crypto: tcrypt - Do not bail on EINPROGRESS in multibuffer hash test

On Wed, Jun 29, 2016 at 10:45:56AM -0700, Megha Dey wrote: > I tested the latest cryptodev tree on my haswell machine and this is > what I see: > [ 40.402834] modprobe tcrypt mode=422 > [ 40.403105] testing speed of multibuffer sha1 (sha1_mb) > [ 40.403108] test 0 ( 16 byte blocks, 16

Re: [PATCH v8 6/6] crypto: AF_ALG - add support for key_id

Tadeusz, On Thu, 23 Jun 2016, Tadeusz Struk wrote: This patch adds support for asymmetric key type to AF_ALG. It will work as follows: A new PF_ALG socket options are added on top of existing ALG_SET_KEY and ALG_SET_PUBKEY, namely ALG_SET_KEY_ID and ALG_SET_PUBKEY_ID for setting public and

Re: [PATCH v2] crypto: tcrypt - Fix memory leaks/crashes in multibuffer hash speed test

I tested the latest cryptodev tree on my haswell machine and this is what I see: [ 40.402834] modprobe tcrypt mode=422 [ 40.403105] testing speed of multibuffer sha1 (sha1_mb) [ 40.403108] test 0 ( 16 byte blocks, 16 bytes per update, 1 updates): 32271 cycles/operation, 252

Re: [patch] crypto: sha256-mb - cleanup a || vs | typo

On 06/29/16 07:42, Dan Carpenter wrote: > || and | behave basically the same here but || is intended. It causes a > static checker warning to mix up bitwise and logical operations. > > Signed-off-by: Dan Carpenter > > diff --git a/arch/x86/crypto/sha256-mb/sha256_mb.c

[patch V4 30/31] crypto: use parity_long in sahara.c

From: Zhaoxiu Zeng Signed-off-by: Zhaoxiu Zeng --- drivers/crypto/sahara.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/crypto/sahara.c b/drivers/crypto/sahara.c index c3f3d89..5c44a15 100644 ---

[PATCH] crypto: omap-sham - increase cra_proirity to 400

Some software alg has cra_priority as higher as 300, so increase omap-sham priority to 400 to ensure it is on top of any software alg. Signed-off-by: Bin Liu --- drivers/crypto/omap-sham.c | 24 1 file changed, 12 insertions(+), 12 deletions(-) diff --git

Re: [patch] crypto: tcrypt - add a missing tab

On Wed, Jun 29, 2016 at 05:41:30PM +0300, Dan Carpenter wrote: > The "goto out;" line isn't indented far enough. > > Signed-off-by: Dan Carpenter Sorry, but this has already been fixed :) -- Email: Herbert Xu Home Page:

[patch] crypto: tcrypt - add a missing tab

The "goto out;" line isn't indented far enough. Signed-off-by: Dan Carpenter diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c index 6ef7815..117f19e 100644 --- a/crypto/tcrypt.c +++ b/crypto/tcrypt.c @@ -629,7 +629,7 @@ static void test_mb_ahash_speed(const char *algo,

[patch] crypto: sha1-mb - cleanup a small | vs || typo

|| and | behave basically the same here but || was intended. It causes a static checker warning when we mix up logical and bitwise operations. Signed-off-by: Dan Carpenter diff --git a/arch/x86/crypto/sha1-mb/sha1_mb.c b/arch/x86/crypto/sha1-mb/sha1_mb.c index

[patch] crypto: sha256-mb - cleanup a || vs | typo

|| and | behave basically the same here but || is intended. It causes a static checker warning to mix up bitwise and logical operations. Signed-off-by: Dan Carpenter diff --git a/arch/x86/crypto/sha256-mb/sha256_mb.c b/arch/x86/crypto/sha256-mb/sha256_mb.c index

Re: Doing crypto in small stack buffers (bluetooth vs vmalloc-stack crash, etc)

