Hi Linus:
This push fixes a build error on 32-bit archs in the hifn driver
as well as a potential deadlock in the caam driver.
Please pull from
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
or
master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
Jussi Kivilinna (1):
crypto: hifn_795x - fix 64bit division and undefined __divdi3 on 32bit archs
Kim Phillips (1):
crypto: caam - fix possible deadlock condition
drivers/crypto/caam/jr.c | 10 +++++-----
drivers/crypto/hifn_795x.c | 4 ++--
2 files changed, 7 insertions(+), 7 deletions(-)
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Hi Linus:
This push fixes a potential panic in cryptd which may occur with
crypto drivers such as aesni-intel.
Please pull from
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
or
master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
Jussi Kivilinna (1):
crypto: cryptd - disable softirqs in cryptd_queue_worker to prevent data corruption
crypto/cryptd.c | 11 ++++++++---
1 files changed, 8 insertions(+), 3 deletions(-)
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Hi Linus:
This push removes IPsec ESN support from the talitos/caam drivers
since they were implemented incorrectly, causing interoperability
problems if ESN is used with them.
Please pull from
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
or
master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
Horia Geanta (2):
Revert "crypto: talitos - add IPsec ESN support"
Revert "crypto: caam - add IPsec ESN support"
drivers/crypto/caam/caamalg.c | 27 ++-------------------------
drivers/crypto/caam/compat.h | 1 -
drivers/crypto/talitos.c | 30 ++----------------------------
3 files changed, 4 insertions(+), 54 deletions(-)
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Would you be able to incorporate the GMAC ESN bug fix in 3.9?
Thanks,
Chaoxing
--------------------------------
Thanks Jussi, the patch fixes the problem.
You may commit it officially.
Chaoxing
-----Original Message-----
From: Jussi Kivilinna [mailto:[email protected]]
Sent: Tuesday, March 26, 2013 4:16 PM
To: Chaoxing Lin
Cc: [email protected]
Subject: Re: potential bug in GMAC implementation. not work in ESN mode
On 25.03.2013 18:12, Chaoxing Lin wrote:
> 2nd ping....
>
> Nobody is maintaining crypto/gcm.c?
>
>
>
> -----Original Message-----
> From: Chaoxing Lin
> Sent: Friday, March 08, 2013 11:38 AM
> To: '[email protected]'
> Subject: potential bug in GMAC implementation. not work in ESN mode
>
> I was testing ipsec with GMAC and found that the rfc4543 GMAC implementation in kernel software crypto work in "esp=aes256gmac-noesn!" mode.
> It does not work in in "esp=aes256gmac-esn!" mode. The tunnel was established but no data traffic is possible.
>
> Looking at source code, I found this piece of code is suspicious.
> Line 1146~1147 tries to put req->assoc to assoc[1]. But I think this way only works when req->assoc has only one segment. In ESN mode, req->assoc contains 3 segments (SPI, SN-hi, SN-low). Line 1146~1147 will only attach SPI segment(with total length) in assoc.
>
> Please let me know whether I understand it right.
Your analysis seems correct. Does attached the patch fix the problem? (I've only compile tested it.)
-Jussi
> Thanks,
>
> Chaoxing
>
>
> Source from kernel 3.8.2
> path: root/crypto/gcm.c
>
> 1136: /* construct the aad */
> 1137: dstp = sg_page(dst);
> vdst = PageHighMem(dstp) ? NULL : page_address(dstp) + dst->offset;
>
> sg_init_table(payload, 2);
> sg_set_buf(payload, req->iv, 8);
> scatterwalk_crypto_chain(payload, dst, vdst == req->iv + 8, 2);
> assoclen += 8 + req->cryptlen - (enc ? 0 : authsize);
>
> sg_init_table(assoc, 2);
> 1146: sg_set_page(assoc, sg_page(req->assoc), req->assoc->length,
> 1147: req->assoc->offset);
> scatterwalk_crypto_chain(assoc, payload, 0, 2);
>
> aead_request_set_tfm(subreq, ctx->child);
> aead_request_set_callback(subreq, req->base.flags, req->base.complete,
> req->base.data);
> aead_request_set_crypt(subreq, cipher, cipher, enc ? 0 : authsize, iv);
> 1154: aead_request_set_assoc(subreq, assoc, assoclen);
> --
> To unsubscribe from this list: send the line "unsubscribe
> linux-crypto" in the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of Herbert Xu
Sent: Thursday, March 28, 2013 4:29 AM
To: Linus Torvalds; David S. Miller; Linux Kernel Mailing List; Linux Crypto Mailing List
Subject: Crypto Fixes for 3.9
Hi Linus:
This push removes IPsec ESN support from the talitos/caam drivers since they were implemented incorrectly, causing interoperability problems if ESN is used with them.
Please pull from
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
or
master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
Horia Geanta (2):
Revert "crypto: talitos - add IPsec ESN support"
Revert "crypto: caam - add IPsec ESN support"
drivers/crypto/caam/caamalg.c | 27 ++-------------------------
drivers/crypto/caam/compat.h | 1 -
drivers/crypto/talitos.c | 30 ++----------------------------
3 files changed, 4 insertions(+), 54 deletions(-)
Thanks,
--
Email: Herbert Xu <[email protected]> Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Chaoxing Lin <[email protected]> wrote:
> Would you be able to incorporate the GMAC ESN bug fix in 3.9?
I'd be happy to once I get the patch.
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Hi Linus:
This push fixes a GCM bug that breaks IPsec and a compile problem
in ux500.
Please pull from
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
or
master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
Jussi Kivilinna (1):
crypto: gcm - fix assumption that assoc has one segment
Linus Walleij (1):
crypto: ux500 - add missing comma
crypto/gcm.c | 17 ++++++++++++++---
drivers/crypto/ux500/cryp/cryp_core.c | 2 +-
2 files changed, 15 insertions(+), 4 deletions(-)
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Hi Linus:
This push fixes a kernel memory leak in the algif interface.
Please pull from
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
or
master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
Mathias Krause (1):
crypto: algif - suppress sending source address information in recvmsg
crypto/algif_hash.c | 2 ++
crypto/algif_skcipher.c | 1 +
2 files changed, 3 insertions(+), 0 deletions(-)
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Hi Linus:
This push fixes a crash in the new sha256_ssse3 driver as well as
a DMA setup/teardown bug in caam.
Please pull from
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
or
master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
Horia Geanta (1):
crypto: caam - fix inconsistent assoc dma mapping direction
Jussi Kivilinna (1):
crypto: sha256_ssse3 - fix stack corruption with SSSE3 and AVX implementations
arch/x86/crypto/sha256-avx-asm.S | 2 +-
arch/x86/crypto/sha256-ssse3-asm.S | 2 +-
drivers/crypto/caam/caamalg.c | 4 ++--
3 files changed, 4 insertions(+), 4 deletions(-)
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Hi Linus:
This push fixes a build problem in sahara and temporarily disables
two new optimisations because of performance regressions until a
permanent fix is ready.
Please pull from
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
or
master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
Arnd Bergmann (1):
crypto: sahara - fix building as module
Jussi Kivilinna (2):
crypto: twofish - disable AVX2 implementation
crypto: blowfish - disable AVX2 implementation
crypto/Kconfig | 2 ++
drivers/crypto/sahara.c | 2 +-
2 files changed, 3 insertions(+), 1 deletions(-)
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Hi Linus:
This push fixes an unaligned crash in XTS mode when using aseni_intel.
Please pull from
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
or
master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
Jussi Kivilinna (1):
crypto: aesni_intel - fix accessing of unaligned memory
arch/x86/crypto/aesni-intel_asm.S | 48 ++++++++++++++++++++++++------------
1 files changed, 32 insertions(+), 16 deletions(-)
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Hi Linus:
This push fixes a crash in the crypto layer exposed by an SCTP
test tool.
Please pull from
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
or
master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
Herbert Xu (1):
crypto: algboss - Hold ref count on larval
crypto/algboss.c | 15 ++++++++-------
crypto/api.c | 6 ------
crypto/internal.h | 6 ++++++
3 files changed, 14 insertions(+), 13 deletions(-)
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Hi Linus:
This push fixes a memory corruption issue in caam, as well as
reverting the new optimised crct10dif implementation as it breaks
boot on initrd systems.
Hopefully crct10dif will be reinstated once the supporting code
is added so that it doesn't break boot.
Please pull from
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
or
master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
Herbert Xu (1):
Revert "crypto: crct10dif - Wrap crc_t10dif function all to use crypto transform framework"
Vakul Garg (1):
crypto: caam - Fixed the memory out of bound overwrite issue
arch/x86/crypto/Makefile | 2 -
arch/x86/crypto/crct10dif-pcl-asm_64.S | 643 -------------------------------
arch/x86/crypto/crct10dif-pclmul_glue.c | 151 --------
crypto/Kconfig | 19 -
crypto/Makefile | 1 -
crypto/crct10dif.c | 178 ---------
crypto/tcrypt.c | 8 -
crypto/testmgr.c | 10 -
crypto/testmgr.h | 33 --
drivers/crypto/caam/caamhash.c | 2 +-
include/linux/crc-t10dif.h | 4 -
lib/Kconfig | 2 -
lib/crc-t10dif.c | 73 ++--
13 files changed, 44 insertions(+), 1082 deletions(-)
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Hi Linus:
This push fixes a 7+ year race condition in the crypto API that
causes sporadic crashes when multiple threads load the same
algorithm.
It also fixes the crct10dif algorithm again to prevent boot
failures on systems where the initramfs tool ignores module
softdeps.
Please pull from
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
or
master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
Herbert Xu (2):
crypto: api - Fix race condition in larval lookup
crypto: crct10dif - Add fallback for broken initrds
crypto/Makefile | 2 +-
crypto/api.c | 7 +-
crypto/{crct10dif.c => crct10dif_common.c} | 100 +--------------------------
crypto/{crct10dif.c => crct10dif_generic.c} | 53 +-------------
lib/crc-t10dif.c | 11 ++-
5 files changed, 20 insertions(+), 153 deletions(-)
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Fri, Sep 13, 2013 at 4:30 AM, Herbert Xu <[email protected]> wrote:
>
> Herbert Xu (2):
> crypto: api - Fix race condition in larval lookup
> crypto: crct10dif - Add fallback for broken initrds
>
> crypto/Makefile | 2 +-
> crypto/api.c | 7 +-
> crypto/{crct10dif.c => crct10dif_common.c} | 100 +--------------------------
> crypto/{crct10dif.c => crct10dif_generic.c} | 53 +-------------
> lib/crc-t10dif.c | 11 ++-
> 5 files changed, 20 insertions(+), 153 deletions(-)
Please fix your script. You apparently have it using "-C" to find
copies, which can be very useful to see what is going on especially
with "--summary" (which you don't have), but is misleading when
sending diffstats when people don't expect it.
The pull request does not have "20 insertions", it has "146
insertions", and it's just that a fair chunk of them come from a file
being essentially duplicated. See the difference:
With copy detection ("git diff -C --stat --summary")
crypto/Makefile | 2 +-
crypto/api.c | 7 +-
crypto/{crct10dif.c => crct10dif_common.c} | 100 +-------------------
crypto/{crct10dif.c => crct10dif_generic.c} | 53 +----------
lib/crc-t10dif.c | 11 ++-
5 files changed, 20 insertions(+), 153 deletions(-)
copy crypto/{crct10dif.c => crct10dif_common.c} (63%)
rename crypto/{crct10dif.c => crct10dif_generic.c} (55%)
With just rename detection (git diff -M --stat --summary)
crypto/Makefile | 2 +-
crypto/api.c | 7 +-
crypto/{crct10dif.c => crct10dif_common.c} | 100 +---------------
crypto/crct10dif_generic.c | 127 +++++++++++++++++++++
lib/crc-t10dif.c | 11 +-
5 files changed, 146 insertions(+), 101 deletions(-)
rename crypto/{crct10dif.c => crct10dif_common.c} (63%)
create mode 100644 crypto/crct10dif_generic.c
and your pull request looked really misleading because it did "-C" but
didn't have that summary pointing out that one of them was a copy.
So please use "-M --stat --summary". That's what git shows me when I
do a "git pull", so that's what I'm going to compare with..
As mentioned "-C" _is_ useful, but it's useful when you're
specifically looking for "that's a lot of new lines, is it copying old
files" kind of things.
Linus
On Fri, Sep 13, 2013 at 07:22:55AM -0700, Linus Torvalds wrote:
> On Fri, Sep 13, 2013 at 4:30 AM, Herbert Xu <[email protected]> wrote:
> >
> > Herbert Xu (2):
> > crypto: api - Fix race condition in larval lookup
> > crypto: crct10dif - Add fallback for broken initrds
> >
> > crypto/Makefile | 2 +-
> > crypto/api.c | 7 +-
> > crypto/{crct10dif.c => crct10dif_common.c} | 100 +--------------------------
> > crypto/{crct10dif.c => crct10dif_generic.c} | 53 +-------------
> > lib/crc-t10dif.c | 11 ++-
> > 5 files changed, 20 insertions(+), 153 deletions(-)
>
> Please fix your script. You apparently have it using "-C" to find
> copies, which can be very useful to see what is going on especially
> with "--summary" (which you don't have), but is misleading when
> sending diffstats when people don't expect it.
Sorry, will do for future pushes. FWIW the -M stats are
crypto/Makefile | 2 +-
crypto/api.c | 7 +-
crypto/{crct10dif.c => crct10dif_common.c} | 100 +---------------------
crypto/crct10dif_generic.c | 127 ++++++++++++++++++++++++++++
lib/crc-t10dif.c | 11 ++-
5 files changed, 146 insertions(+), 101 deletions(-)
> With just rename detection (git diff -M --stat --summary)
> crypto/Makefile | 2 +-
> crypto/api.c | 7 +-
> crypto/{crct10dif.c => crct10dif_common.c} | 100 +---------------
> crypto/crct10dif_generic.c | 127 +++++++++++++++++++++
> lib/crc-t10dif.c | 11 +-
> 5 files changed, 146 insertions(+), 101 deletions(-)
> rename crypto/{crct10dif.c => crct10dif_common.c} (63%)
> create mode 100644 crypto/crct10dif_generic.c
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt