2014-10-07 13:19:19

by Herbert Xu

Subject: Crypto Update for 3.18

Hi Linus:

Here is the crypto update for 3.18:

* Add multibuffer infrastructure:
. Add single_task_running scheduler helper, OKed by Peter on lkml.
* Add SHA1 multibuffer implementation for AVX2.
* Reenable "by8" AVX CTR optimisation after fixing counter overflow.
* Add APM X-Gene SoC RNG support.
* SHA256/SHA512 now handles unaligned input correctly.
* Set lz4 decompressed length correctly.
* Fix algif socket buffer allocation failure for 64K page machines.
* Misc fixes.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Alex Porosanu (3):
crypto: caam - disable RNG oscillator maximum frequency check
crypto: caam - change starting entropy delay value
crypto: caam - enable raw data instead of von Neumann data

Alexander Gordeev (1):
crypto: qat - Use pci_enable_msix_exact() instead of pci_enable_msix()

Cristian Stoica (7):
crypto: testmgr - white space fix-ups on test_aead
crypto: testmgr - white space removal on __test_hash
crypto: testmgr - white space removal on __test_skcipher
crypto: testmgr - delay execution of set-up code
crypto: testmgr - remove unused function argument
crypto: caam - remove duplicated sg copy functions
crypto: caam - fix addressing of struct member

David S. Miller (1):
crypto: sha - Handle unaligned input data in generic sha256 and sha512.

Feng Kan (3):
hwrng: xgene - add support for APM X-Gene SoC RNG support
Documentation: rng: Add X-Gene SoC RNG driver documentation
arm64: dts: add random number generator dts node to APM X-Gene platform.

Fengguang Wu (2):
crypto: mcryptd - mcryptd_flist can be static
crypto: sha-mb - sha1_mb_alg_state can be static

Herbert Xu (2):
Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

KOVACS Krisztian (2):
crypto: lz4,lz4hc - fix decompression
crypto: testmgr - add test for lz4 and lz4hc

Mathias Krause (3):
crypto: aesni - fix counter overflow handling in "by8" variant
crypto: aesni - remove unused defines in "by8" variant
Revert "crypto: aesni - disable "by8" AVX CTR optimization"

Nitesh Narayan Lal (1):
crypto: caam - Dynamic allocation of addresses for various memory blocks in CAAM.

Ondrej Kozina (1):
crypto: algif - avoid excessive use of socket buffer in skcipher

Rasmus Villemoes (1):
crypto: mv_cesa - Add missing #define

Stephan Mueller (10):
crypto: drbg - replace int2byte with cpu_to_be
crypto: drbg - kzfree does not need a check for NULL pointer
crypto: drbg - remove superflowous checks
crypto: drbg - remove superflowous memset(0)
crypto: drbg - use kmalloc instead of kzalloc for V and C
crypto: drbg - remove unnecessary sanity checks
crypto: drbg - remove configuration of fixed values
crypto: drbg - remove unnecessary sanity check for shadow state
crypto: drbg - fix sparse warning for cpu_to_be[32|64]
crypto: drbg - fix maximum value checks on 32 bit systems

Sudip Mukherjee (1):
hwrng: printk replacement

Tadeusz Struk (2):
crypto: qat - Fix typo in name of tasklet_struct
crypto: qat - Removed unneeded partial state

Ted Percival (1):
crypto: mcryptd - Fix typos in CRYPTO_MCRYPTD description

Tim Chen (7):
crypto: hash - initialize entry len for null input in crypto hash sg list walk
sched: Add function single_task_running to let a task check if it is the only task running on a cpu
crypto: sha-mb - multibuffer crypto infrastructure
crypto: sha-mb - SHA1 multibuffer algorithm data structures
crypto: sha-mb - SHA1 multibuffer submit and flush routines for AVX2
crypto: sha-mb - SHA1 multibuffer crypto computation (x8 AVX2)
crypto: sha-mb - SHA1 multibuffer job manager and glue code

Wei Yongjun (1):
crypto: qat - Fix return value check in adf_chr_drv_create()

Documentation/devicetree/bindings/rng/apm,rng.txt | 17 +
arch/arm64/boot/dts/apm-storm.dtsi | 21 +
arch/x86/crypto/Makefile | 1 +
arch/x86/crypto/aes_ctrby8_avx-x86_64.S | 20 +-
arch/x86/crypto/aesni-intel_glue.c | 4 +-
arch/x86/crypto/sha-mb/Makefile | 11 +
arch/x86/crypto/sha-mb/sha1_mb.c | 935 +++++++++++++++++++
arch/x86/crypto/sha-mb/sha1_mb_mgr_datastruct.S | 287 ++++++
arch/x86/crypto/sha-mb/sha1_mb_mgr_flush_avx2.S | 327 +++++++
arch/x86/crypto/sha-mb/sha1_mb_mgr_init_avx2.c | 64 ++
arch/x86/crypto/sha-mb/sha1_mb_mgr_submit_avx2.S | 228 +++++
arch/x86/crypto/sha-mb/sha1_x8_avx2.S | 472 ++++++++++
arch/x86/crypto/sha-mb/sha_mb_ctx.h | 136 +++
arch/x86/crypto/sha-mb/sha_mb_mgr.h | 110 +++
crypto/Kconfig | 30 +
crypto/Makefile | 1 +
crypto/ahash.c | 12 +-
crypto/algif_skcipher.c | 2 +-
crypto/drbg.c | 130 +--
crypto/lz4.c | 2 +-
crypto/lz4hc.c | 2 +-
crypto/mcryptd.c | 705 ++++++++++++++
crypto/sha256_generic.c | 3 +-
crypto/sha512_generic.c | 3 +-
crypto/testmgr.c | 966 ++++++++++----------
crypto/testmgr.h | 66 ++
drivers/char/hw_random/Kconfig | 13 +
drivers/char/hw_random/Makefile | 1 +
drivers/char/hw_random/amd-rng.c | 4 +-
drivers/char/hw_random/geode-rng.c | 4 +-
drivers/char/hw_random/intel-rng.c | 13 +-
drivers/char/hw_random/pasemi-rng.c | 2 +-
drivers/char/hw_random/pseries-rng.c | 2 +-
drivers/char/hw_random/via-rng.c | 8 +-
drivers/char/hw_random/xgene-rng.c | 423 +++++++++
drivers/crypto/caam/caamhash.c | 28 +-
drivers/crypto/caam/ctrl.c | 138 ++-
drivers/crypto/caam/intern.h | 9 +-
drivers/crypto/caam/regs.h | 51 +-
drivers/crypto/caam/sg_sw_sec4.h | 54 --
drivers/crypto/mv_cesa.h | 1 +
drivers/crypto/qat/qat_common/adf_ctl_drv.c | 2 +-
.../crypto/qat/qat_common/adf_transport_internal.h | 2 +-
drivers/crypto/qat/qat_common/qat_algs.c | 66 +-
drivers/crypto/qat/qat_dh895xcc/adf_isr.c | 14 +-
include/crypto/drbg.h | 19 +-
include/crypto/internal/hash.h | 9 +
include/crypto/mcryptd.h | 112 +++
include/linux/sched.h | 1 +
kernel/sched/core.c | 12 +
50 files changed, 4706 insertions(+), 837 deletions(-)

Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2014-12-11 12:51:36

by Herbert Xu

Subject: Crypto Update for 3.19

Hi Linus:

Here is the crypto update for 3.19:

* The crypto API is now documented :)
* Disallow arbitrary module loading through crypto API.
* Allow get request with empty driver name through crypto_user.
* Allow speed testing of arbitrary hash functions.
* Add caam support for ctr(aes), gcm(aes) and their derivatives.
* nx now supports concurrent hashing properly.
* Add sahara support for SHA1/256.
* Add ARM64 version of CRC32.
* Misc fixes.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Boris Brezillon (4):
hwrng: atmel - use clk_prepapre_enable/_disable_unprepare
hwrng: atmel - add DT support
hwrng: atmel - Add TRNG DT binding doc
ARM: at91/dt: add trng node to at91sam9g45

Bruce Allan (4):
crypto: qat - fix bad unlock balance
crypto: qat - cleanup coccicheck warning - NULL check before freeing functions
crypto: qat - cleanup unnecessary break checkpatch warning
crypto: qat - misspelling typo - "reseting" should be "resetting"

Catalin Vasile (5):
crypto: caam - add support for ctr(aes)
crypto: caam - add support for rfc3686(ctr(aes))
crypto: caam - add support for rfc3686 with authenc md5, sha1 and sha2
crypto: caam - add support for givencrypt cbc(aes) and rfc3686(ctr(aes))
crypto: caam - add support for givencrypt cbc(des) and cbc(des3_ede)

Cristian Stoica (1):
crypto: caam - fix error reporting

Dan Carpenter (1):
crypto: sha-mb - remove a bogus NULL check

Daniel Borkmann (1):
crypto: algif - add and use sock_kzfree_s() instead of memzero_explicit()

Herbert Xu (4):
Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux
crypto: user - Allow get request with empty driver name
crypto: algif_skcipher - Fixed blocking recvmsg
crypto: tcrypt - Allow speed testing of arbitrary hash functions

Johannes Berg (1):
crypto: bfin_crc - don't include linux/unaligned/access_ok.h

Julia Lawall (4):
crypto: sparc - replace memset by memzero_explicit
crypto: sha - replace memset by memzero_explicit
crypto: powerpc - replace memset by memzero_explicit
crypto: arm - replace memset by memzero_explicit

Kees Cook (2):
crypto: prefix module autoloading with "crypto-"
crypto: include crypto- module prefix in template

Leonidas S. Barbosa (8):
crypto: nx - Moving NX-AES-CBC to be processed logic
crypto: nx - Moving NX-AES-CCM to be processed logic and sg_list bounds
crypto: nx - Moving limit and bound logic in CTR and fix IV vector
crypto: nx - Moving NX-AES-ECB to be processed logic
crypto: nx - Moving NX-AES-GCM to be processed logic
crypto: nx - Moving NX-AES-XCBC to be processed logic
crypto: nx - Fix SHA concurrence issue and sg limit bounds
crypto: nx - Fixing the limit number of bytes to be processed

Masanari Iida (1):
crypto: testmgr - Remove unnecessary KERN_INFO from testmgr.c

Nickolaus Woodruff (1):
crypto: drbg - use memzero_explicit() for clearing sensitive data

Pranith Kumar (1):
crypto: caam - Remove unnecessary smp_read_barrier_depends()

Rickard Strandqvist (1):
hwrng: core - Changed from using strncat to strlcat

Steffen Trumtrar (4):
crypto: sahara - fix spinlock initialization
crypto: sahara - add support for i.MX53
crypto: sahara - replace tasklets with kthread
crypto: sahara - add support for SHA1/256

Stephan Mueller (22):
crypto: drbg - use crypto_inc
crypto: drbg - add MODULE_ALIAS for all DRBG types
crypto: algif - zeroize message digest buffer
crypto: algif - zeroize IV buffer
crypto: doc - crypto API high level spec
crypto: doc - compile crypto API spec
crypto: doc - userspace interface spec
crypto: doc - RNG API documentation
crypto: doc - hash data structures
crypto: doc - AHASH API documentation
crypto: doc - SHASH API documentation
crypto: doc - cipher data structures
crypto: doc - ABLKCIPHER API documentation
crypto: doc - AEAD API documentation
crypto: doc - BLKCIPHER API documentation
crypto: doc - CIPHER API documentation
crypto: doc - HASH API documentation
crypto: doc - document uncovered member variables
crypto: user - add MODULE_ALIAS
crypto: drbg - use MODULE_ALIAS_CRYPTO
crypto: algif_skcipher - initialize upon init request
crypto: af_alg - add user space interface for AEAD

Struk, Tadeusz (3):
crypto: qat - Use memzero_explicit
crytpo: qat - Fix 64 bytes requests
crypto: algif_skcipher - removed unneeded code

Tadeusz Struk (2):
crypto: qat - Move BAR definitions to device specific module
crypto: qat - fix problem with coalescing enable logic

Tudor Ambarus (4):
crypto: caam - add support for gcm(aes)
crypto: caam - add support for rfc4106(gcm(aes))
crypto: caam - fix output sequence contiguity check
crypto: caam - add support for rfc4543(gcm(aes))

Ulf Hansson (2):
crypto: ux500/cryp - Silence compiler warning for !CONFIG_PM
crypto: ux500/hash - Silence compiler warning for !CONFIG_PM

Valentin Rothberg (1):
crypto: aesni - remove unnecessary #define

Yazen Ghannam (1):
crypto: crc32 - Add ARM64 CRC32 hw accelerated module

Documentation/DocBook/Makefile | 2 +-
Documentation/DocBook/crypto-API.tmpl | 1253 ++++++++++
Documentation/crypto/crypto-API-userspace.txt | 205 ++
.../devicetree/bindings/crypto/fsl-imx-sahara.txt | 2 +-
.../devicetree/bindings/hwrng/atmel-trng.txt | 16 +
arch/arm/boot/dts/at91sam9g45.dtsi | 7 +
arch/arm/crypto/aes_glue.c | 4 +-
arch/arm/crypto/sha1_glue.c | 2 +-
arch/arm/crypto/sha1_neon_glue.c | 2 +-
arch/arm/crypto/sha512_neon_glue.c | 6 +-
arch/arm64/crypto/Kconfig | 4 +
arch/arm64/crypto/Makefile | 4 +
arch/arm64/crypto/aes-ce-ccm-glue.c | 2 +-
arch/arm64/crypto/aes-glue.c | 8 +-
arch/arm64/crypto/crc32-arm64.c | 274 +++
arch/powerpc/crypto/sha1.c | 4 +-
arch/s390/crypto/aes_s390.c | 2 +-
arch/s390/crypto/des_s390.c | 4 +-
arch/s390/crypto/ghash_s390.c | 2 +-
arch/s390/crypto/sha1_s390.c | 2 +-
arch/s390/crypto/sha256_s390.c | 4 +-
arch/s390/crypto/sha512_s390.c | 4 +-
arch/sparc/crypto/aes_glue.c | 2 +-
arch/sparc/crypto/camellia_glue.c | 2 +-
arch/sparc/crypto/crc32c_glue.c | 2 +-
arch/sparc/crypto/des_glue.c | 2 +-
arch/sparc/crypto/md5_glue.c | 2 +-
arch/sparc/crypto/sha1_glue.c | 2 +-
arch/sparc/crypto/sha256_glue.c | 6 +-
arch/sparc/crypto/sha512_glue.c | 6 +-
arch/x86/crypto/aes_glue.c | 4 +-
arch/x86/crypto/aesni-intel_glue.c | 10 +-
arch/x86/crypto/blowfish_glue.c | 4 +-
arch/x86/crypto/camellia_aesni_avx2_glue.c | 4 +-
arch/x86/crypto/camellia_aesni_avx_glue.c | 4 +-
arch/x86/crypto/camellia_glue.c | 4 +-
arch/x86/crypto/cast5_avx_glue.c | 2 +-
arch/x86/crypto/cast6_avx_glue.c | 2 +-
arch/x86/crypto/crc32-pclmul_glue.c | 4 +-
arch/x86/crypto/crc32c-intel_glue.c | 4 +-
arch/x86/crypto/crct10dif-pclmul_glue.c | 4 +-
arch/x86/crypto/des3_ede_glue.c | 8 +-
arch/x86/crypto/fpu.c | 3 +
arch/x86/crypto/ghash-clmulni-intel_glue.c | 2 +-
arch/x86/crypto/salsa20_glue.c | 4 +-
arch/x86/crypto/serpent_avx2_glue.c | 4 +-
arch/x86/crypto/serpent_avx_glue.c | 2 +-
arch/x86/crypto/serpent_sse2_glue.c | 2 +-
arch/x86/crypto/sha-mb/sha1_mb.c | 3 +-
arch/x86/crypto/sha1_ssse3_glue.c | 2 +-
arch/x86/crypto/sha256_ssse3_glue.c | 6 +-
arch/x86/crypto/sha512_ssse3_glue.c | 6 +-
arch/x86/crypto/twofish_avx_glue.c | 2 +-
arch/x86/crypto/twofish_glue.c | 4 +-
arch/x86/crypto/twofish_glue_3way.c | 4 +-
crypto/842.c | 1 +
crypto/aes_generic.c | 2 +-
crypto/af_alg.c | 6 +
crypto/algapi.c | 4 +-
crypto/algif_hash.c | 4 +-
crypto/algif_skcipher.c | 15 +-
crypto/ansi_cprng.c | 2 +-
crypto/anubis.c | 1 +
crypto/api.c | 4 +-
crypto/arc4.c | 1 +
crypto/authenc.c | 1 +
crypto/authencesn.c | 1 +
crypto/blowfish_generic.c | 2 +-
crypto/camellia_generic.c | 2 +-
crypto/cast5_generic.c | 2 +-
crypto/cast6_generic.c | 2 +-
crypto/cbc.c | 1 +
crypto/ccm.c | 5 +-
crypto/chainiv.c | 1 +
crypto/cmac.c | 1 +
crypto/crc32.c | 1 +
crypto/crc32c_generic.c | 2 +-
crypto/crct10dif_generic.c | 2 +-
crypto/cryptd.c | 1 +
crypto/crypto_null.c | 6 +-
crypto/crypto_user.c | 6 +-
crypto/ctr.c | 3 +-
crypto/cts.c | 1 +
crypto/deflate.c | 2 +-
crypto/des_generic.c | 2 +-
crypto/drbg.c | 127 +-
crypto/ecb.c | 1 +
crypto/eseqiv.c | 1 +
crypto/fcrypt.c | 1 +
crypto/gcm.c | 7 +-
crypto/ghash-generic.c | 2 +-
crypto/hmac.c | 1 +
crypto/khazad.c | 1 +
crypto/krng.c | 2 +-
crypto/lrw.c | 1 +
crypto/lz4.c | 1 +
crypto/lz4hc.c | 1 +
crypto/lzo.c | 1 +
crypto/mcryptd.c | 1 +
crypto/md4.c | 2 +-
crypto/md5.c | 1 +
crypto/michael_mic.c | 1 +
crypto/pcbc.c | 1 +
crypto/pcrypt.c | 1 +
crypto/rmd128.c | 1 +
crypto/rmd160.c | 1 +
crypto/rmd256.c | 1 +
crypto/rmd320.c | 1 +
crypto/salsa20_generic.c | 2 +-
crypto/seed.c | 1 +
crypto/seqiv.c | 1 +
crypto/serpent_generic.c | 4 +-
crypto/sha1_generic.c | 2 +-
crypto/sha256_generic.c | 4 +-
crypto/sha512_generic.c | 4 +-
crypto/tcrypt.c | 32 +-
crypto/tea.c | 4 +-
crypto/testmgr.c | 3 +-
crypto/tgr192.c | 4 +-
crypto/twofish_generic.c | 2 +-
crypto/vmac.c | 1 +
crypto/wp512.c | 4 +-
crypto/xcbc.c | 1 +
crypto/xts.c | 1 +
crypto/zlib.c | 1 +
drivers/char/hw_random/Kconfig | 2 +-
drivers/char/hw_random/atmel-rng.c | 15 +-
drivers/char/hw_random/core.c | 12 +-
drivers/crypto/bfin_crc.c | 2 +-
drivers/crypto/caam/caamalg.c | 2412 +++++++++++++++++---
drivers/crypto/caam/compat.h | 1 +
drivers/crypto/caam/desc_constr.h | 2 +
drivers/crypto/caam/error.c | 25 +-
drivers/crypto/caam/jr.c | 3 -
drivers/crypto/nx/nx-aes-cbc.c | 12 +-
drivers/crypto/nx/nx-aes-ccm.c | 61 +-
drivers/crypto/nx/nx-aes-ctr.c | 13 +-
drivers/crypto/nx/nx-aes-ecb.c | 12 +-
drivers/crypto/nx/nx-aes-gcm.c | 66 +-
drivers/crypto/nx/nx-aes-xcbc.c | 81 +-
drivers/crypto/nx/nx-sha256.c | 208 +-
drivers/crypto/nx/nx-sha512.c | 222 +-
drivers/crypto/nx/nx.c | 127 +-
drivers/crypto/nx/nx.h | 8 +-
drivers/crypto/padlock-aes.c | 2 +-
drivers/crypto/padlock-sha.c | 8 +-
drivers/crypto/qat/qat_common/adf_accel_devices.h | 2 -
drivers/crypto/qat/qat_common/adf_aer.c | 2 +-
drivers/crypto/qat/qat_common/adf_ctl_drv.c | 3 +-
drivers/crypto/qat/qat_common/adf_dev_mgr.c | 6 +-
drivers/crypto/qat/qat_common/adf_transport.c | 15 +-
.../qat/qat_common/adf_transport_access_macros.h | 9 +-
drivers/crypto/qat/qat_common/qat_algs.c | 37 +-
drivers/crypto/qat/qat_common/qat_hal.c | 3 +-
.../crypto/qat/qat_dh895xcc/adf_dh895xcc_hw_data.h | 2 +
drivers/crypto/qat/qat_dh895xcc/adf_isr.c | 12 +-
drivers/crypto/sahara.c | 794 ++++++-
drivers/crypto/ux500/cryp/cryp_core.c | 6 +-
drivers/crypto/ux500/hash/hash_core.c | 10 +-
drivers/s390/crypto/ap_bus.c | 3 +-
include/crypto/hash.h | 492 ++++
include/crypto/if_alg.h | 1 +
include/crypto/rng.h | 80 +
include/linux/crypto.h | 1112 ++++++++-
include/net/sock.h | 1 +
include/uapi/linux/if_alg.h | 2 +
net/core/sock.c | 24 +-
167 files changed, 7090 insertions(+), 1068 deletions(-)

Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2014-12-12 11:54:36

by Herbert Xu

Subject: Re: Crypto Update for 3.19

Hi Linus:

Here is a resend of the crypto update for 3.19 since I accidentally
pushed out an old tree instead of the current crypto tree.

