Mark the parts of the cipher interface that have been replaced by
block ciphers as deprecated. Thanks to Andrew Morton for suggesting
doing this before removing them completely.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch adds a const modifier to the buf argument of sg_set_buf and
sg_init_one. This lets people call it with pointers that are const.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch converts IPSec/ESP to use the new block cipher type where
applicable. Similar to the HMAC conversion, existing algorithm names
have been kept for compatibility.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch adds a compatibility name field for each IPsec algorithm. This
is needed when parameterised algorithms are used. For example, "md5" will
become "hmac(md5)", and "aes" will become "cbc(aes)".
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch adds two block cipher algorithms, CBC and ECB. These
are implemented as templates on top of existing single-block cipher
algorithms. They invoke the single-block cipher through the new
encrypt_one/decrypt_one interface.
This also optimises the in-place encryption and decryption to remove
the cost of an IV copy each round.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch adds the new type of block ciphers. Unlike current cipher
algorithms which operate on a single block at a time, block ciphers
operate on an arbitrarily long linear area of data. As it is block-based,
it will skip any data remaining at the end which cannot form a block.
The block cipher has one major difference when compared to the existing
block cipher implementation. The sg walking is now performed by the
algorithm rather than the cipher mid-layer. This is needed for drivers
that directly support sg lists. It also improves performance for all
algorithms as it reduces the total number of indirect calls by one.
In future the existing cipher algorithm will be converted to only have
a single-block interface. This will be done after all existing users
have switched over to the new block cipher type.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch prepares the scatterwalk code for use by the new block cipher
type.
Firstly it halves the size of scatter_walk on 32-bit platforms. This
is important as we allocate at least two of these objects on the stack
for each block cipher operation.
It also exports the symbols since the block cipher code can be built as
a module.
Finally there is a hack in scatterwalk_unmap that relies on progress
being made. Unfortunately, for hardware crypto we can't guarantee
progress to be made since the hardware can fail.
So this also gets rid of the hack by not advancing the address returned
by scatterwalk_map.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch adds two new operations for the simple cipher that encrypts or
decrypts a single block at a time. This will be the main interface after
the existing block operations have moved over to the new block ciphers.
It also adds the crypto_cipher type which is currently only used on the
new operations but will be extended to setkey as well once existing users
have been converted to use block ciphers where applicable.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch adds the crypto_type structure which will be used for all new
crypto algorithm types, beginning with block ciphers.
The primary purpose of this abstraction is to allow different crypto_type
objects for crypto algorithms of the same type, in particular, there will
be a different crypto_type objects for asynchronous algorithms.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Up until now all crypto transforms have been of the same type, struct
crypto_tfm, regardless of whether they are ciphers, digests, or other
types. As a result of that, we check the types at run-time before
each crypto operation.
This is rather cumbersome. We could instead use different C types for
each crypto type to ensure that the correct types are used at compile
time. That is, we would have crypto_cipher/crypto_digest instead of
just crypto_tfm. The appropriate type would then be required for the
actual operations such as crypto_digest_digest.
Now that we have the type/mask fields when looking up algorithms, it
is easy to request for an algorithm of the precise type that the user
wants. However, crypto_alloc_tfm currently does not expose these new
attributes.
This patch introduces the function crypto_alloc_base which will carry
these new parameters. It will be renamed to crypto_alloc_tfm once
all existing users have been converted.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch adds the asynchronous flag and changes all existing users to
only look up algorithms that are synchronous.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch adds the helpers crypto_get_attr_alg and crypto_alloc_instance
which can be used by simple one-argument templates like hmac to process
input parameters and allocate instances.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch makes IV operations on ECB fail through nocrypt_iv rather than
calling BUG(). This is needed to generalise CBC/ECB using the template
mechanism.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Now that the tfm is passed directly to setkey instead of the ctx, we no
longer need to pass the &tfm->crt_flags pointer.
This patch also gets rid of a few unnecessary checks on the key length
for ciphers as the cipher layer guarantees that the key length is within
the bounds specified by the algorithm.
Rather than testing dia_setkey every time, this patch does it only once
during crypto_alloc_tfm. The redundant check from crypto_digest_setkey
is also removed.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Add missing accessors for cra_driver_name and cra_priority.
