypto_get_attr_type errors
crypto: algapi - Remove unneeded null check

David S. Miller (6):
crypto: hifn_795x - Rename ablkcipher_walk to hifn_cipher_walk
crypto: scatterwalk - Fix scatterwalk_done() test
crypto: tcrypt - Add speed tests for async hashing
crypto: testmgr - Add testing for async hashing and update/final
crypto: skcipher - Add ablkcipher_walk interfaces
crypto: n2 - Add Niagara2 crypto driver

Dmitry Kasatkin (3):
crypto: omap - Updates omap sham device related platform code
crypto: omap - sha1 & md5 driver
crypto: omap - OMAP macros corrected

Henrik Kretzschmar (1):
padata: Section cleanup

Herbert Xu (2):
Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6
crypto: shash - Remove usage of CRYPTO_MINALIGN

Huang Ying (4):
crypto: aesni-intel - Add AES-NI accelerated CTR mode
crypto: tcrypt - Speed testing support for ghash
crypto: aesni-intel - Fix CTR optimization build failure with gas 2.16.1
crypto: aesni-intel - Fix another CTR build failure with gas 2.16.1

Kim Phillips (1):
crypto: talitos - add support for sha224

Lee Nipper (3):
crypto: talitos - prepare for adding ahash algorithms
crypto: talitos - second prepare step for adding ahash algorithms
crypto: talitos - add hash algorithms

Matt Mackall (1):
random: simplify fips mode

Richard Hartmann (1):
crypto: internal - Fix checkpatch errors

Shane Wang (1):
crypto: vmac - Fix big-endian support

Shikhar Khattar (1):
crypto: authenc - Fix cryptlen calculation

Steffen Klassert (9):

padata: Dont scale the parallel objects with the cpus
padata: cpu hotplug code should depend on CONFIG_HOTPLUG_CPU
padata: Remove superfluous might_sleep
padata: Initialize the padata queues only for the used cpus
padata: Use get_online_cpus/put_online_cpus

padata: Use a timer to handle remaining objects in the reorder queues
padata: Flush the padata queues actively
padata: Add some code comments
padata: Use get_online_cpus/put_online_cpus in padata_free

Tobias Klauser (1):
crypto: mv_cesa - Use resource_size

Uri Simchoni (10):
crypto: mv_cesa - Invoke the user callback from a softirq context
crypto: mv_cesa - Remove compiler warning in mv_cesa driver
crypto: mv_cesa - Fix situation where the dest sglist is organized differently than the source sglist
crypto: mv_cesa - Fix situations where the src sglist spans more data than the request asks for
crypto: mv_cesa - Enqueue generic async requests
crypto: mv_cesa - Rename a variable to a more suitable name
crypto: mv_cesa - Execute some code via function pointers rathr than direct calls
crypto: mv_cesa - Make the copy-back of data optional
crypto: mv_cesa - Support processing of data from previous requests
crypto: mv_cesa - Add sha1 and hmac(sha1) async hash drivers

arch/arm/mach-omap2/clock2420_data.c | 2 +-
arch/arm/mach-omap2/clock2430_data.c | 2 +-
arch/arm/mach-omap2/clock3xxx_data.c | 2 +-

arch/arm/mach-omap2/devices.c | 58 +-

arch/arm/plat-omap/include/plat/omap34xx.h | 5 +
arch/x86/crypto/aesni-intel_asm.S | 115 ++

crypto/internal.h | 2 +-
crypto/pcrypt.c | 11 +-

Herbert Xu

unread,

Jun 3, 2010, 6:10:02 AM6/3/10

to

Hi Linus:

This push fixes build failures for of_device drivers as well as
a couple of bugs in the n2 driver.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Anatolij Gustschin (1):
crypto: crypto4xx - Fix build breakage

David S. Miller (3):
n2_crypto: Fix build after of_device/of_platform_driver changes.
n2_crypto: Fix MAU kmem_cache name.
n2_crypto: Plumb fallback ahash requests properly.

drivers/crypto/amcc/crypto4xx_core.c | 6 +-
drivers/crypto/n2_core.c | 123 ++++++++++++++++++----------------
2 files changed, 68 insertions(+), 61 deletions(-)

Linus Torvalds

unread,

Jun 3, 2010, 12:40:02 PM6/3/10

to

On Thu, 3 Jun 2010, Herbert Xu wrote:
>
> Please pull from
>
> git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

"Already up-to-date." Forgot to push? (I also checked master, so it's not
that mirroring is slow)

Linus

Herbert Xu

unread,

Jun 3, 2010, 6:00:03 PM6/3/10

to

On Thu, Jun 03, 2010 at 09:26:38AM -0700, Linus Torvalds wrote:
>
>
> On Thu, 3 Jun 2010, Herbert Xu wrote:
> >
> > Please pull from
> >
> > git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
>
> "Already up-to-date." Forgot to push? (I also checked master, so it's not
> that mirroring is slow)

Sorry, I pushed my tree to my home directory on master but not
to /pub :)

Should work now.

Thanks!

--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <her...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Herbert Xu

unread,

Jul 15, 2010, 10:30:01 PM7/15/10

to

Hi Linus:

This push fixes a crash in the new ablkcipher walking code used by
async block ciphers.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Jiri Slaby (1):
crypto: skcipher - avoid NULL dereference

crypto/ablkcipher.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

Thanks,
--
Email: Herbert Xu <her...@gondor.apana.org.au>

Herbert Xu

unread,

Jul 22, 2010, 2:00:01 AM7/22/10

to

Hi Linus:

This push fixes a bug in the talito hash driver that causes too
much data to be copied.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Lee Nipper (1):
crypto: talitos - fix bug in sg_copy_end_to_buffer

drivers/crypto/talitos.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)

Herbert Xu

unread,

Aug 4, 2010, 10:10:02 AM8/4/10

to

Hi Linus:

Here is the crypto update for 2.6.36:

* HMAC support for Niagara2.
* Talitos ahash bug fix.
* Adds sysfs interface to padata/pcrypt.
* Fixes/clean-ups for padata/pcrypt.
* Misc fixes.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Alexander Shishkin (1):
crypto: testmgr - add an option to disable cryptoalgos' self-tests

Andrea Gelmini (1):
crypto: des_s390 - Checkpatch cleanup

Dan Carpenter (2):
crypto: mv_cesa - fixup error handling in mv_probe()
padata: add parenthesis in MAX_SEQ_NR macro

Dan Kruchinin (3):
padata: Make two separate cpumasks
padata: Added sysfs primitives to padata subsystem
pcrypt: Added sysfs interface to pcrypt

David S. Miller (4):
n2_crypto: Kill n2_base_ctx and helpers.
n2_crypto: Log algorithm success/failure in kernel log.
n2_crypto: Make ahash parameterization explicit.
n2_crypto: Add HMAC support.

Herbert Xu (2):
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/crypto-2.6
crypto: pcomp - Fix illegal Kconfig configuration

Huang Weiyi (1):
crypto: omap - remove unused #include <linux/version.h>

Jan Glauber (2):
crypto: des_s390: remove des3_ede128 mode
crypto: des_s390: use generic weak key check

Joachim Fritschi (1):
crypto: twofish: Rename twofish to twofish_generic and add an alias

Julia Lawall (1):
crypto: Use ERR_CAST

Justin P. Mattock (1):
crypto: hifn_795x - Remove unused ctx variable

Kulikov Vasiliy (1):
hwrng: n2-drv - remove casts from void*

Lee Nipper (1):
crypto: talitos - fix ahash for multiple of blocksize

Peter Huewe (1):
crypto: geode_aes - Convert pci_table entries to PCI_VDEVICE (if PCI_ANY_ID is used)

Richard Kennedy (1):
random: Reorder struct entropy_store to remove padding on 64bits

Steffen Klassert (17):
padata: Check for valid padata instance on start
padata: Block until the instance is unused on stop
padata: Handle empty padata cpumasks
padata: make padata_do_parallel to return zero on success
padata: simplify serialization mechanism
padata: update documentation
padata: Fix cpu index counting
padata: Allocate cpumask dependend recources in any case
padata: Check for valid cpumasks
crypto: pcrypt - Dont calulate a callback cpu on empty callback cpumask
padata: Rename padata_alloc functions
padata: Rearrange set_cpumask functions
padata: Pass the padata cpumasks to the cpumask_change_notifier chain
crypto: pcrypt - Rename pcrypt_instance
crypto: pcrypt - Update pcrypt cpumask according to the padata cpumask notifier
padata: Remove padata_get_cpumask
padata: update API documentation

Documentation/padata.txt | 97 +++-
arch/s390/crypto/Makefile | 2 +-
arch/s390/crypto/crypto_des.h | 2 +-
arch/s390/crypto/des_s390.c | 238 +---------
crypto/Kconfig | 15 +-
crypto/Makefile | 4 +-
crypto/algboss.c | 4 +
crypto/authenc.c | 2 +-
crypto/ctr.c | 2 +-
crypto/pcrypt.c | 241 ++++++++---
crypto/testmgr.c | 14 +
crypto/{twofish.c => twofish_generic.c} | 1 +
crypto/xts.c | 2 +-
drivers/char/hw_random/n2-drv.c | 2 +-
drivers/char/random.c | 2 +-
drivers/crypto/geode-aes.c | 2 +-
drivers/crypto/hifn_795x.c | 4 -
drivers/crypto/mv_cesa.c | 10 +-
drivers/crypto/n2_core.c | 417 ++++++++++++-----
drivers/crypto/omap-sham.c | 1 -
drivers/crypto/talitos.c | 77 ++--
include/linux/padata.h | 121 ++++--
kernel/padata.c | 755 +++++++++++++++++++++++--------
23 files changed, 1307 insertions(+), 708 deletions(-)

Herbert Xu

unread,

Sep 3, 2010, 2:10:02 AM9/3/10

to

Hi Linus:

This push fixes a bug in the new ahash walking code, as well as
the self-test disabling option. The self-test disabling options
is now enabled by default as requested.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Herbert Xu (2):
crypto: testmgr - Fix test disabling option
crypto: testmgr - Default to no tests

Szilveszter Ördög (1):
crypto: hash - Fix handling of small unaligned buffers

crypto/Kconfig | 8 ++++----
crypto/ahash.c | 7 +++++--
crypto/algboss.c | 8 ++++----
crypto/testmgr.c | 4 ++--
4 files changed, 15 insertions(+), 12 deletions(-)

Herbert Xu

unread,

Sep 3, 2010, 7:10:01 AM9/3/10

to

On Fri, Sep 03, 2010 at 02:00:55PM +0800, Herbert Xu wrote:
> Hi Linus:
>
> This push fixes a bug in the new ahash walking code, as well as
> the self-test disabling option. The self-test disabling options
> is now enabled by default as requested.

I missed a changeset in the push request. This also includes a
revert of a bogus cast removal patch.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Herbert Xu (3):

crypto: testmgr - Fix test disabling option
crypto: testmgr - Default to no tests

Revert "hwrng: n2-drv - remove casts from void*"

Szilveszter Ördög (1):
crypto: hash - Fix handling of small unaligned buffers

crypto/Kconfig | 8 ++++----
crypto/ahash.c | 7 +++++--
crypto/algboss.c | 8 ++++----
crypto/testmgr.c | 4 ++--

drivers/char/hw_random/n2-drv.c | 2 +-
5 files changed, 16 insertions(+), 13 deletions(-)

Chuck Ebbert

unread,

Sep 4, 2010, 6:50:02 AM9/4/10

to

On Fri, 3 Sep 2010 14:00:55 +0800
Herbert Xu <her...@gondor.hengli.com.au> wrote:

> Please pull from
>
> git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
>
> or
>
> master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
>
>
> Herbert Xu (2):
> crypto: testmgr - Fix test disabling option
> crypto: testmgr - Default to no tests
>
> Szilveszter Ördög (1):
> crypto: hash - Fix handling of small unaligned buffers
>

What happened to my minor fix?

[ http://marc.info/?l=linux-crypto-vger&m=128311860504202&w=2 ]

I never got a reply about it.

Herbert Xu

unread,

Sep 4, 2010, 8:30:02 AM9/4/10

to

On Sat, Sep 04, 2010 at 06:45:01AM -0400, Chuck Ebbert wrote:
> On Fri, 3 Sep 2010 14:00:55 +0800
> Herbert Xu <her...@gondor.hengli.com.au> wrote:
>
> > Please pull from
> >
> > git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
> >
> > or
> >
> > master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
> >
> >
> > Herbert Xu (2):
> > crypto: testmgr - Fix test disabling option
> > crypto: testmgr - Default to no tests
> >
> > Szilveszter Ördög (1):
> > crypto: hash - Fix handling of small unaligned buffers
> >
>
> What happened to my minor fix?
>
> [ http://marc.info/?l=linux-crypto-vger&m=128311860504202&w=2 ]
>
> I never got a reply about it.

Hmm I did send you a reply.

Anyway it's in cryptodev-2.6.

