linux/crypto, branch v2.6.25 Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v2.6.25 2008-04-02T06:36:09Z [CRYPTO] xcbc: Fix crash when ipsec uses xcbc-mac with big data chunk 2008-04-02T06:36:09Z Joy Latten latten@austin.ibm.com 2008-04-02T06:36:09Z urn:sha1:1edcf2e1ee2babb011cfca80ad9d202e9c491669 The kernel crashes when ipsec passes a udp packet of about 14XX bytes of data to aes-xcbc-mac. It seems the first xxxx bytes of the data are in first sg entry, and remaining xx bytes are in next sg entry. But we don't check next sg entry to see if we need to go look the page up. I noticed in hmac.c, we do a scatterwalk_sg_next(), to do this check and possible lookup, thus xcbc.c needs to use this routine too. A 15-hour run of an ipsec stress test sending streams of tcp and udp packets of various sizes, using this patch and aes-xcbc-mac completed successfully, so hopefully this fixes the problem. Signed-off-by: Joy Latten <latten@austin.ibm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> async_tx: avoid the async xor_zero_sum path when src_cnt > device->max_xor 2008-03-19T00:01:00Z Dan Williams dan.j.williams@intel.com 2008-03-19T04:23:59Z urn:sha1:8d8002f642886ae256a3c5d70fe8aff4faf3631a If the channel cannot perform the operation in one call to ->device_prep_dma_zero_sum, then fallback to the xor+page_is_zero path. This only affects users with arrays larger than 16 devices on iop13xx or 32 devices on iop3xx. Cc: <stable@kernel.org> Cc: Neil Brown <neilb@suse.de> Signed-off-by: Dan Williams <dan.j.williams@intel.com> async_tx: checkpatch says s/__FUNCTION__/__func__/g 2008-03-13T17:57:10Z Dan Williams dan.j.williams@intel.com 2008-03-14T00:45:28Z urn:sha1:3280ab3e8815d60cea483d49b21261972e2785d6 Signed-off-by: Dan Williams <dan.j.williams@intel.com> [CRYPTO] skcipher: Fix section mismatches 2008-03-08T12:29:43Z Herbert Xu herbert@gondor.apana.org.au 2008-03-08T12:29:43Z urn:sha1:f13ba2f7d3a877967477ec8f64e1dae7a967c7e2 The previous patch to move chainiv and eseqiv into blkcipher created a section mismatch for the chainiv exit function which was also called from __init. This patch removes the __exit marking on it. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] xcbc: Fix crash with IPsec 2008-03-06T11:28:44Z Joy Latten latten@austin.ibm.com 2008-03-06T11:28:44Z urn:sha1:2f40a178e70030c4712fe63807c883f34c3645eb When using aes-xcbc-mac for authentication in IPsec, the kernel crashes. It seems this algorithm doesn't account for the space IPsec may make in scatterlist for authtag. Thus when crypto_xcbc_digest_update2() gets called, nbytes may be less than sg[i].length. Since nbytes is an unsigned number, it wraps at the end of the loop allowing us to go back into loop and causing crash in memcpy. I used update function in digest.c to model this fix. Please let me know if it looks ok. Signed-off-by: Joy Latten <latten@austin.ibm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] xts: Use proper alignment 2008-03-06T10:56:19Z Sebastian Siewior sebastian@breakpoint.cc 2008-03-06T10:56:19Z urn:sha1:6212f2c7f70c591efb0d9f3d50ad29112392fee2 The XTS blockmode uses a copy of the IV which is saved on the stack and may or may not be properly aligned. If it is not, it will break hardware cipher like the geode or padlock. This patch encrypts the IV in place so we don't have to worry about alignment. Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc> Tested-by: Stefan Hellermann <stefan@the2masters.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] digest: Include internal.h for prototypes 2008-03-05T11:05:54Z Adrian Bunk bunk@kernel.org 2008-03-05T11:05:54Z urn:sha1:bc97f19dc8be1f181f33b4368542c72498f3562a Every file should include the headers containing the externs for its global code (in this case for struct crypto_{init,exit}_digest_ops()). Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] authenc: Add missing Kconfig dependency on BLKCIPHER 2008-02-23T03:13:00Z Herbert Xu herbert@gondor.apana.org.au 2008-02-23T03:13:00Z urn:sha1:3e16bfbaf3195b4725bc87d6a1ef11bf7716e83d The authenc algorithm requires BLKCIPHER to be present. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] skcipher: Move chainiv/seqiv into crypto_blkcipher module 2008-02-23T03:12:06Z Herbert Xu herbert@gondor.apana.org.au 2008-02-23T03:12:06Z urn:sha1:76fc60a2e3c6aa6e98cd3a5cb81a1855c637b274 For compatibility with dm-crypt initramfs setups it is useful to merge chainiv/seqiv into the crypto_blkcipher module. Since they're required by most algorithms anyway this is an acceptable trade-off. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] null: Add missing Kconfig dependency on BLKCIPHER 2008-02-18T01:00:05Z Adrian Bunk bunk@kernel.org 2008-02-18T01:00:05Z urn:sha1:c8620c2590f43eff864fe597fcbe5b72ab7a7b94 This patch fixes the following build error caused by commit 3631c650c495d61b1dabf32eb26b46873636e918: <-- snip --> ... LD .tmp_vmlinux1 crypto/built-in.o: In function `skcipher_null_crypt': crypto_null.c:(.text+0x3d14): undefined reference to `blkcipher_walk_virt' crypto_null.c:(.text+0x3d14): relocation truncated to fit: R_MIPS_26 against `blkcipher_walk_virt' crypto/built-in.o: In function `$L32': crypto_null.c:(.text+0x3d54): undefined reference to `blkcipher_walk_done' crypto_null.c:(.text+0x3d54): relocation truncated to fit: R_MIPS_26 against `blkcipher_walk_done' crypto/built-in.o:(.data+0x2e8): undefined reference to `crypto_blkcipher_type' make[1]: *** [.tmp_vmlinux1] Error 1 <-- snip --> Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>