>> Also not mentioned in the documentation is that some algorithms *do* >> have different implementations depending on key size. SHA-2 is the >> classic example. > What do you mean by that? SHA has no keying at all. In this case, the analagous property is hash size. Sorry, I thought that was

[v4 PATCH 2/8] crypto: rsa - Generate fixed-length output

Every implementation of RSA that we have naturally generates output with leading zeroes. The one and only user of RSA, pkcs1pad wants to have those leading zeroes in place, in fact because they are currently absent it has to write those zeroes itself. So we shouldn't be stripping leading zeroes

[v4 PATCH 7/8] crypto: rsa-pkcs1pad - Move key size check to setkey

Rather than repeatedly checking the key size on each operation, we should be checking it once when the key is set. Signed-off-by: Herbert Xu --- crypto/rsa-pkcs1pad.c | 56 +++--- 1 file changed, 26 insertions(+), 30

[v4 PATCH 1/8] crypto: testmgr - Allow leading zeros in RSA

This patch allows RSA implementations to produce output with leading zeroes. testmgr will skip leading zeroes when comparing the output. This patch also tries to make the RSA test function generic enough to potentially handle other akcipher algorithms. Signed-off-by: Herbert Xu

[v4 PATCH 6/8] crypto: rsa-pkcs1pad - Always use GFP_KERNEL

We don't currently support using akcipher in atomic contexts, so GFP_KERNEL should always be used. Signed-off-by: Herbert Xu --- crypto/rsa-pkcs1pad.c | 22 ++ 1 file changed, 6 insertions(+), 16 deletions(-) diff --git

[v4 PATCH 4/8] crypto: rsa-pkcs1pad - Require hash to be present

The only user of rsa-pkcs1pad always uses the hash so there is no reason to support the case of not having a hash. This patch also changes the digest info lookup so that it is only done once during template instantiation rather than on each operation. Signed-off-by: Herbert Xu

[v4 PATCH 3/8] lib/mpi: Do not do sg_virt

Currently the mpi SG helpers use sg_virt which is completely broken. It happens to work with normal kernel memory but will fail with anything that is not linearly mapped. This patch fixes this by using the SG iterator helpers. Signed-off-by: Herbert Xu ---

[v4 PATCH 5/8] crypto: rsa-pkcs1pad - Remove bogus page splitting

The helper pkcs1pad_sg_set_buf tries to split a buffer that crosses a page boundary into two SG entries. This is unnecessary. This patch removes that. Signed-off-by: Herbert Xu --- crypto/rsa-pkcs1pad.c | 19 +-- 1 file changed, 5 insertions(+),

[v4 PATCH 8/8] crypto: rsa-pkcs1pad - Avoid copying output when possible

In the vast majority of cases (2^-32 on 32-bit and 2^-64 on 64-bit) cases, the result from encryption/signing will require no padding. This patch makes these two operations write their output directly to the final destination. Only in the exceedingly rare cases where fixup is needed to we copy

[v4 PATCH 0/8] crypto: rsa - Do not gratuitously drop leading zeroes

Hi: This was prompted by the caam RSA submission where a lot of work was done just to strip the RSA output of leading zeroes. This is in fact completely pointless because the only user of RSA in the kernel then promptly puts them back. This patch series resolves this madness by simply leaving

Re: [v3 PATCH 2/8] crypto: rsa - Generate fixed-length output

On Wed, Jun 29, 2016 at 11:23:06AM +, Benedetto, Salvatore wrote: > Hi Herbert, > > > > > This patch also changes DH to use the new interface. > > > > Signed-off-by: Herbert Xu > > --- > > > > crypto/rsa.c|8 +++ > > include/linux/mpi.h |2

RE: [v3 PATCH 2/8] crypto: rsa - Generate fixed-length output

Hi Herbert, > > This patch also changes DH to use the new interface. > > Signed-off-by: Herbert Xu > --- > > crypto/rsa.c|8 +++ > include/linux/mpi.h |2 - > lib/mpi/mpicoder.c | 55 --- > - >