Cheers,

--
Email: Herbert Xu <her...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Herbert Xu

unread,

Oct 24, 2010, 2:20:01 AM10/24/10

to

Hi Linus:

Here is the crypto update for 2.6.37:

* cryptd now supports AEAD.
* OMAP2/3 AES support.
* Mark Steffen Klassert as maintainer for padata/pcrypt.
* Misc fixes.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Adrian Hoban (1):
crypto: cryptd - Adding the AEAD interface type support to cryptd

Chuck Ebbert (1):
crypto: fips - FIPS requires algorithm self-tests

David S. Miller (1):
crypto: n2_crypto - Niagara2 driver needs to depend upon CRYPTO_DES

Dmitry Kasatkin (2):
crypto: updates to enable omap aes
crypto: omap-aes - OMAP2/3 AES hw accelerator driver

Justin P. Mattock (1):
crypto: Kconfig - update broken web addresses

Kim Phillips (3):
crypto: talitos - fix warning: 'alg' may be used uninitialized in this function
crypto: talitos - fix checkpatch warning
crypto: talitos - sparse check endian fixes

Namhyung Kim (1):
padata: add missing __percpu markup in include/linux/padata.h

Samu Onkalo (1):
crypto: omap-sham - Adjust DMA parameters

Steffen Klassert (1):
MAINTAINERS: Add maintainer entries for padata/pcrypt

Tejun Heo (1):
crypto: hifn_795x - use cancel_delayed_work_sync()

Tracey Dent (1):
crypto: Makefile - replace the use of <module>-objs with <module>-y

MAINTAINERS | 16 +

arch/arm/mach-omap2/clock2420_data.c | 2 +-
arch/arm/mach-omap2/clock2430_data.c | 2 +-
arch/arm/mach-omap2/clock3xxx_data.c | 2 +-

Thanks,
--
Email: Herbert Xu <her...@gondor.apana.org.au>

Herbert Xu

unread,

Nov 13, 2010, 8:10:02 AM11/13/10

to

Hi Linus:

This push fixes a couple of bugs in hardware crypto support:

* VIA Padlock had a serious problem dealing with odd-block-sized
input for AES-CBC which causes memory overwrites beyond the
end of the output buffer. Luckily the main user which is IPsec
has plenty of padding that avoids any serious consequences.
* Null check on the wrong variable in Sparc n2.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Herbert Xu (1):
crypto: padlock - Fix AES-CBC handling on odd-block-sized input

Nicolas Kaiser (1):
crypto: n2 - dubious error check

drivers/crypto/n2_core.c | 2 +-
drivers/crypto/padlock-aes.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)

Thanks,
--
Email: Herbert Xu <her...@gondor.apana.org.au>

Herbert Xu

unread,

Dec 15, 2010, 7:00:02 AM12/15/10

to

Hi Linus:

This push fixes a build problem under certain configurations due
to a missing include.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Randy Dunlap (1):
crypto: ghash-intel - ghash-clmulni-intel_glue needs err.h

arch/x86/crypto/ghash-clmulni-intel_glue.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)

Linus Torvalds

unread,

Dec 15, 2010, 3:50:03 PM12/15/10

to

On Wed, Dec 15, 2010 at 3:50 AM, Herbert Xu
<her...@gondor.hengli.com.au> wrote:
>
> This push fixes a build problem under certain configurations due
> to a missing include.
>
> Please pull from
>
> git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

You have a bad repo. Git says:

fatal: loose object 52f6c5ad430e41736133acac179607b224eaaa11 (stored
in ./objects/52/f6c5ad430e41736133acac179607b224eaaa11) is corrupted

and it doesn't really seem to be corrupt as much as just unreadable
(ie you've made it readable only by yourself).

There's a few other objects like that too. How do you push to your
repo, and what changed?

Linus

Herbert Xu

unread,

Dec 15, 2010, 7:50:01 PM12/15/10

to

On Wed, Dec 15, 2010 at 12:40:48PM -0800, Linus Torvalds wrote:
>
> There's a few other objects like that too. How do you push to your
> repo, and what changed?

Oops, I've fixed that now. I use rsync to copy files across so
it's my end that has changed. And indeed I've just done an upgrade.
Sorry.

--
Email: Herbert Xu <her...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Herbert Xu

unread,

Dec 15, 2010, 8:00:02 PM12/15/10

to

On Thu, Dec 16, 2010 at 08:49:38AM +0800, Herbert Xu wrote:
> On Wed, Dec 15, 2010 at 12:40:48PM -0800, Linus Torvalds wrote:
> >
> > There's a few other objects like that too. How do you push to your
> > repo, and what changed?
>
> Oops, I've fixed that now. I use rsync to copy files across so
> it's my end that has changed. And indeed I've just done an upgrade.
> Sorry.

OK it should be fixed for got now. I suspect what has changed
is that git is now using my umask by default.

Thanks,

Junio C Hamano

unread,

Dec 20, 2010, 5:00:02 AM12/20/10

to

Herbert Xu <her...@gondor.apana.org.au> writes:

> On Thu, Dec 16, 2010 at 08:49:38AM +0800, Herbert Xu wrote:
>> On Wed, Dec 15, 2010 at 12:40:48PM -0800, Linus Torvalds wrote:
>> >
>> > There's a few other objects like that too. How do you push to your
>> > repo, and what changed?
>>
>> Oops, I've fixed that now. I use rsync to copy files across so
>> it's my end that has changed. And indeed I've just done an upgrade.
>> Sorry.
>
> OK it should be fixed for got now. I suspect what has changed
> is that git is now using my umask by default.

Sorry, do you mean I need to be aware of a regression in recent version of
git? From which version to which version of git did you upgrade?

I offhand do not recall any recent change around umask area, especially
with respect to rsync transport.

Herbert Xu

unread,

Dec 20, 2010, 10:30:02 PM12/20/10

to

On Mon, Dec 20, 2010 at 01:56:40AM -0800, Junio C Hamano wrote:
>
> > OK it should be fixed for got now. I suspect what has changed
> > is that git is now using my umask by default.
>
> Sorry, do you mean I need to be aware of a regression in recent version of
> git? From which version to which version of git did you upgrade?
>
> I offhand do not recall any recent change around umask area, especially
> with respect to rsync transport.

No I don't think it was your fault. I haven't upgraded in a long
time and have only just caught up with Debian testing.

Thanks,
--
Email: Herbert Xu <her...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Herbert Xu

unread,

Jan 5, 2011, 7:10:02 PM1/5/11

to

Hi Linus:

Here is the crypto update for 2.6.38:

* Crypto API interface for user-space (hash + skcipher)
* Fixes for new OMAP driver.
* 32-bit support in aesni-intel.
* GCM support in aesni-intel.
* Misc fixes.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Adrian Hoban (1):
crypto: rfc4106 - Extending the RC4106 AES-GCM test vectors

Adrian-Ken Rueegsegger (1):
crypto: ripemd - Set module author and update email address

Dmitry Kasatkin (15):
crypto: omap-sham - uses digest buffer in request context
crypto: omap-sham - DMA initialization fixes for off mode
crypto: omap-sham - error handling improved
crypto: omap-sham - removed redundunt locking
crypto: omap-sham - crypto_ahash_final() now not need to be called.
crypto: omap-sham - hash-in-progress is stored in hw format
crypto: omap-sham - FLAGS_FIRST is redundant and removed
crypto: omap-sham - zero-copy scatterlist handling
crypto: omap-aes - DMA initialization fixes for OMAP off mode
crypto: omap-aes - redundant locking is removed
crypto: omap-aes - error handling implementation improved
crypto: omap-aes - unnecessary code removed
crypto: omap-aes - initialize aes module once per request
crypto: omap-aes - checkpatch --file warning fixes
crypto: omap-sham - backlog handling fix

Herbert Xu (10):
crypto: hash - Fix async import on shash algorithm
net - Add AF_ALG macros
crypto: af_alg - User-space interface for Crypto API
crypto: algif_hash - User-space interface for hash operations
crypto: algif_skcipher - User-space interface for skcipher operations
crypto: algif_skcipher - Pass on error from af_alg_make_sg
crypto: af_alg - Add dependency on NET
crypto: algif_skcipher - Fixed overflow when sndbuf is page aligned
crypto: algif_skcipher - Handle unaligned receive buffer
crypto: gf128mul - Remove experimental tag

Joe Perches (1):
crypto: Use vzalloc

Mathias Krause (2):
crypto: aesni-intel - Ported implementation to x86-32
crypto: aesni-intel - Fixed build error on x86-32

Miloslav Trmač (3):
include: Install linux/if_alg.h for user-space crypto API
net: Add missing lockdep class names for af_alg
crypto: af_alg - Make sure sk_security is initialized on accept()ed sockets

Nicolas Kaiser (1):
crypto: cast5 - simplify if-statements

Randy Dunlap (1):
crypto: af_alg - fix af_alg memory_allocated data type

Roel Kluin (1):
crypto: mv_cesa - dont return PTR_ERR() of wrong pointer

Steffen Klassert (2):
crypto: scatterwalk - Add scatterwalk_crypto_chain helper
crypto: Use scatterwalk_crypto_chain

Tadeusz Struk (2):
crypto: aesni-intel - RFC4106 AES-GCM Driver Using Intel New Instructions
crypto: aesni-intel - Fixed build with binutils 2.16

Tejun Heo (1):
crypto: mark crypto workqueues CPU_INTENSIVE

Tracey Dent (1):
crypto: Makefile clean up

Linus Torvalds

unread,

Jan 6, 2011, 1:10:02 PM1/6/11

to

On Wed, Jan 5, 2011 at 4:01 PM, Herbert Xu <her...@gondor.hengli.com.au> wrote:
>
> * Crypto API interface for user-space (hash + skcipher)

Is there really any point to this? And can we get more explanation of
what the interface is, and who would use it?

If you need crypto in user space, it's almost invariably better done
in user space. If the CPU can do crypto on its own, and doesn't expose
those instructions to user space, it's just a stupid CPU - and the
user/kernel transfer is likely going to make it slower than a pure
software approach for any but the biggest transfers.

And if the crypto engine is off-chip, the sw version is going to be
faster anyway except for possible async versions that are hard to
interface to user space.

So I really need more convincing about the whole user-space interface.
Adding new interfaces willy-nilly isn't a good idea. They need damn
good reasons.

Linus

Herbert Xu

unread,

Jan 6, 2011, 4:20:02 PM1/6/11

to

On Thu, Jan 06, 2011 at 10:05:46AM -0800, Linus Torvalds wrote:
>
> Is there really any point to this? And can we get more explanation of
> what the interface is, and who would use it?

I think you've answered it yourself in the third paragraph :)

> If you need crypto in user space, it's almost invariably better done
> in user space. If the CPU can do crypto on its own, and doesn't expose
> those instructions to user space, it's just a stupid CPU - and the
> user/kernel transfer is likely going to make it slower than a pure
> software approach for any but the biggest transfers.

I agree completely.

> And if the crypto engine is off-chip, the sw version is going to be
> faster anyway except for possible async versions that are hard to
> interface to user space.
>
> So I really need more convincing about the whole user-space interface.
> Adding new interfaces willy-nilly isn't a good idea. They need damn
> good reasons.

Right. This purpose of this interface is to access the async
hardware crypto drivers that we have added over the past years.

For a modern x86-64 CPU it isn't interesting at all. It's mainly
for other architectures where the CPU may not be able to keep up
with say 10Gb/s IPsec traffic and the encryption and/or hashing
must be offloaded.

This is also why only hash and skcipher are supported as they
are the main algorithm types supported by teh current async
drivers in the kernel.

Cheers,

--
Email: Herbert Xu <her...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Linus Torvalds

unread,

Jan 6, 2011, 4:30:01 PM1/6/11

to

On Thu, Jan 6, 2011 at 1:16 PM, Herbert Xu <her...@gondor.hengli.com.au> wrote:
> On Thu, Jan 06, 2011 at 10:05:46AM -0800, Linus Torvalds wrote:
>>
>> Is there really any point to this? And can we get more explanation of
>> what the interface is, and who would use it?
>
> I think you've answered it yourself in the third paragraph :)

No I didn't.

What part of "can we get more explanation of what the interface is" is unclear?

Explanations of interface. Code. Who uses it? What are the actual
performance benefits on real code?

Quite frankly, asynchronous external devices using DMA or similar are
seldom real performance improvements. The bus and cache traffic tends
to overwhelm any other advantage, and commonly the result is (a) lower
performance with (b) better-looking profiles.

But "better-looking profiles" isn't actually a real advantage.

And I really do want to hear about new kernel interfaces. What _are_
the interfaces, and what are the advantages to them.

Linus

Herbert Xu

unread,

Jan 6, 2011, 4:40:01 PM1/6/11

to

On Thu, Jan 06, 2011 at 01:23:19PM -0800, Linus Torvalds wrote:
>
> Explanations of interface. Code. Who uses it? What are the actual
> performance benefits on real code?

You snipped out the bit in my reply where I expanded on it:

: Right. This purpose of this interface is to access the async

: hardware crypto drivers that we have added over the past years.
:
: For a modern x86-64 CPU it isn't interesting at all. It's mainly
: for other architectures where the CPU may not be able to keep up
: with say 10Gb/s IPsec traffic and the encryption and/or hashing
: must be offloaded.
:
: This is also why only hash and skcipher are supported as they
: are the main algorithm types supported by teh current async
: drivers in the kernel.

The interface is meant to be used by those whose CPU either cannot
provide adequate performance for encryption/hashing, or where they
need to preverse the CPU power for other tasks. This is most
likely to be used on a non-x86 architecture, as most of our async
crypto drivers are for non-x86 architectures.

Users can be anything performing bulk encryptiong/hashing in user-
space, e.g., SSL (although there are plans to implement SSL in
the kernel as well), SSH, etc.

Here is the original cover email for the patches:

: On Tue, Sep 07, 2010 at 04:42:13PM +0800, Herbert Xu wrote:
: >
: > This is what I am proposing for the Crypto API user-interface.
: >
: > Note that this is the interface for operations. There will be
: > a separate interface (most likely netlink) for configuring crypto
: > algorithms, e.g., picking a specific AES implementation as the
: > system default.
:
: OK I've gone ahead and implemented the user-space API for hashes
: and ciphers.
:
: To recap this interface is designed to allow user-space programs
: to access hardware cryptographic accelerators that we have added
: to the kernel.
:
: The intended usage scenario is where a large amount of data needs
: to be processed where the benefits offered by hardware acceleration
: that is normally unavailable in user-space (as opposed to ones
: such as the Intel AES instruction which may be used directly from
: user-space) outweigh the overhead of going through the kernel.
:
: In order to further minimise the overhead in these cases, this
: interface offers the option of avoiding copying data between
: user-space and the kernel where possible and appropriate. For
: ciphers this means the use of the splice(2) interface instead of
: sendmsg(2)
:
: Here is a sample hash program (note that these only illustrate
: what the interface looks like and are not meant to be good examples
: of coding :)
:
: int main(void)
: {
: int opfd;
: int tfmfd;
: struct sockaddr_alg sa = {
: .salg_family = AF_ALG,
: .salg_type = "hash",
: .salg_name = "sha1"
: };
: char buf[20];
: int i;
:
: tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
:
: bind(tfmfd, (struct sockaddr *)&sa, sizeof(sa));
:
: opfd = accept(tfmfd, NULL, 0);
:
: write(opfd, "abc", 3);
: read(opfd, buf, 20);
:
: for (i = 0; i < 20; i++) {
: printf("%02x", (unsigned char)buf[i]);
: }
: printf("\n");
:
: close(opfd);
: close(tfmfd);
:
: return 0;
: }
:
: And here is one for ciphers:
:
: int main(void)
: {
: int opfd;
: int tfmfd;
: struct sockaddr_alg sa = {
: .salg_family = AF_ALG,
: .salg_type = "skcipher",
: .salg_name = "cbc(aes)"
: };
: struct msghdr msg = {};
: struct cmsghdr *cmsg;
: char cbuf[CMSG_SPACE(4) + CMSG_SPACE(20)];
: char buf[16];
: struct af_alg_iv *iv;
: struct iovec iov;
: int i;
:
: tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
:
: bind(tfmfd, (struct sockaddr *)&sa, sizeof(sa));
:
: setsockopt(tfmfd, SOL_ALG, ALG_SET_KEY,
: "\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
: "\x51\x2e\x03\xd5\x34\x12\x00\x06", 16);
:
: opfd = accept(tfmfd, NULL, 0);
:
: msg.msg_control = cbuf;
: msg.msg_controllen = sizeof(cbuf);
:
: cmsg = CMSG_FIRSTHDR(&msg);
: cmsg->cmsg_level = SOL_ALG;
: cmsg->cmsg_type = ALG_SET_OP;
: cmsg->cmsg_len = CMSG_LEN(4);
: *(__u32 *)CMSG_DATA(cmsg) = ALG_OP_ENCRYPT;
:
: cmsg = CMSG_NXTHDR(&msg, cmsg);
: cmsg->cmsg_level = SOL_ALG;
: cmsg->cmsg_type = ALG_SET_IV;
: cmsg->cmsg_len = CMSG_LEN(20);
: iv = (void *)CMSG_DATA(cmsg);
: iv->ivlen = 16;
: memcpy(iv->iv, "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
: "\xb4\x22\xda\x80\x2c\x9f\xac\x41", 16);
:
: iov.iov_base = "Single block msg";
: iov.iov_len = 16;
:
: msg.msg_iov = &iov;
: msg.msg_iovlen = 1;
:
: sendmsg(opfd, &msg, 0);
: read(opfd, buf, 16);
:
: for (i = 0; i < 16; i++) {
: printf("%02x", (unsigned char)buf[i]);
: }
: printf("\n");
:
: close(opfd);
: close(tfmfd);
:
: return 0;
: }

Cheers,
--
Email: Herbert Xu <her...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Herbert Xu

unread,

Jan 6, 2011, 5:00:02 PM1/6/11

to

On Thu, Jan 06, 2011 at 04:46:02PM -0500, Pavel Roskin wrote:
>
> Are there any chances AEAD will be supported? Is the API extendable to
> allow that?

Yes we can support AEAD. However, as there weren't any existing
user-space users that could benefit immediately, I have not added
it at this point in time.

When combined-mode support in async hardware becomes more common
this could change of course.

Linus Torvalds

unread,

Jan 6, 2011, 5:20:01 PM1/6/11

to

On Thu, Jan 6, 2011 at 1:39 PM, Herbert Xu <her...@gondor.hengli.com.au> wrote:
> On Thu, Jan 06, 2011 at 01:23:19PM -0800, Linus Torvalds wrote:
>>
>> Explanations of interface. Code. Who uses it? What are the actual
>> performance benefits on real code?
>
> You snipped out the bit in my reply where I expanded on it:

You didn't expand on it AT ALL.

You just mentioned "the interface". I haven't seen WHAT THAT INTERFACE IS!

How hard is that to understand?

> Here is the original cover email for the patches:

Ok, this is more like it. This is roughly what I wanted to see:

> : Here is a sample hash program (note that these only illustrate
> : what the interface looks like and are not meant to be good examples
> : of coding :)

But I'm still missing the part where you show that there is any actual
use case that makes sense, and that actually improves performance.
Maybe it's been posted somewhere else, but the thing is, you're asking
_me_ to pull, and as a result you need to convince _me_ that this is a
good idea. So if it's been posted/discussed extensively elsewhere,
please point to those discussions.

I really don't like adding interfaces that don't have hard uses
associated with them. We've done it in the past, and it tends to be a
morass and a bad idea. That's been true even when the idea has been my
own, and thus obviously genius-level and clearly the RightThing(tm),
like "splice()". And it's why I push back on new interfaces when I see
them.

Btw, it doesn't have to be about performance per se. Does this allow
people to use keys without actually _seeing_ those keys? Your example
implies that that is not the case, but that's actually one of the few
reasons to actually support a kernel crypto interface - the ability to
have private personal keys around, but not having to actually let
possibly untrusted programs see them.

For example of why something like that matters, I can well see myself
using some program to encrypt things. But maybe I don't trust that
program enough to give it my actual private keys. In that case, kernel
support is a real feature.

But in your example, it looks like you just give it the key. Which to
me means that you're totally missing one of the major reasons for
having a separate protection domain.

And that makes me think that the interface is bad. And that's why it's
a big change to go from "internal kernel crypto interface" to "actual
user-space interface to the kernel crypto engine". The first one can
be fixed. The second one cannot.

So I'm not necessarily hung up on "performance", but I am hung up on
"there needs to be a point", and "the interface needs to be
-correct-". Performance would be one such point. Not just 'the
hardware is there'. I know the hardware exists, but I'm not at all
convinced that DMA with all the cacheflushing will ever actully be
faster the the CPU. And if it can, I want to hear about the real-world
situation where it actually is used.

Linus

David Miller

unread,

Jan 6, 2011, 5:40:01 PM1/6/11

to

From: Herbert Xu <her...@gondor.apana.org.au>
Date: Fri, 7 Jan 2011 09:30:42 +1100

> On Thu, Jan 06, 2011 at 02:13:17PM -0800, Linus Torvalds wrote:
>>
>> But I'm still missing the part where you show that there is any actual
>> use case that makes sense, and that actually improves performance.
>> Maybe it's been posted somewhere else, but the thing is, you're asking
>> _me_ to pull, and as a result you need to convince _me_ that this is a
>> good idea. So if it's been posted/discussed extensively elsewhere,
>> please point to those discussions.
>

> The main use-case is bulk encryption/hashing in user-space. For
> example, on Sparc Niagara2 you need to use SPU (Stream Processing
> Unit) in order to do crypto at 10Gb/s over the network. Because
> of the hardware design, it is difficult to make use of the SPU
> directly in user-space, unless you dedicate the SPU to one single
> thread/user.

The N2 SPU is not accessible at all from userspace.

> However, this is something that has been considered and can be
> easily added. The idea is to first add symmetric key storage
> capability to the existing in-kernel keyring API. Once that is
> done we can easily add a new setsockopt to the crypto user-interface
> that retrieves the key from the kernel keyring instead of getting
> it directly from user-space.

That indeed would be real interesting.

Herbert Xu

unread,

Jan 6, 2011, 6:00:02 PM1/6/11

to

On Thu, Jan 06, 2011 at 02:43:35PM -0800, Linus Torvalds wrote:
>
> Can you do the "bypass directly to the TCP stream" with the interface
> you added? It isn't at all obvious how it would work.

Yes it can. The interface allows zero-copy in both directions
using the splice interface. Here is a sample program demonstrating
zero-copy in-place encryption. It doesn't send the result over TCP
but I'm sure you can imagine what that would look like.

Note that the final read(2) looks like it copies, but it doesn't.
The read(2) will setup SG lists using the user-space address and
place the encryption result in there directly. In this case as
the source/destination addresses are identical, it performs in-place
encryption.

#include <fcntl.h>
#include <stdio.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <linux/splice.h>
#include <linux/types.h>
#include <linux/af_alg.h>

static char buf[4096] __attribute__((__aligned__(4096)));

int main(void)
{
int opfd;
int tfmfd;
struct sockaddr_alg sa = {
.salg_family = AF_ALG,
.salg_type = "skcipher",
.salg_name = "cbc(aes)"
};
struct msghdr msg = {};
struct cmsghdr *cmsg;
char cbuf[CMSG_SPACE(4) + CMSG_SPACE(20)];

struct aes_iv {
__u32 len;
__u8 iv[16];

} *iv;
struct iovec iov;
int i;

int pipes[2];

pipe(pipes);

tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);

bind(tfmfd, (struct sockaddr *)&sa, sizeof(sa));

setsockopt(tfmfd, SOL_ALG, ALG_SET_KEY,
"\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
"\x51\x2e\x03\xd5\x34\x12\x00\x06", 16);

opfd = accept(tfmfd, NULL, 0);

msg.msg_control = cbuf;
msg.msg_controllen = sizeof(cbuf);

cmsg = CMSG_FIRSTHDR(&msg);
cmsg->cmsg_level = SOL_ALG;
cmsg->cmsg_type = ALG_SET_OP;
cmsg->cmsg_len = CMSG_LEN(4);
*(__u32 *)CMSG_DATA(cmsg) = ALG_OP_ENCRYPT;

cmsg = CMSG_NXTHDR(&msg, cmsg);
cmsg->cmsg_level = SOL_ALG;
cmsg->cmsg_type = ALG_SET_IV;
cmsg->cmsg_len = CMSG_LEN(20);
iv = (void *)CMSG_DATA(cmsg);

iv->len = 16;

memcpy(iv->iv, "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
"\xb4\x22\xda\x80\x2c\x9f\xac\x41", 16);

memcpy(buf, "Single block msg", 16);

iov.iov_base = buf;
iov.iov_len = 4096;

msg.msg_iovlen = 0;
msg.msg_flags = MSG_MORE;

sendmsg(opfd, &msg, 0);
vmsplice(pipes[1], &iov, 1, SPLICE_F_GIFT);
splice(pipes[0], NULL, opfd, NULL, 16, 0);
read(opfd, buf, 16);

for (i = 0; i < 16; i++) {
printf("%02x", (unsigned char)buf[i]);
}
printf("\n");

close(opfd);
close(tfmfd);

return 0;

Cheers,
--
Email: Herbert Xu <her...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Mihai Donțu

unread,

Jan 6, 2011, 6:10:01 PM1/6/11

to

On Thursday 06 January 2011 23:46:02 Pavel Roskin wrote:

> On 01/06/2011 04:16 PM, Herbert Xu wrote:
> > This is also why only hash and skcipher are supported as they
> > are the main algorithm types supported by teh current async
> > drivers in the kernel.
>

> Are there any chances AEAD will be supported? Is the API extendable to
> allow that?
>

> If I remember correctly, the original patch was simply a port of FreeBSD
> /dev/crypto, which doesn't support AEAD.

If it's meant to work like the FreeBSD /dev/crypto, then maybe this[1] paper
is worth mentionning, which includes some performance numbers. There was a
single thing that drew my attention, from "Drawbacks and problems [of
userspace crypto]": "Lots of scary code-duplication".

[1] http://www.paeps.cx/pubs/crypto_acceleration/slides.pdf

--
Mihai Donțu

Linus Torvalds

unread,

Jan 6, 2011, 6:30:02 PM1/6/11

to

On Thu, Jan 6, 2011 at 2:53 PM, Herbert Xu <her...@gondor.hengli.com.au> wrote:
> On Thu, Jan 06, 2011 at 02:43:35PM -0800, Linus Torvalds wrote:
>>
>> Can you do the "bypass directly to the TCP stream" with the interface
>> you added? It isn't at all obvious how it would work.
>
> Yes it can. �The interface allows zero-copy in both directions
> using the splice interface. �Here is a sample program demonstrating
> zero-copy in-place encryption. �It doesn't send the result over TCP
> but I'm sure you can imagine what that would look like.

Ok. So can we actually get numbers for this?

Put another way: I really really REALLY don't want to merge new
user-space interfaces that don't actually work in reality. But if this
allows direct encryption to a network interface, and it actually is
able to saturate 10Gb on niagara (unlike a user-mode encryption thing,
I assume, since those things are dog slow), then that would certainly
be a good real-life test.

But I really don't want to merge it unless it has had at least
real-life testing of actually doing better than regular sw user-space
encryption.

I realize that on PC's, it's unlikely to ever help. So I'm not asking
for "show me how this helps on my hardware". But I do want to get some
case on _some_ actual hardware where it works on a real load.

Linus

Herbert Xu

unread,

Jan 6, 2011, 7:20:02 PM1/6/11

to

On Thu, Jan 06, 2011 at 03:25:32PM -0800, Linus Torvalds wrote:
>
> Ok. So can we actually get numbers for this?

As you alluded to, we need real non-x86 hardware to get some
proper numbers. Unfortunately I'm currently a continent away
from my async hardware so all I can give you are software
numbers.

Anyway, here is a test program that does a set number (1024 * 1024)
of 4096-byte (total 4GB) encryptions with libssl and kernel crypto.
The result on my Core 2 (in a KVM VM FWIW) is:

lenny0:~# time ./test_crypto > /dev/null

real 0m30.340s
user 0m0.172s
sys 0m30.166s
lenny0:~# time ./test_crypto software > /dev/null

real 0m34.555s
user 0m34.550s
sys 0m0.004s
lenny0:~#

I'm not claiming these numbers make any sense but this is just
a ballpark figure.

Dave, can you run this program on your N2 and see what it shows?

