[PATCH] crypto: akcipher: fix typos in include/crypto/akcipher.h

[LABBE Corentin]

Fix numerous spelling error in include/crypto/akcipher.h

Signed-off-by: LABBE Corentin 
---
 include/crypto/akcipher.h | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h
index 45cd5b3..354de15 100644
--- a/include/crypto/akcipher.h
+++ b/include/crypto/akcipher.h
@@ -21,9 +21,9 @@
  * @src:   Source data
  * @dst:   Destination data
  * @src_len:   Size of the input buffer
- * @dst_len:   Size of the output buffer. It needs to be at leaset
+ * @dst_len:   Size of the output buffer. It needs to be at least
  * as big as the expected result depending on the operation
- * After operation it will be updated with the acctual size of the
+ * After operation it will be updated with the actual size of the
  * result.
  * In case of error where the dst sgl size was insufficient,
  * it will be updated to the size required for the operation.
@@ -59,7 +59,7 @@ struct crypto_akcipher {
  * algorithm. In case of error, where the dst_len was insufficient,
  * the req->dst_len will be updated to the size required for the
  * operation
- * @encrypt:   Function performs an encrytp operation as defined by public key
+ * @encrypt:   Function performs an encrypt operation as defined by public key
  * algorithm. In case of error, where the dst_len was insufficient,
  * the req->dst_len will be updated to the size required for the
  * operation
@@ -73,7 +73,7 @@ struct crypto_akcipher {
  * @set_priv_key: Function invokes the algorithm specific set private key
  * function, which knows how to decode and interpret
  * the BER encoded private key
- * @max_size:  Function returns dest buffer size reqired for a given key.
+ * @max_size:  Function returns dest buffer size required for a given key.
  * @init:  Initialize the cryptographic transformation object.
  * This function is used to initialize the cryptographic
  * transformation object. This function is called only once at
@@ -232,7 +232,7 @@ static inline void akcipher_request_set_callback(struct 
akcipher_request *req,
 }
 
 /**
- * akcipher_request_set_crypt() -- Sets reqest parameters
+ * akcipher_request_set_crypt() -- Sets request parameters
  *
  * Sets parameters required by crypto operation
  *
-- 
2.4.10

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v2 1/4] crypto: hash: add zero length message hash for shax and md5

[LABBE Corentin]

Some crypto drivers cannot process empty data message and return a
precalculated hash for md5/sha1/sha224/sha256.

This patch add thoses precalculated hash in include/crypto.

Signed-off-by: LABBE Corentin 
---
 crypto/md5.c|  6 ++
 crypto/sha1_generic.c   |  7 +++
 crypto/sha256_generic.c | 16 
 include/crypto/md5.h|  2 ++
 include/crypto/sha.h|  6 ++
 5 files changed, 37 insertions(+)

diff --git a/crypto/md5.c b/crypto/md5.c
index 33d17e9..2355a7c 100644
--- a/crypto/md5.c
+++ b/crypto/md5.c
@@ -24,6 +24,12 @@
 #include 
 #include 
 
+const u8 md5_zero_message_hash[MD5_DIGEST_SIZE] = {
+   0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
+   0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e,
+};
+EXPORT_SYMBOL_GPL(md5_zero_message_hash);
+
 /* XXX: this stuff can be optimized */
 static inline void le32_to_cpu_array(u32 *buf, unsigned int words)
 {
diff --git a/crypto/sha1_generic.c b/crypto/sha1_generic.c
index 39e3acc..6877cbb 100644
--- a/crypto/sha1_generic.c
+++ b/crypto/sha1_generic.c
@@ -26,6 +26,13 @@
 #include 
 #include 
 
+const u8 sha1_zero_message_hash[SHA1_DIGEST_SIZE] = {
+   0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
+   0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
+   0xaf, 0xd8, 0x07, 0x09
+};
+EXPORT_SYMBOL_GPL(sha1_zero_message_hash);
+
 static void sha1_generic_block_fn(struct sha1_state *sst, u8 const *src,
  int blocks)
 {
diff --git a/crypto/sha256_generic.c b/crypto/sha256_generic.c
index 7843116..8f9c47e 100644
--- a/crypto/sha256_generic.c
+++ b/crypto/sha256_generic.c
@@ -27,6 +27,22 @@
 #include 
 #include 
 
+const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE] = {
+   0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9, 0x47,
+   0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4, 0x15, 0xa2,
+   0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a, 0xc5, 0xb3, 0xe4,
+   0x2f
+};
+EXPORT_SYMBOL_GPL(sha224_zero_message_hash);
+
+const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE] = {
+   0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
+   0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
+   0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
+   0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
+};
+EXPORT_SYMBOL_GPL(sha256_zero_message_hash);
+
 static inline u32 Ch(u32 x, u32 y, u32 z)
 {
return z ^ (x & (y ^ z));
diff --git a/include/crypto/md5.h b/include/crypto/md5.h
index 146af82..327deac 100644
--- a/include/crypto/md5.h
+++ b/include/crypto/md5.h
@@ -13,6 +13,8 @@
 #define MD5_H2 0x98badcfeUL
 #define MD5_H3 0x10325476UL
 
+extern const u8 md5_zero_message_hash[MD5_DIGEST_SIZE];
+
 struct md5_state {
u32 hash[MD5_HASH_WORDS];
u32 block[MD5_BLOCK_WORDS];
diff --git a/include/crypto/sha.h b/include/crypto/sha.h
index dd7905a..c94d3eb 100644
--- a/include/crypto/sha.h
+++ b/include/crypto/sha.h
@@ -64,6 +64,12 @@
 #define SHA512_H6  0x1f83d9abfb41bd6bULL
 #define SHA512_H7  0x5be0cd19137e2179ULL
 
+extern const u8 sha1_zero_message_hash[SHA1_DIGEST_SIZE];
+
+extern const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE];
+
+extern const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE];
+
 struct sha1_state {
u32 state[SHA1_DIGEST_SIZE / 4];
u64 count;
-- 
2.4.10

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v2 4/4] crypto: ux500: Use precalculated hash from headers

[LABBE Corentin]

Precalculated hash for empty message are now present in hash headers.
This patch just use them.

Signed-off-by: LABBE Corentin 
---
 drivers/crypto/ux500/hash/hash_core.c | 20 ++--
 1 file changed, 2 insertions(+), 18 deletions(-)

diff --git a/drivers/crypto/ux500/hash/hash_core.c 
b/drivers/crypto/ux500/hash/hash_core.c
index f47d112..d6fdc58 100644
--- a/drivers/crypto/ux500/hash/hash_core.c
+++ b/drivers/crypto/ux500/hash/hash_core.c
@@ -41,22 +41,6 @@ static int hash_mode;
 module_param(hash_mode, int, 0);
 MODULE_PARM_DESC(hash_mode, "CPU or DMA mode. CPU = 0 (default), DMA = 1");
 
-/**
- * Pre-calculated empty message digests.
- */
-static const u8 zero_message_hash_sha1[SHA1_DIGEST_SIZE] = {
-   0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
-   0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
-   0xaf, 0xd8, 0x07, 0x09
-};
-
-static const u8 zero_message_hash_sha256[SHA256_DIGEST_SIZE] = {
-   0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
-   0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
-   0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
-   0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
-};
-
 /* HMAC-SHA1, no key */
 static const u8 zero_message_hmac_sha1[SHA1_DIGEST_SIZE] = {
0xfb, 0xdb, 0x1d, 0x1b, 0x18, 0xaa, 0x6c, 0x08,
@@ -242,13 +226,13 @@ static int get_empty_message_digest(
 
if (HASH_OPER_MODE_HASH == ctx->config.oper_mode) {
if (HASH_ALGO_SHA1 == ctx->config.algorithm) {
-   memcpy(zero_hash, _message_hash_sha1[0],
+   memcpy(zero_hash, _zero_message_hash[0],
   SHA1_DIGEST_SIZE);
*zero_hash_size = SHA1_DIGEST_SIZE;
*zero_digest = true;
} else if (HASH_ALGO_SHA256 ==
ctx->config.algorithm) {
-   memcpy(zero_hash, _message_hash_sha256[0],
+   memcpy(zero_hash, _zero_message_hash[0],
   SHA256_DIGEST_SIZE);
*zero_hash_size = SHA256_DIGEST_SIZE;
*zero_digest = true;
-- 
2.4.10

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v2 3/4] crypto: ccp: Use precalculated hash from headers

[LABBE Corentin]

Precalculated hash for empty message are now present in hash headers.
This patch just use them.

Signed-off-by: LABBE Corentin 
Tested-by: Tom Lendacky 
Acked-by: Tom Lendacky 
---
 drivers/crypto/ccp/ccp-ops.c | 39 ---
 1 file changed, 8 insertions(+), 31 deletions(-)

diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c
index c6e883b..6613aee 100644
--- a/drivers/crypto/ccp/ccp-ops.c
+++ b/drivers/crypto/ccp/ccp-ops.c
@@ -152,32 +152,6 @@ static const __be32 ccp_sha256_init[CCP_SHA_CTXSIZE / 
sizeof(__be32)] = {
cpu_to_be32(SHA256_H6), cpu_to_be32(SHA256_H7),
 };
 
-/* The CCP cannot perform zero-length sha operations so the caller
- * is required to buffer data for the final operation.  However, a
- * sha operation for a message with a total length of zero is valid
- * so known values are required to supply the result.
- */
-static const u8 ccp_sha1_zero[CCP_SHA_CTXSIZE] = {
-   0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
-   0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
-   0xaf, 0xd8, 0x07, 0x09, 0x00, 0x00, 0x00, 0x00,
-   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-};
-
-static const u8 ccp_sha224_zero[CCP_SHA_CTXSIZE] = {
-   0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9,
-   0x47, 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4,
-   0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a,
-   0xc5, 0xb3, 0xe4, 0x2f, 0x00, 0x00, 0x00, 0x00,
-};
-
-static const u8 ccp_sha256_zero[CCP_SHA_CTXSIZE] = {
-   0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
-   0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
-   0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
-   0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55,
-};
-
 static u32 ccp_addr_lo(struct ccp_dma_info *info)
 {
return lower_32_bits(info->address + info->offset);
@@ -1391,18 +1365,21 @@ static int ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, 
struct ccp_cmd *cmd)
if (sha->msg_bits)
return -EINVAL;
 
-   /* A sha operation for a message with a total length of zero,
-* return known result.
+   /* The CCP cannot perform zero-length sha operations so the
+* caller is required to buffer data for the final operation.
+* However, a sha operation for a message with a total length
+* of zero is valid so known values are required to supply
+* the result.
 */
switch (sha->type) {
case CCP_SHA_TYPE_1:
-   sha_zero = ccp_sha1_zero;
+   sha_zero = sha1_zero_message_hash;
break;
case CCP_SHA_TYPE_224:
-   sha_zero = ccp_sha224_zero;
+   sha_zero = sha224_zero_message_hash;
break;
case CCP_SHA_TYPE_256:
-   sha_zero = ccp_sha256_zero;
+   sha_zero = sha256_zero_message_hash;
break;
default:
return -EINVAL;
-- 
2.4.10

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v2 2/4] crypto: niagara: Use precalculated hash from headers

[LABBE Corentin]

Precalculated hash for empty message are now present in hash headers.
This patch just use them.

Signed-off-by: LABBE Corentin 
---
 drivers/crypto/n2_core.c | 33 ++---
 1 file changed, 6 insertions(+), 27 deletions(-)

diff --git a/drivers/crypto/n2_core.c b/drivers/crypto/n2_core.c
index 5450880..febbd5e 100644
--- a/drivers/crypto/n2_core.c
+++ b/drivers/crypto/n2_core.c
@@ -241,7 +241,7 @@ static inline bool n2_should_run_async(struct spu_queue 
*qp, int this_len)
 
 struct n2_ahash_alg {
struct list_headentry;
-   const char  *hash_zero;
+   const u8*hash_zero;
const u32   *hash_init;
u8  hw_op_hashsz;
u8  digest_size;
@@ -1267,7 +1267,7 @@ static LIST_HEAD(cipher_algs);
 
 struct n2_hash_tmpl {
const char  *name;
-   const char  *hash_zero;
+   const u8*hash_zero;
const u32   *hash_init;
u8  hw_op_hashsz;
u8  digest_size;
@@ -1276,40 +1276,19 @@ struct n2_hash_tmpl {
u8  hmac_type;
 };
 
-static const char md5_zero[MD5_DIGEST_SIZE] = {
-   0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
-   0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e,
-};
 static const u32 md5_init[MD5_HASH_WORDS] = {
cpu_to_le32(MD5_H0),
cpu_to_le32(MD5_H1),
cpu_to_le32(MD5_H2),
cpu_to_le32(MD5_H3),
 };
-static const char sha1_zero[SHA1_DIGEST_SIZE] = {
-   0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, 0x32,
-   0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8,
-   0x07, 0x09
-};
 static const u32 sha1_init[SHA1_DIGEST_SIZE / 4] = {
SHA1_H0, SHA1_H1, SHA1_H2, SHA1_H3, SHA1_H4,
 };
-static const char sha256_zero[SHA256_DIGEST_SIZE] = {
-   0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a,
-   0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae,
-   0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99,
-   0x1b, 0x78, 0x52, 0xb8, 0x55
-};
 static const u32 sha256_init[SHA256_DIGEST_SIZE / 4] = {
SHA256_H0, SHA256_H1, SHA256_H2, SHA256_H3,
SHA256_H4, SHA256_H5, SHA256_H6, SHA256_H7,
 };
-static const char sha224_zero[SHA224_DIGEST_SIZE] = {
-   0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9, 0x47,
-   0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4, 0x15, 0xa2,
-   0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a, 0xc5, 0xb3, 0xe4,
-   0x2f
-};
 static const u32 sha224_init[SHA256_DIGEST_SIZE / 4] = {
SHA224_H0, SHA224_H1, SHA224_H2, SHA224_H3,
SHA224_H4, SHA224_H5, SHA224_H6, SHA224_H7,
@@ -1317,7 +1296,7 @@ static const u32 sha224_init[SHA256_DIGEST_SIZE / 4] = {
 
 static const struct n2_hash_tmpl hash_tmpls[] = {
{ .name = "md5",
- .hash_zero= md5_zero,
+ .hash_zero= md5_zero_message_hash,
  .hash_init= md5_init,
  .auth_type= AUTH_TYPE_MD5,
  .hmac_type= AUTH_TYPE_HMAC_MD5,
@@ -1325,7 +1304,7 @@ static const struct n2_hash_tmpl hash_tmpls[] = {
  .digest_size  = MD5_DIGEST_SIZE,
  .block_size   = MD5_HMAC_BLOCK_SIZE },
{ .name = "sha1",
- .hash_zero= sha1_zero,
+ .hash_zero= sha1_zero_message_hash,
  .hash_init= sha1_init,
  .auth_type= AUTH_TYPE_SHA1,
  .hmac_type= AUTH_TYPE_HMAC_SHA1,
@@ -1333,7 +1312,7 @@ static const struct n2_hash_tmpl hash_tmpls[] = {
  .digest_size  = SHA1_DIGEST_SIZE,
  .block_size   = SHA1_BLOCK_SIZE },
{ .name = "sha256",
- .hash_zero= sha256_zero,
+ .hash_zero= sha256_zero_message_hash,
  .hash_init= sha256_init,
  .auth_type= AUTH_TYPE_SHA256,
  .hmac_type= AUTH_TYPE_HMAC_SHA256,
@@ -1341,7 +1320,7 @@ static const struct n2_hash_tmpl hash_tmpls[] = {
  .digest_size  = SHA256_DIGEST_SIZE,
  .block_size   = SHA256_BLOCK_SIZE },
{ .name = "sha224",
- .hash_zero= sha224_zero,
+ .hash_zero= sha224_zero_message_hash,
  .hash_init= sha224_init,
  .auth_type= AUTH_TYPE_SHA256,
  .hmac_type= AUTH_TYPE_RESERVED,
-- 
2.4.10

