On Wed, Nov 12, 2014 at 01:49:31PM +0800, Ming Liu wrote:
> So far, the encryption/decryption are asynchronously processed in
> softirq and cryptd which would result in a implicit order of data,
> therefore leads IPSec stack also out of order while encapsulating
> or decapsulating packets.
>
> Con
On Wed, Nov 12, 2014 at 04:51:48PM +0800, Herbert Xu wrote:
> On Wed, Nov 12, 2014 at 09:41:38AM +0100, Steffen Klassert wrote:
> >
> > Can't we just use cryptd unconditionally to fix this reordering problem?
>
> I think the idea is that most of the time cryptd isn&
On Wed, Nov 12, 2014 at 06:41:30PM +0800, Ming Liu wrote:
> On 11/12/2014 04:51 PM, Herbert Xu wrote:
> >On Wed, Nov 12, 2014 at 09:41:38AM +0100, Steffen Klassert wrote:
> >>Can't we just use cryptd unconditionally to fix this reordering problem?
> >I think the
On Wed, Nov 12, 2014 at 06:41:28PM +0800, Ming Liu wrote:
> On 11/12/2014 04:41 PM, Steffen Klassert wrote:
> >On Wed, Nov 12, 2014 at 01:49:31PM +0800, Ming Liu wrote:
> >> }
> >>@@ -147,11 +149,9 @@ static void cryptd_queue_worker(struct work_struct
> &g
On Thu, Nov 20, 2014 at 05:03:24AM +0100, Stephan Mueller wrote:
>
> Btw: is there an example that uses that interface? The ordering of data
> structures in the netlink message is not really clear from looking at the
> code.
I wrote to tool that uses this API some time ago, it is still
a bit ru
On Thu, Nov 20, 2014 at 05:03:24AM +0100, Stephan Mueller wrote:
> Am Dienstag, 18. November 2014, 22:08:23 schrieb Herbert Xu:
>
> Hi Herbert, Steffen,
>
> >
> > We already have crypto_user so you should be extending that to
> > cover what's missing.
>
> After playing a bit with the interface,
On Thu, Nov 20, 2014 at 12:46:50PM +0800, Herbert Xu wrote:
> On Thu, Nov 20, 2014 at 05:23:23AM +0100, Stephan Mueller wrote:
> >
> > Here is the code:
> >
> > static int crypto_report(struct sk_buff *in_skb, struct nlmsghdr *in_nlh,
> > struct nlattr **attrs)
> > {
> > ...
On Sat, Nov 15, 2014 at 11:15:50AM +0800, Herbert Xu wrote:
> On Wed, Nov 12, 2014 at 09:41:38AM +0100, Steffen Klassert wrote:
> >
> > Everything below the local_bh_enable() should not run in atomic context
> > as the subsequent functions may set the CRYPTO_TFM_REQ_MAY_SLEE
On Thu, Nov 20, 2014 at 03:43:42PM +0800, Herbert Xu wrote:
> On Thu, Nov 20, 2014 at 08:26:51AM +0100, Steffen Klassert wrote:
> >
> > What about to use a fallback algorithm that does not need to touch
> > FPU/SIMD in such cases? We would not need cryptd at all and it would
On Thu, Nov 20, 2014 at 03:45:26PM +0800, Herbert Xu wrote:
> On Thu, Nov 20, 2014 at 08:11:42AM +0100, Steffen Klassert wrote:
> >
> > I think this is not sufficient, crypto_alg_match() will now return the first
> > algorithm in crypto_alg_list that matches cra_name. We
On Thu, Apr 23, 2015 at 11:26:20AM +0800, Herbert Xu wrote:
> Hi:
>
> It looks like our IPsec implementations of CCM and GCM are buggy
> in that they don't include the IV in the authentication calculation.
Seems like crypto_rfc4106_crypt() passes the associated data it
got from ESP directly to gc
inux/padata.h
> +++ b/include/linux/padata.h
> @@ -3,6 +3,7 @@
> *
> * Copyright (C) 2008, 2009 secunet Security Networks AG
> * Copyright (C) 2008, 2009 Steffen Klassert
> + * Copyright (C) 2016 Jason A. Donenfeld
> *
> * This program is free software; you can redi
:68:26: warning: variable ‘pinst’ set but not used
> [-Wunused-but-set-variable]
>
> Also remove the now unused variable pd which is only used to set pinst.