Signed-off-by: Michal Ludvig <michal@logix.cz>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Spawns lock a specific crypto algorithm in place. They can then be used
with crypto_spawn_tfm to allocate a tfm for that algorithm. When the base
algorithm of a spawn is deregistered, all its spawns will be automatically
removed.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
The cryptomgr module is a simple manager of crypto algorithm instances.
It ensures that parameterised algorithms of the type tmpl(alg) (e.g.,
cbc(aes)) are always created.
This is meant to satisfy the needs for most users. For more complex
cases such as deeper combinations or multiple parameters, a netlink
module will be created which allows arbitrary expressions to be parsed
in user-space.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch adds a notifier chain for algorithm/template registration events.
This will be used to register compound algorithms such as cbc(aes). In
future this will also be passed onto user-space through netlink.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
A crypto_template generates a crypto_alg object when given a set of
parameters. this patch adds the basic data structure fo templates
and code to handle their registration/deregistration.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
The crypto API is made up of the part facing users such as IPsec and the
low-level part which is used by cryptographic entities such as algorithms.
This patch splits out the latter so that the two APIs are more clearly
delineated. As a bonus the low-level API can now be modularised if all
algorithms are built as modules.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The header file linux/crypto.h is only needed by a few files so including
it in net/xfrm.h (which is included by half of the networking stack) is a
waste. This patch moves it out of net/xfrm.h and into the specific header
files that actually need it.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Up until now we've relied on module reference counting to ensure that the
crypto_alg structures don't disappear from under us. This was good enough
as long as each crypto_alg came from exactly one module.
However, with parameterised crypto algorithms a crypto_alg object may need
two or more modules to operate. This means that we need to count the
references to the crypto_alg object directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch splits up the twofish crypto routine into a common part ( key
setup ) which will be uses by all twofish crypto modules ( generic-c , i586
assembler and x86_64 assembler ) and generic-c part. It also creates a new
header file which will be used by all 3 modules.
This eliminates all code duplication.
Correctness was verified with the tcrypt module and automated test scripts.
Signed-off-by: Joachim Fritschi <jfritschi@freenet.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Previously the __aligned__ attribute was added to the crypto_tfm context
member to ensure it is alinged correctly on architectures such as arm.
Unfortunately kmalloc does not use the same minimum alignment rules as
gcc so this is useless.
This patch changes it to use kmalloc's minimum alignment.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* git://git.infradead.org/mtd-2.6:
[MTD] Use SEEK_{SET,CUR,END} instead of hardcoded values in mtdchar lseek()
MTD: Fix bug in fixup_convert_atmel_pri
[JFFS2][SUMMARY] Fix a summary collecting bug.
[PATCH] [MTD] DEVICES: Fill more device IDs in the structure of m25p80
MTD: Add lock/unlock operations for Atmel AT49BV6416
MTD: Convert Atmel PRI information to AMD format
fs/jffs2/xattr.c: remove dead code
[PATCH] [MTD] Maps: Add dependency on alternate probe methods to physmap
[PATCH] MTD: Add Macronix MX29F040 to JEDEC
[MTD] Fixes of performance and stability issues in CFI driver.
block2mtd.c: Make kernel boot command line arguments work (try 4)
[MTD NAND] Fix lookup error in nand_get_flash_type()
remove #error on !PCI from pmc551.c
MTD: [NAND] Fix the sharpsl driver after breakage from a core conversion
[MTD] NAND: OOB buffer offset fixups
make fs/jffs2/nodelist.c:jffs2_obsolete_node_frag() static
[PATCH] [MTD] NAND: fix dead URL in Kconfig
Remove definitions of PAGE_* from the user view
Delete unnecessary comments referring to the size of pages
Only include <asm-generic> if we're in __KERNEL__
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Matthew Wilcox <matthew@wil.cx>
Signed-off-by: Kyle McMartin <kyle@parisc-linux.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
(And reset it on new thread creation)
It turns out that eflags is important to save and restore not just
because of iopl, but due to the magic bits like the NT bit, which we
don't want leaking between different threads.
Tested-by: Mike Galbraith <efault@gmx.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[ATM] CLIP: Do not refer freed skbuff in clip_mkip().
[NET]: Drop tx lock in dev_watchdog_up
[PACKET]: Don't truncate non-linear skbs with mmaped IO
[NET]: Mark frame diverter for future removal.