[v3 PATCH 5/8] crypto: rsa-pkcs1pad - Remove bogus page splitting

The helper pkcs1pad_sg_set_buf tries to split a buffer that crosses a page boundary into two SG entries. This is unnecessary. This patch removes that. Signed-off-by: Herbert Xu --- crypto/rsa-pkcs1pad.c | 19 +-- 1 file changed, 5 insertions(+),

[v3 PATCH 7/8] crypto: rsa-pkcs1pad - Move key size check to setkey

Rather than repeatedly checking the key size on each operation, we should be checking it once when the key is set. Signed-off-by: Herbert Xu --- crypto/rsa-pkcs1pad.c | 56 +++--- 1 file changed, 26 insertions(+), 30

[v3 PATCH 2/8] crypto: rsa - Generate fixed-length output

Every implementation of RSA that we have naturally generates output with leading zeroes. The one and only user of RSA, pkcs1pad wants to have those leading zeroes in place, in fact because they are currently absent it has to write those zeroes itself. So we shouldn't be stripping leading zeroes

[v3 PATCH 1/8] crypto: testmgr - Allow leading zeros in RSA

This patch allows RSA implementations to produce output with leading zeroes. testmgr will skip leading zeroes when comparing the output. This patch also tries to make the RSA test function generic enough to potentially handle other akcipher algorithms. Signed-off-by: Herbert Xu

[v3 PATCH 3/8] lib/mpi: Do not do sg_virt

Currently the mpi SG helpers use sg_virt which is completely broken. It happens to work with normal kernel memory but will fail with anything that is not linearly mapped. This patch fixes this by using the SG iterator helpers. Signed-off-by: Herbert Xu ---

[v3 PATCH 8/8] crypto: rsa-pkcs1pad - Avoid copying output when possible

In the vast majority of cases (2^-32 on 32-bit and 2^-64 on 64-bit) cases, the result from encryption/signing will require no padding. This patch makes these two operations write their output directly to the final destination. Only in the exceedingly rare cases where fixup is needed to we copy

[v3 PATCH 4/8] crypto: rsa-pkcs1pad - Require hash to be present

The only user of rsa-pkcs1pad always uses the hash so there is no reason to support the case of not having a hash. This patch also changes the digest info lookup so that it is only done once during template instantiation rather than on each operation. Signed-off-by: Herbert Xu

[v3 PATCH 0/8] crypto: rsa - Do not gratuitously drop leading zeroes

Hi: This was prompted by the caam RSA submission where a lot of work was done just to strip the RSA output of leading zeroes. This is in fact completely pointless because the only user of RSA in the kernel then promptly puts them back. This patch series resolves this madness by simply leaving

Re: [PATCH] Remove redundant sg_init_table call.

On Wed, Jun 29, 2016 at 12:24:43AM +0530, Harsh Jain wrote: > Remove redundant sg_init_table call. scatterwalk_ffwd doing the same. > > Signed-off-by: Harsh Jain Patch applied. Thanks. -- Email: Herbert Xu Home Page:

[PATCH 26/28] crypto: api - Add crypto_inst_setname

This patch adds the helper crypto_inst_setname because the current helper crypto_alloc_instance2 is no longer useful given that we now look up the algorithm after we allocate the instance object. Signed-off-by: Herbert Xu --- crypto/algapi.c | 24

[PATCH 28/28] crypto: cts - Convert to skcipher

This patch converts cts over to the skcipher interface. It also optimises the implementation to use one CBC operation for all but the last block, which is then processed separately. Signed-off-by: Herbert Xu --- crypto/cts.c | 494

[PATCH 19/28] crypto: sahara - Use skcipher for fallback

This patch replaces use of the obsolete ablkcipher with skcipher. It also removes shash_fallback which is totally unused. Signed-off-by: Herbert Xu --- drivers/crypto/sahara.c | 112 +--- 1 file changed, 50

[PATCH 20/28] crypto: s390/aes - Use skcipher for fallback

This patch replaces use of the obsolete blkcipher with skcipher. Signed-off-by: Herbert Xu --- arch/s390/crypto/aes_s390.c | 113 +++- 1 file changed, 60 insertions(+), 53 deletions(-) diff --git