* The crypto API is now documented :)
* Disallow arbitrary module loading through crypto API.
* Allow get request with empty driver name through crypto_user.
* Allow speed testing of arbitrary hash functions.
* Add caam support for ctr(aes), gcm(aes) and their derivatives.
* nx now supports concurrent hashing properly.
* Add sahara support for SHA1/256.
* Add ARM64 version of CRC32.
* Misc fixes.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Boris Brezillon (4):
hwrng: atmel - use clk_prepapre_enable/_disable_unprepare
hwrng: atmel - add DT support
hwrng: atmel - Add TRNG DT binding doc
ARM: at91/dt: add trng node to at91sam9g45

Bruce Allan (4):
crypto: qat - fix bad unlock balance
crypto: qat - cleanup coccicheck warning - NULL check before freeing functions
crypto: qat - cleanup unnecessary break checkpatch warning
crypto: qat - misspelling typo - "reseting" should be "resetting"

Catalin Vasile (5):
crypto: caam - add support for ctr(aes)
crypto: caam - add support for rfc3686(ctr(aes))
crypto: caam - add support for rfc3686 with authenc md5, sha1 and sha2
crypto: caam - add support for givencrypt cbc(aes) and rfc3686(ctr(aes))
crypto: caam - add support for givencrypt cbc(des) and cbc(des3_ede)

Cristian Stoica (1):
crypto: caam - fix error reporting

Dan Carpenter (1):
crypto: sha-mb - remove a bogus NULL check

Daniel Borkmann (1):
crypto: algif - add and use sock_kzfree_s() instead of memzero_explicit()

Herbert Xu (4):
Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux
crypto: user - Allow get request with empty driver name
crypto: algif_skcipher - Fixed blocking recvmsg
crypto: tcrypt - Allow speed testing of arbitrary hash functions

Johannes Berg (1):
crypto: bfin_crc - don't include linux/unaligned/access_ok.h

Julia Lawall (4):
crypto: sparc - replace memset by memzero_explicit
crypto: sha - replace memset by memzero_explicit
crypto: powerpc - replace memset by memzero_explicit
crypto: arm - replace memset by memzero_explicit

Kees Cook (2):
crypto: prefix module autoloading with "crypto-"
crypto: include crypto- module prefix in template

Leonidas S. Barbosa (8):
crypto: nx - Moving NX-AES-CBC to be processed logic
crypto: nx - Moving NX-AES-CCM to be processed logic and sg_list bounds
crypto: nx - Moving limit and bound logic in CTR and fix IV vector
crypto: nx - Moving NX-AES-ECB to be processed logic
crypto: nx - Moving NX-AES-GCM to be processed logic
crypto: nx - Moving NX-AES-XCBC to be processed logic
crypto: nx - Fix SHA concurrence issue and sg limit bounds
crypto: nx - Fixing the limit number of bytes to be processed

Masanari Iida (1):
crypto: testmgr - Remove unnecessary KERN_INFO from testmgr.c

Nickolaus Woodruff (1):
crypto: drbg - use memzero_explicit() for clearing sensitive data

Pranith Kumar (1):
crypto: caam - Remove unnecessary smp_read_barrier_depends()

Rickard Strandqvist (1):
hwrng: core - Changed from using strncat to strlcat

Steffen Trumtrar (4):
crypto: sahara - fix spinlock initialization
crypto: sahara - add support for i.MX53
crypto: sahara - replace tasklets with kthread
crypto: sahara - add support for SHA1/256

Stephan Mueller (22):
crypto: drbg - use crypto_inc
crypto: drbg - add MODULE_ALIAS for all DRBG types
crypto: algif - zeroize message digest buffer
crypto: algif - zeroize IV buffer
crypto: doc - crypto API high level spec
crypto: doc - compile crypto API spec
crypto: doc - userspace interface spec
crypto: doc - RNG API documentation
crypto: doc - hash data structures
crypto: doc - AHASH API documentation
crypto: doc - SHASH API documentation
crypto: doc - cipher data structures
crypto: doc - ABLKCIPHER API documentation
crypto: doc - AEAD API documentation
crypto: doc - BLKCIPHER API documentation
crypto: doc - CIPHER API documentation
crypto: doc - HASH API documentation
crypto: doc - document uncovered member variables
crypto: user - add MODULE_ALIAS
crypto: drbg - use MODULE_ALIAS_CRYPTO
crypto: algif_skcipher - initialize upon init request
crypto: af_alg - add user space interface for AEAD

Struk, Tadeusz (3):
crypto: qat - Use memzero_explicit
crytpo: qat - Fix 64 bytes requests
crypto: algif_skcipher - removed unneeded code

Tadeusz Struk (2):
crypto: qat - Move BAR definitions to device specific module
crypto: qat - fix problem with coalescing enable logic

Tudor Ambarus (4):
crypto: caam - add support for gcm(aes)
crypto: caam - add support for rfc4106(gcm(aes))
crypto: caam - fix output sequence contiguity check
crypto: caam - add support for rfc4543(gcm(aes))

Ulf Hansson (2):
crypto: ux500/cryp - Silence compiler warning for !CONFIG_PM
crypto: ux500/hash - Silence compiler warning for !CONFIG_PM

Valentin Rothberg (1):
crypto: aesni - remove unnecessary #define

Yazen Ghannam (1):
crypto: crc32 - Add ARM64 CRC32 hw accelerated module

Documentation/DocBook/Makefile | 2 +-
Documentation/DocBook/crypto-API.tmpl | 1253 ++++++++++
Documentation/crypto/crypto-API-userspace.txt | 205 ++
.../devicetree/bindings/crypto/fsl-imx-sahara.txt | 2 +-
.../devicetree/bindings/hwrng/atmel-trng.txt | 16 +
arch/arm/boot/dts/at91sam9g45.dtsi | 7 +
arch/arm/crypto/aes_glue.c | 4 +-
arch/arm/crypto/sha1_glue.c | 2 +-
arch/arm/crypto/sha1_neon_glue.c | 2 +-
arch/arm/crypto/sha512_neon_glue.c | 6 +-
arch/arm64/crypto/Kconfig | 4 +
arch/arm64/crypto/Makefile | 4 +
arch/arm64/crypto/aes-ce-ccm-glue.c | 2 +-
arch/arm64/crypto/aes-glue.c | 8 +-
arch/arm64/crypto/crc32-arm64.c | 274 +++
arch/powerpc/crypto/sha1.c | 4 +-
arch/s390/crypto/aes_s390.c | 2 +-
arch/s390/crypto/des_s390.c | 4 +-
arch/s390/crypto/ghash_s390.c | 2 +-
arch/s390/crypto/sha1_s390.c | 2 +-
arch/s390/crypto/sha256_s390.c | 4 +-
arch/s390/crypto/sha512_s390.c | 4 +-
arch/sparc/crypto/aes_glue.c | 2 +-
arch/sparc/crypto/camellia_glue.c | 2 +-
arch/sparc/crypto/crc32c_glue.c | 2 +-
arch/sparc/crypto/des_glue.c | 2 +-
arch/sparc/crypto/md5_glue.c | 2 +-
arch/sparc/crypto/sha1_glue.c | 2 +-
arch/sparc/crypto/sha256_glue.c | 6 +-
arch/sparc/crypto/sha512_glue.c | 6 +-
arch/x86/crypto/aes_glue.c | 4 +-
arch/x86/crypto/aesni-intel_glue.c | 10 +-
arch/x86/crypto/blowfish_glue.c | 4 +-
arch/x86/crypto/camellia_aesni_avx2_glue.c | 4 +-
arch/x86/crypto/camellia_aesni_avx_glue.c | 4 +-
arch/x86/crypto/camellia_glue.c | 4 +-
arch/x86/crypto/cast5_avx_glue.c | 2 +-
arch/x86/crypto/cast6_avx_glue.c | 2 +-
arch/x86/crypto/crc32-pclmul_glue.c | 4 +-
arch/x86/crypto/crc32c-intel_glue.c | 4 +-
arch/x86/crypto/crct10dif-pclmul_glue.c | 4 +-
arch/x86/crypto/des3_ede_glue.c | 8 +-
arch/x86/crypto/fpu.c | 3 +
arch/x86/crypto/ghash-clmulni-intel_glue.c | 2 +-
arch/x86/crypto/salsa20_glue.c | 4 +-
arch/x86/crypto/serpent_avx2_glue.c | 4 +-
arch/x86/crypto/serpent_avx_glue.c | 2 +-
arch/x86/crypto/serpent_sse2_glue.c | 2 +-
arch/x86/crypto/sha-mb/sha1_mb.c | 3 +-
arch/x86/crypto/sha1_ssse3_glue.c | 2 +-
arch/x86/crypto/sha256_ssse3_glue.c | 6 +-
arch/x86/crypto/sha512_ssse3_glue.c | 6 +-
arch/x86/crypto/twofish_avx_glue.c | 2 +-
arch/x86/crypto/twofish_glue.c | 4 +-
arch/x86/crypto/twofish_glue_3way.c | 4 +-
crypto/842.c | 1 +
crypto/aes_generic.c | 2 +-
crypto/af_alg.c | 6 +
crypto/algapi.c | 4 +-
crypto/algif_hash.c | 4 +-
crypto/algif_skcipher.c | 15 +-
crypto/ansi_cprng.c | 2 +-
crypto/anubis.c | 1 +
crypto/api.c | 4 +-
crypto/arc4.c | 1 +
crypto/authenc.c | 1 +
crypto/authencesn.c | 1 +
crypto/blowfish_generic.c | 2 +-
crypto/camellia_generic.c | 2 +-
crypto/cast5_generic.c | 2 +-
crypto/cast6_generic.c | 2 +-
crypto/cbc.c | 1 +
crypto/ccm.c | 5 +-
crypto/chainiv.c | 1 +
crypto/cmac.c | 1 +
crypto/crc32.c | 1 +
crypto/crc32c_generic.c | 2 +-
crypto/crct10dif_generic.c | 2 +-
crypto/cryptd.c | 1 +
crypto/crypto_null.c | 6 +-
crypto/crypto_user.c | 6 +-
crypto/ctr.c | 3 +-
crypto/cts.c | 1 +
crypto/deflate.c | 2 +-
crypto/des_generic.c | 2 +-
crypto/drbg.c | 127 +-
crypto/ecb.c | 1 +
crypto/eseqiv.c | 1 +
crypto/fcrypt.c | 1 +
crypto/gcm.c | 7 +-
crypto/ghash-generic.c | 2 +-
crypto/hmac.c | 1 +
crypto/khazad.c | 1 +
crypto/krng.c | 2 +-
crypto/lrw.c | 1 +
crypto/lz4.c | 1 +
crypto/lz4hc.c | 1 +
crypto/lzo.c | 1 +
crypto/mcryptd.c | 1 +
crypto/md4.c | 2 +-
crypto/md5.c | 1 +
crypto/michael_mic.c | 1 +
crypto/pcbc.c | 1 +
crypto/pcrypt.c | 1 +
crypto/rmd128.c | 1 +
crypto/rmd160.c | 1 +
crypto/rmd256.c | 1 +
crypto/rmd320.c | 1 +
crypto/salsa20_generic.c | 2 +-
crypto/seed.c | 1 +
crypto/seqiv.c | 1 +
crypto/serpent_generic.c | 4 +-
crypto/sha1_generic.c | 2 +-
crypto/sha256_generic.c | 4 +-
crypto/sha512_generic.c | 4 +-
crypto/tcrypt.c | 32 +-
crypto/tea.c | 4 +-
crypto/testmgr.c | 3 +-
crypto/tgr192.c | 4 +-
crypto/twofish_generic.c | 2 +-
crypto/vmac.c | 1 +
crypto/wp512.c | 4 +-
crypto/xcbc.c | 1 +
crypto/xts.c | 1 +
crypto/zlib.c | 1 +
drivers/char/hw_random/Kconfig | 2 +-
drivers/char/hw_random/atmel-rng.c | 15 +-
drivers/char/hw_random/core.c | 12 +-
drivers/crypto/bfin_crc.c | 2 +-
drivers/crypto/caam/caamalg.c | 2412 +++++++++++++++++---
drivers/crypto/caam/compat.h | 1 +
drivers/crypto/caam/desc_constr.h | 2 +
drivers/crypto/caam/error.c | 25 +-
drivers/crypto/caam/jr.c | 3 -
drivers/crypto/nx/nx-aes-cbc.c | 12 +-
drivers/crypto/nx/nx-aes-ccm.c | 61 +-
drivers/crypto/nx/nx-aes-ctr.c | 13 +-
drivers/crypto/nx/nx-aes-ecb.c | 12 +-
drivers/crypto/nx/nx-aes-gcm.c | 66 +-
drivers/crypto/nx/nx-aes-xcbc.c | 81 +-
drivers/crypto/nx/nx-sha256.c | 208 +-
drivers/crypto/nx/nx-sha512.c | 222 +-
drivers/crypto/nx/nx.c | 127 +-
drivers/crypto/nx/nx.h | 8 +-
drivers/crypto/padlock-aes.c | 2 +-
drivers/crypto/padlock-sha.c | 8 +-
drivers/crypto/qat/qat_common/adf_accel_devices.h | 2 -
drivers/crypto/qat/qat_common/adf_aer.c | 2 +-
drivers/crypto/qat/qat_common/adf_ctl_drv.c | 3 +-
drivers/crypto/qat/qat_common/adf_dev_mgr.c | 6 +-
drivers/crypto/qat/qat_common/adf_transport.c | 15 +-
.../qat/qat_common/adf_transport_access_macros.h | 9 +-
drivers/crypto/qat/qat_common/qat_algs.c | 37 +-
drivers/crypto/qat/qat_common/qat_hal.c | 3 +-
.../crypto/qat/qat_dh895xcc/adf_dh895xcc_hw_data.h | 2 +
drivers/crypto/qat/qat_dh895xcc/adf_isr.c | 12 +-
drivers/crypto/sahara.c | 794 ++++++-
drivers/crypto/ux500/cryp/cryp_core.c | 6 +-
drivers/crypto/ux500/hash/hash_core.c | 10 +-
drivers/s390/crypto/ap_bus.c | 3 +-
include/crypto/hash.h | 492 ++++
include/crypto/if_alg.h | 1 +
include/crypto/rng.h | 80 +
include/linux/crypto.h | 1112 ++++++++-
include/net/sock.h | 1 +
include/uapi/linux/if_alg.h | 2 +
net/core/sock.c | 24 +-
167 files changed, 7090 insertions(+), 1068 deletions(-)

Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2015-02-14 09:43:48

by Herbert Xu

Subject: Crypto Update for 3.20

Hi Linus:

Here is the crypto update for 3.20:

* Added 192/256-bit key support to aesni GCM.
* Added MIPS OCTEON MD5 support.
* Fixed hwrng starvation and race conditions.
* Added note that memzero_explicit is not a subsitute for memset.
* Added user-space interface for crypto_rng.
* Misc fixes.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Aaro Koskinen (5):
MIPS: OCTEON: add crypto helper functions
crypto: octeon - add instruction definitions for MD5
MIPS: OCTEON: reintroduce crypto features check
crypto: octeon - add MD5 module
crypto: octeon - enable OCTEON MD5 module selection

Allan, Bruce W (5):
crypto: qat - fix device reset flow
crypto: qat - correctly type a boolean
crypto: qat - adf_ae_stop() is never called
crypto: qat - use pci_wait_for_pending_transaction()
crypto: qat - remove unnecessary include of atomic.h header file

Amos Kong (1):
hwrng: move some code out mutex_lock for avoiding underlying deadlock

Andrey Ryabinin (1):
crypto: ccp - terminate ccp_support array with empty element

Asaf Vertz (2):
crypto: ux500 - fix checkpatch errors
crypto: omap-des - fix BUG_ON condition

Christophe Jaillet (1):
crypto: atmel - Free memory in error path

Cristian Stoica (8):
crypto: replace scatterwalk_sg_next with sg_next
crypto: caam - remove dead code
crypto: caam - remove unused local variable
crypto: caam - pair irq map and dispose in the same function
crypto: caam - fix resource clean-up on error path for caam_jr_init
crypto: tcrypt - fix buflen reminder calculation
crypto: testmgr - limit IV copy length in aead tests
crypto: tcrypt - do not allocate iv on stack for aead speed tests

Daniel Borkmann (1):
lib: memzero_explicit: add comment for its usage

Herbert Xu (11):
hwrng: core - Use struct completion for cleanup_done
hwrng: core - Fix current_rng init/cleanup race yet again
hwrng: core - Do not register device opportunistically
hwrng: core - Drop current rng in set_current_rng
hwrng: core - Move hwrng_init call into set_current_rng
Revert "crypto: drbg - use memzero_explicit() for clearing sensitive data"
crypto: qat - Fix incorrect uses of memzero_explicit
crypto: qat - Ensure ipad and opad are zeroed
crypto: cts - Remove bogus use of seqiv
crypto: cts - Weed out non-CBC algorithms
crypto: seqiv - Ensure that IV size is at least 8 bytes

Jarod Wilson (1):
crypto: testmgr - mark rfc4106(gcm(aes)) as fips_allowed

Joshua I. James (5):
crypto: ablkcipher - fixed style errors in ablkcipher.c
crypto: aead - fixed style error in aead.c
crypto: af_alg - fixed style error in af_alg.c
crypto: ahash - fixed style error in ahash.c
crypto: api - fixed style erro in algapi.c

Kim Phillips (1):
crypto: caam - don't emit ICV check failures to dmesg

Masanari Iida (1):
crypto: bfin_crc - Remove unnecessary KERN_ERR in bfin_crc.c

Mathias Krause (5):
crypto: sparc64/aes - fix module description
crypto: sparc64/camellia - fix module alias
crypto: sparc64/des - add "des3_ede" module alias
crypto: sparc64/md5 - fix module description
crypto: x86/des3_ede - drop bogus module aliases

Michael S. Tsirkin (2):
MAINTAINERS: add linux-crypto to hw random
hwrng: virtio - drop extra empty line

Rabin Vincent (1):
crypto: testmgr - don't use interruptible wait in tests

Rickard Strandqvist (1):
crypto: amcc - Remove unused function

Rusty Russell (5):
hwrng: place mutex around read functions and buffers.
hwrng: use reference counts on each struct hwrng.
hwrng: fix unregister race.
hwrng: don't double-check old_rng.
hwrng: don't init list element we're about to add to list.