>
> Signed-off-by: Tobias Klauser
Acked-by: Steffen Klassert
Thanks!
--
To unsubscribe from this list: send the line &qu
a: set cpu_index of unused CPUs to -1
> padata: ensure the reorder timer callback runs on the correct CPU
> padata: ensure padata_do_serial() runs on the correct CPU
Looks good, thanks!
Acked-by: Steffen Klassert
nse-Identifier: GPL-2.0
> > /*
> > * padata.c - generic interface to process data streams in parallel
> > *
>
> Steffen, are you OK with this patch?
Yes, I'm ok with this.
Acked-by: Steffen Klassert
On Sat, Dec 23, 2017 at 02:29:42PM -0600, Eric Biggers wrote:
> [+Cc Steffen Klassert ]
>
>
> I was able to reproduce this by trying to use 'pcrypt' recursively. I am not
> 100% sure it is the exact same bug, but it probably is. Here is a C
> reproducer:
>
>
ations like ping that don't
check for this. So add pmtu handling to vti_xmit to
report MTU changes immediately.
Signed-off-by: Steffen Klassert
---
net/ipv4/ip_vti.c | 13 +
1 file changed, 13 insertions(+)
diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
index 5cf10b7..68
On Thu, Feb 18, 2016 at 01:40:00AM +, Mark McKinstry wrote:
> This patch fixes our issue, thanks. In our scenario the tunnel path MTU
> now gets updated so that subsequent large packets sent over the tunnel
> get fragmented correctly.
I've applied this patch to the ipsec tree now.
Thanks for
On Wed, Feb 24, 2016 at 09:37:39PM +, Mark McKinstry wrote:
> On 19/02/16 01:19, Steffen Klassert wrote:
> > On Thu, Feb 18, 2016 at 01:40:00AM +, Mark McKinstry wrote:
> >> This patch fixes our issue, thanks. In our scenario the tunnel path MTU
> >> now gets
On Wed, Feb 24, 2016 at 09:37:39PM +, Mark McKinstry wrote:
> On 19/02/16 01:19, Steffen Klassert wrote:
> > On Thu, Feb 18, 2016 at 01:40:00AM +, Mark McKinstry wrote:
> >> This patch fixes our issue, thanks. In our scenario the tunnel path MTU
> >> now gets
On Mon, Mar 14, 2016 at 09:52:05PM +, Mark McKinstry wrote:
> Your patch adds a dst_release() call to my suggested fix, but this is
> problematic because the kfree_skb() call at tx_error already takes care
> of releasing dst - via kfree_skb() > __kfree_skb() > skb_release_all() >
> skb_relea
On Tue, Mar 15, 2016 at 01:28:01PM +0100, Steffen Klassert wrote:
> On Mon, Mar 14, 2016 at 09:52:05PM +, Mark McKinstry wrote:
> > Your patch adds a dst_release() call to my suggested fix, but this is
> > problematic because the kfree_skb() call at tx_error already tak
On Wed, Mar 30, 2016 at 09:04:03PM +, Mark McKinstry wrote:
> I've tested this patch in our scenario and I can confirm that it still
> fixes all of our issues.
I've applied the patch to the ipsec tree now.
Thanks for testing!
--
To unsubscribe from this list: send the line "unsubscribe linux-
passing them to crypto. If we try to avoid the
linearization with skb_cow_data in IPsec esp4/esp6 this incompatibility
becomes visible.
Signed-off-by: Steffen Klassert
---
Herbert, I could not find out why this PAGE_SIZE limit is in place.
So not sure if this is the right fix. Also, would it be
On Mon, Apr 25, 2016 at 06:05:27PM +0800, Herbert Xu wrote:
> On Thu, Apr 21, 2016 at 09:14:51AM +0200, Steffen Klassert wrote:
> > The network layer tries to allocate high order pages for skb_buff
> > fragments, this leads to problems if we pass such a buffer to
> > crypto b
On Tue, May 03, 2016 at 05:55:31PM +0800, Herbert Xu wrote:
> On Thu, Apr 28, 2016 at 10:27:43AM +0200, Steffen Klassert wrote:
> >
> > The problem was that if offset (in a superpage) equals
> > PAGE_SIZE in hash_walk_next(), nbytes becomes zero. So
> > we map the page,
On Wed, May 04, 2016 at 05:52:56PM +0800, Herbert Xu wrote:
> On Wed, May 04, 2016 at 11:34:20AM +0200, Steffen Klassert wrote:
> >
> > Hmm, the 'sleeping while atomic' because of not unmapping
> > the page goes away, but now I see a lot of IPsec ICV fails
>
Hi Jason.
On Tue, Jun 14, 2016 at 11:00:54PM +0200, Jason A. Donenfeld wrote:
> Hi Steffen & Folks,
>
> I submit a job to padata_do_parallel(). When the parallel() function
> triggers, I do some things, and then call padata_do_serial(). Finally
> the serial() function triggers, where I complete t
On Tue, Jun 21, 2016 at 04:53:21PM +0800, Herbert Xu wrote:
> Hi:
>
> I finally got around to working on this. I quickly gave up on the
> notion of hijacking the queued requests as we may end up overwhelming
> our caller.
>
> So the solution is the obvious one of using cryptd as long as there
>
On Tue, May 26, 2015 at 03:41:10PM -0700, Alexander Duyck wrote:
> These patches are meant to try and address the fact the VTI tunnels are
> currently overwriting the skb->mark value. I am generally happy with the
> first two patches, however the third patch still modifies the skb->mark,
> though
On Wed, May 27, 2015 at 04:01:05PM +0800, Herbert Xu wrote:
> Hi:
>
> The only changes from the last version are that set_ad no longer
> takes a cryptoff argument and testmgr has been updated to always
> supply space for the authentication tag.
>
> The algif_aead patch has been removed and will b
On Wed, May 27, 2015 at 05:29:22PM +0800, Herbert Xu wrote:
> On Wed, May 27, 2015 at 11:25:33AM +0200, Steffen Klassert wrote:
> >
> > Not sure if I missed something in the flood of patches, but if I
> > apply your v3 patchset on top of the cryptodev tree, it crashes
>
On Thu, May 28, 2015 at 12:49:19PM +0800, Herbert Xu wrote:
> On Wed, May 27, 2015 at 10:40:32AM -0700, Alexander Duyck wrote:
> > This change makes it so that we use icmpv6_send to report PMTU issues back
> > into tunnels in the case that the resulting packet is larger than the MTU
> > of the outg
On Wed, May 27, 2015 at 10:40:32AM -0700, Alexander Duyck wrote:
> This change makes it so that we use icmpv6_send to report PMTU issues back
> into tunnels in the case that the resulting packet is larger than the MTU
> of the outgoing interface. Previously xfrm_local_error was being used in
> thi
On Wed, May 27, 2015 at 07:16:37AM -0700, Alexander Duyck wrote:
> These patches are meant to try and address the fact the VTI tunnels are
> currently overwriting the skb->mark value. I am generally happy with the
> first two patches, however the third patch still modifies the skb->mark,
> though
On Thu, May 28, 2015 at 12:18:51AM -0700, Alexander Duyck wrote:
> On 05/27/2015 10:36 PM, Steffen Klassert wrote:
> >On Wed, May 27, 2015 at 10:40:32AM -0700, Alexander Duyck wrote:
> >>This change makes it so that we use icmpv6_send to report PMTU issues back
> >>in
todev
> > tree.
>
> The patches look fine to me. Steffen, what do you think?
I'm fine with this. If you want to merge this series through the
cryptodev tree, feel free to add a
Acked-by: Steffen Klassert
--
To unsubscribe from this list: send the line "unsubscribe linux-crypt
On Thu, Aug 13, 2015 at 05:28:52PM +0800, Herbert Xu wrote:
> Now that seqniv is identical with seqiv we no longer need it.
>
> Signed-off-by: Herbert Xu
Acked-by: Steffen Klassert
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of
On Mon, Oct 19, 2015 at 05:23:29PM -0400, Sowmini Varadhan wrote:
> On sparc, deleting established SAs (e.g., by restarting ipsec
> at the peer) results in unaligned access messages via
> xfrm_del_sa -> km_state_notify -> xfrm_send_state_notify().