[NETFILTER]: Add secmark headers to header-y
[ATM]: linux-atm-general mailing list is subscribers only
[ATM]: [he] when transmit fails, unmap the dma regions
[TCP] tcp-lp: update information to MAINTAINERS
[TCP] tcp-lp: bug fix for oops in 2.6.18-rc6
[BRIDGE]: random extra bytes on STP TCN packet
[IPV6]: Accept -1 for IPV6_TCLASS
[IPV6]: Fix tclass setting for raw sockets.
[IPVS]: remove the debug option go ip_vs_ftp
[IPVS]: Make sure ip_vs_ftp ports are valid
[IPVS]: auto-help for ip_vs_ftp
[IPVS]: Document the ports option to ip_vs_ftp in kernel-parameters.txt
[TCP]: Turn ABC off.
[NEIGH]: neigh_table_clear() doesn't free stats
* master.kernel.org:/home/rmk/linux-2.6-arm:
[ARM] 3815/1: headers_install support for ARM
[ARM] 3794/1: S3C24XX: do not defined set_irq_wake when no CONFIG_PM
[ARM] 3793/1: S3C2412: fix wrong serial info struct
[ARM] 3780/1: Fix iop321 cpuid
[ARM] 3786/1: pnx4008: update defconfig
[ARM] 3785/1: S3C2412: Fix idle code as default uses wrong clocks
[ARM] 3784/1: S3C2413: fix config for MACH_S3C2413/MACH_SMDK2413
Move kernel-only #includes into #ifdef __KERNEL__, so that
headers_install target can be used on ARM.
Signed-off-by: Ralph Siemsen <ralphs@netwinder.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
This patch includes xt_SECMARK.h and xt_CONNSECMARK.h to the kernel
headers which are exported via 'make headers_install'. This is needed to
allow userland code to be built correctly with these features.
Please apply, and consider for inclusion with 2.6.18 as a bugfix.
Signed-off-by: James Morris <jmorris@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Alpha currently fails 'make headers_check' in the 2.6.18-rc kernels. This
patch fixes it, by moving the existing #ifdef __KERNEL__ in asm/page.h so that
it covers everything that userspace shouldn't so, and by adding asm/compiler.h
to the list of exported files so that its use within asm/byteorder.h is
successful.
[ Note that at least with GCC 4, <linux/compiler.h> doesn't do the forced
inlining about which there are nasty comments (and a workaround) in
<asm/compiler.h>, unless you set CONFIG_FORCED_INLINING. Rather than keep
the mess you have in <asm/compiler.h> you could perhaps just make sure
CONFIG_FORCED_INLINING=n is also honoured with GCC3, and make sure it cannot
be set for Alpha? ]
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Richard Henderson <rth@twiddle.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
On Tue, 2006-09-12 at 17:44 +0100, David Woodhouse wrote:
> asm-x86_64/elf.h requires asm/processor.h, which does not exist
> asm-x86_64/signal.h requires linux/linkage.h, which does not exist
> asm-x86_64/unistd.h requires linux/linkage.h, which does not exist
> asm-x86_64/vsyscall.h requires linux/seqlock.h, which does not exist
Again, move stuff which shouldn't be visible inside (mostly already existing)
#ifdef __KERNEL__.
This fixes a bunch of mislabelled and unlabelled #endifs in unistd.h and also
cleans that up to conform with what's visible on other architectures, since
the minimal fix for the error reported about would have involved a more
intrusive patch, renesting other ifdefs.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This brings i386 asm/unistd.h into consistency with other architectures by not
exporting functionality which is not necessary.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
On Tue, 2006-09-12 at 17:44 +0100, David Woodhouse wrote:
> asm-ia64/ptrace.h requires asm/asm-offsets.h, which does not exist
> asm-ia64/resource.h requires asm/ustack.h, which does not exist
Hide parts which shouldn't be visible to userspace.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: "Luck, Tony" <tony.luck@intel.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
On Tue, 2006-09-12 at 17:44 +0100, David Woodhouse wrote:
> asm-s390/debug.h requires linux/string.h, which does not exist
> asm-s390/elf.h requires asm/system.h, which does not exist
Move things around slightly so the right things end up within
#ifdef __KERNEL__ and thus don't pollute the exported headers.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Cc: Sam Ravnborg <sam@ravnborg.org>
Acked-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Patch from Ben Dooks
Fix the idle code on the s3c2412 as the default
code is using bits in the CLKCON register that are
no-longer there.
Provide an override for the idle code, and ensure
that the power configuration is set to allow idle
instead of stop or sleep.
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
MIPS asm/page.h unconditionally includes <asm-generic/memory_model.h>, which
doesn't exist in userspace. Move an #endif /* __KERNEL__ */ down a few lines
to prevent that.
Also, remove the broken definition of PAGE_SIZE which is never going to be
correct -- in the absence of PAGE_SIZE, non-broken userspace will fall back to
using sysconf() or getpagesize() instead.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Cc: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
The header file <linux/pfn.h> doesn't exist in userspace and probably
shouldn't -- but it's used unconditionally in <asm-i386/setup.h>. Protect it
with #ifdef __KERNEL__ and move setup.h from $(header-y) to $(unifdef-y) in
Kbuild accordingly.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Some files which don't exist in userspace were being included unconditionally
in asm-i386/elf.h. Move the offending #includes down a few lines so that
they're protected by #ifdef __KERNEL__
In fact, we probably want to kill off all userspace use of asm/elf.h -- but we
aren't there yet, so we should at least make it possible to include it for
now.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Because <linux/linkage.h> doesn't exist in userspace, it should be only
included from within #ifdef __KERNEL__. Move the corresponding #include
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
There's useful stuff in <linux/timex.h> but <asm/timex.h> has nothing for
userspace. Stop exporting it, and include it only from within the existing
#ifdef __KERNEL__ part of <linux/timex.h>
This fixes a 'make headers_check' failure on i386 because asm-i386/timex.h
includes both asm-i386/tsc.h and asm-i386/processor.h, neither of which are
exported to userspace. It's not entirely clear _why_ it includes either of
these, but it does.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
We don't need any of this crap included from the user-visible part of nfs_fs.h
-- remove it all.
In fact, we probably don't need anything but NFS_SUPER_MAGIC to be defined; is
there any need for anything else? And magic numbers should probably move to
<linux/magic.h> rather than being strewn across various fs-specific include
files which exist in userspace for solely that purpose.
With this patch, 'make header_check' works again at least on PowerPC.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Cc: Trond Myklebust <trond.myklebust@fys.uio.no>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This changes the writeX family of functions to have a sync instruction
before the MMIO store rather than after, because the generally expected
behaviour is that the device receiving the MMIO store can be guaranteed
to see the effects of any preceding writes to normal memory.
To preserve ordering between writeX and readX, and to preserve ordering
between preceding stores and the readX, the readX family of functions
have had an sync added before the load.
Although writeX followed by spin_unlock is not officially guaranteed
to keep the writeX inside the spin-locked region unless an mmiowb()
is used, there are currently drivers that depend on the previous
behaviour on powerpc, which was that the mmiowb wasn't actually required.
Therefore we have a per-cpu flag that is set by writeX, cleared by
__raw_spin_lock and mmiowb, and tested by __raw_spin_unlock. If it is
set, __raw_spin_unlock does a sync and clears it.
This changes both 32-bit and 64-bit readX/writeX. 32-bit already has a
sync in __raw_spin_unlock (since lwsync doesn't exist on 32-bit), and thus
doesn't need the per-cpu flag.
Tested on G5 (PPC970) and POWER5.
Signed-off-by: Paul Mackerras <paulus@samba.org>
This is required to generate proper core files using kdump on ppc64.
Create a backup region of 64K size irrespective of the PAGE SIZE.
At present 32K was used as backup size. In the case of 64K page size,
second PT_LOAD segments starts at 32K and the first one is not page
aligned. __ioremap() (crash_dump.c) fails if pfn = 0 which is the
case for the second PT_LOAD segment. This is not an issue for 4K page
size because the the first page (32K backup) is copied to second
kernel memory and thus referencing with the second kernel pfn.
Signed-off-by: Sachin Sant <sachinp@in.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
The sys_[gs]et_robust_list() syscalls were wired up on PowerPC but
didn't work correctly because futex_atomic_cmpxchg_inatomic() wasn't
implemented. Implement it, based on __cmpxchg_u32().
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
* master.kernel.org:/pub/scm/linux/kernel/git/mchehab/v4l-dvb:
V4L/DVB (4608c): Fix I2C dependencies for saa7146 modules
V4L/DVB (4608b): i2c deps fix on DVB
V4L/DVB (4605): Fixes an issue with V4L1 and make headers-install
V4L/DVB (4520): Fix an error when loading bttv driver on PV M4900.
V4L/DVB (4511): Restore tuner_ymec_tvf66t5_b_dff_pal_ranges[] to fix UHF switch functionality
V4L/DVB (4494a): Fix compilation when V4L1 support is not present