Stephan Mueller (7):
crypto: drbg - panic on continuous self test error
crypto: af_alg - add setsockopt for auth tag size
crypto: af_alg - zeroize key data
crypto: algif_rng - add random number generator support
crypto: algif_rng - enable RNG interface compilation
crypto: aead - add check for presence of auth tag
crypto: doc - remove colons in comments

Svenning S?rensen (1):
crypto: atmel_sha - remove unused shash fallback instance.

Tadeusz Struk (4):
crypto: algif - Mark sgl end at the end of data
crypto: qat - Fix assumption that sg in and out will have the same nents
crypto: qat - add support for cbc(aes) ablkcipher
crypto: qat - don't need qat_auth_state struct

Timothy McCaffrey (1):
crypto: aesni - Add support for 192 & 256 bit keys to AESNI RFC4106

Wei Yongjun (1):
crypto: algif_rng - fix sparse non static symbol warning

MAINTAINERS | 1 +
arch/mips/cavium-octeon/Makefile | 1 +
arch/mips/cavium-octeon/crypto/Makefile | 7 +
arch/mips/cavium-octeon/crypto/octeon-crypto.c | 66 ++
arch/mips/cavium-octeon/crypto/octeon-crypto.h | 75 +++
arch/mips/cavium-octeon/crypto/octeon-md5.c | 216 +++++++
arch/mips/cavium-octeon/executive/octeon-model.c | 6 +
arch/mips/include/asm/octeon/octeon-feature.h | 17 +-
arch/mips/include/asm/octeon/octeon.h | 5 -
arch/sparc/crypto/aes_glue.c | 2 +-
arch/sparc/crypto/camellia_glue.c | 2 +-
arch/sparc/crypto/des_glue.c | 1 +
arch/sparc/crypto/md5_glue.c | 2 +-
arch/x86/crypto/aesni-intel_asm.S | 343 ++++++-----
arch/x86/crypto/aesni-intel_glue.c | 34 +-
arch/x86/crypto/des3_ede_glue.c | 2 -
crypto/Kconfig | 18 +
crypto/Makefile | 1 +
crypto/ablkcipher.c | 7 +-
crypto/aead.c | 3 +-
crypto/af_alg.c | 11 +-
crypto/ahash.c | 3 +-
crypto/algapi.c | 1 +
crypto/algif_rng.c | 192 ++++++
crypto/algif_skcipher.c | 8 +
crypto/cts.c | 5 +-
crypto/drbg.c | 34 +-
crypto/scatterwalk.c | 6 +-
crypto/seqiv.c | 12 +
crypto/tcrypt.c | 37 +-
crypto/testmgr.c | 58 +-
drivers/char/hw_random/core.c | 215 ++++---
drivers/char/hw_random/virtio-rng.c | 1 -
drivers/crypto/amcc/crypto4xx_sa.c | 23 -
drivers/crypto/atmel-aes.c | 2 +-
drivers/crypto/atmel-sha.c | 50 +-
drivers/crypto/atmel-tdes.c | 2 +-
drivers/crypto/bfin_crc.c | 4 +-
drivers/crypto/caam/caamalg.c | 14 +-
drivers/crypto/caam/ctrl.c | 6 +-
drivers/crypto/caam/error.c | 13 +-
drivers/crypto/caam/jr.c | 37 +-
drivers/crypto/caam/sg_sw_sec4.h | 8 +-
drivers/crypto/ccp/ccp-dev.c | 1 +
drivers/crypto/ixp4xx_crypto.c | 4 +-
drivers/crypto/nx/nx.c | 6 +-
drivers/crypto/omap-aes.c | 4 +-
drivers/crypto/omap-des.c | 8 +-
drivers/crypto/qat/qat_common/adf_accel_devices.h | 6 +-
drivers/crypto/qat/qat_common/adf_aer.c | 24 +-
drivers/crypto/qat/qat_common/adf_cfg.c | 2 +
drivers/crypto/qat/qat_common/adf_common_drv.h | 2 +-
drivers/crypto/qat/qat_common/adf_ctl_drv.c | 7 +-
drivers/crypto/qat/qat_common/adf_init.c | 98 ++-
.../crypto/qat/qat_common/adf_transport_internal.h | 1 -
drivers/crypto/qat/qat_common/icp_qat_hw.h | 2 +-
drivers/crypto/qat/qat_common/qat_algs.c | 642 +++++++++++++++-----
drivers/crypto/qat/qat_common/qat_crypto.h | 16 +-
.../crypto/qat/qat_dh895xcc/adf_dh895xcc_hw_data.c | 19 +
drivers/crypto/qat/qat_dh895xcc/adf_drv.c | 42 +-
drivers/crypto/qce/dma.c | 6 +-
drivers/crypto/qce/sha.c | 2 +-
drivers/crypto/sahara.c | 2 +-
drivers/crypto/talitos.c | 8 +-
drivers/crypto/ux500/cryp/cryp_core.c | 10 +-
include/crypto/if_alg.h | 1 +
include/crypto/scatterwalk.h | 10 +-
include/linux/crypto.h | 11 +-
include/linux/hw_random.h | 4 +
lib/string.c | 5 +
70 files changed, 1785 insertions(+), 709 deletions(-)

Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2015-04-15 03:40:11

by Herbert Xu

Subject: Crypto Update for 4.1

Hi Linus:

Here is the crypto update for 4.1:

* Added user-space interface for AEAD.
* Added user-space interface for RNG (i.e., pseudo RNG).
* Prevent internal helper algos from being exposed to user-space.
* Merged common code from assembly/C SHA implementations .
* Added ARMv8 SHA1/256.
* Added ARMv8 AES.
* Added ARMv8 GHASH.
* Added ARM assmelber and NEON SHA256.
* Added MIPS OCTEON SHA1/256/512.
* Added MIPS img-hash SHA1/256 and MD5.
* Added Power 8 VMX AES/CBC/CTR/GHASH.
* Added PPC assembler AES, SHA1/256 and MD5.
* Added Broadcom IPROC RNG driver.
* Misc fixes.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Aaro Koskinen (7):
crypto: octeon - don't disable bottom half in octeon-md5
crypto: octeon - always disable preemption when using crypto engine
crypto: octeon - add instruction definitions for SHA1/256/512
crypto: octeon - add SHA1 module
crypto: octeon - add SHA256 module
crypto: octeon - add SHA512 module
crypto: octeon - enable OCTEON SHA1/256/512 module selection

Allan, Bruce W (10):
crypto: qat - remove duplicate definition of Intel PCI vendor id
crypto: qat - fix typo in string
crypto: qat - make error and info log messages more descriptive
crypto: qat - fix typo
crypto: qat - fix checkpatch CHECK_SPACING issues
crypto: qat - checkpatch PARENTHESIS_ALIGNMENT and LOGICAL_CONTINUATIONS
crypto: qat - fix checkpatch CONCATENATED_STRING issues
crypto: qat - fix checkpatch BIT_MACRO issues
crypto: qat - fix checkpatch COMPARISON_TO_NULL issue
crypto: qat - fix checkpatch CODE_INDENT issue

Ameen Ali (1):
crypto: sha1-mb - Syntax error

Andre Wolokita (2):
hwrng: omap - Change RNG_CONFIG_REG to RNG_CONTROL_REG when checking and disabling TRNG
hwrng: omap - Change RNG_CONFIG_REG to RNG_CONTROL_REG in init

Ard Biesheuvel (23):
crypto: arm - move ARM specific Kconfig definitions to a dedicated file
crypto: arm - add support for SHA1 using ARMv8 Crypto Instructions
crypto: arm - add support for SHA-224/256 using ARMv8 Crypto Extensions
crypto: arm - AES in ECB/CBC/CTR/XTS modes using ARMv8 Crypto Extensions
crypto: arm - add support for GHASH using ARMv8 Crypto Extensions
crypto: arm/ghash - fix big-endian bug in ghash
crypto: sha1 - implement base layer for SHA-1
crypto: sha256 - implement base layer for SHA-256
crypto: sha512 - implement base layer for SHA-512
crypto: sha1-generic - move to generic glue implementation
crypto: sha256-generic - move to generic glue implementation
crypto: sha512-generic - move to generic glue implementation
crypto: arm/sha1 - move SHA-1 ARM asm implementation to base layer
crypto: arm/sha1_neon - move SHA-1 NEON implementation to base layer
crypto: arm/sha1-ce - move SHA-1 ARMv8 implementation to base layer
crypto: arm/sha256 - move SHA-224/256 ASM/NEON implementation to base layer
crypto: arm/sha2-ce - move SHA-224/256 ARMv8 implementation to base layer
crypto: arm64/sha1-ce - move SHA-1 ARMv8 implementation to base layer
crypto: arm64/sha2-ce - move SHA-224/256 ARMv8 implementation to base layer
crypto: x86/sha1_ssse3 - move SHA-1 SSSE3 implementation to base layer
crypto: x86/sha256_ssse3 - move SHA-224/256 SSSE3 implementation to base layer
crypto: x86/sha512_ssse3 - move SHA-384/512 SSSE3 implementation to base layer
crypto: arm - workaround for building with old binutils

Arnd Bergmann (1):
crypto: arm/sha256 - avoid sha256 code on ARMv7-M

Colin Ian King (1):
crypto: atmel - fix typo in dev_err error message

Dan Carpenter (2):
crypto: img-hash - fix some compile warnings
crypto: img-hash - shift wrapping bug in img_hash_hw_init()

Dmitry Torokhov (12):
hwrng: omap - remove incorrect __exit markups
hwrng: octeon - remove incorrect __exit markups
hwrng: pseries - remove incorrect __init/__exit markups
crypto: qat - remove incorrect __exit markup
crypto: amcc - remove incorrect __init/__exit markups
hwrng: omap - remove #ifdefery around PM methods
hwrng: add devm_* interfaces
hwrng: bcm63xx - make use of devm_hwrng_register
hwrng: exynos - make use of devm_hwrng_register
hwrng: msm - make use of devm_hwrng_register
hwrng: iproc-rng200 - do not use static structure
hwrng: iproc-rng200 - make use of devm_hwrng_register

Feng Kan (1):
hwrng: xgene - add ACPI support for APM X-Gene RNG unit

Florian Fainelli (4):
hwrng: bcm63xx - drop bcm_{readl,writel} macros
hwrng: bcm63xx - move register definitions to driver
MIPS: BCM63xx: remove RSET_RNG register definitions
hwrng: bcm63xx - use devm_* helpers

Geert Uytterhoeven (1):
crypto: ux500 - Update error message for dmaengine_prep_slave_sg() API

Herbert Xu (6):
linux-next: Tree for Mar 11 (powerpc build failure due to vmx crypto code)
linux-next: build failure after merge of the crypto tree
crypto: api - Fix races in crypto_unregister_instance
crypto: api - Change crypto_unregister_instance argument type
crypto: user - Fix crypto_alg_match race
crypto: api - Move alg ref count init to crypto_check_alg

Horia Geant? (1):
crypto: tcrypt - fix uninit sg entries in test_acipher_speed

James Hartley (3):
crypto: img-hash - Add Imagination Technologies hw hash accelerator
Documentation: crypto: Add DT binding info for the img hw hash accelerator
crypto: img-hash - Fix Kconfig selections

Julia Lawall (1):
crypto: don't export static symbol

Keith Packard (1):
hwrng: core - allow perfect entropy from hardware devices

Kim Phillips (1):
crypto: powerpc - move files to fix build error

Lad, Prabhakar (1):
crypto: sha-mb - Fix big integer constant sparse warning

Leilei Zhao (9):
crypto: atmel-aes - add new version
crypto: atmel-sha - add new version
crypto: atmel-sha - fix sg list management
crypto: atmel-sha - initialize spinlock in probe
crypto: atmel-sha - correct the max burst size
crypto: atmel-tdes - initialize spinlock in probe
crypto: atmel-aes - initialize spinlock in probe
crypto: atmel-aes - sync the buf used in DMA or CPU
crypto: atmel-aes - correct usage of dma_sync_* API

Leonidas S. Barbosa (2):
crypto: vmx - Add support for VMS instructions by ASM
crypto: vmx - Enabling VMX module for PPC64

Ludovic Desroches (1):
crypto: atmel-sha - correct the way data are split

Marcelo H. Cerri (5):
crypto: vmx - Adding VMX module for Power 8
crypto: vmx - Adding AES routines for VMX module
crypto: vmx - Adding CBC routines for VMX module
crypto: vmx - Adding CTR routines for VMX module
crypto: vmx - Adding GHASH routines for VMX module

Markus Stockhausen (16):
crypto: ppc/sha256 - assembler
crypto: ppc/sha256 - glue
crypto: ppc/sha256 - kernel config
crypto: powerpc/aes - register defines
crypto: powerpc/aes - aes tables
crypto: powerpc/aes - assembler core
crypto: powerpc/aes - key handling
crypto: powerpc/aes - ECB/CBC/CTR/XTS modes
cyprot: powerpc/aes - glue code
crypto: powerpc/aes - kernel config
crypto: powerpc/sha1 - assembler
crypto: powerpc/sha1 - glue
crypto: powerpc/sha1 - kernel config
crypto: powerpc/md5 - assembler
crypto: powerpc/md5 - glue
crypto: powerpc/md5 - kernel config

Martin Hicks (2):
crypto: talitos - Simplify per-channel initialization
crypto: talitos - Remove MD5_BLOCK_SIZE

Masanari Iida (1):
crypto: serpent_sse2 - Fix a typo in Kconfig

Nicholas Mc Guire (4):
crypto: mxs-dcp - fix type of ret for wait_for_completion_timeout
crypto: sahara - fix type of ret for wait_for_completion_timeout
crypto: sahara - pass on error condition
crypto: sahara - drop unnecessary default assignment

Sami Tolvanen (1):
crypto: arm/sha256 - Add optimized SHA-256/224

Scott Branden (2):
hwrng: iproc-rng200 - Add device tree bindings
hwrng: iproc-rng200 - Add Broadcom IPROC RNG driver

Steffen Trumtrar (2):
crypto: sahara - use the backlog
crypto: sahara - fix AES descriptor create

Stephan Mueller (31):
crypto: doc - describe internal structure
crypto: algif - add AEAD support
crypto: algif - enable AEAD interface compilation
crypto: drbg - use single block cipher API
crypto: drbg - remove superflowous memsets
crypto: rng - RNGs must return 0 in success case
crypto: doc - AEAD / RNG AF_ALG interface
MAINTAINERS: add crypto-API.tmpl
crypto: testmgr - fix RNG return code enforcement
crypto: algif_rng - zeroize buffer with random data
crypto: api - prevent helper ciphers from being used
crypto: testmgr - use CRYPTO_ALG_INTERNAL
crypto: cryptd - process CRYPTO_ALG_INTERNAL
crypto: proc - identify internal ciphers
crypto: aesni - mark AES-NI helper ciphers
crypto: clmulni - mark ghash clmulni helper ciphers
crypto: ghash-ce - mark GHASH ARMv8 vmull.p64 helper ciphers
crypto: camellia_aesni_avx2 - mark AES-NI Camellia helper ciphers
crypto: cast5_avx - mark CAST5 helper ciphers
crypto: camellia_aesni_avx - mark AVX Camellia helper ciphers
crypto: cast6_avx - mark CAST6 helper ciphers
crypto: serpent_avx2 - mark Serpent AVX2 helper ciphers
crypto: serpent_avx - mark Serpent AVX helper ciphers
crypto: serpent_sse2 - mark Serpent SSE2 helper ciphers
crypto: twofish_avx - mark Twofish AVX helper ciphers
crypto: aesbs - mark NEON bit sliced AES helper ciphers
crypto: aes-ce - mark ARMv8 AES helper ciphers
crypto: arm64/aes - mark 64 bit ARMv8 AES helper ciphers
crypto: mcryptd - process CRYPTO_ALG_INTERNAL
crypto: sha-mb - mark Multi buffer SHA1 helper cipher
crypto: api - remove instance when test failed

Tadeusz Struk (3):
crypto: aesni - make driver-gcm-aes-aesni helper a proper aead alg
crypto: qat - print ring name in debug output
crypto: qat - fix double release_firmware on error path

Tom Lendacky (5):
crypto: ccp - Updates for checkpatch warnings/errors
crypto: ccp - Update CCP build support
crypto: ccp - Use dma_set_mask_and_coherent to set DMA mask
crypto: ccp - Convert calls to their devm_ counterparts
crypto: ccp - Add ACPI support

Vutla, Lokesh (3):
crypto: omap-sham - Use pm_runtime_irq_safe()
crypto: omap-aes - Fix support for unequal lengths
crypto: omap-sham - Add the offset of sg page to vaddr

Yanjiang Jin (2):
crypto: caam - fix uninitialized edesc->sec4_sg_bytes field
hwrng: caam - fix rng_unmap_ctx's DMA_UNMAP size problem

mancha security (1):
lib: memzero_explicit: use barrier instead of OPTIMIZER_HIDE_VAR