[PATCH 5/28] crypto: tcrypt - Use skcipher

This patch converts tcrypt to use the new skcipher interface as opposed to ablkcipher/blkcipher. Signed-off-by: Herbert Xu --- crypto/tcrypt.c | 241 ++-- 1 file changed, 44 insertions(+), 197 deletions(-) diff

[PATCH 12/28] crypto: cryptd - Add support for skcipher

This patch adds skcipher support to cryptd alongside ablkcipher. Signed-off-by: Herbert Xu --- crypto/cryptd.c | 279 +++- include/crypto/cryptd.h | 13 ++ 2 files changed, 290 insertions(+), 2 deletions(-)

[PATCH 23/28] crypto: seqiv - Use skcipher

This patch replaces use of the obsolete blkcipher with skcipher. Signed-off-by: Herbert Xu --- crypto/seqiv.c | 14 +- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/crypto/seqiv.c b/crypto/seqiv.c index 15a749a..a859b3a 100644 ---

[PATCH 25/28] crypto: null - Remove default null blkcipher

The default null blkcipher is no longer used and can now be removed. Signed-off-by: Herbert Xu --- crypto/crypto_null.c | 49 ++--- include/crypto/null.h | 14 +++--- 2 files changed, 17 insertions(+), 46

[PATCH 11/28] crypto: chacha20poly1305 - Use skcipher

This patch converts chacha20poly1305 to use the new skcipher interface as opposed to ablkcipher. It also fixes a buglet where we may end up with an async poly1305 when the user asks for a async algorithm. This shouldn't be a problem yet as there aren't any async implementations of poly1305 out

[PATCH 7/28] crypto: authencesn - Use skcipher

This patch converts authencesn to use the new skcipher interface as opposed to ablkcipher. It also fixes a little bug where if a sync version of authencesn is requested we may still end up using an async ahash. This should have no effect as none of the authencesn users can request for a sync

[PATCH 14/28] KEYS: Use skcipher for big keys

This patch replaces use of the obsolete blkcipher with skcipher. Signed-off-by: Herbert Xu --- security/keys/big_key.c | 30 ++ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/security/keys/big_key.c

[PATCH 6/28] crypto: authenc - Use skcipher

This patch converts authenc to use the new skcipher interface as opposed to ablkcipher. It also fixes a little bug where if a sync version of authenc is requested we may still end up using an async ahash. This should have no effect as none of the authenc users can request for a sync authenc.

[PATCH 17/28] crypto: picoxcell - Use skcipher for fallback

This patch replaces use of the obsolete ablkcipher with skcipher. Signed-off-by: Herbert Xu --- drivers/crypto/picoxcell_crypto.c | 60 +++--- 1 file changed, 31 insertions(+), 29 deletions(-) diff --git

[PATCH 13/28] crypto: aesni - Use crypto_cipher to derive rfc4106 subkey

Currently aesni uses an async ctr(aes) to derive the rfc4106 subkey, which was presumably copied over from the generic rfc4106 code. Over there it's done that way because we already have a ctr(aes) spawn. But it is simply overkill for aesni since we have to go get a ctr(aes) from scratch anyway.

[PATCH 8/28] crypto: ctr - Use skcipher in rfc3686

This patch converts rfc3686 to use the new skcipher interface as opposed to ablkcipher. Signed-off-by: Herbert Xu --- crypto/ctr.c | 182 ++- 1 file changed, 93 insertions(+), 89 deletions(-) diff --git

[PATCH 16/28] crypto: mxs-dcp - Use skcipher for fallback

This patch replaces use of the obsolete ablkcipher with skcipher. Signed-off-by: Herbert Xu --- drivers/crypto/mxs-dcp.c | 47 +-- 1 file changed, 21 insertions(+), 26 deletions(-) diff --git a/drivers/crypto/mxs-dcp.c

