Crypto Fixes for 4.12

Hi Linus: This push fixes a bug on sparc where we may dereference freed stack memory. Please pull from git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git linus David Miller (1): crypto: Work around deallocated stack frame reference gcc bug on sparc.

[PATCH v3 net-next 0/4] kernel TLS

This series adds support for kernel TLS encryption over TCP sockets. A standard TCP socket is converted to a TLS socket using a setsockopt. Only symmetric crypto is done in the kernel, as well as TLS record framing. The handshake remains in userspace, and the negotiated cipher keys/iv are

[PATCH v3 net-next 1/4] tcp: ULP infrastructure

Add the infrustructure for attaching Upper Layer Protocols (ULPs) over TCP sockets. Based on a similar infrastructure in tcp_cong. The idea is that any ULP can add its own logic by changing the TCP proto_ops structure to its own methods. Example usage: setsockopt(sock, SOL_TCP, TCP_ULP, "tls",

[PATCH v3 net-next 2/4] tcp: export do_tcp_sendpages and tcp_rate_check_app_limited functions

Export do_tcp_sendpages and tcp_rate_check_app_limited, since tls will need to sendpages while the socket is already locked. tcp_sendpage is exported, but requires the socket lock to not be held already. Signed-off-by: Aviad Yehezkel Signed-off-by: Ilya Lesokhin

[PATCH v3 net-next 3/4] tls: kernel TLS support

Software implementation of transport layer security, implemented using ULP infrastructure. tcp proto_ops are replaced with tls equivalents of sendmsg and sendpage. Only symmetric crypto is done in the kernel, keys are passed by setsockopt after the handshake is complete. All control messages

Re: [PATCH v2 6/6] ima: Support module-style appended signatures for appraisal

Hi Thiago, On Wed, 2017-06-07 at 22:49 -0300, Thiago Jung Bauermann wrote: > This patch introduces the modsig keyword to the IMA policy syntax to > specify that a given hook should expect the file to have the IMA signature > appended to it. Here is how it can be used in a rule: > > appraise

[PATCH v3 net-next 4/4] tls: Documentation

Add documentation for the tcp ULP tls interface. Signed-off-by: Boris Pismenny Signed-off-by: Dave Watson --- Documentation/networking/tls.txt | 135 +++ 1 file changed, 135 insertions(+) create mode 100644

Re: [PATCH v5 01/13] random: invalidate batched entropy after crng init

On 2017-06-08 01:25:55 [+0200], Jason A. Donenfeld wrote: > It's possible that get_random_{u32,u64} is used before the crng has > initialized, in which case, its output might not be cryptographically > secure. For this problem, directly, this patch set is introducing the > *_wait variety of

Re: [PATCH v3 net-next 0/4] kernel TLS

From: Dave Watson Date: Wed, 14 Jun 2017 11:36:54 -0700 > This series adds support for kernel TLS encryption over TCP sockets. > A standard TCP socket is converted to a TLS socket using a setsockopt. > Only symmetric crypto is done in the kernel, as well as TLS record >

Re: [PATCH v3 net-next 0/4] kernel TLS

Hello Dave, On Wed, Jun 14, 2017, at 21:47, David Miller wrote: > From: Dave Watson > Date: Wed, 14 Jun 2017 11:36:54 -0700 > > > This series adds support for kernel TLS encryption over TCP sockets. > > A standard TCP socket is converted to a TLS socket using a setsockopt. >

Re: [PATCH v3 net-next 0/4] kernel TLS

On Wed, Jun 14, 2017 at 11:36 AM, Dave Watson wrote: > This series adds support for kernel TLS encryption over TCP sockets. > A standard TCP socket is converted to a TLS socket using a setsockopt. > Only symmetric crypto is done in the kernel, as well as TLS record > framing.

Re: [PATCH v3 net-next 0/4] kernel TLS

On 06/14/17 01:54 PM, Tom Herbert wrote: > On Wed, Jun 14, 2017 at 11:36 AM, Dave Watson wrote: > > This series adds support for kernel TLS encryption over TCP sockets. > > A standard TCP socket is converted to a TLS socket using a setsockopt. > > Only symmetric crypto is done

Re: [PATCH v5 01/13] random: invalidate batched entropy after crng init

There's a potential race that I fixed in my v5 of that patch set, but Ted only took v4, and for whatever reason has been to busy to submit the additional patch I already posted showing the diff between v4 Hopefully he actually gets around to it and sends this for the next rc. Here it is:

Re: [PATCH v3 net-next 0/4] kernel TLS

Hi Hannes, On 06/14/17 10:15 PM, Hannes Frederic Sowa wrote: > one question for this patch set: > > What is the reason for not allowing key updates for the TX path? I was > always loud pointing out the problems with TLSv1.2 renegotiation and > TLSv1.3 key update alerts. This patch set uses

[PATCH] random: silence compiler warnings and fix race

Odd versions of gcc for the sh4 architecture will actually warn about flags being used while uninitialized, so we set them to zero. Non crazy gccs will optimize that out again, so it doesn't make a difference. Next, over aggressive gccs could inline the expression that defines use_lock, which

Re: [PATCH v3 net-next 0/4] kernel TLS

On Wed, Jun 14, 2017 at 3:17 PM, Dave Watson wrote: > On 06/14/17 01:54 PM, Tom Herbert wrote: >> On Wed, Jun 14, 2017 at 11:36 AM, Dave Watson wrote: >> > This series adds support for kernel TLS encryption over TCP sockets. >> > A standard TCP socket is

Re: Alg errors with Intel QAT Card

On Tue, Jun 13, 2017 at 01:32:55PM -0700, Raj Ammanur wrote: > Hi Neil & Salvatore, > > thanks for the replies. The soft reboot hasn't helped. I am trying a previous > kernel version that works with a similar card that we installed in > another server > and that works fine. Will keep you posted.