#include <fcntl.h>
#include <openssl/aes.h>

#include <stdio.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/types.h>

#include <linux/types.h>

#define AF_ALG 38
#define SOL_ALG 279

#define SPLICE_F_GIFT (0x08) /* pages passed in are a gift */

struct sockaddr_alg {
__u16 salg_family;
__u8 salg_type[14];
__u32 salg_feat;
__u32 salg_mask;
__u8 salg_name[64];
};

struct af_alg_iv {
__u32 ivlen;
__u8 iv[0];
};

/* Socket options */
#define ALG_SET_KEY 1
#define ALG_SET_IV 2
#define ALG_SET_OP 3

/* Operations */
#define ALG_OP_DECRYPT 0
#define ALG_OP_ENCRYPT 1

static char buf[4096] __attribute__((__aligned__(4096)));

static void crypt_ssl(const char *key, char *iv, int i)
{
AES_KEY akey;

AES_set_encrypt_key(key, 128, &akey);

while (i--)
AES_cbc_encrypt(buf, buf, 4096, &akey, iv, 1);
}

static void crypt_kernel(const char *key, char *oiv, int i)

{
int opfd;
int tfmfd;
struct sockaddr_alg sa = {
.salg_family = AF_ALG,
.salg_type = "skcipher",
.salg_name = "cbc(aes)"
};
struct msghdr msg = {};
struct cmsghdr *cmsg;

char cbuf[CMSG_SPACE(4) + CMSG_SPACE(20)] = {};

struct aes_iv {
__u32 len;
__u8 iv[16];
} *iv;
struct iovec iov;

int pipes[2];

pipe(pipes);

tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);

bind(tfmfd, (struct sockaddr *)&sa, sizeof(sa));

setsockopt(tfmfd, SOL_ALG, ALG_SET_KEY, key, 16);

opfd = accept(tfmfd, NULL, 0);

msg.msg_control = cbuf;
msg.msg_controllen = sizeof(cbuf);

cmsg = CMSG_FIRSTHDR(&msg);
cmsg->cmsg_level = SOL_ALG;
cmsg->cmsg_type = ALG_SET_OP;
cmsg->cmsg_len = CMSG_LEN(4);
*(__u32 *)CMSG_DATA(cmsg) = ALG_OP_ENCRYPT;

cmsg = CMSG_NXTHDR(&msg, cmsg);
cmsg->cmsg_level = SOL_ALG;
cmsg->cmsg_type = ALG_SET_IV;
cmsg->cmsg_len = CMSG_LEN(20);
iv = (void *)CMSG_DATA(cmsg);
iv->len = 16;

memcpy(iv->iv, oiv, 16);

iov.iov_base = buf;
iov.iov_len = 4096;

msg.msg_iovlen = 0;
msg.msg_flags = MSG_MORE;

while (i--) {

sendmsg(opfd, &msg, 0);
vmsplice(pipes[1], &iov, 1, SPLICE_F_GIFT);

splice(pipes[0], NULL, opfd, NULL, 4096, 0);
read(opfd, buf, 4096);
}

close(opfd);
close(tfmfd);
close(pipes[0]);
close(pipes[1]);
}

int main(int argc, char **argv)
{
int i;

const char key[16] =

"\x06\xa9\x21\x40\x36\xb8\xa1\x5b"

"\x51\x2e\x03\xd5\x34\x12\x00\x06";
char iv[16] =

"\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"

"\xb4\x22\xda\x80\x2c\x9f\xac\x41";

memcpy(buf, "Single block msg", 16);

if (argc > 1)
crypt_ssl(key, iv, 1024 * 1024);
else
crypt_kernel(key, iv, 1024 * 1024);

for (i = 0; i < 4096; i++) {

printf("%02x", (unsigned char)buf[i]);
}
printf("\n");

return 0;
}

Thanks,

--
Email: Herbert Xu <her...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Pavel Roskin

unread,

Jan 6, 2011, 9:40:02 PM1/6/11

to

Quoting Herbert Xu <her...@gondor.apana.org.au>:

> setsockopt(tfmfd, SOL_ALG, ALG_SET_KEY,
> "\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
> "\x51\x2e\x03\xd5\x34\x12\x00\x06", 16);

By the way, is it a good idea to use setsockopt() this way? Some keys
may be large. And if AEAD is supported, will it use setsockopt() for
the unencrypted authenticated data?

Maybe some variation of write() or sendto() would be more appropriate?

--
Regards,
Pavel Roskin

David Miller

unread,

Jan 6, 2011, 9:50:01 PM1/6/11

to

From: Herbert Xu <her...@gondor.apana.org.au>
Date: Fri, 7 Jan 2011 11:14:59 +1100

> Anyway, here is a test program that does a set number (1024 * 1024)
> of 4096-byte (total 4GB) encryptions with libssl and kernel crypto.
> The result on my Core 2 (in a KVM VM FWIW) is:
>
> lenny0:~# time ./test_crypto > /dev/null
>
> real 0m30.340s
> user 0m0.172s
> sys 0m30.166s
> lenny0:~# time ./test_crypto software > /dev/null
>
> real 0m34.555s
> user 0m34.550s
> sys 0m0.004s
> lenny0:~#
>
> I'm not claiming these numbers make any sense but this is just
> a ballpark figure.
>
> Dave, can you run this program on your N2 and see what it shows?

Sure, here goes, BTW I had to change the buffer size to 8192 since
vmsplice requires page aligned operation (I was getting -EINVAL
otherwise):

davem@maramba:~$ time ./crypto_user_test >/dev/null

real 0m46.586s
user 0m3.280s
sys 0m43.230s
davem@maramba:~$ time ./crypto_user_test software >/dev/null

real 10m40.336s
user 10m40.540s
sys 0m0.000s
davem@maramba:~$

What's that, something like a factor of 13 faster? :-)

Herbert Xu

unread,

Jan 6, 2011, 10:10:02 PM1/6/11

to

On Thu, Jan 06, 2011 at 09:39:28PM -0500, Pavel Roskin wrote:
>
> By the way, is it a good idea to use setsockopt() this way? Some keys
> may be large. And if AEAD is supported, will it use setsockopt() for
> the unencrypted authenticated data?

For large keys (i.e., asymmetric key crypto) the kernel keyring API
would be the obvious way of passing them around.

For AEAD the AD would be passed around through send/splice.

Cheers,
--
Email: Herbert Xu <her...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Herbert Xu

unread,

Jan 6, 2011, 10:10:02 PM1/6/11

to

On Thu, Jan 06, 2011 at 06:43:02PM -0800, David Miller wrote:
>
> davem@maramba:~$ time ./crypto_user_test >/dev/null
>
> real 0m46.586s
> user 0m3.280s
> sys 0m43.230s
> davem@maramba:~$ time ./crypto_user_test software >/dev/null
>
> real 10m40.336s
> user 10m40.540s
> sys 0m0.000s
> davem@maramba:~$
>
> What's that, something like a factor of 13 faster? :-)

Heh, I missed the leading 1 in your second result and was about
to spill my drink :)

Thanks!

--
Email: Herbert Xu <her...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Neil Horman

unread,

Jan 7, 2011, 7:10:02 AM1/7/11

to

On Thu, Jan 06, 2011 at 02:13:17PM -0800, Linus Torvalds wrote:

This actually is an indirect feature of this interface. Using it, you can open
a algorithm socket, select a specific alg, assign a key, and then pass that
socket descriptor over a unix socket to an another process using an
SCM_RIGHTS ancilliary message. The receiving process can then use children
acceppted from that passed socket to preform the configured crypto operation
without any knoweldge of the keys used in it. I can write a demo app if you
like.

Regards
Neil

Nikos Mavrogiannopoulos

unread,

Jan 8, 2011, 8:30:02 AM1/8/11

to

On Fri, Jan 7, 2011 at 2:04 PM, Neil Horman <nho...@tuxdriver.com> wrote:

>> Btw, it doesn't have to be about performance per se. Does this allow
>> people to use keys without actually _seeing_ those keys? Your example
>> implies that that is not the case, but that's actually one of the few
>> reasons to actually support a kernel crypto interface - the ability to
>> have private personal keys around, but not having to actually let
>> possibly untrusted programs see them.
> This actually is an indirect feature of this interface. Using it, you can open
> a algorithm socket, select a specific alg, assign a key, and then pass that
> socket descriptor over a unix socket to an another process using an
> SCM_RIGHTS ancilliary message. The receiving process can then use children
> acceppted from that passed socket to preform the configured crypto operation
> without any knoweldge of the keys used in it. I can write a demo app if you
> like.

Several things have to be considered when extending an interface like
that. For example, do the algorithm implementations protect against
timing attacks, or keys can be recovered, using them? What is the
purpose of cryptographic key separation? If long term keys are to be
protected, then it makes sense to support RSA, DSA keys in addition to
symmetric keys (e.g. microsoft only supports assymetric keys for
separation, since symmetric ones are rarely used as long term keys -
[in TLS-PSK]).

Some of these issues are discussed in my report on a user-space crypto
interface that specifically targeted separation and speed at [0].

regards,
Nikos

[0]. https://www.cosic.esat.kuleuven.be/publications/article-1490.pdf

Neil Horman

unread,

Jan 10, 2011, 7:10:02 AM1/10/11

to

On Sat, Jan 08, 2011 at 03:23:04PM +0200, Nikos Mavrogiannopoulos wrote:
> On Fri, Jan 7, 2011 at 2:04 PM, Neil Horman <nho...@tuxdriver.com> wrote:
>
> >> Btw, it doesn't have to be about performance per se. Does this allow
> >> people to use keys without actually _seeing_ those keys? Your example
> >> implies that that is not the case, but that's actually one of the few
> >> reasons to actually support a kernel crypto interface - the ability to
> >> have private personal keys around, but not having to actually let
> >> possibly untrusted programs see them.
> > This actually is an indirect feature of this interface. Using it, you can open
> > a algorithm socket, select a specific alg, assign a key, and then pass that
> > socket descriptor over a unix socket to an another process using an
> > SCM_RIGHTS ancilliary message. The receiving process can then use children
> > acceppted from that passed socket to preform the configured crypto operation
> > without any knoweldge of the keys used in it. I can write a demo app if you
> > like.
>
> Several things have to be considered when extending an interface like
> that. For example, do the algorithm implementations protect against
> timing attacks, or keys can be recovered, using them? What is the

No, the kernel does not implement any protection against timing attacks in the
algorithms per-se, but preforming a timing attack against a kernel crypto
operation is going to be near impossible anyway, as precise timing measurements
are going to get obscured by interupts, scheduling jitter, lock contention, and
various other factors that will make measuring syscall time fairly useless.

> purpose of cryptographic key separation? If long term keys are to be

My only purpose was to answer Linus' question. He wondered if other user space
programs could use instances of cyrpto algs over this interface without needing
to hold key data. I was illustrating how that could be done.

Neil

Dag Arne Osvik

unread,

Jan 10, 2011, 2:20:03 PM1/10/11

to

Let me just point out that this is not near impossible at all; instead it has already been done more than 6 years ago. And it's not only syscall time that leaks information. One practical example is recovery of a full AES key in a couple of seconds, using cache attacks against an encrypted file system. AES-NI is immune to this kind of attack, but other algorithms typically implemented using lookup tables are at risk.

Dag Arne

Herbert Xu

unread,

Jan 12, 2011, 8:50:01 PM1/12/11

to

Hi Linus:

Here is an updated to the crypto pull request for 2.6.38:

* Crypto API interface for user-space (hash + skcipher)

This interface is intended to provide access of kernel
hardware crypto drivers to user-space applications. It
presents the kernel crypto API via a socket interface.

It is only meant to be used for bulk crypto operations,
i.e., if you're doing less than a page's worth of data,
then this is not for you.

For bulk data processing the performance is similar to
that in the kernel when zero-copy is used in both
directions.

* Memory corruption fix for via_rng.

* Fixes for new OMAP driver.
* 32-bit support in aesni-intel.
* GCM support in aesni-intel.
* Misc fixes.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Adrian Hoban (1):
crypto: rfc4106 - Extending the RC4106 AES-GCM test vectors

Adrian-Ken Rueegsegger (1):
crypto: ripemd - Set module author and update email address

Dennis Gilmore (1):
crypto: n2 - use __devexit not __exit in n2_unregister_algs

Dmitry Kasatkin (15):
crypto: omap-sham - uses digest buffer in request context
crypto: omap-sham - DMA initialization fixes for off mode
crypto: omap-sham - error handling improved
crypto: omap-sham - removed redundunt locking
crypto: omap-sham - crypto_ahash_final() now not need to be called.
crypto: omap-sham - hash-in-progress is stored in hw format
crypto: omap-sham - FLAGS_FIRST is redundant and removed
crypto: omap-sham - zero-copy scatterlist handling
crypto: omap-aes - DMA initialization fixes for OMAP off mode
crypto: omap-aes - redundant locking is removed
crypto: omap-aes - error handling implementation improved
crypto: omap-aes - unnecessary code removed
crypto: omap-aes - initialize aes module once per request
crypto: omap-aes - checkpatch --file warning fixes
crypto: omap-sham - backlog handling fix

Herbert Xu (13):

crypto: hash - Fix async import on shash algorithm
net - Add AF_ALG macros
crypto: af_alg - User-space interface for Crypto API
crypto: algif_hash - User-space interface for hash operations
crypto: algif_skcipher - User-space interface for skcipher operations
crypto: algif_skcipher - Pass on error from af_alg_make_sg
crypto: af_alg - Add dependency on NET
crypto: algif_skcipher - Fixed overflow when sndbuf is page aligned
crypto: algif_skcipher - Handle unaligned receive buffer
crypto: gf128mul - Remove experimental tag

hwrng: via_rng - Fix asm constraints
crypto: padlock - Move padlock.h into include/crypto
hwrng: via_rng - Fix memory scribbling on some CPUs

arch/x86/crypto/aesni-intel_asm.S | 1832 ++++++++++++++++++++++++++++++++-
arch/x86/crypto/aesni-intel_glue.c | 540 ++++++++++-

crypto/Kconfig | 34 +-
crypto/Makefile | 17 +-
crypto/af_alg.c | 483 +++++++++

crypto/algif_hash.c | 319 ++++++
crypto/algif_skcipher.c | 632 ++++++++++++

drivers/char/hw_random/via-rng.c | 10 +-
drivers/crypto/mv_cesa.c | 2 +-
drivers/crypto/n2_core.c | 2 +-
drivers/crypto/omap-aes.c | 260 +++---
drivers/crypto/omap-sham.c | 374 ++++---
drivers/crypto/padlock-aes.c | 2 +-
drivers/crypto/padlock-sha.c | 8 +-
include/crypto/if_alg.h | 92 ++
{drivers => include}/crypto/padlock.h | 8 +-

37 files changed, 4779 insertions(+), 464 deletions(-)

Herbert Xu

unread,

Feb 16, 2011, 12:40:02 AM2/16/11

to

Hi Linus:

This push fixes an ancient bug in s390's implementation of SHA
that manifests itself only under certain conditions. This bug
causes the generation of incorrect hashes, and potentially memory
corruption.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Herbert Xu (1):
crypto: sha-s390 - Reset index after processing partial block

arch/s390/crypto/sha_common.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)

Herbert Xu

unread,

Mar 15, 2011, 11:10:02 AM3/15/11

to

Hi Linus:

Here is the crypto update for 2.6.39:

* New picoxcell crypto driver.
* New picoxcell RNG driver.
* Added SHA test vectors to detect bugs such as the recent one on s390.
* Memory leaks fixes on error path in aesni-intel.
* xts(aes) and ghash are now available in FIPS mode.
* Misc fixes.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

David Sterba (1):
crypto: tcrypt - do not attempt to write to readonly variable

Davidlohr Bueso (1):
crypto: skcipher - remove redundant NULL check

Herbert Xu (1):
crypto: sha1 - Add test vector to test partial block processing

Jamie Iles (4):
hwrng: pixocell - add support for picoxcell TRNG
crypto: omap-aes - don't treat NULL clk as an error
crypto: omap-sham - don't treat NULL clk as an error
crypto: picoxcell - add support for the picoxcell crypto engines

Jarod Wilson (3):
crypto: testmgr - mark xts(aes) as fips_allowed
crypto: testmgr - mark ghash as fips_allowed
random: update interface comments to reflect reality

Jesper Juhl (2):
crypto: aesni-intel - Don't leak memory in rfc4106_set_hash_subkey
crypto: aesni-intel - Fix remaining leak in rfc4106_set_hash_key

Julia Lawall (1):
hwrng: omap - Convert release_resource to release_region/release_mem_region

Herbert Xu

unread,

Mar 28, 2011, 3:20:02 AM3/28/11

to

Hi Linus:

This push fixes a bug in the aesni-intel driver that may cause
incorrect results for certain input sizes.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Tadeusz Struk (1):
crypto: aesni-intel - fixed problem with packets that are not multiple of 64bytes

arch/x86/crypto/aesni-intel_asm.S | 5 ++++-
arch/x86/crypto/aesni-intel_glue.c | 14 ++++++++++++--
2 files changed, 16 insertions(+), 3 deletions(-)

Herbert Xu

unread,

May 20, 2011, 8:00:02 PM5/20/11

to

Hi Linus:

Here is the crypto update for 2.6.40:

* New Freescale SEC4/CAAM driver.
* New S5PV210 advanced crypto engine driver.
* Support for EMU chips on omap.
* SHA-128/256 support for VIA Nano.
* Native XTS/GHASH/CTR support on s390.
* New test vector for AES-OFB.
* Make aesni-intel build on 32-bit again.
* SHA1 fixes for omap.
* Bug fixes for mv_cesa.
* AMD RNG support on Maple PPC boards.
* Misc fixes.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Andy Lutomirski (1):
crypto: aesni-intel - Merge with fpu.ko

Brilly Wu (1):
crypto: padlock - Add SHA-1/256 module for VIA Nano

Dan Carpenter (2):
crypto: caam - dereferencing ERR_PTR on allocation failure
crypto: caam - ARRAY_SIZE() vs sizeof()

Dmitry Eremin-Solenikov (2):
hwrng: amd - manage resource allocation
hwrng: amd - enable AMD hw rnd driver for Maple PPC boards

Dmitry Kasatkin (3):
crypto: omap-sham - remove debug print
crypto: omap-sham - enable driver for EMU chips
crypto: omap-sham - hmac calculation bug fix for sha1 base hash

Gerald Schaefer (3):
crypto: s390 - add System z hardware support for XTS mode
crypto: s390 - add System z hardware support for GHASH
crypto: s390 - add System z hardware support for CTR mode

Jamie Iles (1):
crypto: picoxcell - fix possible status FIFO overflow

Jan Glauber (4):
crypto: s390 - extend crypto facility check
crypto: s390 - cleanup DES code
crypto: s390 - cleanup s390 Kconfig options
crypto: tcrypt - CTR mode speed test for AES

Julia Lawall (1):
crypto: caam - introduce missing kfree

Kim Phillips (13):
crypto: caam - Add support for the Freescale SEC4/CAAM
crypto: caam - standardize device tree naming convention to utilize '-vX.Y'
crypto: caam - de-CHIP-ify device tree compatibles
crypto: caam - handle interrupt lines shared across rings
crypto: caam - fix queue interface detection
crypto: caam - remove WAIT-FOR-COMPLETIONs from givencrypt descriptor
crypto: caam - remove duplicate dev_err
crypto: caam - remove unused keylen from session context
crypto: caam - fix printk recursion for long error texts
crypto: caam - platform_bus_type migration
crypto: caam - fix decryption shared vs. non-shared key setting
crypto: caam - remove unused authkeylen from caam_ctx
crypto: caam - add support for sha512 variants of existing AEAD algorithms

Markku Kylanpaa (1):
crypto: omap-sham - fix concurrent sha1 calculations

Phil Sutter (10):
crypto: mv_cesa - use ablkcipher_request_cast instead of the manual container_of
crypto: mv_cesa - the descriptor pointer register needs to be set just once
crypto: mv_cesa - drop this call to mv_hash_final from mv_hash_finup
crypto: mv_cesa - print a warning when registration of AES algos fail
crypto: mv_cesa - no need to save digest state after the last chunk
crypto: mv_cesa - refactor copy_src_to_buf()
crypto: mv_cesa - fill inner/outer IV fields only in HMAC case
crypto: mv_cesa - move digest state initialisation to a better place
crypto: mv_cesa - copy remaining bytes to SRAM only when needed
crypto: mv_cesa - make count_sgs() null-pointer proof

Puneet Saxena (1):
crypto: testmgr - add support for aes ofb mode

Randy Dunlap (1):
crypto: aesni-intel - fix aesni build on i386

Vladimir Zapolskiy (1):
crypto: s5p-sss - add S5PV210 advanced crypto engine support

Herbert Xu

unread,

Jun 29, 2011, 8:00:01 PM6/29/11

to

Hi Linus:

This push fixes a memory corruption bug due to undersized kmalloc
in the caam driver. The patch has actually been in my tree for
a month but I had incorrectly placed it in the tree for linux-next.
Sorry about that.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Kim Phillips (1):
crypto: caam - fix operator precedence in shared descriptor allocation

drivers/crypto/caam/caamalg.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)

Herbert Xu

unread,

Jul 23, 2011, 9:20:02 PM7/23/11

to

Hi Linus:

Here is the crypto update for 3.1:

* Support for AES/DES/3DES in caam.
* Improved AEAD support in caam.
* Added hardware SHA-224 support to s390.
* Added ppc4xx RNG driver.
* Updates to omap-sham driver.
* Updates to talitos driver.
* Added XTS-AES-256 test vectors.
* Misc fixes.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Dmitry Kasatkin (11):
crypto: omap-sham - remove extra reference
crypto: omap-sham - remove unused code
crypto: omap-sham - replace flags bit mask with bit number
crypto: omap-sham - replace flags operation with atomic bit operations
crypto: omap-sham - move some flags to device context
crypto: omap-sham - remove unnecessary local variable
crypto: omap-sham - remove dedicated queue handling tasklet
crypto: omap-sham - irq and dma handling changes
crypto: omap-sham - irq handler must not clear error code
crypto: omap-sham - clear device flags when finishing request
crypto: omap-sham - do not schedule tasklet if there is no active requests

Gustavo F. Padovan (1):
crypto: ghash-intel - Fix set but not used in ghash_async_setkey()

H Hartley Sweeten (1):
hwrng: timeriomem - use resource_size

Herbert Xu (1):
crypto: algif_hash - Handle initial af_alg_make_sg error correctly

Jan Glauber (1):
crypto: s390 - support hardware accelerated SHA-224

Jarod Wilson (1):
crypto: testmgr - add xts-aes-256 self-test

Josh Boyer (2):
crypto: crypto4xx - Perform read/modify/write on device control register
hwrng: ppc4xx - add support for ppc4xx TRNG

Julia Lawall (2):
hwrng: omap - add missing clk_put
hwrng: nomadik - add missing clk_put

Kim Phillips (5):
crypto: caam - fix build warning when DEBUG_FS not configured
crypto: talitos - ensure request ordering within a single tfm
crypto: talitos - don't set done notification in hot path
crypto: talitos - remove unused giv from ablkcipher methods
crypto: talitos - don't bad_key in ablkcipher setkey

Mandeep Singh Baines (1):
crypto: sha1_generic - use SHA1_BLOCK_SIZE

Mathias Krause (1):
crypto: gf128mul - fix call to memset()

Mati Vait (2):
crypto: crc32c - Fixed coding style issue
crypto: arc4 - Fixed coding style issues

Richard Weinberger (1):
crypto: UML build fixes

Yuan Kang (4):
crypto: caam - shorter names
crypto: caam - structure renaming
crypto: caam - faster aead implementation
crypto: caam - ablkcipher support

drivers/char/hw_random/Kconfig | 12 +
drivers/char/hw_random/Makefile | 1 +

Herbert Xu

unread,

Oct 21, 2011, 4:30:01 AM10/21/11

to

Hi Linus:

This push fixes a NULL-pointer dereference that can be triggered
from user-space.

Please pull from

git://github.com/herbertx/crypto.git

Nick Bowler (1):
crypto: ghash - Avoid null pointer dereference if no key is set

crypto/ghash-generic.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)

David Rientjes

unread,

Oct 21, 2011, 5:50:01 AM10/21/11

to

On Fri, 21 Oct 2011, Herbert Xu wrote:

> Hi Linus:
>
> This push fixes a NULL-pointer dereference that can be triggered
> from user-space.
>
> Please pull from
>
> git://github.com/herbertx/crypto.git
>

Hi Herbert,

When I pull from this, I also get

commit 9c129165af0225c63c37d1896ac9b0d34e48b69f
Author: Jamie Iles <ja...@jamieiles.com>
Date: Mon Jun 6 12:31:17 2011 +0100

crypto: picoxcell - fix possible invalid pointer dereference

which looks unrelated?

Herbert Xu

unread,

Oct 21, 2011, 7:40:01 AM10/21/11

to

On Fri, Oct 21, 2011 at 02:41:54AM -0700, David Rientjes wrote:
> On Fri, 21 Oct 2011, Herbert Xu wrote:
>
> > Hi Linus:
> >
> > This push fixes a NULL-pointer dereference that can be triggered
> > from user-space.
> >
> > Please pull from
> >
> > git://github.com/herbertx/crypto.git
> >
>
> Hi Herbert,
>
> When I pull from this, I also get
>
> commit 9c129165af0225c63c37d1896ac9b0d34e48b69f
> Author: Jamie Iles <ja...@jamieiles.com>
> Date: Mon Jun 6 12:31:17 2011 +0100
>
> crypto: picoxcell - fix possible invalid pointer dereference
>
> which looks unrelated?

Sorry, I seem to have based it on a dirty tree. It should be
fixed now.

Thanks!

--
Email: Herbert Xu <her...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Herbert Xu

unread,

Oct 31, 2011, 12:20:01 AM10/31/11

to

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Linus:

Here is the crypto update for 3.2:

* User-space interface for algorithm selection/configuration
* SSSE3 implementation of SHA1.
* X86-64 assembly implementation of blowfish.
* X86-64 assembly implementation of twofish.

* Misc fixes.

Please pull from

git://github.com/herbertx/crypto.git

The top commit object is

commit ea8bdfcff17599e5d80f93e2ae194fbbab7f8d5e
Author: Herbert Xu <her...@gondor.apana.org.au>
Date: Wed Oct 26 17:15:10 2011 +0200

crypto: user - Add dependency on NET

Alexey Dobriyan (1):
crypto: whirlpool - count rounds from 0

H Hartley Sweeten (1):
crypto: aes-x86 - quiet sparse noise about symbol not declared

Herbert Xu (4):
crypto: sha - Fix build error due to crypto_sha1_update
crypto: cryptd - Use subsys_initcall to prevent races with aesni
crypto: user - Initialise match in crypto_alg_match
crypto: user - Add dependency on NET

Jamie Iles (5):
crypto: picoxcell - convert to platform ID table
crypto: picoxcell - add connection ID to the clock name
crypto: picoxcell - support for device tree matching
crypto: picoxcell - fix possible invalid pointer dereference
crypto: picoxcell - add dependency on HAVE_CLK

Jonathan Nieder (1):
crypto: padlock-aes - Make module loading even quieter when hardware is missing

Jussi Kivilinna (13):
crypto: blowfish - split generic and common c code
crypto: blowfish - rename C-version to blowfish_generic
crypto: tcrypt - add ctr(blowfish) speed test
crypto: blowfish - add x86_64 assembly implementation
crypto: blowfish-x86_64 - improve x86_64 blowfish 4-way performance
crypto: blowfish-x86_64 - add credits
crypto: tcrypt - add ctr(twofish) speed test
crypto: twofish-x86-asm - make assembler functions use twofish_ctx instead of crypto_tfm
crypto: twofish - add 3-way parallel x86_64 assembler implemention
crypto: blowfish-x86_64 - fix ctr blocksize to 1
crypto: twofish-x86_64-3way - fix ctr blocksize to 1
crypto: testmgr - add blowfish test-vectors
crypto: testmgr - add twofish tests

Kim Phillips (1):
crypto: talitos - handle descriptor not found in error path

Mathias Krause (2):
crypto: sha1 - export sha1_update for reuse
crypto: sha1 - SSSE3 based SHA1 implementation for x86-64

Richard Weinberger (1):
crypto: Make hifn_795x build depend on !ARCH_DMA_ADDR_T_64BIT

Steffen Klassert (17):
crypto: Add a flag to identify crypto instances
crypto: Export crypto_remove_spawns
crypto: Export crypto_remove_final
crypto: Add userspace configuration API
crypto: Add a report function pointer to crypto_type
crypto: Add userspace report for larval type algorithms
crypto: Add userspace report for shash type algorithms
crypto: Add userspace report for ahash type algorithms
crypto: Add userspace report for blkcipher type algorithms
crypto: Add userspace report for ablkcipher type algorithms
crypto: Add userspace report for givcipher type algorithms
crypto: Add userspace report for aead type algorithms
crypto: Add userspace report for nivaead type algorithms
crypto: Add userspace report for pcompress type algorithms
crypto: Add userspace report for rng type algorithms
crypto: Add userspace report for cipher type algorithms
crypto: Add userspace report for compress type algorithms

Thomas Meyer (1):
crypto: n2 - Fix a get/put_cpu() imbalance

.../devicetree/bindings/crypto/picochip-spacc.txt | 23 +
arch/x86/crypto/Makefile | 12 +
arch/x86/crypto/aes_glue.c | 1 +
arch/x86/crypto/blowfish-x86_64-asm_64.S | 390 ++++++++++++++
arch/x86/crypto/blowfish_glue.c | 492 +++++++++++++++++
arch/x86/crypto/sha1_ssse3_asm.S | 558 ++++++++++++++++++++
arch/x86/crypto/sha1_ssse3_glue.c | 240 +++++++++
arch/x86/crypto/twofish-i586-asm_32.S | 10 +-
arch/x86/crypto/twofish-x86_64-asm_64-3way.S | 316 +++++++++++
arch/x86/crypto/twofish-x86_64-asm_64.S | 6 +-
arch/x86/crypto/twofish_glue.c | 12 +-
arch/x86/crypto/twofish_glue_3way.c | 472 +++++++++++++++++
arch/x86/include/asm/cpufeature.h | 3 +
crypto/Kconfig | 63 +++
crypto/Makefile | 4 +-
crypto/ablkcipher.c | 48 ++
crypto/aead.c | 48 ++
crypto/ahash.c | 21 +
crypto/algapi.c | 12 +-
crypto/blkcipher.c | 25 +
crypto/{blowfish.c => blowfish_common.c} | 98 +----
crypto/blowfish_generic.c | 142 +++++
crypto/cryptd.c | 2 +-
crypto/crypto_user.c | 438 +++++++++++++++
crypto/internal.h | 3 +
crypto/pcompress.c | 18 +
crypto/rng.c | 20 +
crypto/sha1_generic.c | 9 +-
crypto/shash.c | 21 +
crypto/tcrypt.c | 10 +
crypto/testmgr.c | 30 +
crypto/testmgr.h | 398 ++++++++++++++-
crypto/wp512.c | 18 +-
drivers/crypto/Kconfig | 3 +-
drivers/crypto/hifn_795x.c | 6 +-
drivers/crypto/n2_core.c | 4 +-
drivers/crypto/padlock-aes.c | 4 +-
drivers/crypto/picoxcell_crypto.c | 121 ++---
drivers/crypto/talitos.c | 18 +-
include/crypto/algapi.h | 2 +
include/crypto/blowfish.h | 23 +
include/crypto/sha.h | 5 +
include/linux/crypto.h | 5 +
include/linux/cryptouser.h | 102 ++++
include/linux/netlink.h | 1 +
45 files changed, 4049 insertions(+), 208 deletions(-)

Thanks,
- --

Email: Herbert Xu <her...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIVAwUBTq4fYccnHQpJsYunAQJZrQ/9E5MI/nKrm2onn+OMY1+4h45X9diVPDVx
0Aq1swHrZ5zase3BTW2T1sIOLVgtP1Nma7xogZVkauI92QI3O0W74QebV+y/lSWf
WRewZsTS2S7QAsZRiu8S6sgp2GfgksWuvhI0KiJ0F5YUi2RRR/DUNMDESIlaHvvR
dHkkwhsw7DAIimPdalfubo1KPBcQNGKujuPSQ3kw7k/CrRe8up70KKn5LcQ/Ktqv
Q5/HBKDDRPxHcAA9jQDDVbvHLKUnMrUKKITOn2+qds+qTbZEQxECzRAIIyHsc83r
qnQZJD/1kJney1Xi8U8SXSfOMMjn1xWnH9/+fx7id9zIsSqC730zoTCnRO/XQ9nz
Fv0STsfa3lZEDCtpB9ngcrWD6IKPNS0vLmNb1BV0QqRxf+fQUaDPUCSc0dMK4BgA
FlUt/QKosNs8BtDgLmt2iV+CSMs4aHDX/DAW8Kg2O0jJ8eGw0/Mu4v0aWNq6SNFe
Fc3AGgLfDv7QXkVzOmUTjJLl6BzlB3gD72da22/i4Ca4m6sn7KHKhXF/0MRTLD+k
RG78GFfZnSxIcB/QUGOZ5U5ddJ38w840roYuP58bw1tkk9tcQ9+OZMBRwImc4Xdb
5KD39QDGzUG/TFYNsKquIt+ay0g7A/f5Q9gT2eSHIo/xyvojlRMVZCUmDBaoNCCG
McFKjcup+LI=
=PElH
-----END PGP SIGNATURE-----

Randy Dunlap

unread,

Oct 31, 2011, 12:50:02 PM10/31/11

to

On 10/30/2011 09:09 PM, Herbert Xu wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Linus:
>
> Here is the crypto update for 3.2:
>
> * User-space interface for algorithm selection/configuration
> * SSSE3 implementation of SHA1.
> * X86-64 assembly implementation of blowfish.
> * X86-64 assembly implementation of twofish.
> * Misc fixes.
>
>
> Please pull from
>
> git://github.com/herbertx/crypto.git
>
>
> The top commit object is
>
> commit ea8bdfcff17599e5d80f93e2ae194fbbab7f8d5e
> Author: Herbert Xu <her...@gondor.apana.org.au>
> Date: Wed Oct 26 17:15:10 2011 +0200
>
> crypto: user - Add dependency on NET

> Herbert Xu (4):
> crypto: sha - Fix build error due to crypto_sha1_update
> crypto: cryptd - Use subsys_initcall to prevent races with aesni
> crypto: user - Initialise match in crypto_alg_match
> crypto: user - Add dependency on NET

Actually adds "select NET", a reverse dependency. :(

Linus was quite vocal about not allowing MD to select BLOCK.
See https://lkml.org/lkml/2011/8/10/527
and https://lkml.org/lkml/2011/8/10/533

To me this is very similar.

--
~Randy
*** Remember to use Documentation/SubmitChecklist when testing your code ***

Linus Torvalds

unread,

Oct 31, 2011, 1:20:02 PM10/31/11

to

On Mon, Oct 31, 2011 at 9:42 AM, Randy Dunlap <rdu...@xenotime.net> wrote:
>
> Actually adds "select NET", a reverse dependency. :(
>
> Linus was quite vocal about not allowing MD to select BLOCK.
> See https://lkml.org/lkml/2011/8/10/527
> and https://lkml.org/lkml/2011/8/10/533
>
> To me this is very similar.

I do agree.

"select" makes sense when it's a way for a user to not have to care
about some small helper thing that is really not obvious for a casual
user.

But darn it, if somebody has said "no networking", then some random
small feature shouldn't suddenly select it.

IOW, it's about "relative importance". We should use "select" when
some feature that should be user-visible selects some details. And we
should use "depends on" when there's a major subsystem that some small
detail depends on.

So classic and obvious uses where "select" is appropriate is when a
driver needs some helper library to work (eg "select FW_LOADER" or
"select CRC32").

And a classic and obvious case where "depends on" is the appropriate
choice is when it depends on a major subsystem ("depends on PCI" or
"depends on USB" or "depends on X86").

And I think "NET" definitely falls into that second category - exactly
the same way "BLOCK" fell into it. You don't "select" major subsystems
- if somebody turned off the subsystem, we turn off the stuff that
depends on it.

(Of course, in reality, pretty much nobody turns off NET, I suspect.
But if some embedded place really doesn't want it, then damn it, we
shouldn't ask about the odd crypto user interfaces, because they
really aren't major enough, and the embedded platform is clearly
trying very hard to run small).

Linus

Herbert Xu

unread,

Oct 31, 2011, 11:50:02 PM10/31/11

to

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Oct 31, 2011 at 10:16:55AM -0700, Linus Torvalds wrote:
> On Mon, Oct 31, 2011 at 9:42 AM, Randy Dunlap <rdu...@xenotime.net> wrote:
> >
> > Actually adds "select NET", a reverse dependency. :(
> >
> > Linus was quite vocal about not allowing MD to select BLOCK.
> > See https://lkml.org/lkml/2011/8/10/527
> > and https://lkml.org/lkml/2011/8/10/533
> >
> > To me this is very similar.
>
> I do agree.

OK, I've turned it into a depends_on.

Here is the crypto update for 3.2:

* User-space interface for algorithm selection/configuration
* SSSE3 implementation of SHA1.
* X86-64 assembly implementation of blowfish.
* X86-64 assembly implementation of twofish.
* Misc fixes.

Please pull from

git://github.com/herbertx/crypto.git

The top commit object is

commit 5db017aa2809c49ca0a43b0f3ed1267e6be60883
Author: Herbert Xu <her...@gondor.apana.org.au>
Date: Tue Nov 1 12:12:43 2011 +1100

crypto: user - Depend on NET instead of selecting it

Alexey Dobriyan (1):
crypto: whirlpool - count rounds from 0

H Hartley Sweeten (1):
crypto: aes-x86 - quiet sparse noise about symbol not declared

Herbert Xu (5):

crypto: sha - Fix build error due to crypto_sha1_update
crypto: cryptd - Use subsys_initcall to prevent races with aesni
crypto: user - Initialise match in crypto_alg_match
crypto: user - Add dependency on NET

crypto: user - Depend on NET instead of selecting it

- - --

Email: Herbert Xu <her...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIVAwUBTq9r9McnHQpJsYunAQIJ2xAAmIfhscY9FfQFRQhmQnXWE8fmNTBQZ2cJ
Kzo2FNdF7oxeIX2IsYFCVUWEWMFb/8Q48jMVitMTlPGrbqZ6MS6PzzguYxGVjuPA
lUO1vzpBKjGhqV4w8VLXmcaNxcuO24xb0Pg7WxfTe36IYf1ROA7m3s2VUag4yDhD
zV66lfeTbnZuDd9qPFmyZWDZt5fGe7t52FYqG5OeM+4sxWpHnDLbAPKguMKzRi6j
bezYRYVQaEuNxSNtPjh+XtaSWmWGlTLhKaCrX84aUg1qQ8lEW7mvsP02VZfFiSHY
rvToupuh4A8+y9Wt50pPlrGppc9IekIpfd7kAAsqzXhJiskf6z9mo+n6BsQODK5q
3cDNwc4EIpI/scKbEilznf8jcx5d3B3qyTmTzzYx1sK0NjiEubmE+jVJYC785s5v
C8Fw3RNQtUXnb13ci810mE9pLMrG8c9J2rRRH1d4Sqr9XKpMcUCBFZ3kRPkO3dix
qkh+5Axt88EvgXrIJrlIFozwJpZKwcs4vOBH4uV1y2zwShaemp0sjJDuZxAJGCSJ
8sv2YF0M7mfwul2vzTLQ8vVbcSjrGefk209bJ7JDGnK3NMf5BFsiTjNv2hEZU54t
15JrgQ444s+yC8dTEezmrsE4QaSdTmCwXQzUNuXDDnVT6xq226b0aGT+Mmak7xM3
tOuM1V3qczs=
=GwqI
-----END PGP SIGNATURE-----

Herbert Xu

unread,

Nov 10, 2011, 6:10:02 PM11/10/11

to

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Linus:

This push fixes a build problem with NET disabled and potential
lock mismatch in the new configuration interface.

Please pull from

git://github.com/herbertx/crypto.git

The top commit object is

commit 3acc84739dd5d746840f881ad4d60bd2a428f1dd
Author: Herbert Xu <her...@gondor.apana.org.au>
Date: Thu Nov 3 23:46:07 2011 +1100

crypto: algapi - Fix build problem with NET disabled

The report functions use NLA_PUT so we need to ensure that NET
is enabled.

Reported-by: Luis Henriques <hen...@camandro.org>
Signed-off-by: Herbert Xu <her...@gondor.apana.org.au>

Herbert Xu (1):
crypto: algapi - Fix build problem with NET disabled

Jonathan Corbet (1):
crypto: user - Fix rwsem leak in crypto_user

crypto/ablkcipher.c | 14 ++++++++++++++
crypto/aead.c | 14 ++++++++++++++
crypto/ahash.c | 7 +++++++
crypto/blkcipher.c | 7 +++++++
crypto/crypto_user.c | 3 ---
crypto/pcompress.c | 7 +++++++
crypto/rng.c | 7 +++++++
crypto/shash.c | 7 +++++++
8 files changed, 63 insertions(+), 3 deletions(-)

Thanks,
- --

Email: Herbert Xu <her...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIVAwUBTrxXWscnHQpJsYunAQKBRw/8DRK2CcLasZYAp4OwOaopmTliXYjaoQTB
hqignMgOqhF23ObQjpBqva7bRc+dxWWOZ3kZV4+F+/tm/3dHH7+PzgGkQOHcjYLC
/puEJ299zcsGmu3dJLO5z24f2QU2h4gpADqUBdZQJZY8iDhEYLX3bZsTRIKAVDmW
RF83ksJe8ejsK+C0O2dyH0aJCfXhhsDF7JFgtZyJhfjjzIrPCM6E6mEjsF59s6zr
nOINeH+8ZT8Bx3IXtmSAN6nBDhB+bNrSoAO3siaL67T2nnjUZ0h6Cg/laiDBs7fi
7E9nvF2dknN8h6Z7RdzBbgTofX20BTBJXeY1Gzx07w4yMUgIznjYL6Me9a307cAY
3dDe465sztWXqieLtcjAp+GpwOGzpp6T4lWKXucC6m4I7oNCSS2FGGobdKIilESC
qIdvVDax+j9YhN6zBJrktA2EBu47QEIzs31Ncmyqv6Saxdbu6fFy2nyhX30RZ3D2
VKly6wWUMOkbIfN3iA8GdBSZpm83R3oy9aIMX+JEP0BUwX1JdcDRMlHsvN+pVrqX
1ZlnXMwiZ7i3vxPbnTPdLfDjBY+4cNt7tJejEqOPBSRpEirzsTXTKSL51af9c9gH
Rmt7qaDQcLkGwaZF/AolbvGgVAj99C+f/K+7UspzYBgatyck35UoJAK864zsL8Xt
trAQYv/cHfU=
=MC9A
-----END PGP SIGNATURE-----

Herbert Xu

unread,

Nov 25, 2011, 9:40:01 PM11/25/11

to

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Linus:

This push fixes a problem with mv_cesa the driver where it makes
incorrect hashes on input chunks greater than 1920 bytes.

Please pull from

git://github.com/herbertx/crypto.git

The top commit object is

commit 274252862f386b7868f35bf5ceaa5391a8ccfdf3
Author: Phil Sutter <phil....@viprinet.com>
Date: Wed Nov 16 18:28:01 2011 +0100

crypto: mv_cesa - fix hashing of chunks > 1920 bytes

Phil Sutter (1):
crypto: mv_cesa - fix hashing of chunks > 1920 bytes

drivers/crypto/mv_cesa.c | 12 +++++++-----
1 files changed, 7 insertions(+), 5 deletions(-)

Thanks,
- --
Email: Herbert Xu <her...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIVAwUBTtBP9McnHQpJsYunAQJpTg//XFdRLLF46ZZQID12VqrfBJB8VrzGWY0q
QQQH+oe5lq9ppjkFz5Fk2fsNSj5a3kDtPQK9SBVl0TThC0BVuA3lNXEmcfnQoOjZ
vj1KUl9zSiwVcKm/lkbzlDHdU6wE1MxwP8z3XEdMMs7Pj3YWf12XUZQSWkeeFiy0
Tz5Oz9hbIpYLW+U458xjhoODJAk7JSItS+N2ud7JcqwV7nTsGqP95mDsbfiXi7Fn
1FiXdFYogAyyqLPDi6EbENCEbIvfV1JEbg/S7LOe7akxZwlJg92cevGHS/oDbxuU
N7/9nxgANbZBG3ApUw6UAJWSBuJBZ4C96ABc/LXY8ZzgwYNaiNloNMr1F/j+MZQ0
AtP58bK6IcSw7QBi8qzKV7P0q/pAxOYnDeaS4Sla8Pb4MvEAblSJF45/YHBublrE
Y5tMif4ib8Gy/yXF6bu0ohfP0LfKtXq5pZK6C0blcYdMyxKxcaQWx+6fATOWxdCL
OcrY6q2/dYG+zXSWJs13/YfWFcn3sRdjnVqFo2ItUbvD3ZL9WSCKuhd9PUZPcxqW
VEXKDaKA1G9aAn+KNkciZ48SiYCOMm4Xl6l11bsV2nx13i401KoM5hLcFv5CfZ89
Xwu+j2N4mhlLxPG08H4zG19hLgOdpY0Ql5VsZPf3z4Bf0G+gnZC6StDgvfJHEX3Z
sKy1PVqrB7U=
=iYTU

Herbert Xu

unread,

Jan 5, 2012, 11:20:01 PM1/5/12

to

Hi Linus:

Here is the crypto update for 3.3:

* New test vectors (serpent, xts-twofish).
* Speed test for asynchronous ciphers.
* SSE2 assembly implementation of serpent.
* Support for LRW and XTS in X86-64 assembly implementation of twofish.
* More MD5 combos for caam.
* Channel remap on talitos for better affinity.
* Direct support for HMAC on talitos.

* Misc fixes.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Axel Lin (2):
char: hw_random: convert drivers/char/hw_random/* to use module_platform_driver()
crypto: convert drivers/crypto/* to use module_platform_driver()

Jamie Iles (1):
crypto: picoxcell - fix boolean and / or confusion

Jarod Wilson (1):
crypto: ansi_cprng - enforce key != seed in fips mode

Jussi Kivilinna (36):
crypto: testmgr - add new serpent test vectors
crypto: tcrypt - add test_acipher_speed
crypto: tcrypt - add serpent speed tests
crypto: serpent - export common functions for x86_64/i386-sse2 assembler implementations
crypto: serpent - rename module from serpent to serpent_generic
crypto: lrw - fix memleak
crypto: lrw - use blocksize constant
crypto: lrw - split gf128mul table initialization from setkey
crypto: lrw - add interface for parallelized cipher implementions
crypto: testmgr - add lrw(serpent) test vectors
crypto: tcrypt - add lrw(serpent) tests
crypto: testmgr - add lrw(twofish) test vectors
crypto: tcrypt - add lrw(twofish) tests
crypto: twofish-x86_64-3way - add lrw support
crypto: xts - use blocksize constant
crypto: xts: add interface for parallelized cipher implementations
crypto: testmgr - add xts(serpent) test vectors
crypto: tcrypt - add xts(serpent) tests
crypto: testmgr - add xts(twofish) test vectors
crypto: tcrypt - add xts(twofish) tests
crypto: twofish-x86_64-3way - add xts support
crypto: serpent - add 8-way parallel x86_64/SSE2 assembler implementation
crypto: serpent - add 4-way parallel i586/SSE2 assembler implementation
crypto: serpent-sse2 - add lrw support
crypto: serpent-sse2 - add xts support
crypto: serpent-sse2 - clear CRYPTO_TFM_REQ_MAY_SLEEP in lrw and xts modes
crypto: serpent - cleanup checkpatch errors and warnings
crypto: serpent - rename serpent.c to serpent_generic.c
crypto: serpent-sse2 - should select CRYPTO_CRYPTD
crypto: lrw - remove dependency on EXPERIMENTAL
crypto: xts - remove dependency on EXPERIMENTAL
crypto: twofish-x86_64-3way - select LRW and XTS
crypto: twofish-x86_64-3way - remove unneeded LRW/XTS #ifdefs
crypto: serpent-sse2 - select LRW and XTS
crypto: serpent-sse2 - remove unneeded LRW/XTS #ifdefs
crypto: gf128mul - remove leftover "(EXPERIMENTAL)" in Kconfig

Kim Phillips (11):
crypto: talitos - be less noisy on startup
crypto: talitos - prepare driver for channel remap support
crypto: talitos - support for channel remap and 2nd IRQ
crypto: caam - add support for MD5 algorithm variants
crypto: talitos - fix bad kfree
crypto: talitos - remove NO_IRQ references
crypto: talitos - convert talitos_error to struct device
crypto: caam - desc.h - convert spaces to tabs
crypto: caam - more desc.h cleanups
crypto: caam - fix polarity of "propagate error" logic
crypto: caam - remove DECO access initialization code

Lee Nipper (1):
crypto: talitos - add hmac algorithms

Steffen Klassert (1):
crypto: Unlink and free instances when deleted

Valdis.K...@vt.edu (1):
crypto: fix typo in crypto/Kconfig

arch/x86/crypto/Makefile | 4 +
arch/x86/crypto/serpent-sse2-i586-asm_32.S | 638 ++++++
arch/x86/crypto/serpent-sse2-x86_64-asm_64.S | 761 +++++++
arch/x86/crypto/serpent_sse2_glue.c | 1070 ++++++++++
arch/x86/crypto/twofish_glue_3way.c | 218 ++
arch/x86/include/asm/serpent.h | 63 +
crypto/Kconfig | 52 +-
crypto/Makefile | 2 +-
crypto/algapi.c | 29 +
crypto/ansi_cprng.c | 8 +
crypto/crypto_user.c | 2 +-
crypto/lrw.c | 156 ++-
crypto/serpent.c | 587 ------
crypto/serpent_generic.c | 684 +++++++
crypto/tcrypt.c | 310 +++
crypto/tcrypt.h | 2 +
crypto/testmgr.c | 150 ++
crypto/testmgr.h | 2759 +++++++++++++++++++++++++-
crypto/twofish_common.c | 13 +-
crypto/xts.c | 79 +-
drivers/char/hw_random/atmel-rng.c | 12 +-
drivers/char/hw_random/n2-drv.c | 13 +-
drivers/char/hw_random/octeon-rng.c | 13 +-
drivers/char/hw_random/pasemi-rng.c | 12 +-
drivers/char/hw_random/picoxcell-rng.c | 12 +-
drivers/char/hw_random/ppc4xx-rng.c | 12 +-
drivers/char/hw_random/timeriomem-rng.c | 13 +-
drivers/crypto/amcc/crypto4xx_core.c | 13 +-
drivers/crypto/caam/caamalg.c | 67 +-
drivers/crypto/caam/compat.h | 1 +
drivers/crypto/caam/ctrl.c | 26 +-
drivers/crypto/caam/desc.h | 2265 +++++++++++-----------
drivers/crypto/caam/desc_constr.h | 7 +-
drivers/crypto/caam/regs.h | 1 -
drivers/crypto/mv_cesa.c | 12 +-
drivers/crypto/picoxcell_crypto.c | 16 +-
drivers/crypto/s5p-sss.c | 13 +-
drivers/crypto/talitos.c | 493 ++++-
drivers/crypto/talitos.h | 45 +-
include/crypto/algapi.h | 1 +
include/crypto/lrw.h | 43 +
include/crypto/serpent.h | 27 +
include/crypto/twofish.h | 2 +
include/crypto/xts.h | 27 +
44 files changed, 8684 insertions(+), 2049 deletions(-)

Thanks,

--
Email: Herbert Xu <her...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Herbert Xu

unread,

Jan 11, 2012, 5:20:02 PM1/11/12

to

Hi Linus:

This is a resend of the crypto update for 3.3:

Herbert Xu

unread,

Jan 25, 2012, 9:50:02 PM1/25/12

to

Hi Linus:

This push fixes a race condition in sha512 that affects users
who use it in process context and softirq context concurrently,
in particular, this affects IPsec. The result of the race is
the production of incorrect hashes, which for IPsec leands to
loss of connectivity.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Alexey Dobriyan (2):
crypto: sha512 - make it work, undo percpu message schedule
crypto: sha512 - reduce stack usage to safe number

crypto/sha512_generic.c | 62 +++++++++++++++++++++++++---------------------
1 files changed, 34 insertions(+), 28 deletions(-)

Linus Torvalds

unread,

Jan 25, 2012, 10:40:02 PM1/25/12

to

On Wed, Jan 25, 2012 at 6:43 PM, Herbert Xu <her...@gondor.apana.org.au> wrote:
>
> This push fixes a race condition in sha512 that affects users
> who use it in process context and softirq context concurrently,
> in particular, this affects IPsec. The result of the race is
> the production of incorrect hashes, which for IPsec leands to
> loss of connectivity.

Ugh. This once more has the crazy signed integer modulus operator,
which can be quite expensive depending on whether the compiler can
tell whether it is always positive or not.

Also, that modulus is exposed everywhere.

In git, the sha1 implementation (which has many of the same issues) does this:

/* This "rolls" over the 512-bit array */
#define W(x) (array[(x)&15])

which means that the modulus exists in just one place (and is the
correct binary 'and', not the possibly-expensive division).

We also avoid the problem with absolutely horrible gcc register usage
by having an arch-specific "accessor macro":

/*
* If you have 32 registers or more, the compiler can (and should)
* try to change the array[] accesses into registers. However, on
* machines with less than ~25 registers, that won't really work,
* and at least gcc will make an unholy mess of it.
*
* So to avoid that mess which just slows things down, we force
* the stores to memory to actually happen (we might be better off
* with a 'W(t)=(val);asm("":"+m" (W(t))' there instead, as
* suggested by Artur Skawina - that will also make gcc unable to
* try to do the silly "optimize away loads" part because it won't
* see what the value will be).
*
* Ben Herrenschmidt reports that on PPC, the C version comes close
* to the optimized asm with this (ie on PPC you don't want that
* 'volatile', since there are lots of registers).
*
* On ARM we get the best code generation by forcing a full memory barrier
* between each SHA_ROUND, otherwise gcc happily get wild with spilling and
* the stack frame size simply explode and performance goes down the drain.
*/

#if defined(__i386__) || defined(__x86_64__)
#define setW(x, val) (*(volatile unsigned int *)&W(x) = (val))
#elif defined(__GNUC__) && defined(__arm__)
#define setW(x, val) do { W(x) = (val); __asm__("":::"memory"); } while (0)
#else
#define setW(x, val) (W(x) = (val))
#endif

which is not pretty, but as you guys found out, the alternative can be
much worse (ie totally crazy gcc register spilling)

Linus

Herbert Xu

unread,

Jan 25, 2012, 11:10:01 PM1/25/12

to

On Wed, Jan 25, 2012 at 07:35:19PM -0800, Linus Torvalds wrote:
>
> Ugh. This once more has the crazy signed integer modulus operator,
> which can be quite expensive depending on whether the compiler can
> tell whether it is always positive or not.

Oops, I had incorrectly applied the first patch in the thread.

I've fixed it in the tree now.

> We also avoid the problem with absolutely horrible gcc register usage
> by having an arch-specific "accessor macro":

We could certainly do something like that. Although I'd be
more comfortable with pushing this through linux-next, OK?

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Alexey Dobriyan (2):
crypto: sha512 - make it work, undo percpu message schedule
crypto: sha512 - reduce stack usage to safe number

Herbert Xu (1):
crypto: sha512 - Use binary and instead of modulus

crypto/sha512_generic.c | 62 +++++++++++++++++++++++++---------------------
1 files changed, 34 insertions(+), 28 deletions(-)

Thanks,
--
Email: Herbert Xu <her...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Linus Torvalds

unread,

Jan 25, 2012, 11:20:01 PM1/25/12

to

On Wed, Jan 25, 2012 at 8:07 PM, Herbert Xu <her...@gondor.apana.org.au> wrote:
>
> Oops, I had incorrectly applied the first patch in the thread.
>
> I've fixed it in the tree now.

Oh well, I already pulled your tree. I just wanted to voice a few
comments on it.

>> We also avoid the problem with absolutely horrible gcc register usage
>> by having an arch-specific "accessor macro":
>
> We could certainly do something like that. Although I'd be
> more comfortable with pushing this through linux-next, OK?

Absolutely.

Linus

Herbert Xu

unread,

Feb 13, 2012, 10:40:01 PM2/13/12

to

Hi Linus:

This push updates the sha512 fix so that it doesn't cause excessive
stack usage on i386. This is done by reverting to the original
code, and avoiding the W duplication by moving its initialisation
into the loop.

As the underlying code is in fact the one that we have used for years,
I'm pushing this now instead of postponing to the next cycle.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Herbert Xu (2):

crypto: sha512 - Use binary and instead of modulus

crypto: sha512 - Avoid stack bloat on i386

crypto/sha512_generic.c | 70 ++++++++++++++++++++++-------------------------
1 files changed, 33 insertions(+), 37 deletions(-)

Herbert Xu

unread,

Feb 16, 2012, 12:40:02 AM2/16/12

to

Hi Linus:

Dave reported that even with the latest stack bloat reduction
fix for i386, the stack usage of sha512 still exceeded 1024 bytes
on sparc32. However, with Alexey's ror64 patch applied, the stack
usage goes back down to a more respectable 824.

So I've moved the ror64 patch from cryptodev to crypto and I'm
pushing it to you now.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Alexey Dobriyan (1):
crypto: sha512 - use standard ror64()

crypto/sha512_generic.c | 13 ++++---------
include/linux/bitops.h | 20 ++++++++++++++++++++
2 files changed, 24 insertions(+), 9 deletions(-)

Herbert Xu

unread,

Mar 3, 2012, 12:40:01 AM3/3/12

to

Hi Linus:

This push fixes a bug in mv_cesa that causes all hash operations
that supply data on a final operation to fail.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Phil Sutter (1):
crypto: mv_cesa - fix final callback not ignoring input data

drivers/crypto/mv_cesa.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)

Herbert Xu

unread,

Mar 19, 2012, 11:30:02 PM3/19/12

to

Hi Linus:

Here is the crypto update for 3.4:

* sha512 bug fixes (already in your tree).
* SHA224/SHA384 AEAD support in caam.
* X86-64 optimised version of Camellia.
* Tegra AES support.
* Bulk algorithm registration interface to make driver registration easier.
* padata race fixes.

