linux/crypto, branch v4.0

Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

2015-02-14T17:47:01Z

Pull crypto update from Herbert Xu: "Here is the crypto update for 3.20: - Added 192/256-bit key support to aesni GCM. - Added MIPS OCTEON MD5 support. - Fixed hwrng starvation and race conditions. - Added note that memzero_explicit is not a subsitute for memset. - Added user-space interface for crypto_rng. - Misc fixes" * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (71 commits) crypto: tcrypt - do not allocate iv on stack for aead speed tests crypto: testmgr - limit IV copy length in aead tests crypto: tcrypt - fix buflen reminder calculation crypto: testmgr - mark rfc4106(gcm(aes)) as fips_allowed crypto: caam - fix resource clean-up on error path for caam_jr_init crypto: caam - pair irq map and dispose in the same function crypto: ccp - terminate ccp_support array with empty element crypto: caam - remove unused local variable crypto: caam - remove dead code crypto: caam - don't emit ICV check failures to dmesg hwrng: virtio - drop extra empty line crypto: replace scatterwalk_sg_next with sg_next crypto: atmel - Free memory in error path crypto: doc - remove colons in comments crypto: seqiv - Ensure that IV size is at least 8 bytes crypto: cts - Weed out non-CBC algorithms MAINTAINERS: add linux-crypto to hw random crypto: cts - Remove bogus use of seqiv crypto: qat - don't need qat_auth_state struct crypto: algif_rng - fix sparse non static symbol warning ...

crypto: fix af_alg_make_sg() conversion to iov_iter

2015-02-11T03:55:45Z

Commit 1d10eb2f156f ("crypto: switch af_alg_make_sg() to iov_iter") broke af_alg_make_sg() and skcipher_recvmsg() in the process of moving them to the iov_iter interfaces. The 'npages' calculation in the formar calculated the number of *bytes* in the pages, and in the latter case the conversion didn't re-read the value of 'ctx->used' after waiting for it to become non-zero. This reverts to the original code for both these cases. Cc: Al Viro Cc: David Miller Signed-off-by: Linus Torvalds

crypto: tcrypt - do not allocate iv on stack for aead speed tests

2015-02-04T09:59:42Z

See also: 9bac019dad8098a77cce555d929f678e22111783 Signed-off-by: Cristian Stoica Signed-off-by: Herbert Xu

crypto: testmgr - limit IV copy length in aead tests

2015-02-04T09:59:41Z

The working copy of IV is the same size as the transformation's IV. It is not necessary to copy more than that from the template since iv_len is usually less than MAX_IVLEN and the rest of the copied data is garbage. Signed-off-by: Cristian Stoica Signed-off-by: Herbert Xu

crypto: tcrypt - fix buflen reminder calculation

2015-02-04T09:59:41Z

- This fixes the intent of the code to limit the last scatterlist to either a full PAGE or a fraction of it, depending on the number of pages needed by buflen and the available space advertised by XBUFLEN. The original code always sets the last scatterlist to a fraction of a PAGE because the first 'if' is never executed. - Rearrange the second part of the code to remove the conditional from the loop Signed-off-by: Cristian Stoica Signed-off-by: Herbert Xu

crypto: switch af_alg_make_sg() to iov_iter

2015-02-04T06:34:15Z

With that, all ->sendmsg() instances are converted to iov_iter primitives and are agnostic wrt the kind of iov_iter they are working with. So's the last remaining ->recvmsg() instance that wasn't kind-agnostic yet. All ->sendmsg() and ->recvmsg() advance ->msg_iter by the amount actually copied and none of them modifies the underlying iovec, etc. Cc: linux-crypto@vger.kernel.org Signed-off-by: Al Viro

crypto: testmgr - mark rfc4106(gcm(aes)) as fips_allowed

2015-01-26T00:34:32Z

This gcm variant is popular for ipsec use, and there are folks who would like to use it while in fips mode. Mark it with fips_allowed=1 to facilitate that. CC: LKML CC: Stephan Mueller Signed-off-by: Jarod Wilson Acked-by: Stephan Mueller Signed-off-by: Herbert Xu

crypto: replace scatterwalk_sg_next with sg_next

2015-01-26T00:34:22Z

Modify crypto drivers to use the generic SG helper since both of them are equivalent and the one from crypto is redundant. See also: 468577abe37ff7b453a9ac613e0ea155349203ae reverted in b2ab4a57b018aafbba35bff088218f5cc3d2142e Signed-off-by: Cristian Stoica Signed-off-by: Herbert Xu

crypto: seqiv - Ensure that IV size is at least 8 bytes

2015-01-20T03:44:16Z

Since seqiv is designed for IPsec we need to be able to accomodate the whole IPsec sequence number in order to ensure the uniqueness of the IV. This patch forbids any algorithm with an IV size of less than 8 from using it. This should have no impact on existing users since they all have an IV size of 8. Reported-by: Maciej ?enczykowski Signed-off-by: Herbert Xu Acked-by: Maciej ?enczykowski

crypto: cts - Weed out non-CBC algorithms

2015-01-20T03:44:15Z

The cts algorithm as currently implemented assumes the underlying is a CBC-mode algorithm. So this patch adds a check for that to eliminate bogus combinations of cts with non-CBC modes. Signed-off-by: Herbert Xu