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v2 0/4] crypto: add precalculated hash for zero message length

[LABBE Corentin]

Hello

Some crypto drivers cannot process empty data message and so rely on
precalculated hash.
This patch series add precalculated hash in headers and
make the drivers use them.

Using those precalculated hash make some additionnal constify patch necessary.

Changes since v1
- Moved arrays from headers to c file and made them EXPORT.

LABBE Corentin (4):
  crypto: hash: add zero length message hash for shax and md5
  crypto: niagara: Use precalculated hash from headers
  crypto: ccp: Use precalculated hash from headers
  crypto: ux500: Use precalculated hash from headers

 crypto/md5.c  |  6 ++
 crypto/sha1_generic.c |  7 +++
 crypto/sha256_generic.c   | 16 ++
 drivers/crypto/ccp/ccp-ops.c  | 39 +++
 drivers/crypto/n2_core.c  | 33 ++---
 drivers/crypto/ux500/hash/hash_core.c | 20 ++
 include/crypto/md5.h  |  2 ++
 include/crypto/sha.h  |  6 ++
 8 files changed, 53 insertions(+), 76 deletions(-)

-- 
2.4.10

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: ipsec impact on performance

[Sowmini Varadhan]

On (12/08/15 12:32), Steffen Klassert wrote:
> 
> Would be nice if you could share the results. Comments are

Sure, not a problem. Give me some time though, I'm also looking
into the skb_cow_data and other memory-management issues that
were flagged on this thread. 

I'll have all this info by netdev, at the latest.

--Sowmini


--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

WARNING in crypto_wait_for_test

[Dmitry Vyukov]

Hello,

The following program triggers a WARNING in crypto_wait_for_test:

// autogenerated by syzkaller (http://github.com/google/syzkaller)
#include 
#include 
#include 

int main()
{
long r0 = syscall(SYS_mmap, 0x2000ul, 0x1000ul, 0x3ul,
0x32ul, 0xul, 0x0ul);
long r1 = syscall(SYS_socket, 0x26ul, 0x5ul, 0x0ul, 0, 0, 0);
*(uint16_t*)0x2000 = 0x26;
memcpy((void*)0x2002,
"\x73\x6b\x63\x69\x70\x68\x65\x72\x00\x00\x00\x00\x00\x00", 14);
*(uint32_t*)0x2010 = 0x1008;
*(uint32_t*)0x2014 = 0x469b167b45d89a6;
memcpy((void*)0x2018,
"\x63\x74\x72\x28\x64\x65\x73\x33\x5f\x65\x64\x65\x29\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
64);
long r7 = syscall(SYS_bind, r1, 0x2000ul, 0x58ul, 0, 0, 0);
return 0;
}


[ cut here ]
WARNING: CPU: 1 PID: 11087 at crypto/algapi.c:343
crypto_wait_for_test+0xc4/0xf0()
Modules linked in:
CPU: 1 PID: 11087 Comm: a.out Tainted: GW   4.4.0-rc3+ #151
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
 0001 88006ca07a78 82e0f4b8 41b58ab3
 87a9a265 82e0f406 88003711e080 
 89913aa0 0001 0001 2b4f
Call Trace:
 [< inline >] __dump_stack lib/dump_stack.c:15
 [] dump_stack+0xb2/0xfa lib/dump_stack.c:50
 [] warn_slowpath_common+0xe6/0x170 kernel/panic.c:460
 [] warn_slowpath_null+0x29/0x30 kernel/panic.c:493
 [] crypto_wait_for_test+0xc4/0xf0 crypto/algapi.c:343
 [] crypto_register_instance+0x220/0x350 crypto/algapi.c:558
 [] crypto_givcipher_default+0x4f4/0x620
crypto/ablkcipher.c:601
 [] crypto_lookup_skcipher+0x1ba/0x2f0 crypto/ablkcipher.c:658
 [] crypto_alloc_ablkcipher+0x5e/0x1f0 crypto/ablkcipher.c:693
 [] skcipher_bind+0x25/0x30 crypto/algif_skcipher.c:754
 [] alg_bind+0x1a9/0x410 crypto/af_alg.c:155
 [] SYSC_bind+0x20a/0x2c0 net/socket.c:1383
 [] SyS_bind+0x24/0x30 net/socket.c:1369
 [] entry_SYSCALL_64_fastpath+0x16/0x7a
arch/x86/entry/entry_64.S:185
---[ end trace 49f86739a736fa2b ]---


strace:
socket(PF_ALG, SOCK_SEQPACKET, 0)   = 3
bind(3, {sa_family=AF_ALG, sa_data="skcipher\0\0\0\0\0\0"}, 88) = -1
ENOENT (No such file or directory)


On commit 31ade3b83e1821da5fbb2f11b5b3d4ab2ec39db8 (Nov 29).
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: ipsec impact on performance

[Steffen Klassert]

On Mon, Dec 07, 2015 at 06:27:48AM -0500, Sowmini Varadhan wrote:
> On (12/07/15 09:40), Steffen Klassert wrote:
> > 
> > I've pushed it to
> > 
> > https://git.kernel.org/cgit/linux/kernel/git/klassert/linux-stk.git/log/?h=net-next-ipsec-offload
> > 
> > It is just example code, nothing that I would show usually.
> > But you asked for it, so here is it :)
> 
> that's fine, I dont expect more at this point, just want to 
> test-drive it, and see how it compares to my approach. 

Would be nice if you could share the results. Comments are
welcome too, of course.
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 1/2] crypto: sahara: fix 64-bit dma_addr_t compilation

[Arnd Bergmann]

The sahara hardware uses DMA descriptors with 32-bit addresses, but
dma_addr_t is variable size depending on whether we want to support
any devices that use 64-bit DMA addresses in hardware.
This means that the definition of the DMA descriptor structure is wrong,
and we helpfully get a compiler warning about them too:

drivers/crypto/sahara.c:423:372: warning: format '%x' expects argument of type 
'unsigned int', but argument 4 has type 'dma_addr_t {aka long long unsigned 
int}' [-Wformat=]

This changes the definition of the sahara_hw_desc and sahara_hw_link
structures to only contain fixed-length members, which is required
to make the driver work on ARM LPAE mode, and avoids most of the
gcc warnings we get.

Signed-off-by: Arnd Bergmann 
---
 drivers/crypto/sahara.c | 18 +-
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/drivers/crypto/sahara.c b/drivers/crypto/sahara.c
index cc738f3592a3..38bf12ae5589 100644
--- a/drivers/crypto/sahara.c
+++ b/drivers/crypto/sahara.c
@@ -130,18 +130,18 @@
 #define SAHARA_REG_IDAR0x20
 
 struct sahara_hw_desc {
-   u32 hdr;
-   u32 len1;
-   dma_addr_t  p1;
-   u32 len2;
-   dma_addr_t  p2;
-   dma_addr_t  next;
+   u32 hdr;
+   u32 len1;
+   u32 p1;
+   u32 len2;
+   u32 p2;
+   u32 next;
 };
 
 struct sahara_hw_link {
-   u32 len;
-   dma_addr_t  p;
-   dma_addr_t  next;
+   u32 len;
+   u32 p;
+   u32 next;
 };
 
 struct sahara_ctx {
-- 
2.1.0.rc2


--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 2/2] crypto: sahara: fix debug output for 64-bit dma_addr_t

[Arnd Bergmann]

The sahara_dump_descriptors and sahara_dump_links functions attempt
to print a dma_addr_t value with a 0x%08x format string, which
produces a warning when dma_addr_t is 64-bit wide:

drivers/crypto/sahara.c:419:120: warning: format '%x' expects argument of type 
'unsigned int', but argument 5 has type 'dma_addr_t {aka long long unsigned 
int}' [-Wformat=]

This changes the code to use the %pad format string that is meant
for dma_addr_t, which avoids the warning and gives us the correct
output in all configurations.

Signed-off-by: Arnd Bergmann 
---
 drivers/crypto/sahara.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/crypto/sahara.c b/drivers/crypto/sahara.c
index 38bf12ae5589..6c4f91c5e6b3 100644
--- a/drivers/crypto/sahara.c
+++ b/drivers/crypto/sahara.c
@@ -416,8 +416,8 @@ static void sahara_dump_descriptors(struct sahara_dev *dev)
return;
 
for (i = 0; i < SAHARA_MAX_HW_DESC; i++) {
-   dev_dbg(dev->device, "Descriptor (%d) (0x%08x):\n",
-   i, dev->hw_phys_desc[i]);
+   dev_dbg(dev->device, "Descriptor (%d) (%pad):\n",
+   i, >hw_phys_desc[i]);
dev_dbg(dev->device, "\thdr = 0x%08x\n", dev->hw_desc[i]->hdr);
dev_dbg(dev->device, "\tlen1 = %u\n", dev->hw_desc[i]->len1);
dev_dbg(dev->device, "\tp1 = 0x%08x\n", dev->hw_desc[i]->p1);
@@ -437,8 +437,8 @@ static void sahara_dump_links(struct sahara_dev *dev)
return;
 
for (i = 0; i < SAHARA_MAX_HW_LINK; i++) {
-   dev_dbg(dev->device, "Link (%d) (0x%08x):\n",
-   i, dev->hw_phys_link[i]);
+   dev_dbg(dev->device, "Link (%d) (%pad):\n",
+   i, >hw_phys_link[i]);
dev_dbg(dev->device, "\tlen = %u\n", dev->hw_link[i]->len);
dev_dbg(dev->device, "\tp = 0x%08x\n", dev->hw_link[i]->p);
dev_dbg(dev->device, "\tnext = 0x%08x\n",
-- 
2.1.0.rc2


--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v4 5/5] crypto: AES CBC multi-buffer glue code

[Herbert Xu]

On Wed, Dec 02, 2015 at 12:02:45PM -0800, Tim Chen wrote:
>
> +/*
> + * CRYPTO_ALG_ASYNC flag is passed to indicate we have an ablk
> + * scatter-gather walk.
> + */
> +
> +static struct crypto_alg aes_cbc_mb_alg = {
> + .cra_name   = "__cbc-aes-aesni-mb",
> + .cra_driver_name= "__driver-cbc-aes-aesni-mb",
> + .cra_priority   = 100,
> + .cra_flags  = CRYPTO_ALG_TYPE_BLKCIPHER | CRYPTO_ALG_ASYNC
> + | CRYPTO_ALG_INTERNAL,
> + .cra_blocksize  = AES_BLOCK_SIZE,
> + .cra_ctxsize= sizeof(struct crypto_aes_ctx) +
> +   AESNI_ALIGN - 1,
> + .cra_alignmask  = 0,
> + .cra_type   = _blkcipher_type,
> + .cra_module = THIS_MODULE,
> + .cra_list   = LIST_HEAD_INIT(aes_cbc_mb_alg.cra_list),
> + .cra_u = {
> + .blkcipher = {
> + .min_keysize= AES_MIN_KEY_SIZE,
> + .max_keysize= AES_MAX_KEY_SIZE,
> + .ivsize = AES_BLOCK_SIZE,
> + .setkey = aes_set_key,
> + .encrypt= mb_aes_cbc_encrypt,
> + .decrypt= mb_aes_cbc_decrypt
> + },
> + },
> +};

So why do we still need this? Shouldn't a single ablkcipher cover
all the cases?

Thanks,
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html