* Misc fixes.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Alexey Dobriyan (4):

crypto: sha512 - make it work, undo percpu message schedule
crypto: sha512 - reduce stack usage to safe number

crypto: sha512 - use standard ror64()
crypto: sha512 - use standard ror64()

Hemant Agrawal (1):
crypto: caam - add sha224 and sha384 variants to existing AEAD algorithms

Henning Heinold (1):
arm: tegra: export tegra_chip_uid

Herbert Xu (3):

crypto: sha512 - Use binary and instead of modulus
crypto: sha512 - Avoid stack bloat on i386

Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

Jesper Juhl (3):
crypto: In crypto_add_alg(), 'exact' wants to be initialized to 0
crypto: twofish-x86 - Remove dead code from twofish_glue_3way.c::init()
crypto: serpent-sse2 - remove dead code from serpent_sse2_glue.c::serpent_sse2_init()

Julia Lawall (2):
hwrng: tx4939 - use devm_request_and_ioremap
crypto: ixp4xx - convert GFP_KERNEL to GFP_ATOMIC

Jussi Kivilinna (16):
crypto: twofish-x86_64-3way - blacklist pentium4 and atom
crypto: blowfish-x86_64 - blacklist Pentium 4
crypto: serpent-sse2 - change transpose_4x4 to only use integer instructions
crypto: serpent-sse2 - use crypto_[un]register_algs
crypto: twofish-x86_64-3way - use crypto_[un]register_algs
crypto: blowfish-x86_64 - use crypto_[un]register_algs
crypto: serpent-sse2 - combine ablk_*_init functions
crypto: blowfish-x86_64 - set alignmask to zero
crypto: twofish-x86_64/i586 - set alignmask to zero
crypto: camellia - simplify key setup and CAMELLIA_ROUNDSM macro
crypto: testmgr - add more camellia test vectors
crypto: tcrypt - add more camellia tests
crypto: camellia - rename camellia module to camellia_generic
crypto: camellia - fix checkpatch warnings
crypto: camellia - rename camellia.c to camellia_generic.c
crypto: camellia - add assembler implementation for x86_64

Kim Phillips (2):
crypto: caam - be less noisy on startup
crypto: caam - fix gcc 4.6 warning

Mark Brown (1):
crypto: Add bulk algorithm registration interface

Nikos Mavrogiannopoulos (1):
crypto: Add CRYPTO_ALG_KERN_DRIVER_ONLY flag

Steffen Klassert (2):
padata: Fix race in the serialization path
padata: Fix race on sequence number wrap

Varun Wadekar (1):
crypto: driver for Tegra AES hardware

arch/arm/mach-tegra/fuse.c | 2 +
arch/x86/crypto/Makefile | 2 +
arch/x86/crypto/blowfish_glue.c | 191 ++--
arch/x86/crypto/camellia-x86_64-asm_64.S | 520 +++++++
arch/x86/crypto/camellia_glue.c | 1952 ++++++++++++++++++++++++++
arch/x86/crypto/serpent-sse2-i586-asm_32.S | 29 +-
arch/x86/crypto/serpent-sse2-x86_64-asm_64.S | 29 +-
arch/x86/crypto/serpent_sse2_glue.c | 394 ++----
arch/x86/crypto/twofish_glue.c | 2 +-
arch/x86/crypto/twofish_glue_3way.c | 265 ++--
crypto/Kconfig | 18 +
crypto/Makefile | 2 +-
crypto/algapi.c | 35 +
crypto/camellia.c | 1116 ---------------
crypto/camellia_generic.c | 1102 +++++++++++++++
crypto/crypto_user.c | 2 +-
crypto/sha512_generic.c | 59 +-
crypto/tcrypt.c | 12 +
crypto/testmgr.c | 45 +
crypto/testmgr.h | 1383 ++++++++++++++++++-
drivers/char/hw_random/tx4939-rng.c | 5 +-
drivers/crypto/Kconfig | 11 +
drivers/crypto/Makefile | 1 +
drivers/crypto/caam/caamalg.c | 126 ++-
drivers/crypto/caam/ctrl.c | 2 +-
drivers/crypto/geode-aes.c | 6 +-
drivers/crypto/hifn_795x.c | 3 +-
drivers/crypto/ixp4xx_crypto.c | 4 +-
drivers/crypto/mv_cesa.c | 12 +-
drivers/crypto/n2_core.c | 7 +-
drivers/crypto/omap-aes.c | 8 +-
drivers/crypto/omap-sham.c | 4 +
drivers/crypto/picoxcell_crypto.c | 46 +-
drivers/crypto/s5p-sss.c | 6 +-
drivers/crypto/talitos.c | 1 +
drivers/crypto/tegra-aes.c | 1096 +++++++++++++++
drivers/crypto/tegra-aes.h | 103 ++
include/linux/bitops.h | 20 +
include/linux/crypto.h | 7 +
include/linux/padata.h | 6 +-
kernel/padata.c | 44 +-
41 files changed, 6936 insertions(+), 1742 deletions(-)

Herbert Xu

unread,

Mar 21, 2012, 9:30:01 PM3/21/12

to

Hi Linus:

This push fixes a build problem where two crypto modules both
try to export the same symbols (which shouldn't have been exported
in the first place).

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Jussi Kivilinna (2):
crypto: camellia-x86_64 - module init/exit functions should be static
crypto: twofish-x86_64-3way - module init/exit functions should be static

arch/x86/crypto/camellia_glue.c | 4 ++--
arch/x86/crypto/twofish_glue_3way.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)

Herbert Xu

unread,

Apr 2, 2012, 5:50:03 AM4/2/12

to

Hi Linus:

This push fixes a number of issues:

* Fix for CPU hotplug hang in padata.
* Avoid using cpu_active inappropriately in pcrypt and padata.
* Fix for user-space algorithm lookup hang with IV generators.
* Fix for netlink dump of algorithms where stuff went missing due
to incorrect calculation of message size.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Steffen Klassert (6):
padata: Add a reference to the api documentation
padata: Use the online cpumask as the default
padata: Fix cpu hotplug
crypto: pcrypt - Use the online cpumask as the default
crypto: user - Fix lookup of algorithms with IV generator
crypto: user - Fix size of netlink dump message

crypto/ablkcipher.c | 4 +-
crypto/aead.c | 4 +-
crypto/crypto_user.c | 80 +++++++++++++++++++++++++++++++++++-
crypto/pcrypt.c | 8 ++--
include/crypto/internal/aead.h | 2 +
include/crypto/internal/skcipher.h | 2 +
include/linux/cryptouser.h | 3 +
kernel/padata.c | 13 ++++--
8 files changed, 103 insertions(+), 13 deletions(-)

Herbert Xu

unread,

Apr 20, 2012, 10:20:02 AM4/20/12

to

Hi Linus:

This push fixes a number of issues:

* Locking fix for talitos driver.
* Fix 64-bit counter overflow in SHA-512.
* Build fix for ixp4xx.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Horia Geanta (1):
crypto: talitos - properly lock access to global talitos registers

Kent Yoder (1):
crypto: sha512 - Fix byte counter overflow in SHA-512

Michał Wróbel (1):
crypto: ixp4xx - include fix

crypto/sha512_generic.c | 2 +-
drivers/crypto/ixp4xx_crypto.c | 1 +
drivers/crypto/talitos.c | 20 +++++++++++++++++---
3 files changed, 19 insertions(+), 4 deletions(-)

Herbert Xu

unread,

May 22, 2012, 9:40:02 PM5/22/12

to

Hi Linus:

Here is the crypto update for 3.5:

* New cipher/hash driver for ARM ux500.
* Code clean-up for aesni-intel.

* Misc fixes.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Andreas Westin (5):
crypto: ux500 - Add driver for CRYP hardware
crypto: ux500 - Add driver for HASH hardware
mach-ux500: crypto - core support for CRYP/HASH module.
crypto: ux500 - Update DMA handling for 3.4
crypto: ux500 - Cleanup hardware identification

Borislav Petkov (1):
crypto, xor: Sanitize checksumming function selection output

Julia Lawall (2):
crypto: crypto4xx - move up err_request_irq label
hwrng: omap - use devm_request_and_ioremap

Jussi Kivilinna (2):
crypto: aesni-intel - use crypto_[un]register_algs
crypto: aesni-intel - move more common code to ablk_init_common

Nicolas Ferre (1):
hwrng: Kconfig - modify default state for atmel-rng driver

Shengzhou Liu (1):
crypto: caam - add backward compatible string sec4.0

arch/arm/mach-ux500/board-mop500.c | 48
arch/arm/mach-ux500/clock.c | 18
arch/arm/mach-ux500/devices-common.h | 54
arch/arm/mach-ux500/devices-db8500.c | 3
arch/arm/mach-ux500/devices-db8500.h | 4
arch/arm/mach-ux500/include/mach/crypto-ux500.h | 22
arch/arm/mach-ux500/include/mach/devices.h | 3
arch/arm/mach-ux500/include/mach/hardware.h | 3
arch/x86/crypto/aesni-intel_glue.c | 827 +++------
crypto/xor.c | 5
drivers/char/hw_random/Kconfig | 2
drivers/char/hw_random/omap-rng.c | 22
drivers/crypto/Kconfig | 11
drivers/crypto/Makefile | 1
drivers/crypto/amcc/crypto4xx_core.c | 2
drivers/crypto/caam/caamalg.c | 14
drivers/crypto/caam/ctrl.c | 16
drivers/crypto/ux500/Kconfig | 30
drivers/crypto/ux500/Makefile | 8
drivers/crypto/ux500/cryp/Makefile | 13
drivers/crypto/ux500/cryp/cryp.c | 401 ++++
drivers/crypto/ux500/cryp/cryp.h | 308 +++
drivers/crypto/ux500/cryp/cryp_core.c | 1790 +++++++++++++++++++++
drivers/crypto/ux500/cryp/cryp_irq.c | 45
drivers/crypto/ux500/cryp/cryp_irq.h | 31
drivers/crypto/ux500/cryp/cryp_irqp.h | 125 +
drivers/crypto/ux500/cryp/cryp_p.h | 125 +
drivers/crypto/ux500/hash/Makefile | 11
drivers/crypto/ux500/hash/hash_alg.h | 395 ++++
drivers/crypto/ux500/hash/hash_core.c | 2031 +++++++++++++++++++++++-
30 files changed, 5819 insertions(+), 549 deletions(-)

Linus Torvalds

unread,

May 23, 2012, 7:10:01 PM5/23/12

to

On Tue, May 22, 2012 at 6:35 PM, Herbert Xu <her...@gondor.apana.org.au> wrote:
>
> Here is the crypto update for 3.5:

I pulled this, but quite frankly, some of it looks like utter garbage.

There's a declaration for dbx500_add_platform_device_noirq() that does
not exist and is not used anywhere. Why? It was added in commit
585d188f8072, and I see no rhyme or reason to it.

I only noticed because I happened to get a conflict due to the
location it was added. I removed it. WTF is going on?

Linus

Herbert Xu

unread,

May 23, 2012, 8:30:02 PM5/23/12

to

On Wed, May 23, 2012 at 04:06:35PM -0700, Linus Torvalds wrote:
> On Tue, May 22, 2012 at 6:35 PM, Herbert Xu <her...@gondor.apana.org.au> wrote:
> >
> > Here is the crypto update for 3.5:
>
> I pulled this, but quite frankly, some of it looks like utter garbage.
>
> There's a declaration for dbx500_add_platform_device_noirq() that does
> not exist and is not used anywhere. Why? It was added in commit
> 585d188f8072, and I see no rhyme or reason to it.

I can't see why that was added there either.

Adding Arnd/Linus Walleij to see if they can tell us whether
it should go or stay.

Thanks,
--
Email: Herbert Xu <her...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Linus Walleij

unread,

May 24, 2012, 3:10:01 AM5/24/12

to

On Thu, May 24, 2012 at 1:06 AM, Linus Torvalds
<torv...@linux-foundation.org> wrote:

> There's a declaration for dbx500_add_platform_device_noirq() that does
> not exist and is not used anywhere. Why? It was added in commit
> 585d188f8072, and I see no rhyme or reason to it.
>
> I only noticed because I happened to get a conflict due to the
> location it was added. I removed it. WTF is going on?

AFAICT this was retrofitted to get a booting kernel on
the cryptodev base which was based on something old like
v3.2 just some weeks back. (Now it's upgraded to mainline, great!)

Greg was pushing for us to allocate all devices dynamically at
one point, but there was no real infrastructure for it and some local
implementations to meet that requirement, that's why these
functions pop up and down. We're working on it with device tree
etc, mea culpa...

Yours,
Linus Walleij

Arnd Bergmann

unread,

May 24, 2012, 4:40:02 AM5/24/12

to

On Thursday 24 May 2012, Herbert Xu wrote:
> On Wed, May 23, 2012 at 04:06:35PM -0700, Linus Torvalds wrote:
> > On Tue, May 22, 2012 at 6:35 PM, Herbert Xu <her...@gondor.apana.org.au> wrote:
> > >
> > > Here is the crypto update for 3.5:
> >
> > I pulled this, but quite frankly, some of it looks like utter garbage.
> >
> > There's a declaration for dbx500_add_platform_device_noirq() that does
> > not exist and is not used anywhere. Why? It was added in commit
> > 585d188f8072, and I see no rhyme or reason to it.
>
> I can't see why that was added there either.
>
> Adding Arnd/Linus Walleij to see if they can tell us whether
> it should go or stay.

It should go. For all I can tell, this was the result of Lee Jones
doing major cleanups to the ux500 platform for this merge window
in parallel with the crypto driver getting added following the
older code pattern. The crypto patch had to be reworked for this
and apparently a hunk from the older version survived.

The entire file in which it was added is going to be removed
in one of the next kernel versions once we can boot all ux500 machines
using only device tree definitions, so it will be taken care of.

Arnd

Herbert Xu

unread,

Jun 11, 2012, 9:10:02 AM6/11/12

to

Hi Linus:

This push fixes an unaligned fault on x86-32 with aesni-intel
and an RNG failure with atmel-rng (repeated bits).

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Mathias Krause (1):
crypto: aesni-intel - fix unaligned cbc decrypt for x86-32

Peter Korsgaard (1):
hwrng: atmel-rng - fix race condition leading to repeated bits

arch/x86/crypto/aesni-intel_asm.S | 6 ++++--
drivers/char/hw_random/atmel-rng.c | 7 +++++++
2 files changed, 11 insertions(+), 2 deletions(-)

Herbert Xu

unread,

Jun 18, 2012, 4:30:02 AM6/18/12

to

Hi Linus:

This push fixes another bug in the atmel-rng that made it produce
completely useless output.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

Peter Korsgaard (1):
hwrng: atmel-rng - fix data valid check

drivers/char/hw_random/atmel-rng.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)