Documentation/DocBook/crypto-API.tmpl | 860 ++++++
Documentation/crypto/crypto-API-userspace.txt | 205 --
.../devicetree/bindings/crypto/img-hash.txt | 27 +
.../bindings/hwrng/brcm,iproc-rng200.txt | 12 +
MAINTAINERS | 1 +
arch/arm/Kconfig | 3 +
arch/arm/crypto/Kconfig | 130 +
arch/arm/crypto/Makefile | 27 +-
arch/arm/crypto/aes-ce-core.S | 518 ++++
arch/arm/crypto/aes-ce-glue.c | 524 ++++
arch/arm/crypto/aesbs-glue.c | 9 +-
arch/arm/crypto/ghash-ce-core.S | 94 +
arch/arm/crypto/ghash-ce-glue.c | 320 +++
arch/arm/crypto/sha1-ce-core.S | 125 +
arch/arm/crypto/sha1-ce-glue.c | 96 +
arch/arm/{include/asm => }/crypto/sha1.h | 3 +
arch/arm/crypto/sha1_glue.c | 112 +-
arch/arm/crypto/sha1_neon_glue.c | 137 +-
arch/arm/crypto/sha2-ce-core.S | 125 +
arch/arm/crypto/sha2-ce-glue.c | 114 +
arch/arm/crypto/sha256-armv4.pl | 716 +++++
arch/arm/crypto/sha256-core.S_shipped | 2808 ++++++++++++++++++++
arch/arm/crypto/sha256_glue.c | 128 +
arch/arm/crypto/sha256_glue.h | 14 +
arch/arm/crypto/sha256_neon_glue.c | 101 +
arch/arm64/crypto/aes-glue.c | 12 +-
arch/arm64/crypto/sha1-ce-core.S | 33 +-
arch/arm64/crypto/sha1-ce-glue.c | 151 +-
arch/arm64/crypto/sha2-ce-core.S | 29 +-
arch/arm64/crypto/sha2-ce-glue.c | 227 +-
arch/mips/cavium-octeon/crypto/Makefile | 5 +-
arch/mips/cavium-octeon/crypto/octeon-crypto.c | 4 +-
arch/mips/cavium-octeon/crypto/octeon-crypto.h | 83 +-
arch/mips/cavium-octeon/crypto/octeon-md5.c | 8 -
arch/mips/cavium-octeon/crypto/octeon-sha1.c | 241 ++
arch/mips/cavium-octeon/crypto/octeon-sha256.c | 280 ++
arch/mips/cavium-octeon/crypto/octeon-sha512.c | 277 ++
arch/mips/include/asm/mach-bcm63xx/bcm63xx_regs.h | 14 -
arch/powerpc/crypto/Makefile | 8 +
arch/powerpc/crypto/aes-spe-core.S | 351 +++
arch/powerpc/crypto/aes-spe-glue.c | 512 ++++
arch/powerpc/crypto/aes-spe-keys.S | 283 ++
arch/powerpc/crypto/aes-spe-modes.S | 630 +++++
arch/powerpc/crypto/aes-spe-regs.h | 42 +
arch/powerpc/crypto/aes-tab-4k.S | 331 +++
arch/powerpc/crypto/md5-asm.S | 243 ++
arch/powerpc/crypto/md5-glue.c | 165 ++
arch/powerpc/crypto/sha1-spe-asm.S | 299 +++
arch/powerpc/crypto/sha1-spe-glue.c | 210 ++
arch/powerpc/crypto/sha256-spe-asm.S | 323 +++
arch/powerpc/crypto/sha256-spe-glue.c | 275 ++
arch/x86/crypto/aesni-intel_glue.c | 187 +-
arch/x86/crypto/camellia_aesni_avx2_glue.c | 15 +-
arch/x86/crypto/camellia_aesni_avx_glue.c | 15 +-
arch/x86/crypto/cast5_avx_glue.c | 9 +-
arch/x86/crypto/cast6_avx_glue.c | 15 +-
arch/x86/crypto/ghash-clmulni-intel_glue.c | 7 +-
arch/x86/crypto/glue_helper.c | 1 -
arch/x86/crypto/serpent_avx2_glue.c | 15 +-
arch/x86/crypto/serpent_avx_glue.c | 15 +-
arch/x86/crypto/serpent_sse2_glue.c | 15 +-
arch/x86/crypto/sha-mb/sha1_mb.c | 9 +-
arch/x86/crypto/sha-mb/sha1_mb_mgr_init_avx2.c | 2 +-
arch/x86/crypto/sha1_ssse3_glue.c | 139 +-
arch/x86/crypto/sha256-avx-asm.S | 10 +-
arch/x86/crypto/sha256-avx2-asm.S | 10 +-
arch/x86/crypto/sha256-ssse3-asm.S | 10 +-
arch/x86/crypto/sha256_ssse3_glue.c | 193 +-
arch/x86/crypto/sha512-avx-asm.S | 6 +-
arch/x86/crypto/sha512-avx2-asm.S | 6 +-
arch/x86/crypto/sha512-ssse3-asm.S | 6 +-
arch/x86/crypto/sha512_ssse3_glue.c | 202 +-
arch/x86/crypto/twofish_avx_glue.c | 15 +-
crypto/Kconfig | 142 +-
crypto/Makefile | 1 +
crypto/ablk_helper.c | 3 +-
crypto/algapi.c | 42 +-
crypto/algif_aead.c | 666 +++++
crypto/algif_rng.c | 2 +-
crypto/ansi_cprng.c | 6 +-
crypto/api.c | 10 +
crypto/cryptd.c | 49 +-
crypto/crypto_user.c | 39 +-
crypto/drbg.c | 64 +-
crypto/mcryptd.c | 25 +-
crypto/proc.c | 3 +
crypto/sha1_generic.c | 102 +-
crypto/sha256_generic.c | 133 +-
crypto/sha512_generic.c | 123 +-
crypto/tcrypt.c | 4 +-
crypto/testmgr.c | 24 +-
drivers/char/hw_random/Kconfig | 13 +
drivers/char/hw_random/Makefile | 1 +
drivers/char/hw_random/bcm63xx-rng.c | 120 +-
drivers/char/hw_random/core.c | 45 +-
drivers/char/hw_random/exynos-rng.c | 12 +-
drivers/char/hw_random/iproc-rng200.c | 239 ++
drivers/char/hw_random/msm-rng.c | 11 +-
drivers/char/hw_random/octeon-rng.c | 4 +-
drivers/char/hw_random/omap-rng.c | 23 +-
drivers/char/hw_random/pseries-rng.c | 4 +-
drivers/char/hw_random/xgene-rng.c | 10 +
drivers/crypto/Kconfig | 24 +-
drivers/crypto/Makefile | 2 +
drivers/crypto/amcc/crypto4xx_core.c | 6 +-
drivers/crypto/atmel-aes.c | 26 +-
drivers/crypto/atmel-sha.c | 37 +-
drivers/crypto/atmel-tdes.c | 3 +-
drivers/crypto/caam/caamhash.c | 1 +
drivers/crypto/caam/caamrng.c | 6 +-
drivers/crypto/ccp/Makefile | 9 +-
drivers/crypto/ccp/ccp-crypto-aes-cmac.c | 12 +-
drivers/crypto/ccp/ccp-crypto-aes-xts.c | 4 +-
drivers/crypto/ccp/ccp-crypto-aes.c | 3 +-
drivers/crypto/ccp/ccp-crypto-main.c | 5 +-
drivers/crypto/ccp/ccp-crypto-sha.c | 12 +-
drivers/crypto/ccp/ccp-crypto.h | 3 -
drivers/crypto/ccp/ccp-dev.c | 7 +-
drivers/crypto/ccp/ccp-dev.h | 12 +-
drivers/crypto/ccp/ccp-ops.c | 24 +-
drivers/crypto/ccp/ccp-pci.c | 21 +-
drivers/crypto/ccp/ccp-platform.c | 111 +-
drivers/crypto/img-hash.c | 1029 +++++++
drivers/crypto/mxs-dcp.c | 2 +-
drivers/crypto/omap-aes.c | 14 +-
drivers/crypto/omap-sham.c | 2 +
drivers/crypto/qat/qat_common/adf_accel_devices.h | 1 -
drivers/crypto/qat/qat_common/adf_accel_engine.c | 35 +-
drivers/crypto/qat/qat_common/adf_aer.c | 21 +-
drivers/crypto/qat/qat_common/adf_cfg.c | 5 +-
drivers/crypto/qat/qat_common/adf_cfg_strings.h | 10 +-
drivers/crypto/qat/qat_common/adf_common_drv.h | 2 +-
drivers/crypto/qat/qat_common/adf_ctl_drv.c | 66 +-
drivers/crypto/qat/qat_common/adf_dev_mgr.c | 3 +-
drivers/crypto/qat/qat_common/adf_init.c | 88 +-
drivers/crypto/qat/qat_common/adf_transport.c | 31 +-
.../crypto/qat/qat_common/adf_transport_debug.c | 2 +
drivers/crypto/qat/qat_common/icp_qat_hw.h | 2 +-
drivers/crypto/qat/qat_common/qat_crypto.c | 9 +-
drivers/crypto/qat/qat_common/qat_hal.c | 6 +-
drivers/crypto/qat/qat_dh895xcc/adf_admin.c | 3 +-
.../crypto/qat/qat_dh895xcc/adf_dh895xcc_hw_data.c | 3 +-
.../crypto/qat/qat_dh895xcc/adf_dh895xcc_hw_data.h | 6 +-
drivers/crypto/qat/qat_dh895xcc/adf_drv.c | 4 +-
drivers/crypto/qat/qat_dh895xcc/adf_isr.c | 15 +-
drivers/crypto/sahara.c | 51 +-
drivers/crypto/talitos.c | 17 +-
drivers/crypto/ux500/hash/hash_core.c | 2 +-
drivers/crypto/vmx/Kconfig | 8 +
drivers/crypto/vmx/Makefile | 19 +
drivers/crypto/vmx/aes.c | 139 +
drivers/crypto/vmx/aes_cbc.c | 184 ++
drivers/crypto/vmx/aes_ctr.c | 167 ++
drivers/crypto/vmx/aesp8-ppc.h | 20 +
drivers/crypto/vmx/aesp8-ppc.pl | 1930 ++++++++++++++
drivers/crypto/vmx/ghash.c | 214 ++
drivers/crypto/vmx/ghashp8-ppc.pl | 228 ++
drivers/crypto/vmx/ppc-xlate.pl | 207 ++
drivers/crypto/vmx/vmx.c | 88 +
include/crypto/algapi.h | 2 +-
include/crypto/rng.h | 3 +-
include/crypto/sha.h | 15 +-
include/crypto/sha1_base.h | 106 +
include/crypto/sha256_base.h | 128 +
include/crypto/sha512_base.h | 131 +
include/linux/crypto.h | 6 +
include/linux/hw_random.h | 4 +
lib/string.c | 2 +-
168 files changed, 18223 insertions(+), 2202 deletions(-)

Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2015-04-16 01:58:43

by Linus Torvalds

Subject: Re: Crypto Update for 4.1

On Tue, Apr 14, 2015 at 8:39 PM, Herbert Xu <[email protected]> wrote:
>
> Here is the crypto update for 4.1:

Just a heads-up: this breaks iwlwifi for me after suspend.

I'm bisecting right now. But because this laptop is what I expect to
travel with tomorrow, I will ruthlessly revert anything I find,
because I need it to work.

Linus

2015-04-16 02:37:27

by Linus Torvalds

Subject: Re: Crypto Update for 4.1

On Wed, Apr 15, 2015 at 6:58 PM, Linus Torvalds
<[email protected]> wrote:
> On Tue, Apr 14, 2015 at 8:39 PM, Herbert Xu <[email protected]> wrote:
>>
>> Here is the crypto update for 4.1:
>
> Just a heads-up: this breaks iwlwifi for me after suspend.

Ok, bisect completed:

[torvalds@vaio linux]$ git bisect bad
9c521a200bc3c12bd724e48a75c57d5358f672be is the first bad commit
commit 9c521a200bc3c12bd724e48a75c57d5358f672be
Author: Stephan Mueller <[email protected]>
Date: Thu Apr 9 12:09:55 2015 +0200

crypto: api - remove instance when test failed
...

and while I have no idea *why* it breaks iwlwifi after a
suspend/resume cycle, it is 100% repeatable. The bisect zoomed right
to that commit, and reverting it on top of the current tree also makes
everything work again.

So it gets reverted. I'll be happy to test things out, but with the
merge window *and* travel, I may or may not be quick about it.

Linus

2015-04-16 02:38:38

by Linus Torvalds

Subject: Re: Crypto Update for 4.1

Oh, and I forgot to add Stephan to the email recipients list..

Sorry for the duplicate email,

Linus

On Wed, Apr 15, 2015 at 7:37 PM, Linus Torvalds
<[email protected]> wrote:
> On Wed, Apr 15, 2015 at 6:58 PM, Linus Torvalds
> <[email protected]> wrote:
>> On Tue, Apr 14, 2015 at 8:39 PM, Herbert Xu <[email protected]> wrote:
>>>
>>> Here is the crypto update for 4.1:
>>
>> Just a heads-up: this breaks iwlwifi for me after suspend.
>
> Ok, bisect completed:
>
> [torvalds@vaio linux]$ git bisect bad
> 9c521a200bc3c12bd724e48a75c57d5358f672be is the first bad commit
> commit 9c521a200bc3c12bd724e48a75c57d5358f672be
> Author: Stephan Mueller <[email protected]>
> Date: Thu Apr 9 12:09:55 2015 +0200
>
> crypto: api - remove instance when test failed
> ...
>
> and while I have no idea *why* it breaks iwlwifi after a
> suspend/resume cycle, it is 100% repeatable. The bisect zoomed right
> to that commit, and reverting it on top of the current tree also makes
> everything work again.
>
> So it gets reverted. I'll be happy to test things out, but with the
> merge window *and* travel, I may or may not be quick about it.
>
> Linus

2015-04-16 02:43:12

by Herbert Xu

Subject: Re: Crypto Update for 4.1

On Wed, Apr 15, 2015 at 07:38:29PM -0700, Linus Torvalds wrote:
>
> > Ok, bisect completed:
> >
> > [torvalds@vaio linux]$ git bisect bad
> > 9c521a200bc3c12bd724e48a75c57d5358f672be is the first bad commit
> > commit 9c521a200bc3c12bd724e48a75c57d5358f672be
> > Author: Stephan Mueller <[email protected]>
> > Date: Thu Apr 9 12:09:55 2015 +0200
> >
> > crypto: api - remove instance when test failed

Is CONFIG_CRYPTO_MANAGER_DISABLE_TESTS set or unset in you .config?

Cheers,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2015-04-16 02:49:11

by Linus Torvalds

Subject: Re: Crypto Update for 4.1

On Wed, Apr 15, 2015 at 7:42 PM, Herbert Xu <[email protected]> wrote:
>
> Is CONFIG_CRYPTO_MANAGER_DISABLE_TESTS set or unset in you .config?

# CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set

I'll send you the full .config in private (no need to spam the mailing
list) in case you have any other questions about my setup.

Linus

2015-04-16 03:07:33

by Herbert Xu

Subject: Re: Crypto Update for 4.1

On Wed, Apr 15, 2015 at 07:49:01PM -0700, Linus Torvalds wrote:
> On Wed, Apr 15, 2015 at 7:42 PM, Herbert Xu <[email protected]> wrote:
> >
> > Is CONFIG_CRYPTO_MANAGER_DISABLE_TESTS set or unset in you .config?
>
> # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set
>
> I'll send you the full .config in private (no need to spam the mailing
> list) in case you have any other questions about my setup.

Thanks! It actually appears to be a very simple bug that I somehow
missed during reviewing.

---8<---
The commit 9c521a200bc3c12bd724e48a75c57d5358f672be ("crypto:
api - remove instance when test failed") tried to grab a module
reference count before the module was even set. Worse, it then
goes on to free the module reference count after it is set so
you quickly end up with a negative module reference count which
prevents people from using any instances belonging to that module.

This patch moves the module initialisation before the reference
count.

Reported-by: Linus Torvalds <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>

diff --git a/crypto/algapi.c b/crypto/algapi.c
index 2d0a1c6..d2627a3 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -525,12 +525,12 @@ int crypto_register_instance(struct crypto_template *tmpl,
if (err)
return err;

- if (unlikely(!crypto_mod_get(&inst->alg)))
- return -EAGAIN;
-
inst->alg.cra_module = tmpl->module;
inst->alg.cra_flags |= CRYPTO_ALG_INSTANCE;

+ if (unlikely(!crypto_mod_get(&inst->alg)))
+ return -EAGAIN;
+
down_write(&crypto_alg_sem);

larval = __crypto_register_alg(&inst->alg);
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2015-04-16 03:35:08

by Linus Torvalds

Subject: Re: Crypto Update for 4.1

On Wed, Apr 15, 2015 at 8:07 PM, Herbert Xu <[email protected]> wrote:
>
> Thanks! It actually appears to be a very simple bug that I somehow
> missed during reviewing.

Ok, this patch seems to fix it for me, so I undid my revert that I
hadn't pushed out yet, and pushed out this instead.

Thanks,

Linus

2015-04-23 19:27:05

by Bobby Powers

Subject: Re: Crypto Update for 4.1

Hello,

Linus Torvalds <[email protected]> wrote:
> Ok, this patch seems to fix it for me, so I undid my revert that I
> hadn't pushed out yet, and pushed out this instead.

Commit e68410ebf62676dfb93aafff7c55b76644f37072 in Linus's tree from
this crpyto update (crypto: x86/sha512_ssse3 - move SHA-384/512 SSSE3
implementation to base layer) causes a GPF on boot in
sha512_ssse3_finup for me on a Broadwell i7-5600U, rendering the
kernel unbootable.

Reverting that commit enables me to boot. I don't know enough about
the code to comment. Config is attached, and I can provide a photo of
the reported Call Trace if thats helpful. It is quite reproducible
for me.

yours,
Bobby

Attachments:

2015-04-23 20:10:32

by Ard Biesheuvel

Subject: Re: Crypto Update for 4.1

On 23 April 2015 at 21:27, Bobby Powers <[email protected]> wrote:
> Hello,
>
> Linus Torvalds <[email protected]> wrote:
>> Ok, this patch seems to fix it for me, so I undid my revert that I
>> hadn't pushed out yet, and pushed out this instead.
>
> Commit e68410ebf62676dfb93aafff7c55b76644f37072 in Linus's tree from
> this crpyto update (crypto: x86/sha512_ssse3 - move SHA-384/512 SSSE3
> implementation to base layer) causes a GPF on boot in
> sha512_ssse3_finup for me on a Broadwell i7-5600U, rendering the
> kernel unbootable.
>
> Reverting that commit enables me to boot. I don't know enough about
> the code to comment. Config is attached, and I can provide a photo of
> the reported Call Trace if thats helpful. It is quite reproducible
> for me.
>

Hello Bobby,

Would you be able to check whether the following patch fixes the crash?

diff --git a/arch/x86/crypto/sha512-avx2-asm.S
b/arch/x86/crypto/sha512-avx2-asm.S
index a4771dcd1fcf..1f20b35d8573 100644
--- a/arch/x86/crypto/sha512-avx2-asm.S
+++ b/arch/x86/crypto/sha512-avx2-asm.S
@@ -79,7 +79,7 @@ NUM_BLKS = %rdx
c = %rcx
d = %r8
e = %rdx
-y3 = %rdi
+y3 = %rsi

TBL = %rbp

If not, please share the call trace and the content of /proc/cpuinfo

Regards,
Ard.

2015-04-23 21:35:33

by Bobby Powers

Subject: Re: Crypto Update for 4.1

On Thu, Apr 23, 2015 at 4:10 PM, Ard Biesheuvel
<[email protected]> wrote:
>
> Hello Bobby,
>
> Would you be able to check whether the following patch fixes the crash?
>
> diff --git a/arch/x86/crypto/sha512-avx2-asm.S
> b/arch/x86/crypto/sha512-avx2-asm.S
> index a4771dcd1fcf..1f20b35d8573 100644
> --- a/arch/x86/crypto/sha512-avx2-asm.S
> +++ b/arch/x86/crypto/sha512-avx2-asm.S
> @@ -79,7 +79,7 @@ NUM_BLKS = %rdx
> c = %rcx
> d = %r8
> e = %rdx
> -y3 = %rdi
> +y3 = %rsi
>
> TBL = %rbp
>

Tested-By: Bobby Powers <[email protected]>


Thanks Ard. Yes, this fixes things for me. Good eye :)

yours,
Bobby

2015-04-24 06:37:24

by Ard Biesheuvel

Subject: [PATCH] crypto: x86/sha512_ssse3 - fixup for asm function prototype change

Patch e68410ebf626 ("crypto: x86/sha512_ssse3 - move SHA-384/512
SSSE3 implementation to base layer") changed the prototypes of the
core asm SHA-512 implementations so that they are compatible with
the prototype used by the base layer.

However, in one instance, the register that was used for passing the
input buffer was reused as a scratch register later on in the code,
and since the input buffer param changed places with the digest param
-which needs to be written back before the function returns- this
resulted in the scratch register to be dereferenced in a memory write
operation, causing a GPF.

Fix this by changing the scratch register to use the same register as
the input buffer param again.