[PATCH 9/28] crypto: ccm - Use skcipher

This patch converts ccm to use the new skcipher interface as opposed to ablkcipher. Signed-off-by: Herbert Xu --- crypto/ccm.c | 70 +-- 1 file changed, 35 insertions(+), 35 deletions(-) diff --git

[PATCH 24/28] crypto: aead - Remove blkcipher null for IV generators

The blkcipher null object is no longer used and can now be removed. Signed-off-by: Herbert Xu --- crypto/aead.c |8 include/crypto/internal/geniv.h |1 - 2 files changed, 9 deletions(-) diff --git a/crypto/aead.c b/crypto/aead.c

[PATCH 22/28] crypto: echainiv - Use skcipher

This patch replaces use of the obsolete blkcipher with skcipher. Signed-off-by: Herbert Xu --- crypto/echainiv.c | 16 ++-- 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/crypto/echainiv.c b/crypto/echainiv.c index b96a8456..1b01fe9

[PATCH 21/28] crypto: aead - Add skcipher null for IV generators

This patch adds an skcipher null object alongside the existing null blkcipher so that IV generators using it can switch over to skcipher. Signed-off-by: Herbert Xu --- crypto/aead.c | 10 +- include/crypto/internal/geniv.h |1 + 2

[PATCH 18/28] crypto: qce - Use skcipher for fallback

This patch replaces use of the obsolete ablkcipher with skcipher. Signed-off-by: Herbert Xu --- drivers/crypto/qce/ablkcipher.c | 27 --- drivers/crypto/qce/cipher.h |2 +- 2 files changed, 17 insertions(+), 12 deletions(-) diff

[PATCH 10/28] crypto: gcm - Use skcipher

This patch converts gcm to use the new skcipher interface as opposed to ablkcipher. Signed-off-by: Herbert Xu --- crypto/gcm.c | 108 ++- 1 file changed, 55 insertions(+), 53 deletions(-) diff --git

[PATCH 15/28] crypto: ccp - Use skcipher for fallback

This patch replaces use of the obsolete ablkcipher with skcipher. Signed-off-by: Herbert Xu --- drivers/crypto/ccp/ccp-crypto-aes-xts.c | 43 ++-- drivers/crypto/ccp/ccp-crypto.h |3 -- 2 files changed, 21 insertions(+), 25

[PATCH 27/28] crypto: tcrypt - Add speed test for cts

This patch adds speed tests for cts(cbc(aes)). Signed-off-by: Herbert Xu --- crypto/tcrypt.c |8 1 file changed, 8 insertions(+) diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c index 9ca822c..2e29221 100644 --- a/crypto/tcrypt.c +++ b/crypto/tcrypt.c

[PATCH 4/28] crypto: null - Add new default null skcipher

Current the default null skcipher is actually a crypto_blkcipher. This patch creates a synchronous crypto_skcipher version of the null cipher which unfortunately has to settle for the name skcipher2. Signed-off-by: Herbert Xu --- crypto/crypto_null.c | 38

[PATCH 1/28] crypto: authenc - Consider ahash ASYNC bit

As it is, if you get an async ahash with a sync skcipher you'll end up with a sync authenc, which is wrong. This patch fixes it by considering the ASYNC bit from ahash as well. It also fixes a little bug where if a sync version of authenc is requested we may still end up using an async ahash.

[PATCH 3/28] crypto: skcipher - Add low-level skcipher interface

This patch allows skcipher algorithms and instances to be created and registered with the crypto API. They are accessible through the top-level skcipher interface, along with ablkcipher/blkcipher algorithms and instances. Signed-off-by: Herbert Xu ---

[PATCH 2/28] crypto: ahash - Add padding in crypto_ahash_extsize

The function crypto_ahash_extsize did not include padding when computing the tfm context size. This patch fixes this by using the generic crypto_alg_extsize helper. Signed-off-by: Herbert Xu --- crypto/ahash.c |6 +++--- 1 file changed, 3 insertions(+), 3

[PATCH 0/28] crypto: skcipher - skcipher algorithm conversion part 1

Hi: This path series begins the task of converting blkcipher/ablkcipher implementations over to the unified skcipher interface. The first step is to convert non-cipher users such as aead to use skcipher. Then we proceed to convert the top-level skcipher algorithms such as rfc3686 and cts.

[v2 PATCH 2/7] lib/mpi: Do not do sg_virt

Currently the mpi SG helpers use sg_virt which is completely broken. It happens to work with normal kernel memory but will fail with anything that is not linearly mapped. This patch fixes this by using the SG iterator helpers. Signed-off-by: Herbert Xu ---

[v2 PATCH 7/7] crypto: rsa-pkcs1pad - Avoid copying output when possible

In the vast majority of cases (2^-32 on 32-bit and 2^-64 on 64-bit) cases, the result from encryption/signing will require no padding. This patch makes these two operations write their output directly to the final destination. Only in the exceedingly rare cases where fixup is needed to we copy

[v2 PATCH 5/7] crypto: rsa-pkcs1pad - Always use GFP_KERNEL

We don't currently support using akcipher in atomic contexts, so GFP_KERNEL should always be used. Signed-off-by: Herbert Xu --- crypto/rsa-pkcs1pad.c | 22 ++ 1 file changed, 6 insertions(+), 16 deletions(-) diff --git

[v2 PATCH 4/7] crypto: rsa-pkcs1pad - Remove bogus page splitting

The helper pkcs1pad_sg_set_buf tries to split a buffer that crosses a page boundary into two SG entries. This is unnecessary. This patch removes that. Signed-off-by: Herbert Xu --- crypto/rsa-pkcs1pad.c | 19 +-- 1 file changed, 5 insertions(+),

[v2 PATCH 6/7] crypto: rsa-pkcs1pad - Move key size check to setkey

Rather than repeatedly checking the key size on each operation, we should be checking it once when the key is set. Signed-off-by: Herbert Xu --- crypto/rsa-pkcs1pad.c | 56 +++--- 1 file changed, 26 insertions(+), 30

[v2 PATCH 1/7] crypto: rsa - Generate fixed-length output

Every implementation of RSA that we have naturally generates output with leading zeroes. The one and only user of RSA, pkcs1pad wants to have those leading zeroes in place, in fact because they are currently absent it has to write those zeroes itself. So we shouldn't be stripping leading zeroes

[v2 PATCH 0/7] crypto: rsa - Do not gratuitously drop leading zeroes

Hi: This was prompted by the caam RSA submission where a lot of work was done just to strip the RSA output of leading zeroes. This is in fact completely pointless because the only user of RSA in the kernel then promptly puts them back. This patch series resolves this madness by simply leaving

Re: [PATCH v2] crypto: tcrypt - Fix memory leaks/crashes in multibuffer hash speed test

On 06/29/2016 10:19 AM, Herbert Xu wrote: > On Wed, Jun 29, 2016 at 10:16:10AM +0200, Krzysztof Kozlowski wrote: >> >> Seems to work fine except: >> 1. The updates are always 1. > > Yes the test function only does digest so it's always one update. > >> 2. For bigger blocks it reports always 1 or

Re: [PATCH v2] crypto: tcrypt - Fix memory leaks/crashes in multibuffer hash speed test

On Wed, Jun 29, 2016 at 10:16:10AM +0200, Krzysztof Kozlowski wrote: > > Seems to work fine except: > 1. The updates are always 1. Yes the test function only does digest so it's always one update. > 2. For bigger blocks it reports always 1 or 3 cycles per byte: Yes the average cycles per-byte

Re: [PATCH v2] crypto: tcrypt - Fix memory leaks/crashes in multibuffer hash speed test

On 06/28/2016 02:33 PM, Herbert Xu wrote: > On Tue, Jun 28, 2016 at 12:15:43PM +0200, Krzysztof Kozlowski wrote: >> Oops: > > Thanks, there was a typo where it said k instead of j in the second > loop. > > ---8<--- > This patch resolves a number of issues with the mb speed test > function: > >