> Use an aligned pointer to xfrm_usersa_info for th
On Tue, Dec 01, 2015 at 12:59:53PM -0500, Sowmini Varadhan wrote:
>
> I instrumented iperf with and without ipsec, just using esp-null,
> and 1 thread, to keep things simple. I'm seeing some pretty dismal
> performance numbers with ipsec, and trying to think of ways to
> improve this. Here are m
On Wed, Dec 02, 2015 at 07:05:38AM -0500, Sowmini Varadhan wrote:
> On (12/02/15 07:53), Steffen Klassert wrote:
> >
> > I'm currently working on a GRO/GSO codepath for IPsec too. The GRO part
> > works already. I decapsulate/decrypt the packets on layer2 with a esp GRO
On Thu, Dec 03, 2015 at 06:38:20AM -0500, Sowmini Varadhan wrote:
> On (12/03/15 09:45), Steffen Klassert wrote:
> > pcrypt(echainiv(authenc(hmac(sha1-ssse3),cbc-aes-aesni)))
> >
> > Result:
> >
&
On Thu, Dec 03, 2015 at 06:38:20AM -0500, Sowmini Varadhan wrote:
> On (12/03/15 09:45), Steffen Klassert wrote:
> > pcrypt(echainiv(authenc(hmac(sha1-ssse3),cbc-aes-aesni)))
> >
> > Result:
> >
&
On Mon, Dec 07, 2015 at 06:27:48AM -0500, Sowmini Varadhan wrote:
> On (12/07/15 09:40), Steffen Klassert wrote:
> >
> > I've pushed it to
> >
> > https://git.kernel.org/cgit/linux/kernel/git/klassert/linux-stk.git/log/?h=net-next-ipsec-offload
> >
>
On Thu, Mar 23, 2017 at 12:03:43AM +0100, Jason A. Donenfeld wrote:
> Hey Steffen,
>
> WireGuard makes really heavy use of padata, feeding it units of work
> from different cores in different contexts all at the same time. For
> the most part, everything has been fine, but one particular user has
is locked, call to
> list_entry is not locked, which means it's feasible that two threads
> pick up the same padata object and subsequently call list_add_tail on
> them at the same time. The fix is thus be hoist that lock outside of
> that block.
>
> Signed-off-by: Jason A. Donenfeld
Acked-by: Steffen Klassert
On Thu, Apr 06, 2017 at 01:58:32PM -0700, David Miller wrote:
> From: Herbert Xu
> Date: Thu, 6 Apr 2017 16:15:09 +0800
>
> > As the final patch depends on all three it would be easiest if
> > we pushed the xfrm patch through the crypto tree. Steffen/David?
>
> No objections from me for this go
he in-kernel CRYPTO_MAX_ALG_NAME value.
>
> Signed-off-by: Herbert Xu
Acked-by: Steffen Klassert
y: Dan Carpenter
This looks ok,
Acked-by: Steffen Klassert
On Thu, Apr 13, 2017 at 11:52:13AM +0200, Jason A. Donenfeld wrote:
> Allow users of padata to determine the queue length themselves, via this
> added helper function, so that we can later remove the hard-coded 1000-
> job limit. We thus add a helper function, and then move the limiting
> functiona
Sorry for replying to old mail...
On Wed, Jun 14, 2017 at 11:37:39AM -0700, Dave Watson wrote:
> +static int tls_do_encryption(struct tls_context *tls_ctx,
> + struct tls_sw_context *ctx, size_t data_len,
> + gfp_t flags)
> +{
> + unsigned int
On Tue, Jul 11, 2017 at 11:53:11AM -0700, Dave Watson wrote:
> On 07/11/17 08:29 AM, Steffen Klassert wrote:
> > Sorry for replying to old mail...
> > > +int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx)
> > > +{
> >
> > ...
>
On Thu, Jul 13, 2017 at 04:51:10PM +0200, Stephan Müller wrote:
> Am Donnerstag, 13. Juli 2017, 16:22:32 CEST schrieb Christian Langrock:
>
> Hi Christian,
>
> > With this patch it's possible to use crypto user API form all
> > network namespaces, not only form the initial net ns.
>
> Is this wi
- Fix use after free on padata_free
kobject_put is called from padata_free for the padata kobject.
The kobject's release function frees the padata instance,
so don't call kobject_put for the padata kobject from pcrypt.
Signed-off-by: Steffen Klassert
---
crypto/pcrypt.c |1 -
1 files change
This patchset adds support for IPsec extended (64-bit) sequence numbers for
esp as defined in RFC 4303. Also it adds support for anti-replay windows
bigger than 32 packets. To make use of big anti-replay windows and extended
sequence numbers, new userspace tools are needed. An example patch for
ipr
A lot of crypto algorithms implement their own chaining function.
So add a generic one that can be used from all the algorithms that
need scatterlist chaining.
Signed-off-by: Steffen Klassert
---
include/crypto/scatterwalk.h | 15 +++
1 files changed, 15 insertions(+), 0 deletions
Use scatterwalk_crypto_chain in favor of locally defined chaining functions.
Signed-off-by: Steffen Klassert
---
crypto/authenc.c | 22 --
crypto/eseqiv.c | 18 ++
crypto/gcm.c | 19 ++-
3 files changed, 8 insertions(+), 51
ESP with separate encryption/authentication algorithms needs a special
treatment for the associated data. This patch add a new algorithm that
handles esp with extended sequence numbers.
Signed-off-by: Steffen Klassert
---
crypto/Makefile |2 +-
crypto/authencesn.c | 821
of extended sequence numbers.
Signed-off-by: Steffen Klassert
---
include/linux/xfrm.h | 12
include/net/xfrm.h |7 +++
2 files changed, 19 insertions(+), 0 deletions(-)
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
index b971e38..9eeefb1 100644
--- a/include
To support IPsec extended sequence numbers, we split the
output sequence numbers of xfrm_skb_cb in low and high order 32 bits
and we add the high order 32 bits to the input sequence numbers.
All users are updated accordingly.
Signed-off-by: Steffen Klassert
---
include/net/xfrm.h | 10
This patch adds IPsec extended sequence numbers support to esp4.
We use the authencesn crypto algorithm to handle esp with separate
encryption/authentication algorithms.
Signed-off-by: Steffen Klassert
---
net/ipv4/esp4.c | 98 --
1 files
this patch adds IPsec extended sequence numbers support to esp6.
We use the authencesn crypto algorithm to handle esp with separate
encryption/authentication algorithms.
Signed-off-by: Steffen Klassert
---
net/ipv6/esp6.c | 103 --
1 files
To support multiple versions of replay detection, we move the replay
detection functions to a separate file and make them accessible
via function pointers contained in the struct xfrm_replay.
Signed-off-by: Steffen Klassert
---
include/net/xfrm.h | 24 ++-
net/xfrm/Makefile
implementation
untouched to stay in sync with old userspace tools.
Signed-off-by: Steffen Klassert
---
net/xfrm/xfrm_replay.c | 185 +++-
1 files changed, 184 insertions(+), 1 deletions(-)
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index
This patch adds support for IPsec extended sequence numbers (esn)
as defined in RFC 4303. The bits to manage the anti-replay window
are based on a patch from Alex Badea.
Signed-off-by: Steffen Klassert
---
include/net/xfrm.h |1 +
net/xfrm/xfrm_input.c |4 +
net/xfrm/xfrm_replay.c
. If this flag is not
set we use the new implementation with 32 bit sequence numbers.
A big anti-replay window can be configured in this case anyway.
Signed-off-by: Steffen Klassert
---
net/xfrm/xfrm_state.c |2 +
net/xfrm/xfrm_user.c | 99 ++---
2
Signed-off-by: Steffen Klassert
---
include/linux/xfrm.h | 12
ip/ipxfrm.c |8 +++-
ip/xfrm_state.c | 37 +
3 files changed, 48 insertions(+), 9 deletions(-)
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
kobject_put is called from padata_free for the padata kobject.
The kobject's release function frees the padata instance,
so don't call kobject_put for the padata kobject from pcrypt.
Reported-by: Randy Dunlap
Signed-off-by: Steffen Klassert
Tested-by: Randy Dunlap
---
crypto/pcryp
On Fri, Nov 26, 2010 at 04:49:15PM +0800, Herbert Xu wrote:
> On Fri, Nov 26, 2010 at 08:49:17AM +0100, Steffen Klassert wrote:
> > kobject_put is called from padata_free for the padata kobject.
> > The kobject's release function frees the padata instance,
> > so don&
Sorry for the huge delay...
On Thu, Dec 02, 2010 at 03:29:47PM +0800, Herbert Xu wrote:
> On Mon, Nov 22, 2010 at 11:30:14AM +0100, Steffen Klassert wrote:
> >
> > @@ -205,11 +228,18 @@ static int esp_output(struct xfrm_state *x, struct
> > sk_buff *skb)
> &g
This patchset adds support for IPsec extended (64-bit) sequence numbers for
esp as defined in RFC 4303. Also it adds support for anti-replay windows
bigger than 32 packets. To make use of big anti-replay windows and extended
sequence numbers, new userspace tools are needed. An example patch for
ipr
ESP with separate encryption/authentication algorithms needs a special
treatment for the associated data. This patch add a new algorithm that
handles esp with extended sequence numbers.
Signed-off-by: Steffen Klassert
---
crypto/Makefile |2 +-
crypto/authencesn.c | 835
of extended sequence numbers.
Signed-off-by: Steffen Klassert
---
include/linux/xfrm.h | 12
include/net/xfrm.h |7 +++
2 files changed, 19 insertions(+), 0 deletions(-)
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
index b93d6f5..22e61fd 100644
--- a/include
To support IPsec extended sequence numbers, we split the
output sequence numbers of xfrm_skb_cb in low and high order 32 bits
and we add the high order 32 bits to the input sequence numbers.
All users are updated accordingly.
Signed-off-by: Steffen Klassert
---
include/net/xfrm.h | 10
This patch adds IPsec extended sequence numbers support to esp4.
We use the authencesn crypto algorithm to handle esp with separate
encryption/authentication algorithms.
Signed-off-by: Steffen Klassert
---
net/ipv4/esp4.c | 100 +--
1 files
This patch adds IPsec extended sequence numbers support to esp6.
We use the authencesn crypto algorithm to handle esp with separate
encryption/authentication algorithms.
Signed-off-by: Steffen Klassert
---
net/ipv6/esp6.c | 105 +--
1 files
To support multiple versions of replay detection, we move the replay
detection functions to a separate file and make them accessible
via function pointers contained in the struct xfrm_replay.
Signed-off-by: Steffen Klassert
---
include/net/xfrm.h | 24 +++--
net/xfrm/Makefile
implementation
untouched to stay in sync with old userspace tools.
Signed-off-by: Steffen Klassert
---
net/xfrm/xfrm_replay.c | 207 +++-
1 files changed, 206 insertions(+), 1 deletions(-)
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index
This patch adds support for IPsec extended sequence numbers (esn)
as defined in RFC 4303. The bits to manage the anti-replay window
are based on a patch from Alex Badea.
Signed-off-by: Steffen Klassert
---
include/net/xfrm.h |1 +
net/xfrm/xfrm_input.c |4 +
net/xfrm/xfrm_replay.c
. If this flag is not
set we use the new implementation with 32 bit sequence numbers.
A big anti-replay window can be configured in this case anyway.
Signed-off-by: Steffen Klassert
---
net/xfrm/xfrm_state.c |2 +
net/xfrm/xfrm_user.c | 99 ++---
2
---
The patch is based on branch 'net-next' of
git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git
include/linux/xfrm.h | 12
ip/ipxfrm.c |8 +++-
ip/xfrm_state.c | 35 ---
3 files changed, 47 insertions(+)
On Sun, Mar 13, 2011 at 02:30:17PM +0800, Herbert Xu wrote:
> On Tue, Mar 08, 2011 at 11:04:58AM +0100, Steffen Klassert wrote:
> >
> > + return crypto_authenc_esn_genicv(req, iv, CRYPTO_TFM_REQ_MAY_SLEEP);
>
> BTW, we should get rid of these MAY_SLEEP flags. Originally
On Mon, Mar 14, 2011 at 05:39:07PM +0800, Herbert Xu wrote:
> >
> > Not sure if I get you right, but we do not set this flag here.
> > We use it to mask the flags we got from the request, so we pass
> > this flag to the ahash algorithm just if it was set by the
> > original aead request.
>
> Inde
This patchset adds a netlink based user configuration API for the crypto
layer, similar to the configuration API of xfrm.
The patchset is based on the current cryptodev-2.6 tree and also available
at branch 'crypto-user-config-api' of
git://git.kernel.org/pub/scm/linux/kernel/git/klassert/linux-s
. With this we can keep the priority consistent if
one of the underlying algorithms changes the priority.
Signed-off-by: Steffen Klassert
---
crypto/authenc.c|4 ++--
crypto/authencesn.c |4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/crypto/authenc.c b/crypto
The upcomming crypto user configuration api needs to identify
crypto instances. This patch adds a flag that is set if the
algorithm is an instance that is build from templates.
Signed-off-by: Steffen Klassert
---
crypto/algapi.c|1 +
include/linux/crypto.h |5 +
2 files
This patch adds a basic userspace configuration API for the crypto layer.
With this it is possible to instantiate, update, remove and to show
crypto algorithms from userspace.
Signed-off-by: Steffen Klassert
---
crypto/Kconfig |7 +
crypto/Makefile|1 +
crypto
We add a report function pointer to struct crypto_type. This function
pointer is used from the crypto userspace configuration API to report
crypto algorithms to userspace.
Signed-off-by: Steffen Klassert
---
crypto/crypto_user.c|8
include/crypto/algapi.h |2 ++
2 files
Signed-off-by: Steffen Klassert
---
crypto/crypto_user.c | 13 +
include/linux/cryptouser.h |6 ++
2 files changed, 19 insertions(+), 0 deletions(-)
diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
index 49f302a..fa68965 100644
--- a/crypto/crypto_user.c
Signed-off-by: Steffen Klassert
---
crypto/shash.c | 25 +
include/linux/cryptouser.h |7 +++
2 files changed, 32 insertions(+), 0 deletions(-)
diff --git a/crypto/shash.c b/crypto/shash.c
index 76f74b9..d27a134 100644
--- a/crypto/shash.c
+++ b
Signed-off-by: Steffen Klassert
---
crypto/ahash.c | 27 +++
include/linux/cryptouser.h |8
2 files changed, 35 insertions(+), 0 deletions(-)
diff --git a/crypto/ahash.c b/crypto/ahash.c
index f669822..5dce6a0 100644
--- a/crypto/ahash.c
+++ b
Signed-off-by: Steffen Klassert
---
crypto/blkcipher.c | 29 +
include/linux/cryptouser.h | 10 ++
2 files changed, 39 insertions(+), 0 deletions(-)
diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
index 7a72192..b85a67d 100644
--- a/crypto
Signed-off-by: Steffen Klassert
---
crypto/ablkcipher.c| 31 +++
include/linux/cryptouser.h | 11 +++
2 files changed, 42 insertions(+), 0 deletions(-)
diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c
index fdc67d3..d9b6717 100644
--- a
Signed-off-by: Steffen Klassert
---
crypto/ablkcipher.c| 29 +
include/linux/cryptouser.h |1 +
2 files changed, 30 insertions(+), 0 deletions(-)
diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c
index d9b6717..c19d14b 100644
--- a/crypto
Signed-off-by: Steffen Klassert
---
crypto/aead.c | 31 +++
include/linux/cryptouser.h | 10 ++
2 files changed, 41 insertions(+), 0 deletions(-)
diff --git a/crypto/aead.c b/crypto/aead.c
index 6729e8f..25793b7 100644
--- a/crypto/aead.c
Signed-off-by: Steffen Klassert
---
crypto/aead.c | 29 +
include/linux/cryptouser.h |1 +
2 files changed, 30 insertions(+), 0 deletions(-)
diff --git a/crypto/aead.c b/crypto/aead.c
index 25793b7..218ecc8 100644
--- a/crypto/aead.c
+++ b/crypto
Signed-off-by: Steffen Klassert
---
crypto/pcompress.c | 22 ++
include/linux/cryptouser.h |5 +
2 files changed, 27 insertions(+), 0 deletions(-)
diff --git a/crypto/pcompress.c b/crypto/pcompress.c
index f7c4a7d..3fc8ed7 100644
--- a/crypto/pcompress.c
Signed-off-by: Steffen Klassert
---
crypto/rng.c | 24
include/linux/cryptouser.h |6 ++
2 files changed, 30 insertions(+), 0 deletions(-)
diff --git a/crypto/rng.c b/crypto/rng.c
index 45229ae..3051375 100644
--- a/crypto/rng.c
+++ b/crypto
Signed-off-by: Steffen Klassert
---
crypto/crypto_user.c | 29 +
include/linux/cryptouser.h |8
2 files changed, 37 insertions(+), 0 deletions(-)
diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
index fa68965..82f9fad 100644
--- a/crypto
Signed-off-by: Steffen Klassert
---
crypto/crypto_user.c | 21 +
include/linux/cryptouser.h |1 +
2 files changed, 22 insertions(+), 0 deletions(-)
diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
index 82f9fad..be6a193 100644
--- a/crypto/crypto_user.c
1 - 100 of 383 matches
Mail list logo