Fixes: e68410ebf626 ("crypto: x86/sha512_ssse3 - move SHA-384/512 SSSE3 implementation to base layer")
Reported-By: Bobby Powers <[email protected]>
Tested-By: Bobby Powers <[email protected]>
Signed-off-by: Ard Biesheuvel <[email protected]>
---
arch/x86/crypto/sha512-avx2-asm.S | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/crypto/sha512-avx2-asm.S b/arch/x86/crypto/sha512-avx2-asm.S
index a4771dcd1fcf..1f20b35d8573 100644
--- a/arch/x86/crypto/sha512-avx2-asm.S
+++ b/arch/x86/crypto/sha512-avx2-asm.S
@@ -79,7 +79,7 @@ NUM_BLKS = %rdx
c = %rcx
d = %r8
e = %rdx
-y3 = %rdi
+y3 = %rsi

TBL = %rbp

--
1.8.3.2

2015-04-24 12:20:36

by Herbert Xu

Subject: Re: [PATCH] crypto: x86/sha512_ssse3 - fixup for asm function prototype change

On Fri, Apr 24, 2015 at 08:37:09AM +0200, Ard Biesheuvel wrote:
> Patch e68410ebf626 ("crypto: x86/sha512_ssse3 - move SHA-384/512
> SSSE3 implementation to base layer") changed the prototypes of the
> core asm SHA-512 implementations so that they are compatible with
> the prototype used by the base layer.
>
> However, in one instance, the register that was used for passing the
> input buffer was reused as a scratch register later on in the code,
> and since the input buffer param changed places with the digest param
> -which needs to be written back before the function returns- this
> resulted in the scratch register to be dereferenced in a memory write
> operation, causing a GPF.
>
> Fix this by changing the scratch register to use the same register as
> the input buffer param again.
>
> Fixes: e68410ebf626 ("crypto: x86/sha512_ssse3 - move SHA-384/512 SSSE3 implementation to base layer")
> Reported-By: Bobby Powers <[email protected]>
> Tested-By: Bobby Powers <[email protected]>
> Signed-off-by: Ard Biesheuvel <[email protected]>

Patch applied. Thanks!
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2015-06-22 08:45:20

by Herbert Xu

Subject: Crypto Update for 4.2

Hi Linus:

Here is the crypto update for 4.2:

API:

* Convert RNG interface to new style.
* New AEAD interface with one SG list for AD and plain/cipher text.
All external AEAD users have been converted.
* New asymmetric key interface (akcipher).

Algorithms:
* Chacha20, Poly1305 and RFC7539 support.
* New RSA implementation.
* Jitter RNG.
* DRBG is now seeded with both /dev/random and Jitter RNG. If
kernel pool isn't ready then DRBG will be reseeded when it is.
* DRBG is now the default crypto API RNG, replacing krng.
* 842 compression (previously part of powerpc nx driver).

Drivers:

* Accelerated SHA-512 for arm64.
* New Marvell CESA driver that supports DMA and more algorithms.
* Updated powerpc nx 842 support.
* Added support for SEC1 hardware to talitos.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Allan, Bruce W (2):
crypto: qat - do not duplicate string containing firmware name
crypto: qat - add driver version

Ard Biesheuvel (3):
crypto: testmgr - add test cases for CRC32
crypto: arm/sha512 - accelerated SHA-512 using ARM generic ASM and NEON
crypto: arm/aes - streamline AES-192 code path

Arnaud Ebalard (4):
crypto: marvell/cesa - add Triple-DES support
crypto: marvell/cesa - add MD5 support
crypto: marvell/cesa - add SHA256 support
crypto: marvell/cesa - add support for Kirkwood and Dove SoCs

Boris BREZILLON (11):
crypto: mv_cesa - request registers memory region
crypto: mv_cesa - document the clocks property
crypto: mv_cesa - use gen_pool to reserve the SRAM memory region
crypto: mv_cesa - explicitly define kirkwood and dove compatible strings
crypto: marvell/cesa - add a new driver for Marvell's CESA
crypto: marvell/cesa - add TDMA support
crypto: marvell/cesa - add DES support
crypto: marvell/cesa - add support for all armada SoCs
crypto: marvell/cesa - add allhwsupport module parameter
crypto: marvell/cesa - add support for Orion SoCs
crypto: marvell/cesa - add DT bindings documentation

Boris Brezillon (1):
crypto: marvell/cesa - remove COMPILE_TEST dependency

Colin Ian King (1):
crypto: mv_cesa - ensure backlog is initialised

Dan Carpenter (1):
crypto: talitos - fix size calculation in talitos_edesc_alloc()

Dan Streetman (19):
powerpc: export of_get_ibm_chip_id function
powerpc: Add ICSWX instruction
lib: add software 842 compression/decompression
crypto: 842 - change 842 alg to use software
crypto: nx - rename nx-842.c to nx-842-pseries.c
crypto: nx - add NX-842 platform frontend driver
crypto: nx - add nx842 constraints
crypto: nx - add PowerNV platform NX-842 driver
crypto: nx - simplify pSeries nx842 driver
crypto: nx - add hardware 842 crypto comp alg
lib: make lib/842 decompress functions static
lib: correct 842 decompress for 32 bit
crypto: nx - remove 842-nx null checks
crypto: nx - prevent nx 842 load if no hw driver
crypto: nx - fix nx-842 pSeries driver minimum buffer size
crypto: nx - move include/linux/nx842.h into drivers/crypto/nx/nx-842.h
crypto: nx - replace NX842_MEM_COMPRESS with function
crypto: nx - add LE support to pSeries platform driver
MAINTAINERS: clarify drivers/crypto/nx/ file ownership

David Howells (2):
crypto: pcomp - Constify (de)compression parameters
crypto: testmgr - Wrap the LHS in expressions of the form !x == y

Fabio Estevam (1):
crypto: sahara - propagate the error on clk_disable_unprepare() failure

Harald Freudenberger (1):
crypto: testmgr - Added one larger ghash testvector (400 bytes) to the testmgr.

Herbert Xu (166):
crypto: drbg - Initialise mutex in drbg_healthcheck_sanity
crypto: drbg - Do not seed RNG in drbg_kcapi_init
crypto: api - Add crypto_alg_extsize helper
crypto: shash - Use crypto_alg_extsize helper
crypto: pcomp - Use crypto_alg_extsize helper
crypto: rng - Convert crypto_rng to new style crypto_type
crypto: rng - Introduce crypto_rng_generate
crypto: rng - Mark crypto_rng_reset seed as const
crypto: rng - Convert low-level crypto_rng to new style
crypto: rng - Add crypto_rng_set_entropy
crypto: rng - Add multiple algorithm registration interface
crypto: drbg - Convert to new rng interface
crypto: ansi_cprng - Remove bogus inclusion of internal.h
crypto: ansi_cprng - Convert to new rng interface
crypto: krng - Convert to new rng interface
crypto: rng - Remove old low-level rng interface
crypto: algif_rng - Remove obsolete const-removal cast
crypto: rng - Zero seed in crypto_rng_reset
crypto: tcrypt - Handle async return from crypto_ahash_init
crypto: api - Move module sig ifdef into accessor function
crypto: drbg - Remove FIPS ifdef from drbg_healthcheck_sanity
crypto: caam - Remove bogus references to crypto API internals
crypto: api - Include linux/fips.h
crypto: fips - Remove bogus inclusion of internal.h
crypto: fips - Move fips_enabled sysctl into fips.c
crypto: tcrypt - Include linux/fips.h for fips_enabled
crypto: testmgr - Include linux/fips.h for fips_enabled
crypto: api - Remove linux/fips.h from internal.h
crypto: arm64/aes-ce-ccm - Include crypto/internal/aead.h
crypto: algif_aead - Include crypto/aead.h
crypto: tcrypt - Include crypto/aead.h
crypto: testmgr - Include crypto/aead.h
mac80211: Include crypto/aead.h
mac802154: Include crypto/aead.h
crypto: api - Fix build error when modules are disabled
crypto: skcipher - Fix corner case in crypto_lookup_skcipher
crypto: aead - Fix corner case in crypto_lookup_aead
crypto: api - Add crypto_grab_spawn primitive
crypto: authenc - Include internal/aead.h
crypto: authencesn - Include internal/aead.h
crypto: caam - Include internal/aead.h
crypto: ixp4xx - Include internal/aead.h
crypto: nx - Include internal/aead.h
crypto: qat - Include internal/aead.h
crypto: talitos - Include internal/aead.h
crypto: blkcipher - Include crypto/aead.h
crypto: caam - Remove unnecessary reference to crt_aead
crypto: aead - Add crypto_aead_set_reqsize helper
crypto: authenc - Use crypto_aead_set_reqsize helper
crypto: authencesn - Use crypto_aead_set_reqsize helper
crypto: ccm - Use crypto_aead_set_reqsize helper
crypto: cryptd - Use crypto_aead_set_reqsize helper
crypto: gcm - Use crypto_aead_set_reqsize helper
crypto: pcrypt - Use crypto_aead_set_reqsize helper
crypto: seqiv - Use crypto_aead_set_reqsize helper
crypto: aesni - Use crypto_aead_set_reqsize helper
crypto: ixp4xx - Use crypto_aead_set_reqsize helper
crypto: picoxcell - Use crypto_aead_set_reqsize helper
crypto: qat - Use crypto_aead_set_reqsize helper
crypto: cryptd - Add missing aead.h inclusion
crypto: aead - Convert top level interface to new style
crypto: cryptd - Use crypto_grab_aead
crypto: pcrypt - Use crypto_grab_aead
crypto: scatterwalk - Add scatterwalk_ffwd helper
crypto: aead - Add new interface with single SG list
crypto: aead - Rename aead_alg to old_aead_alg
crypto: caam - Use old_aead_alg
crypto: aead - Add crypto_aead_maxauthsize
crypto: ixp4xx - Use crypto_aead_maxauthsize
crypto: nx - Remove unnecessary maxauthsize check
crypto: aead - Add support for new AEAD implementations
crypto: null - Add default null skcipher
crypto: gcm - Use default null skcipher
crypto: scatterwalk - Check for same address in map_and_copy
crypto: seqiv - Add support for new AEAD interface
crypto: seqiv - Add seqniv
crypto: echainiv - Add encrypted chain IV generator
crypto: aead - Add crypto_aead_alg_ivsize/maxauthsize
crypto: pcrypt - Make tfm_count an atomic_t
crypto: skcipher - Use tmpl->create
crypto: aead - Use tmpl->create
crypto: seqiv - Use aead_register_instance
crypto: echainiv - Use aead_register_instance
crypto: aead - Do not set cra_type for new style instances
crypto: echainiv - Stop using cryptoff
crypto: seqiv - Stop using cryptoff
crypto: aead - Remove unused cryptoff parameter
random: Wake up all getrandom(2) callers when pool is ready
Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
crypto: aead - Document behaviour of AD in destination buffer
crypto: scatterwalk - Add missing sg_init_table to scatterwalk_ffwd
crypto: aead - Preserve in-place processing in old_crypt
crypto: aead - Add common IV generation code
crypto: echainiv - Copy AD along with plain text
crypto: echainiv - Use common IV generation code
crypto: echainiv - Fix IV size in context size calculation
crypto: seqiv - Copy AD along with plain/cipher text
crypto: seqiv - Use common IV generation code
crypto: seqiv - Fix IV size in context size calculation
crypto: seqiv - Fix module unload/reload crash
crypto: testmgr - Switch to new AEAD interface
xfrm: Add IV generator information to xfrm_algo_desc
ipsec: Add IV generator information to xfrm_state
esp4: Switch to new AEAD interface
esp6: Switch to new AEAD interface
mac802154: Switch to new AEAD interface
mac80211: Switch to new AEAD interface
crypto: tcrypt - Switch to new AEAD interface
crypto: algif_aead - Switch to new AEAD interface
Revert "crypto: algif_aead - Disable AEAD user-space for now"
crypto: aead - Add type-safe init/exit functions
crypto: aead - Add aead_alg_instance
crypto: api - Include alignment in crypto_alg_extsize
crypto: aead - Ignore return value from crypto_unregister_alg
crypto: aead - Add multiple algorithm registration interface
crypto: pcrypt - Add support for new AEAD interface
crypto: cryptd - Add setkey/setauthsize functions for AEAD
crypto: aesni - Convert top-level rfc4106 algorithm to new interface
crypto: cryptd - Convert to new AEAD interface
crypto: aesni - Convert rfc4106 to new AEAD interface
crypto: scatterwalk - Hide PageSlab call to optimise away flush_dcache_page
crypto: chainiv - Move IV seeding into init function
crypto: echainiv - Move IV seeding into init function
crypto: eseqiv - Move IV seeding into init function
crypto: seqiv - Move IV seeding into init function
crypto: drbg - Add stdrng alias and increase priority
crypto: echainiv - Set Kconfig default to m
crypto: rng - Make DRBG the default RNG
crypto: rng - Remove krng
crypto: caam - Clamp AEAD SG list by input length
nios2: Export get_cycles
random: Add callback API for random pool readiness
random: Remove kernel blocking API
crypto: drbg - Add select on sha256
crypto: picoxcell - Include linux/sizes.h
crypto: picoxcell - Make use of sg_nents_for_len
crypto: picoxcell - Clamp AEAD SG list by input length
crypto: vmx - Remove duplicate PPC64 dependency
crypto: vmx - Reindent to kernel style
crypto: testmgr - Disable rfc4543 test
crypto: gcm - Convert to new AEAD interface
crypto: testmgr - Update rfc4543 test vectors
crypto: nx - Convert GCM to new AEAD interface
crypto: caam - Handle errors in dma_map_sg_chained
crypto: caam - Convert GCM to new AEAD interface
Revert "crypto: testmgr - Disable rfc4543 test"
crypto: testmgr - Add mcgrew test vectors for rfc4106
crypto: tcrypt - Add rfc4309(ccm(aes)) speed test
crypto: tcrypt - Fixed AEAD speed test setup
crypto: drivers - Fix Kconfig selects
crypto: api - Add CRYPTO_MINALIGN_ATTR to struct crypto_alg
crypto: aead - Fix aead_instance struct size
crypto: caam - Reintroduce DESC_MAX_USED_BYTES
crypto: caam - Set last bit on src SG list
Merge branch 'mvebu/drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
crypto: nx - Check for bogus firmware properties
crypto: skcipher - Allow givencrypt to be NULL
crypto: rng - Do not free default RNG when it becomes unused
crypto: user - Move cryptouser.h to uapi
crypto: user - Add CRYPTO_MSG_DELRNG
crypto: chainiv - Offer normal cipher functionality without RNG
crypto: eseqiv - Offer normal cipher functionality without RNG
crypto: seqiv - Add compatibility support without RNG
crypto: echainiv - Only hold RNG during initialisation
crypto: af_alg - Forbid the use internal algorithms
crypto: algif_aead - Temporarily disable all AEAD algorithms

Horia Geant? (4):
crypto: talitos - avoid memleak in talitos_alg_alloc()
Revert "crypto: talitos - convert to use be16_add_cpu()"
crypto: talitos - avoid out of bound scatterlist iterator
crypto: talitos - static code checker fixes

Jeremiah Mahler (1):
crypto: aesni - fix crypto_fpu_exit() section mismatch

LABBE Corentin (7):
crypto: md5 - add MD5 initial vectors
crypto: md5 - use md5 IV MD5_HX instead of their raw value
crypto: powerpc/md5 - use md5 IV MD5_HX instead of their raw value
crypto: sparc/md5 - use md5 IV MD5_HX instead of their raw value
crypto: n2 - use md5 IV MD5_HX instead of their raw value
crypto: octeon - use md5 IV MD5_HX instead of their raw value
crypto: testmgr - Document struct cipher_testvec

LEROY Christophe (17):
crypto: talitos - Use zero entry to init descriptors ptrs to zero
crypto: talitos - Refactor the sg in/out chain allocation
crypto: talitos - talitos_ptr renamed ptr for more lisibility
crypto: talitos - Add a helper function to clear j_extent field
crypto: talitos - remove param 'extent' in map_single_talitos_ptr()
crypto: talitos - helper function for ptr len
crypto: talitos - enhanced talitos_desc struct for SEC1
crypto: talitos - add sub-choice in talitos CONFIG for SEC1
crypto: talitos - Add a feature to tag SEC1
crypto: talitos - fill in talitos descriptor iaw SEC1 or SEC2+
crypto: talitos - adaptation of talitos_submit() for SEC1
crypto: talitos - base address for Execution Units
crypto: talitos - adapt interrupts and reset functions to SEC1
crypto: talitos - implement scatter/gather copy for SEC1
crypto: talitos - SEC1 bugs on 0 data hash
crypto: talitos - Add fsl,sec1.0 compatible
crypto: talitos - Update DT bindings with SEC1

Leonidas Da Silva Barbosa (2):
crypto: nx - Fixing NX data alignment with nx_sg list
crypto: nx - Fixing SHA update bug

Martin Willi (10):
crypto: chacha20 - Add a generic ChaCha20 stream cipher implementation
crypto: testmgr - Add ChaCha20 test vectors from RFC7539
crypto: poly1305 - Add a generic Poly1305 authenticator implementation
crypto: testmgr - Add Poly1305 test vectors from RFC7539
crypto: chacha20poly1305 - Add a ChaCha20-Poly1305 AEAD construction, RFC7539
crypto: testmgr - Add ChaCha20-Poly1305 test vectors from RFC7539
crypto: chacha20poly1305 - Add an IPsec variant for RFC7539 AEAD
crypto: testmgr - Add draft-ietf-ipsecme-chacha20-poly1305 test vector
xfrm: Define ChaCha20-Poly1305 AEAD XFRM algo for IPsec users
crypto: poly1305 - Pass key as first two message blocks to each desc_ctx

Masanari Iida (2):
crypto: doc - Fix typo in crypto-API.tmpl
crypto: doc - Fix typo in crypto-API.xml

Michael van der Westhuizen (1):
crypto: picoxcell - Update to the current clk API

Pali Roh?r (2):
crypto: omap-sham - Check for return value from pm_runtime_get_sync
crypto: omap-sham - Add support for omap3 devices

Paulo Flabiano Smorigo (1):
crypto: vmx - fix two mistyped texts

Sergey Senozhatsky (1):
crypto: drbg - report backend_cra_name when allocation fails

Steffen Trumtrar (1):
crypto: caam - fix non-64-bit write/read access

Stephan Mueller (15):
cryoto: drbg - clear all temporary memory
crypto: drbg - fix drbg_generate return val check
crypto: drbg - replace spinlock with mutex
crypto: drbg - leave cipher handles operational
crypto: doc - change header file locations
random: Blocking API for accessing nonblocking_pool
crypto: drbg - prepare for async seeding
crypto: drbg - add async seeding operation
crypto: drbg - use Jitter RNG to obtain seed
crypto: jitterentropy - add jitterentropy RNG
crypto: jitterentropy - remove timekeeping_valid_for_hres
crypto: doc - cover new AEAD interface
crypto: drbg - use pragmas for disabling optimization
crypto: drbg - Use callback API for random readiness
crypto: drbg - reseed often if seedsource is degraded

Tadeusz Struk (9):
crypto: qat - remove unused structure members
crypto: qat - rm unneeded header include
crypto: qat - Set max request size
crypto: qat: fix issue when mapping assoc to internal AD struct
MPILIB: add mpi_read_buf() and mpi_get_size() helpers
crypto: akcipher - add PKE API
crypto: rsa - add a new rsa generic implementation
crypto: testmgr - add tests vectors for RSA
crypto: rsa - fix invalid select for AKCIPHER

Tom Lendacky (4):
crypto: ccp - Remove manual check and set of dma_mask pointer
crypto: ccp - Remove unused structure field
scatterlist: introduce sg_nents_for_len
crypto: ccp - Protect against poorly marked end of sg list

Victoria Milhoan (2):
crypto: caam - Fix incorrect size when DMA unmapping buffer
crypto: caam - Provide correct value to iounmap() in controller driver

Wu Fengguang (1):
crypto: echainiv - echainiv_read_iv() can be static

firo yang (1):
crypto: sha1-mb - Remove pointless cast

Documentation/DocBook/crypto-API.tmpl | 67 +-
.../devicetree/bindings/crypto/fsl-sec2.txt | 6 +-
.../devicetree/bindings/crypto/marvell-cesa.txt | 45 +
.../devicetree/bindings/crypto/mv_cesa.txt | 31 +-
MAINTAINERS | 26 +-
arch/arm/boot/dts/armada-375.dtsi | 2 +-
arch/arm/boot/dts/armada-38x.dtsi | 2 +-
arch/arm/boot/dts/armada-39x.dtsi | 2 +-
arch/arm/boot/dts/armada-xp-linksys-mamba.dts | 5 +
arch/arm/boot/dts/armada-xp-openblocks-ax3-4.dts | 4 +
arch/arm/boot/dts/dove-cubox.dts | 1 +
arch/arm/crypto/Kconfig | 15 +-
arch/arm/crypto/Makefile | 10 +-
arch/arm/crypto/aes-ce-core.S | 7 +-
arch/arm/crypto/sha512-armv4.pl | 649 ++++++
arch/arm/crypto/sha512-armv7-neon.S | 455 ----
arch/arm/crypto/sha512-core.S_shipped | 1861 +++++++++++++++
arch/arm/crypto/sha512-glue.c | 121 +
arch/arm/crypto/sha512-neon-glue.c | 98 +
arch/arm/crypto/sha512.h | 8 +
arch/arm/crypto/sha512_neon_glue.c | 305 ---
arch/arm64/crypto/aes-ce-ccm-glue.c | 2 +-
arch/arm64/crypto/crc32-arm64.c | 22 +-
arch/arm64/crypto/sha1-ce-glue.c | 3 +
arch/arm64/crypto/sha2-ce-glue.c | 3 +
arch/mips/cavium-octeon/crypto/octeon-md5.c | 8 +-
arch/nios2/kernel/time.c | 2 +
arch/powerpc/crypto/md5-glue.c | 8 +-
arch/powerpc/include/asm/icswx.h | 184 ++
arch/powerpc/include/asm/ppc-opcode.h | 13 +
arch/powerpc/kernel/prom.c | 1 +
arch/s390/crypto/ghash_s390.c | 25 +-
arch/sparc/crypto/md5_glue.c | 8 +-
arch/x86/crypto/aesni-intel_glue.c | 423 ++--
arch/x86/crypto/fpu.c | 2 +-
arch/x86/crypto/sha-mb/sha1_mb.c | 3 +-
crypto/842.c | 174 +-
crypto/Kconfig | 97 +-
crypto/Makefile | 15 +-
crypto/ablkcipher.c | 12 +-
crypto/aead.c | 684 ++++--
crypto/af_alg.c | 5 +-
crypto/akcipher.c | 117 +
crypto/algapi.c | 31 +-
crypto/algif_aead.c | 79 +-
crypto/algif_rng.c | 2 +-
crypto/ansi_cprng.c | 88 +-
crypto/authenc.c | 17 +-
crypto/authencesn.c | 17 +-
crypto/blkcipher.c | 1 +
crypto/ccm.c | 14 +-
crypto/chacha20_generic.c | 216 ++
crypto/chacha20poly1305.c | 695 ++++++
crypto/chainiv.c | 105 +-
crypto/cryptd.c | 135 +-
crypto/crypto_null.c | 39 +
crypto/crypto_user.c | 34 +-
crypto/drbg.c | 567 ++---
crypto/echainiv.c | 312 +++
crypto/eseqiv.c | 52 +-
crypto/fips.c | 53 +-
crypto/gcm.c | 940 +++-----
crypto/internal.h | 3 +-
crypto/jitterentropy.c | 928 ++++++++
crypto/krng.c | 66 -
crypto/md5.c | 8 +-
crypto/pcompress.c | 7 +-
crypto/pcrypt.c | 199 +-
crypto/poly1305_generic.c | 321 +++
crypto/proc.c | 41 -
crypto/rng.c | 132 +-
crypto/rsa.c | 315 +++
crypto/rsa_helper.c | 121 +
crypto/rsakey.asn1 | 5 +
crypto/scatterwalk.c | 45 +-
crypto/seqiv.c | 587 ++++-
crypto/shash.c | 7 +-
crypto/tcrypt.c | 36 +-
crypto/tcrypt.h | 1 +
crypto/testmgr.c | 314 ++-
crypto/testmgr.h | 2443 +++++++++++++++++++-
crypto/zlib.c | 4 +-
drivers/bus/mvebu-mbus.c | 120 +-
drivers/char/hw_random/bcm63xx-rng.c | 18 +-
drivers/char/random.c | 80 +-
drivers/crypto/Kconfig | 87 +-
drivers/crypto/Makefile | 1 +
drivers/crypto/caam/Kconfig | 5 +-
drivers/crypto/caam/caamalg.c | 1497 ++++++------
drivers/crypto/caam/caamhash.c | 9 +-
drivers/crypto/caam/compat.h | 2 +-
drivers/crypto/caam/ctrl.c | 4 +-
drivers/crypto/caam/regs.h | 38 +-
drivers/crypto/caam/sg_sw_sec4.h | 50 +-
drivers/crypto/ccp/Kconfig | 1 -
drivers/crypto/ccp/ccp-ops.c | 9 +-
drivers/crypto/ccp/ccp-platform.c | 2 -
drivers/crypto/ixp4xx_crypto.c | 9 +-
drivers/crypto/marvell/Makefile | 2 +
drivers/crypto/marvell/cesa.c | 548 +++++
drivers/crypto/marvell/cesa.h | 791 +++++++
drivers/crypto/marvell/cipher.c | 797 +++++++
drivers/crypto/marvell/hash.c | 1441 ++++++++++++
drivers/crypto/marvell/tdma.c | 224 ++
drivers/crypto/mv_cesa.c | 73 +-
drivers/crypto/n2_core.c | 8 +-
drivers/crypto/nx/Kconfig | 61 +-
drivers/crypto/nx/Makefile | 9 +-
drivers/crypto/nx/nx-842-crypto.c | 580 +++++
drivers/crypto/nx/nx-842-platform.c | 84 +
drivers/crypto/nx/nx-842-powernv.c | 637 +++++
drivers/crypto/nx/nx-842-pseries.c | 1140 +++++++++
drivers/crypto/nx/nx-842.c | 1610 +------------
drivers/crypto/nx/nx-842.h | 144 ++
drivers/crypto/nx/nx-aes-gcm.c | 110 +-
drivers/crypto/nx/nx-sha256.c | 84 +-
drivers/crypto/nx/nx-sha512.c | 85 +-
drivers/crypto/nx/nx.c | 233 +-
drivers/crypto/nx/nx.h | 9 +-
drivers/crypto/omap-sham.c | 27 +-
drivers/crypto/picoxcell_crypto.c | 41 +-
drivers/crypto/qat/Kconfig | 6 +-
drivers/crypto/qat/qat_common/adf_accel_devices.h | 1 -
drivers/crypto/qat/qat_common/adf_cfg_user.h | 12 -
drivers/crypto/qat/qat_common/adf_common_drv.h | 7 +
drivers/crypto/qat/qat_common/adf_ctl_drv.c | 1 +
drivers/crypto/qat/qat_common/qat_algs.c | 39 +-
drivers/crypto/qat/qat_dh895xcc/adf_drv.c | 5 +-
drivers/crypto/sahara.c | 13 +-
drivers/crypto/talitos.c | 743 ++++--
drivers/crypto/talitos.h | 153 +-
drivers/crypto/ux500/Kconfig | 4 +-
drivers/crypto/vmx/Kconfig | 2 +-
drivers/crypto/vmx/Makefile | 2 +-
drivers/crypto/vmx/aes.c | 166 +-
drivers/crypto/vmx/aes_cbc.c | 236 +-
drivers/crypto/vmx/aes_ctr.c | 225 +-
drivers/crypto/vmx/aesp8-ppc.h | 15 +-
drivers/crypto/vmx/ghash.c | 278 +--
drivers/crypto/vmx/vmx.c | 68 +-
include/crypto/aead.h | 533 ++++-
include/crypto/akcipher.h | 340 +++
include/crypto/algapi.h | 35 +-
include/crypto/compress.h | 8 +-
include/crypto/cryptd.h | 1 +
include/crypto/drbg.h | 59 +-
include/crypto/hash.h | 2 +-
include/crypto/internal/aead.h | 102 +-
include/crypto/internal/akcipher.h | 60 +
include/crypto/internal/geniv.h | 24 +
include/crypto/internal/rng.h | 21 +-
include/crypto/internal/rsa.h | 27 +
include/crypto/md5.h | 5 +
include/crypto/null.h | 3 +
include/crypto/rng.h | 100 +-
include/crypto/scatterwalk.h | 4 +
include/linux/compiler-gcc.h | 16 +-
include/linux/compiler-intel.h | 3 +
include/linux/compiler.h | 4 +
include/linux/crypto.h | 501 +---
include/linux/mbus.h | 5 +
include/linux/module.h | 12 +
include/linux/mpi.h | 15 +
include/linux/nx842.h | 11 -
include/linux/random.h | 9 +
include/linux/scatterlist.h | 1 +
include/linux/sw842.h | 12 +
include/net/xfrm.h | 3 +
include/{ => uapi}/linux/cryptouser.h | 6 +
lib/842/842.h | 127 +
lib/842/842_compress.c | 626 +++++
lib/842/842_debugfs.h | 52 +
lib/842/842_decompress.c | 405 ++++
lib/842/Makefile | 2 +
lib/Kconfig | 6 +
lib/Makefile | 2 +
lib/mpi/mpicoder.c | 87 +-
lib/mpi/mpiutil.c | 6 +-
lib/scatterlist.c | 32 +
lib/string.c | 2 +-
net/ipv4/esp4.c | 200 +-
net/ipv6/esp6.c | 200 +-
net/key/af_key.c | 1 +
net/mac80211/aes_ccm.c | 33 +-
net/mac80211/aes_gcm.c | 33 +-
net/mac80211/aes_gmac.c | 14 +-
net/mac802154/llsec.c | 44 +-
net/xfrm/xfrm_algo.c | 28 +
net/xfrm/xfrm_user.c | 40 +-
189 files changed, 23661 insertions(+), 7358 deletions(-)

Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2015-06-23 04:26:59

by Linus Torvalds

Subject: Re: Crypto Update for 4.2

On Mon, Jun 22, 2015 at 1:44 AM, Herbert Xu <[email protected]> wrote:
>
> Here is the crypto update for 4.2:

So this generates conflicts with your earlier changes (that I got
through the networking tree - they are your patches, but they went
through Steffen Klassert and then David Miller).

I resolved them, but I want you to double-check the end result.

Some of the conflicts are just trivial (but annoying) conflicts due to
whitespace changes to the vmx routines.

But the changes to net/ipv4/esp4.c and net/ipv6/esp6.c are actual real
code conflicts, even though the in the merge they look like no change
at all, because I picked your side and the changes on the other side
just went away.

I did that, because ss far as I can tell, the changes in commits
7021b2e1cddd and 000ae7b2690e (that switch esp4/6 over to the new AEAD
interface) obviate the commits I got earlier to use the high-order
sequence number bits for IV generation.

So it looks to me like those AEAD interface changes already make sure
to use the full 64 bits of the sequence number.

But if I'm wrong, please holler. You clearly know both sides of this,
since you wrote all the patches involved, so I'd like you to
double-check me.

Linus

2015-06-23 04:32:30

by Herbert Xu

Subject: Re: Crypto Update for 4.2

On Mon, Jun 22, 2015 at 09:26:51PM -0700, Linus Torvalds wrote:
>
> So it looks to me like those AEAD interface changes already make sure
> to use the full 64 bits of the sequence number.
>
> But if I'm wrong, please holler. You clearly know both sides of this,
> since you wrote all the patches involved, so I'd like you to
> double-check me.

Yes the AEAD conversion does the right thing and uses the full 64
bits of the sequence number. In fact it was during that conversion
when I noticed the bug and sent in a fix to Steffen.

Thanks for the heads up!
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2015-06-24 02:11:29

by Linus Torvalds

Subject: Re: Crypto Update for 4.2

On Mon, Jun 22, 2015 at 1:44 AM, Herbert Xu <[email protected]> wrote:
>
> Here is the crypto update for 4.2:

Hmm. I noticed a new annoyance:

I get this at bootup:

[ +0.001504] alg: No test for __gcm-aes-aesni (__driver-gcm-aes-aesni)
[ +0.002233] alg: aead: setkey failed on test 1 for
rfc4106-gcm-aesni: flags=0

in general, I'm not at all convinced that the crypto tests make sense.
I absolutely destest that horrid "testmgr.h" file that is 32
_thousand_ lines of noise. And now it's apparently complaining about a
missing test, so that nasty mess will presumably grow.

Could you not make the test infrastructure be something that gets run
in user space?

Linus

2015-06-24 13:29:56

by Herbert Xu

Subject: Re: Crypto Update for 4.2

On Tue, Jun 23, 2015 at 07:11:19PM -0700, Linus Torvalds wrote:
> On Mon, Jun 22, 2015 at 1:44 AM, Herbert Xu <[email protected]> wrote:
> >
> > Here is the crypto update for 4.2:
>
> Hmm. I noticed a new annoyance:
>
> I get this at bootup:
>
> [ +0.001504] alg: No test for __gcm-aes-aesni (__driver-gcm-aes-aesni)

This is indeed bogus and I'll make sure it disappears.

> [ +0.002233] alg: aead: setkey failed on test 1 for
> rfc4106-gcm-aesni: flags=0

This however is a real bug. It looks like aesni is somehow broken
and is failing on setkey. I'll look into it.

> in general, I'm not at all convinced that the crypto tests make sense.
> I absolutely destest that horrid "testmgr.h" file that is 32
> _thousand_ lines of noise. And now it's apparently complaining about a
> missing test, so that nasty mess will presumably grow.
>
> Could you not make the test infrastructure be something that gets run
> in user space?

I too think the current testmgr model has reached its limit.
However, it has been quite useful in catching bugs like the
one you saw which may otherwise result in hard-to-track-down
bugs in other subsystems such as IPsec or disk encryption.

What I was planning to do is to instead bundle the test vectors
with the algorithms themselves. So for each algorithm we would
have the test vectors in the canonical C implementation which then
would be used to test every other implmenetation of that algorithm.

The test code could similarly be distributed out to the individual
types, e.g., RNG tests would go into rng.c, hash tests into ahash.c,
etc.

When this is done there would be no central repository of testing
information anymore.

Cheers,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2015-06-26 10:22:50

by Herbert Xu

Subject: Crypto Fixes for 4.2

Hi Linus:

This push fixes the following issues:

* Move -O0 jitterentropy code into its own file instead of using
gcc pragma magic.
* Kill testmgr warning for gcm-aes-aesni.
* Fix build failure in old rsa.

Other minor fixes:

* Ignore asn1 files generated by new rsa.
* Remove unnecessary kzfree NULL checks in jitterentropy.
* Typo fix in akcipher.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Alexander Kuleshov (1):
crypto: rsa - add .gitignore for crypto/*.-asn1.[ch] files

Guenter Roeck (1):
crypto: asymmetric_keys/rsa - Use non-conflicting variable name

Markus Elfring (1):
crypto: jitterentropy - Delete unnecessary checks before the function call "kzfree"

Stephan Mueller (1):
crypto: jitterentropy - avoid compiler warnings

Tadeusz Struk (2):
crypto: akcipher - fix spelling cihper -> cipher
crypto: testmgr - don't print info about missing test for gcm-aes-aesni

crypto/.gitignore | 1 +
crypto/Makefile | 4 +-
crypto/akcipher.c | 2 +-
crypto/asymmetric_keys/rsa.c | 4 +-
crypto/jitterentropy-kcapi.c | 208 ++++++++++++++++++++++++++++++++++++++++
crypto/jitterentropy.c | 215 ++++++++----------------------------------
crypto/testmgr.c | 4 +
7 files changed, 256 insertions(+), 182 deletions(-)

Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2015-06-26 20:07:07

by Linus Torvalds

Subject: Re: Crypto Fixes for 4.2

On Fri, Jun 26, 2015 at 3:22 AM, Herbert Xu <[email protected]> wrote:
>
> * Kill testmgr warning for gcm-aes-aesni.

Hmm. You killed one of the warnings, but the setkey one remains.

alg: aead: setkey failed on test 1 for rfc4106-gcm-aesni: flags=0

Expected?

Linus

2015-06-27 06:56:55

by Herbert Xu

Subject: Re: Crypto Fixes for 4.2

On Fri, Jun 26, 2015 at 01:07:02PM -0700, Linus Torvalds wrote:
> On Fri, Jun 26, 2015 at 3:22 AM, Herbert Xu <[email protected]> wrote:
> >
> > * Kill testmgr warning for gcm-aes-aesni.
>
> Hmm. You killed one of the warnings, but the setkey one remains.
>
> alg: aead: setkey failed on test 1 for rfc4106-gcm-aesni: flags=0
>
> Expected?

I wanted to explore a more complete fix with delaying the testing
until all built-in registrations are complete but it turned out to
be too complicated for now.

So I think Tadeusz's patch is the simplest fix for 4.2. Could you
please test it to see if it makes your warning go away? Just in
case you're running into something else that happens to look the
same.

Here is his patch again with a corrected changelog.

Thanks!

---8<---
From: Tadeusz Struk <[email protected]>
Subject: crypto: aesni - fix failing setkey for rfc4106-gcm-aesni

rfc4106(gcm(aes)) uses ctr(aes) to generate hash key. ctr(aes) needs
chainiv, but the chainiv gets initialized after aesni_intel when both
are statically linked so the setkey fails.
This patch forces aesni_intel to be initialized after chainiv.

Signed-off-by: Tadeusz Struk <[email protected]>
---
arch/x86/crypto/aesni-intel_glue.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
index ebcb981d..cb630a8 100644
--- a/arch/x86/crypto/aesni-intel_glue.c
+++ b/arch/x86/crypto/aesni-intel_glue.c
@@ -1537,7 +1537,7 @@ static void __exit aesni_exit(void)
crypto_fpu_exit();
}

-module_init(aesni_init);
+late_initcall(aesni_init);
module_exit(aesni_exit);

MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm, Intel AES-NI instructions optimized");


--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2015-06-27 16:40:33

by Linus Torvalds

Subject: Re: Crypto Fixes for 4.2

On Fri, Jun 26, 2015 at 11:56 PM, Herbert Xu
<[email protected]> wrote:
>
> So I think Tadeusz's patch is the simplest fix for 4.2. Could you
> please test it to see if it makes your warning go away?

Seems to silence it here.

I get the feeling that the patch is still wrong - why are not the
*tests* run at late time when everything is properly set up, rather
than forcing ordering at the code init level - but at least I don't
see the annoying error, so it's certainly better than it was before.

Linus

2015-06-29 07:33:06

by Herbert Xu

Subject: Re: Crypto Fixes for 4.2

On Sat, Jun 27, 2015 at 09:40:24AM -0700, Linus Torvalds wrote:
> On Fri, Jun 26, 2015 at 11:56 PM, Herbert Xu
> <[email protected]> wrote:
> >
> > So I think Tadeusz's patch is the simplest fix for 4.2. Could you
> > please test it to see if it makes your warning go away?
>
> Seems to silence it here.

OK I'll apply this patch for 4.2.

> I get the feeling that the patch is still wrong - why are not the
> *tests* run at late time when everything is properly set up, rather
> than forcing ordering at the code init level - but at least I don't
> see the annoying error, so it's certainly better than it was before.

That's what I was exploring but I think it'll take a while so
it's best to postpone it to 4.3 or later. The two alternatives
I was toying with are 1) delay the testing until the first time
the given algorithm is used; 2) perform testing for all built-in
algorithms at late_initcall.

Cheers,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2015-06-30 13:51:55

by Herbert Xu

Subject: Crypto Fixes for 4.2

Hi Linus:

This push fixes the aesni setkey error and removes a couple of
unnecessary NULL checks in the Intel qat driver.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Markus Elfring (1):
crypto: qat - Deletion of unnecessary checks before two function calls

Tadeusz Struk (1):
crypto: aesni - fix failing setkey for rfc4106-gcm-aesni

arch/x86/crypto/aesni-intel_glue.c | 2 +-
drivers/crypto/qat/qat_common/adf_accel_engine.c | 5 +----
drivers/crypto/qat/qat_common/adf_transport.c | 2 +-
3 files changed, 3 insertions(+), 6 deletions(-)

Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2015-07-13 04:09:12

by Herbert Xu

Subject: Crypto Fixes for 4.2

Hi Linus:

This push fixes a duplicate dma_unmap_sg call in omap-des and
reentrancy bugs in the powerpc nx driver which may cause bogus
output or worse memory corruption.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Herbert Xu (1):
crypto: nx - Fix reentrancy bugs

Vutla, Lokesh (1):
crypto: omap-des - Fix unmapping of dma channels

drivers/crypto/nx/nx-aes-ccm.c | 6 ++--
drivers/crypto/nx/nx-aes-ctr.c | 7 ++--
drivers/crypto/nx/nx-aes-gcm.c | 17 ++++++----
drivers/crypto/nx/nx-aes-xcbc.c | 70 ++++++++++++++++++++++++---------------
drivers/crypto/nx/nx-sha256.c | 43 +++++++++++++-----------
drivers/crypto/nx/nx-sha512.c | 44 +++++++++++++-----------
drivers/crypto/nx/nx.c | 3 ++
drivers/crypto/nx/nx.h | 14 ++++++--
drivers/crypto/omap-des.c | 3 --
9 files changed, 125 insertions(+), 82 deletions(-)

Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2015-08-03 07:16:47

by Herbert Xu

Subject: Crypto Fixes for 4.2

Hi Linus:

This push fixes the following issues:

* A bogus BUG_ON in ixp4xx that can be triggered by a dst buffer
that is an SG list.
* The error handling in hwrngd may cause a crash in case of an error.
* Fix a race condition in qat registration when multiple devices are
present.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Herbert Xu (1):
crypto: ixp4xx - Remove bogus BUG_ON on scattered dst buffer

Martin Schwidefsky (1):
hwrng: core - correct error check of kthread_run call

Tadeusz Struk (1):
crypto: qat - Fix invalid synchronization between register/unregister sym algs

drivers/char/hw_random/core.c | 2 +-
drivers/crypto/ixp4xx_crypto.c | 1 -
drivers/crypto/qat/qat_common/qat_algs.c | 24 ++++++++++++++++--------
3 files changed, 17 insertions(+), 10 deletions(-)

Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2015-08-17 08:27:29

by Herbert Xu

Subject: Crypto Fixes for 4.2

Hi Linus:

This push fixes the following issues:

* A regression caused by the conversion of IPsec ESP to the new
AEAD interface: ESN with authencesn no longer works because it
relied on the AD input SG list having a specific layout which
is no longer the case. In linux-next authencesn is fixed properly
and no longer assumes anything about the SG list format. While
for this release a minimal fix is applied to authencesn so that
it works with the new linear layout.
* Fix memory corruption caused by bogus index in the caam hash code.
* Fix powerpc nx SHA hashing which could cause module load failures
if module signature verification is enabled.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Herbert Xu (1):
crypto: authencesn - Fix breakage with new ESP code

Horia Geant? (1):
crypto: caam - fix memory corruption in ahash_final_ctx

Jan Stancek (1):
crypto: nx - respect sg limit bounds when building sg lists for SHA

crypto/authencesn.c | 44 +++++++++++-----------------------------
drivers/crypto/caam/caamhash.c | 7 ++++---
drivers/crypto/nx/nx-sha256.c | 27 ++++++++++++++----------
drivers/crypto/nx/nx-sha512.c | 28 ++++++++++++++-----------
4 files changed, 48 insertions(+), 58 deletions(-)

Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2015-08-31 13:57:19

by Herbert Xu

Subject: Crypto Update for 4.3

Hi Linus:

Here is the crypto update for 4.3:

API:

* The AEAD interface transition is now complete.
* Add top-level skcipher interface.

Drivers:

* x86-64 acceleration for chacha20/poly1305.
* Add sunxi-ss Allwinner Security System crypto accelerator.
* Add RSA algorithm to qat driver.
* Add SRIOV support to qat driver.
* Add LS1021A support to caam.
* Add i.MX6 support to caam.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Aaron Sierra (2):
crypto: talitos - Remove zero_entry static initializer
crypto: talitos - Prevent panic in probe error path

Ahsan Atta (1):
crypto: qat - Fix typo othewise->otherwise

Alex Porosanu (1):
crypto: caam - fix ERA property reading

Baruch Siach (1):
crypto: arm - ignore generated SHA2 assembly files

Brian Norris (1):
crypto: doc - make URL into hyperlink

Bruce Allan (4):
crypto: qat - remove redundant struct elem
crypto: qat - fix bug in ADF_RING_SIZE_BYTES_MIN macro
crypto: qat - remove unused define
crypto: qat - remove unnecessary list iteration

Chen-Yu Tsai (3):
crypto: sunxi-ss - Document optional reset control bindings
crypto: sunxi-ss - Add optional reset control support
ARM: dts: sun6i: Add security system crypto engine clock and device nodes

Colin Ian King (1):
crypto: img-hash - fix spelling mistake in dev_err error message

Dan Streetman (11):
crypto: nx - remove __init/__exit from VIO functions
crypto: nx - remove pSeries NX 'status' field
crypto: nx - move kzalloc() out of spinlock
crypto: nx - don't register pSeries driver if ENODEV
crypto: nx - use common code for both NX decompress success cases
crypto: nx - merge nx-compress and nx-compress-crypto
crypto: nx - rename nx-842-crypto.c to nx-842.c
crypto: nx - make platform drivers directly register with crypto
crypto: nx - don't err if compressed output > input
crypto: nx - use be32_to_cpu for __be32 field in debug msg
MAINTAINERS: change 842 NX owner email address

Fabio Estevam (6):
crypto: caam - Fix error handling in caam_rng_init()
crypto: caam - Remove unneeded 'ret' variable
crypto: amcc - Do a NULL check for pointer
crypto: caam - Fix the error handling in caam_probe
crypto: caam - Propagate the real error code in caam_probe
crypto: caam - Use the preferred style for memory allocations

Herbert Xu (56):
crypto: cryptd - Fix AEAD request context corruption
Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
crypto: api - Remove unused __crypto_dequeue_request
crypto: aead - Add aead_queue interface
crypto: nx/842 - Fix context corruption
crypto: api - Add instance free function to crypto_type
crypto: aead - Add type-safe function for freeing instances
crypto: pcrypt - Propagate new AEAD implementation flag
crypto: cryptd - Propagate new AEAD implementation flag
crypto: echainiv - Fix encryption convention
crypto: seqiv - Replace seqniv with seqiv
crypto: aead - Propagate new AEAD implementation flag for IV generators
crypto: testmgr - Disable rfc4106 test and convert test vectors
crypto: tcrypt - Add support for new IV convention
crypto: aesni - Use new IV convention
crypto: gcm - Use new IV convention
crypto: nx - Use new IV convention
crypto: caam - Use new IV convention
crypto: testmgr - Reenable rfc4106 test
crypto: testmgr - Disable rfc4309 test and convert test vectors
crypto: ccm - Convert to new AEAD interface
crypto: aes-ce-ccm - Convert to new AEAD interface
crypto: nx - Convert ccm to new AEAD interface
crypto: testmgr - Reenable rfc4309 test
crypto: chacha20poly1305 - Convert to new AEAD interface
Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
crypto: testmgr - Disable authenc test and convert test vectors
crypto: authenc - Convert to new AEAD interface
crypto: caam - Convert authenc to new AEAD interface
crypto: ixp4xx - Convert to new AEAD interface
crypto: picoxcell - Convert to new AEAD interface
crypto: qat - Convert to new AEAD interface
crypto: talitos - Convert to new AEAD interface
crypto: testmgr - Reenable authenc tests
crypto: authenc - Add Kconfig dependency on CRYPTO_NULL
Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
crypto: authencesn - Convert to new AEAD interface
crypto: algboss - Remove reference to nivaead
crypto: user - Remove crypto_lookup_aead call
ipsec: Replace seqniv with seqiv
crypto: seqiv - Remove seqniv
crypto: seqiv - Remove AEAD compatibility code
crypto: echainiv - Remove AEAD compatibility code
crypto: aead - Add type-safe geniv init/exit helpers
crypto: seqiv - Use generic geniv init/exit helpers
crypto: echainiv - Use generic geniv init/exit helpers
crypto: cryptd - Remove reference to crypto_aead_crt
crypto: qat - Remove reference to crypto_aead_crt
crypto: aead - Remove old AEAD interfaces
crypto: aead - Remove CRYPTO_ALG_AEAD_NEW flag
crypto: null - Use NULL2 in Makefile
crypto: nx - Add forward declaration for struct crypto_aead
crypto: null - Add missing Kconfig tristate for NULL2
crypto: skcipher - Add top-level skcipher interface
crypto: testmgr - Use new skcipher interface
crypto: hash - Add AHASH_REQUEST_ON_STACK

Horia Geant? (5):
crypto: caam - fix snooping for write transactions
crypto: caam - fix RNG init descriptor ret. code checking
crypto: caam - fix rfc4106 encap shared descriptor
crypto: caam - add support for LS1021A
crypto: caam - fix writing to JQCR_MS when using service interface

Kees Cook (1):
crypto: jitterentropy - use safe format string parameters

Krzysztof Kozlowski (1):
crypto: marvell/cesa - Drop owner assignment from platform_driver

LABBE Corentin (6):
crypto: testmgr - add a chunking test for cbc(aes)
ARM: sun4i: dt: Add Security System to A10 SoC DTS
ARM: sun7i: dt: Add Security System to A20 SoC DTS
ARM: sun4i: dt: Add DT bindings documentation for SUN4I Security System
crypto: sunxi-ss - Add Allwinner Security System crypto accelerator
MAINTAINERS: Add myself as maintainer of Allwinner Security System

Lars Persson (1):
crypto: algif_aead - fix for multiple operations on AF_ALG sockets

Leonidas Da Silva Barbosa (7):
powerpc: Uncomment and make enable_kernel_vsx() routine available
crypto: vmx - Adding enable_kernel_vsx() to access VSX instructions
Update NX crypto driver maintainers and adding VMX maintainers
crypto: nx - Removing CTR mode from NX driver
crypto: vmx - Fixing AES-CTR counter bug
crypto: vmx - Fixing GHASH Key issue on little endian
crypto: vmx - Fixing opcode issue

Martin Willi (10):
crypto: tcrypt - Add ChaCha20/Poly1305 speed tests
crypto: chacha20 - Export common ChaCha20 helpers
crypto: chacha20 - Add a SSSE3 SIMD variant for x86_64
crypto: chacha20 - Add a four block SSSE3 variant for x86_64
crypto: chacha20 - Add an eight block AVX2 variant for x86_64
crypto: testmgr - Add a longer ChaCha20 test vector
crypto: poly1305 - Export common Poly1305 helpers
crypto: poly1305 - Add a SSE2 SIMD variant for x86_64
crypto: poly1305 - Add a two block SSE2 variant for x86_64
crypto: poly1305 - Add a four block AVX2 variant for x86_64

Nishanth Aravamudan (4):
crypto: nx - nx842_OF_upd_status should return ENODEV if device is not 'okay'
crypto: nx - rename nx842_{init, exit} to nx842_pseries_{init, exit}
crypto: nx - do not emit extra output if status is disabled
crypto: nx - reduce chattiness of platform drivers

Paulo Flabiano Smorigo (1):
Fix email address mistypo for NX/VMX crypto driver maintainers

Pingchao Yang (1):
crypto: qat - add support for MMP FW

Stephan Mueller (2):
crypto: doc - AEAD API conversion
crypto: cmac - allow usage in FIPS mode

Steve Cornelius (1):
crypto: caam - Enable MXC devices to select CAAM driver in Kconfig

Tadeusz Struk (17):
crypto: qat - add MMP FW support to accel engine
crypto: qat - Add support for RSA algorithm
crypto: rsa - limit supported key lengths
crypto: rsa - fix invalid check for keylen in fips mode
crypto: qat - fix invalid check for RSA keylen in fips mode
crypto: qat - Don't attempt to register algorithm multiple times
crypto: qat - Move adf admin and adf hw arbitrer to common code
crypto: qat - Add support for SRIOV
crypto: qat - Add qat dh895xcc VF driver
crypto: qat - Add FW const table
PCI: Add quirk for Intel DH895xCC VF PCI config erratum
crypto: qat - Fix adf_isr_resource_free name clash
crypto: qat - Fix unmet direct dependencies for QAT_DH895xCCVF
crypto: qat - Don't move data inside output buffer
crypto: qat - silence a static checker warning
MPI: Fix mpi_read_buffer
crypto: qat - enable legacy VFs

Tom Lendacky (1):
crypto: ccp - Provide support to autoload CCP driver

Tudor Ambarus (1):
crypto: caam - fix warning in APPEND_MATH_IMM_u64

Vaishali Thakkar (1):
crypto: sahara - Use dmam_alloc_coherent

Victoria Milhoan (13):
crypto: caam - Add cache coherency support
crypto: caam - Add setbits32/clrbits32/clrsetbits primitives for ARM compatibility
crypto: caam - Enable and disable clocks on Freescale i.MX platforms
crypto: caam - Modify Freescale CAAM driver Scatter Gather entry definition
crypto: caam - Change kmalloc to kzalloc to avoid residual data
crypto: caam - Correct DMA unmap size in ahash_update_ctx()
crypto: caam - Use local sg pointers to walk the scatterlist
crypto: caam - Added clocks and clock-names properties to SEC4.0 device tree binding
ARM: clk-imx6q: Add CAAM clock support
ARM: dts: mx6qdl: Add CAAM device node
ARM: dts: mx6sx: Add CAAM device node
crypto: caam - Detect hardware features during algorithm registration
ARM: imx_v6_v7_defconfig: Select CAAM

Vutla, Lokesh (5):
crypto: omap-aes - Fix CTR mode
crypto: omap-aes - Increase priority of hw accelerator
crypto: omap-aes - Fix configuring of AES mode
crypto: omap-aes - Use BIT() macro
crypto: tcrypt - Fix AEAD speed tests

Wu Fengguang (1):
crypto: qat - fix simple_return.cocci warnings

Documentation/DocBook/crypto-API.tmpl | 8 +-
.../devicetree/bindings/crypto/fsl-sec4.txt | 17 +
.../devicetree/bindings/crypto/sun4i-ss.txt | 23 +
MAINTAINERS | 24 +-
arch/arm/boot/dts/imx6qdl.dtsi | 29 +-
arch/arm/boot/dts/imx6sx.dtsi | 27 +
arch/arm/boot/dts/sun4i-a10.dtsi | 8 +
arch/arm/boot/dts/sun6i-a31.dtsi | 18 +
arch/arm/boot/dts/sun7i-a20.dtsi | 8 +
arch/arm/configs/imx_v6_v7_defconfig | 3 +-
arch/arm/crypto/.gitignore | 2 +
arch/arm64/crypto/aes-ce-ccm-glue.c | 68 +-
arch/powerpc/include/asm/switch_to.h | 1 +
arch/powerpc/kernel/process.c | 3 -
arch/x86/crypto/Makefile | 6 +
arch/x86/crypto/aesni-intel_glue.c | 53 +-
arch/x86/crypto/chacha20-avx2-x86_64.S | 443 +++
arch/x86/crypto/chacha20-ssse3-x86_64.S | 625 +++++
arch/x86/crypto/chacha20_glue.c | 150 +
arch/x86/crypto/poly1305-avx2-x86_64.S | 386 +++
arch/x86/crypto/poly1305-sse2-x86_64.S | 582 ++++
arch/x86/crypto/poly1305_glue.c | 207 ++
crypto/Kconfig | 40 +-
crypto/Makefile | 3 +-
crypto/aead.c | 635 +----
crypto/algapi.c | 25 +-
crypto/algboss.c | 12 +-
crypto/algif_aead.c | 4 +-
crypto/authenc.c | 580 ++--
crypto/authencesn.c | 716 ++---
crypto/ccm.c | 380 +--
crypto/chacha20_generic.c | 28 +-
crypto/chacha20poly1305.c | 216 +-
crypto/cryptd.c | 23 +-
crypto/crypto_user.c | 32 -
crypto/echainiv.c | 86 +-
crypto/gcm.c | 102 +-
crypto/jitterentropy-kcapi.c | 2 +-
crypto/pcrypt.c | 7 +
crypto/poly1305_generic.c | 73 +-
crypto/rsa.c | 26 +-
crypto/rsa_helper.c | 4 +-
crypto/seqiv.c | 445 +--
crypto/skcipher.c | 245 ++
crypto/tcrypt.c | 82 +-
crypto/tcrypt.h | 20 +
crypto/testmgr.c | 63 +-
crypto/testmgr.h | 2948 +++++++++++++++-----
drivers/clk/imx/clk-imx6q.c | 3 +
drivers/crypto/Kconfig | 17 +
drivers/crypto/Makefile | 1 +
drivers/crypto/amcc/crypto4xx_core.c | 2 +-
drivers/crypto/caam/Kconfig | 10 +-
drivers/crypto/caam/caamalg.c | 2877 ++++++++++---------
drivers/crypto/caam/caamhash.c | 69 +-
drivers/crypto/caam/caamrng.c | 26 +-
drivers/crypto/caam/compat.h | 1 +
drivers/crypto/caam/ctrl.c | 154 +-
drivers/crypto/caam/desc.h | 23 +-
drivers/crypto/caam/desc_constr.h | 2 +-
drivers/crypto/caam/intern.h | 5 +
drivers/crypto/caam/jr.c | 30 +-
drivers/crypto/caam/regs.h | 64 +-
drivers/crypto/caam/sg_sw_sec4.h | 25 +-
drivers/crypto/ccp/ccp-platform.c | 2 +
drivers/crypto/img-hash.c | 2 +-
drivers/crypto/ixp4xx_crypto.c | 312 ++-
drivers/crypto/marvell/cesa.c | 1 -
drivers/crypto/nx/Kconfig | 17 +-
drivers/crypto/nx/Makefile | 8 +-
drivers/crypto/nx/nx-842-crypto.c | 580 ----
drivers/crypto/nx/nx-842-platform.c | 84 -
drivers/crypto/nx/nx-842-powernv.c | 42 +-
drivers/crypto/nx/nx-842-pseries.c | 139 +-
drivers/crypto/nx/nx-842.c | 554 +++-
drivers/crypto/nx/nx-842.h | 65 +-
drivers/crypto/nx/nx-aes-ccm.c | 151 +-
drivers/crypto/nx/nx-aes-ctr.c | 21 -
drivers/crypto/nx/nx-aes-gcm.c | 64 +-
drivers/crypto/nx/nx.c | 30 +-
drivers/crypto/nx/nx.h | 9 +-
drivers/crypto/omap-aes.c | 86 +-
drivers/crypto/picoxcell_crypto.c | 677 ++---
drivers/crypto/qat/Kconfig | 15 +
drivers/crypto/qat/Makefile | 1 +
drivers/crypto/qat/qat_common/.gitignore | 1 +
drivers/crypto/qat/qat_common/Makefile | 8 +
drivers/crypto/qat/qat_common/adf_accel_devices.h | 46 +-
drivers/crypto/qat/qat_common/adf_accel_engine.c | 42 +-
drivers/crypto/qat/qat_common/adf_admin.c | 290 ++
drivers/crypto/qat/qat_common/adf_aer.c | 5 +-
drivers/crypto/qat/qat_common/adf_cfg.c | 9 +-
drivers/crypto/qat/qat_common/adf_cfg_common.h | 3 +-
drivers/crypto/qat/qat_common/adf_common_drv.h | 53 +-
drivers/crypto/qat/qat_common/adf_ctl_drv.c | 6 +-
drivers/crypto/qat/qat_common/adf_dev_mgr.c | 286 +-
.../{qat_dh895xcc => qat_common}/adf_hw_arbiter.c | 37 +-
drivers/crypto/qat/qat_common/adf_init.c | 104 +-
drivers/crypto/qat/qat_common/adf_pf2vf_msg.c | 438 +++
drivers/crypto/qat/qat_common/adf_pf2vf_msg.h | 146 +
drivers/crypto/qat/qat_common/adf_sriov.c | 309 ++
drivers/crypto/qat/qat_common/adf_transport.c | 13 +-
.../qat/qat_common/adf_transport_access_macros.h | 5 +-
drivers/crypto/qat/qat_common/icp_qat_fw.h | 2 +
drivers/crypto/qat/qat_common/icp_qat_fw_pke.h | 112 +
drivers/crypto/qat/qat_common/qat_algs.c | 338 +--
drivers/crypto/qat/qat_common/qat_asym_algs.c | 652 +++++
drivers/crypto/qat/qat_common/qat_crypto.c | 26 +-
drivers/crypto/qat/qat_common/qat_crypto.h | 2 -
drivers/crypto/qat/qat_common/qat_hal.c | 14 +-
drivers/crypto/qat/qat_common/qat_rsakey.asn1 | 5 +
drivers/crypto/qat/qat_common/qat_uclo.c | 27 +-
drivers/crypto/qat/qat_dh895xcc/Makefile | 5 +-
drivers/crypto/qat/qat_dh895xcc/adf_admin.c | 145 -
.../crypto/qat/qat_dh895xcc/adf_dh895xcc_hw_data.c | 38 +-
.../crypto/qat/qat_dh895xcc/adf_dh895xcc_hw_data.h | 12 +-
drivers/crypto/qat/qat_dh895xcc/adf_drv.c | 97 +-
drivers/crypto/qat/qat_dh895xcc/adf_drv.h | 9 -
drivers/crypto/qat/qat_dh895xcc/adf_isr.c | 139 +-
drivers/crypto/qat/qat_dh895xccvf/Makefile | 5 +
.../qat/qat_dh895xccvf/adf_dh895xccvf_hw_data.c | 172 ++
.../qat/qat_dh895xccvf/adf_dh895xccvf_hw_data.h | 68 +
drivers/crypto/qat/qat_dh895xccvf/adf_drv.c | 393 +++
.../qat_admin.c => qat_dh895xccvf/adf_drv.h} | 70 +-
drivers/crypto/qat/qat_dh895xccvf/adf_isr.c | 258 ++
drivers/crypto/sahara.c | 46 +-
drivers/crypto/sunxi-ss/Makefile | 2 +
drivers/crypto/sunxi-ss/sun4i-ss-cipher.c | 542 ++++
drivers/crypto/sunxi-ss/sun4i-ss-core.c | 425 +++
drivers/crypto/sunxi-ss/sun4i-ss-hash.c | 492 ++++
drivers/crypto/sunxi-ss/sun4i-ss.h | 201 ++
drivers/crypto/talitos.c | 618 ++--
drivers/crypto/talitos.h | 8 +-
drivers/crypto/vmx/aes.c | 3 +
drivers/crypto/vmx/aes_cbc.c | 3 +
drivers/crypto/vmx/aes_ctr.c | 11 +-
drivers/crypto/vmx/aesp8-ppc.pl | 34 +-
drivers/crypto/vmx/ghash.c | 4 +
drivers/crypto/vmx/ghashp8-ppc.pl | 6 +
drivers/crypto/vmx/ppc-xlate.pl | 1 +
drivers/pci/quirks.c | 85 +
include/crypto/aead.h | 172 +-
include/crypto/algapi.h | 3 +-
include/crypto/chacha20.h | 25 +
include/crypto/hash.h | 5 +
include/crypto/internal/aead.h | 72 +-
include/crypto/internal/geniv.h | 9 +
include/crypto/internal/skcipher.h | 15 +
include/crypto/poly1305.h | 41 +
include/crypto/skcipher.h | 391 ++-
include/dt-bindings/clock/imx6qdl-clock.h | 5 +-
include/linux/crypto.h | 54 +-
lib/mpi/mpicoder.c | 38 +-
net/xfrm/xfrm_algo.c | 14 +-
154 files changed, 15834 insertions(+), 7538 deletions(-)

Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2015-11-02 08:04:44

by Herbert Xu

Subject: Crypto Update for 4.4

Hi Linus:

Here is the crypto update for 4.4:

API:

* Add support for cipher output IVs in testmgr.
* Add missing crypto_ahash_blocksize helper.
* Mark authenc and des ciphers as not allowed under FIPS.

Algorithms:

* Add CRC support to 842 compression.
* Add keywrap algorithm.
* A number of changes to the akcipher interface:
+ Separate functions for setting public/private keys.
+ Use SG lists.

Drivers:

* Add Intel SHA Extension optimised SHA1 and SHA256.
* Use dma_map_sg instead of custom functions in crypto drivers.
* Add support for STM32 RNG.
* Add support for ST RNG.
* Add Device Tree support to exynos RNG driver.
* Add support for mxs-dcp crypto device on MX6SL.
* Add xts(aes) support to caam.
* Add ctr(aes) and xts(aes) support to qat.
* A large set of fixes from Russell King for the marvell/cesa driver.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git linus


Alexander Kuleshov (1):
crypto: jitterentropy - remove unnecessary information from a comment

Arnd Bergmann (1):
crypto: mxs-dcp - mxs-dcp is an stmp device

Boris BREZILLON (1):
crypto: testmgr - test IV value after a cipher operation

Boris Brezillon (1):
crypto: marvell/cesa - fix memory leak

Catalin Vasile (1):
crypto: caam - add support for acipher xts(aes)

Daniel Thompson (5):
dt-bindings: Document the STM32 HW RNG bindings
hwrng: stm32 - add support for STM32 HW RNG
ARM: dts: stm32f429: Adopt STM32 RNG driver
hwrng: stm32 - Fix build with CONFIG_PM
hwrng: exynos - Fix unbalanced PM runtime get/puts

David Howells (1):
crypto: akcipher - Don't #include crypto/public_key.h as the contents aren't used

Fabio Estevam (6):
crypto: mxs-dcp - Allow MXS_DCP to be used on MX6SL
hwrng: mxc-rnga - Remove unneeded goto label
hwrng: mxc-rnga - Remove uneeded initialization
hwrng: mxc-rnga - Remove unnecessary dev_info message
hwrng: mxc-rnga - Use the preferred format for kzalloc
crypto: caam - Remove unused JUMP_TYPE_MASK definition

Geliang Tang (1):
crypto: skcipher - blkcipher and ablkcipher should it be static

Haren Myneni (1):
crypto: 842 - Add CRC and validation support

Herbert Xu (1):
crypto: ahash - Add crypto_ahash_blocksize

Horia Geant? (1):
crypto: tcrypt - avoid mapping from module image addresses

John Griffin (1):
crypto: qat - don't check for iommu

John Haxby (1):
crypto: testmgr - Disable fips-allowed for authenc() and des() ciphers

Krzysztof Kozlowski (4):
dt-bindings: rng: Describe Exynos4 PRNG bindings
hwrng: exynos - Add timeout for waiting on init done
hwrng: exynos - Fix missing configuration after suspend to RAM
hwrng: exynos - Add Device Tree support

LABBE Corentin (14):
crypto: bfin_crc - replace sg_count by sg_nents
crypto: amcc - replace get_sg_count by sg_nents_for_len
crypto: sahara - replace sahara_sg_length with sg_nents_for_len
crypto: talitos - dma_map_sg can handle chained SG
crypto: caam - dma_map_sg can handle chained SG
crypto: sahara - dma_map_sg can handle chained SG
crypto: qce - dma_map_sg can handle chained SG
crypto: atmel - Check for clk_prepare_enable() return value
crypto: atmel - use devm_xxx() managed function
crypto: ux500 - Use devm_xxx() managed function
crypto: s390/sha - replace raw value by their coresponding define
crypto: sahara - set array of const as const
crypto: n2 - set array of const as const
lib/mpi: clean unused SHA1_DIGEST_LENGTH

Lee Jones (10):
hwrng: doc - Fix device node name reference /dev/hw_random => /dev/hwrng
hwrng: Kconfig - Fix device node name reference /dev/hw_random => /dev/hwrng
hwrng: core - Simplify RNG switching from sysfs
hwrng: st - Provide DT bindings for ST's Random Number Generator
hwrng: st - Add support for ST's HW Random Number Generator
ARM: STi: STiH407: Enable the 2 HW Random Number Generators for STiH4{07, 10}
MAINTAINERS: Add ST's Random Number Generator to the ST entry
hwrng: st: dt: Fix trivial typo in node address
hwrng: st - Use real-world device timings for timeout
hwrng: st - Improve FIFO size/depth description

Luis de Bethencourt (4):
crypto: amcc - Fix module autoload for OF platform driver
crypto: picoxcell - Fix module autoload for OF platform driver
crypto: ux500 - Fix module autoload for OF platform drivers
hwrng: Fix module autoload for OF platform drivers

Nicolas Iooss (1):
crypto: crc32c-pclmul - use .rodata instead of .rotata

Russell King (32):
crypto: marvell/cesa - fix stack smashing in marvell/hash.c
crypto: marvell/cesa - initialise struct mv_cesa_ahash_req
crypto: marvell/cesa - fix wrong hash results
crypto: marvell/cesa - factor out common import/export functions
crypto: marvell/cesa - easier way to get the transform
crypto: marvell/cesa - keep creq->state in CPU endian format at all times
crypto: marvell/cesa - add flag to determine algorithm endianness
crypto: marvell/cesa - fix the bit length endianness
crypto: marvell/cesa - ensure template operation is initialised
crypto: marvell/cesa - const-ify argument to mv_cesa_get_op_cfg()
crypto: marvell/cesa - factor out first fragment decisions to helper
crypto: marvell/cesa - factor out adding an operation and launching it
crypto: marvell/cesa - always ensure mid-fragments after first-fragment
crypto: marvell/cesa - move mv_cesa_dma_add_frag() calls
crypto: marvell/cesa - use presence of scatterlist to determine data load
crypto: marvell/cesa - ensure iter.base.op_len is the full op length
crypto: marvell/cesa - avoid adding final operation within loop
crypto: marvell/cesa - rearrange last request handling
crypto: marvell/cesa - rearrange handling for hw finished hashes
crypto: marvell/cesa - rearrange handling for sw padded hashes
crypto: marvell/cesa - fix first-fragment handling in mv_cesa_ahash_dma_last_req()
crypto: caam - print errno code when hash registration fails
crypto: caam - avoid needlessly saving and restoring caam_hash_ctx
crypto: caam - fix non-block aligned hash calculation
crypto: caam - only export the state we really need to export
crypto: caam - fix indentation of close braces
crypto: marvell/cesa - use readl_relaxed()/writel_relaxed()
crypto: marvell/cesa - use dma_addr_t for cur_dma
crypto: marvell/cesa - use gfp_t for gfp flags
crypto: marvell/cesa - use memcpy_fromio()/memcpy_toio()
crypto: marvell/cesa - fix missing cpu_to_le32() in mv_cesa_dma_add_op()
crypto: marvell/cesa - use __le32 for hardware descriptors

Sowmini Varadhan (2):
crypto: pkcs7 - Fix unaligned access in pkcs7_verify()
crypto: asymmetric_keys - Fix unaligned access in x509_get_sig_params()

Stephan Mueller (4):
crypto: keywrap - add key wrapping block chaining mode
crypto: keywrap - enable compilation
crypto: keywrap - add testmgr support
lib/mpi: fix off by one in mpi_read_raw_from_sgl

Tadeusz Struk (7):
crypto: qat - Add load balancing across devices
crypto: qat - remove empty functions and turn qat_uregister fn to void
crypto: qat - add support for ctr(aes) and xts(aes)
crypto: qat - remove unneeded variable
lib/mpi: Add mpi sgl helpers
crypto: akcipher - Changes to asymmetric key API
crypto: qat - fix crypto_get_instance_node function

Thomas Petazzoni (1):
MAINTAINERS: add maintainers for the Marvell Crypto driver

Tom Lendacky (4):
crypto: ccp - Replace BUG_ON with WARN_ON and a return code
crypto: ccp - Remove use ACPI field
crypto: ccp - Change references to accelerator to offload
crypto: ccp - Use module name in driver structures

Vaishali Thakkar (1):
hwrng: octeon - Use devm_hwrng_register

sudip (1):
crypto: asymmetric_keys - remove always false comparison

tim (7):
crypto: x86/sha - Intel SHA Extensions optimized SHA1 transform function
crypto: x86/sha - Intel SHA Extensions optimized SHA256 transform function
crypto: x86/sha - glue code for Intel SHA extensions optimized SHA1 & SHA256
crypto: x86/sha - Add build support for Intel SHA Extensions optimized SHA1 and SHA256
crypto: x86/sha - Restructure x86 sha1 glue code to expose all the available sha1 transforms
crypto: x86/sha - Restructure x86 sha256 glue code to expose all the available sha256 transforms
crypto: x86/sha - Restructure x86 sha512 glue code to expose all the available sha512 transforms

.../bindings/rng/samsung,exynos-rng4.txt | 17 +
Documentation/devicetree/bindings/rng/st,rng.txt | 15 +
.../devicetree/bindings/rng/st,stm32-rng.txt | 21 +
Documentation/hw_random.txt | 8 +-
MAINTAINERS | 8 +
arch/arm/boot/dts/stih407-family.dtsi | 14 +
arch/arm/boot/dts/stm32f429.dtsi | 7 +
arch/s390/crypto/sha.h | 2 +-
arch/x86/Makefile | 6 +-
arch/x86/crypto/Makefile | 8 +
arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 2 +-
arch/x86/crypto/sha1_ni_asm.S | 302 +++++++++++++
arch/x86/crypto/sha1_ssse3_glue.c | 314 ++++++++++---
arch/x86/crypto/sha256_ni_asm.S | 353 +++++++++++++++
arch/x86/crypto/sha256_ssse3_glue.c | 329 ++++++++++++--
arch/x86/crypto/sha512_ssse3_glue.c | 249 +++++++++--
crypto/Kconfig | 17 +-
crypto/Makefile | 10 +-
crypto/akcipher.c | 1 -
crypto/asymmetric_keys/pkcs7_verify.c | 5 +-
crypto/asymmetric_keys/x509_cert_parser.c | 6 +-
crypto/asymmetric_keys/x509_public_key.c | 5 +-
crypto/jitterentropy-kcapi.c | 4 -
crypto/keywrap.c | 419 +++++++++++++++++
crypto/rsa.c | 83 ++--
crypto/rsa_helper.c | 42 +-
crypto/rsakey.asn1 | 5 -
crypto/rsaprivkey.asn1 | 11 +
crypto/rsapubkey.asn1 | 4 +
crypto/skcipher.c | 4 +-
crypto/tcrypt.c | 17 +-
crypto/testmgr.c | 83 ++--
crypto/testmgr.h | 77 +++-
drivers/char/hw_random/Kconfig | 24 +-
drivers/char/hw_random/Makefile | 2 +
drivers/char/hw_random/core.c | 2 +-
drivers/char/hw_random/exynos-rng.c | 58 ++-
drivers/char/hw_random/mxc-rnga.c | 14 +-
drivers/char/hw_random/octeon-rng.c | 12 +-
drivers/char/hw_random/pasemi-rng.c | 1 +
drivers/char/hw_random/ppc4xx-rng.c | 1 +
drivers/char/hw_random/st-rng.c | 151 +++++++
drivers/char/hw_random/stm32-rng.c | 202 +++++++++
drivers/crypto/Kconfig | 5 +-
drivers/crypto/amcc/crypto4xx_core.c | 23 +-
drivers/crypto/atmel-aes.c | 44 +-
drivers/crypto/atmel-sha.c | 33 +-
drivers/crypto/atmel-tdes.c | 35 +-
drivers/crypto/bfin_crc.c | 25 +-
drivers/crypto/caam/caamalg.c | 232 +++++++---
drivers/crypto/caam/caamhash.c | 131 +++---
drivers/crypto/caam/desc.h | 1 -
drivers/crypto/caam/sg_sw_sec4.h | 72 +--
drivers/crypto/ccp/Kconfig | 13 +-
drivers/crypto/ccp/ccp-crypto-aes-cmac.c | 20 +-
drivers/crypto/ccp/ccp-crypto-main.c | 6 +-
drivers/crypto/ccp/ccp-crypto-sha.c | 13 +
drivers/crypto/ccp/ccp-ops.c | 108 +++--
drivers/crypto/ccp/ccp-pci.c | 2 +-
drivers/crypto/ccp/ccp-platform.c | 6 +-
drivers/crypto/marvell/cesa.h | 55 ++-
drivers/crypto/marvell/cipher.c | 13 +-
drivers/crypto/marvell/hash.c | 471 ++++++++++----------
drivers/crypto/marvell/tdma.c | 42 +-
drivers/crypto/n2_core.c | 2 +-
drivers/crypto/nx/nx-842-powernv.c | 4 +-
drivers/crypto/nx/nx-842-pseries.c | 8 +-
drivers/crypto/picoxcell_crypto.c | 1 +
drivers/crypto/qat/qat_common/Makefile | 12 +-
drivers/crypto/qat/qat_common/adf_common_drv.h | 4 +-
drivers/crypto/qat/qat_common/adf_ctl_drv.c | 6 -
drivers/crypto/qat/qat_common/adf_init.c | 8 +-
drivers/crypto/qat/qat_common/adf_sriov.c | 7 +-
drivers/crypto/qat/qat_common/qat_algs.c | 178 +++++---
drivers/crypto/qat/qat_common/qat_asym_algs.c | 213 ++++++---
drivers/crypto/qat/qat_common/qat_crypto.c | 79 ++--
drivers/crypto/qat/qat_common/qat_hal.c | 5 +-
drivers/crypto/qat/qat_common/qat_rsakey.asn1 | 5 -
drivers/crypto/qat/qat_common/qat_rsaprivkey.asn1 | 11 +
drivers/crypto/qat/qat_common/qat_rsapubkey.asn1 | 4 +
drivers/crypto/qce/ablkcipher.c | 30 +-
drivers/crypto/qce/cipher.h | 4 -
drivers/crypto/qce/dma.c | 52 ---
drivers/crypto/qce/dma.h | 5 -
drivers/crypto/qce/sha.c | 18 +-
drivers/crypto/qce/sha.h | 2 -
drivers/crypto/sahara.c | 108 +----
drivers/crypto/talitos.c | 104 +----
drivers/crypto/ux500/cryp/cryp_core.c | 71 +--
drivers/crypto/ux500/hash/hash_core.c | 50 +--
include/crypto/akcipher.h | 90 +++-
include/crypto/hash.h | 14 +
include/crypto/internal/rsa.h | 7 +-
include/linux/mpi.h | 10 +-
lib/842/842.h | 2 +
lib/842/842_compress.c | 13 +
lib/842/842_decompress.c | 17 +
lib/mpi/mpicoder.c | 199 +++++++++
98 files changed, 4070 insertions(+), 1538 deletions(-)

Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt