Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v3.0.61 2011-05-16T05:12:47Z 2011-05-16T05:12:47Z Andy Lutomirski luto@mit.edu 2011-05-16T05:12:47Z urn:sha1:b23b64516500df6b70fcafb820970f18538252cf Loading fpu without aesni-intel does nothing. Loading aesni-intel without fpu causes modes like xts to fail. (Unloading aesni-intel will restore those modes.) One solution would be to make aesni-intel depend on fpu, but it seems cleaner to just combine the modules. This is probably responsible for bugs like: https://bugzilla.redhat.com/show_bug.cgi?id=589390 Signed-off-by: Andy Lutomirski <luto@mit.edu> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2010-12-28T11:56:26Z Herbert Xu herbert@gondor.apana.org.au 2010-12-28T11:56:26Z urn:sha1:8ad225e8e4f530f500c12ec77fd5a51caf6a2f66 This feature no longer needs the experimental tag. Reported-by: Toralf Förster <toralf.foerster@gmx.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2010-11-29T14:56:03Z Herbert Xu herbert@gondor.apana.org.au 2010-11-29T14:56:03Z urn:sha1:7451708f39db19a8303bb7fb95f00aca9f673cb5 Add missing dependency on NET since we require sockets for our interface. Should really be a select but kconfig doesn't like that: net/Kconfig:6:error: found recursive dependency: NET -> NETWORK_FILESYSTEMS -> AFS_FS -> AF_RXRPC -> CRYPTO -> CRYPTO_USER_API_HASH -> CRYPTO_USER_API -> NET Reported-by: Zimny Lech <napohybelskurwysynom2010@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2010-11-27T08:34:46Z Mathias Krause minipli@googlemail.com 2010-11-27T08:34:46Z urn:sha1:0d258efb6a58fe047197c3b9cff8746bb176d58a The AES-NI instructions are also available in legacy mode so the 32-bit architecture may profit from those, too. To illustrate the performance gain here's a short summary of a dm-crypt speed test on a Core i7 M620 running at 2.67GHz comparing both assembler implementations: x86: i568 aes-ni delta ECB, 256 bit: 93.8 MB/s 123.3 MB/s +31.4% CBC, 256 bit: 84.8 MB/s 262.3 MB/s +209.3% LRW, 256 bit: 108.6 MB/s 222.1 MB/s +104.5% XTS, 256 bit: 105.0 MB/s 205.5 MB/s +95.7% Additionally, due to some minor optimizations, the 64-bit version also got a minor performance gain as seen below: x86-64: old impl. new impl. delta ECB, 256 bit: 121.1 MB/s 123.0 MB/s +1.5% CBC, 256 bit: 285.3 MB/s 290.8 MB/s +1.9% LRW, 256 bit: 263.7 MB/s 265.3 MB/s +0.6% XTS, 256 bit: 251.1 MB/s 255.3 MB/s +1.7% Signed-off-by: Mathias Krause <minipli@googlemail.com> Reviewed-by: Huang Ying <ying.huang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2010-11-26T12:53:59Z Herbert Xu herbert@gondor.apana.org.au 2010-10-19T13:31:55Z urn:sha1:8ff590903d5fc7f5a0a988c38267a3d08e6393a2 This patch adds the af_alg plugin for symmetric key ciphers, corresponding to the ablkcipher kernel operation type. Keys can optionally be set through the setsockopt interface. Once a sendmsg call occurs without MSG_MORE no further writes may be made to the socket until all previous data has been read. IVs and and whether encryption/decryption is performed can be set through the setsockopt interface or as a control message to sendmsg. The interface is completely synchronous, all operations are carried out in recvmsg(2) and will complete prior to the system call returning. The splice(2) interface support reading the user-space data directly without copying (except that the Crypto API itself may copy the data if alignment is off). The recvmsg(2) interface supports directly writing to user-space without additional copying, i.e., the kernel crypto interface will receive the user-space address as its output SG list. Thakns to Miloslav Trmac for reviewing this and contributing fixes and improvements. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: David S. Miller <davem@davemloft.net> 2010-11-19T09:47:58Z Herbert Xu herbert@gondor.apana.org.au 2010-10-19T13:23:00Z urn:sha1:fe869cdb89c95d060c77eea20204d6c91f233b53 This patch adds the af_alg plugin for hash, corresponding to the ahash kernel operation type. Keys can optionally be set through the setsockopt interface. Each sendmsg call will finalise the hash unless sent with a MSG_MORE flag. Partial hash states can be cloned using accept(2). The interface is completely synchronous, all operations will complete prior to the system call returning. Both sendmsg(2) and splice(2) support reading the user-space data directly without copying (except that the Crypto API itself may copy the data if alignment is off). For now only the splice(2) interface supports performing digest instead of init/update/final. In future the sendmsg(2) interface will also be modified to use digest/finup where possible so that hardware that cannot return a partial hash state can still benefit from this interface. Thakns to Miloslav Trmac for reviewing this and contributing fixes and improvements. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: David S. Miller <davem@davemloft.net> Tested-by: Martin Willi <martin@strongswan.org> 2010-11-19T09:47:57Z Herbert Xu herbert@gondor.apana.org.au 2010-10-19T13:12:39Z urn:sha1:03c8efc1ffeb6b82a22c1af8dd908af349563314 This patch creates the backbone of the user-space interface for the Crypto API, through a new socket family AF_ALG. Each session corresponds to one or more connections obtained from that socket. The number depends on the number of inputs/outputs of that particular type of operation. For most types there will be a s ingle connection/file descriptor that is used for both input and output. AEAD is one of the few that require two inputs. Each algorithm type will provide its own implementation that plugs into af_alg. They're keyed using a string such as "skcipher" or "hash". IOW this patch only contains the boring bits that is required to hold everything together. Thakns to Miloslav Trmac for reviewing this and contributing fixes and improvements. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: David S. Miller <davem@davemloft.net> Tested-by: Martin Willi <martin@strongswan.org> 2010-09-12T02:42:47Z Justin P. Mattock justinmattock@gmail.com 2010-09-12T02:42:47Z urn:sha1:6d8de74c5caa3e2ce7c9f19c1004dbc76d7c7edb Below is a patch to update the broken web addresses, in crypto/* that I could locate. Some are just simple typos that needed to be fixed, and some had a change in location altogether.. let me know if any of them need to be changed and such. Signed-off-by: Justin P. Mattock <justinmattock@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2010-09-03T11:17:49Z Chuck Ebbert cebbert@redhat.com 2010-09-03T11:17:49Z urn:sha1:e84c5480b782c4009ef65b0248be7f0864573d7e Signed-off-by: Chuck Ebbert <cebbert@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2010-08-06T02:34:00Z Herbert Xu herbert@gondor.apana.org.au 2010-08-06T02:34:00Z urn:sha1:00ca28a507b215dcd121735f16764ea4173c4ff9 On Thu, Aug 05, 2010 at 07:01:21PM -0700, Linus Torvalds wrote: > On Thu, Aug 5, 2010 at 6:40 PM, Herbert Xu <herbert@gondor.hengli.com.au> wrote: > > > > -config CRYPTO_MANAGER_TESTS > > - bool "Run algolithms' self-tests" > > - default y > > - depends on CRYPTO_MANAGER2 > > +config CRYPTO_MANAGER_DISABLE_TESTS > > + bool "Disable run-time self tests" > > + depends on CRYPTO_MANAGER2 && EMBEDDED > > Why do you still want to force-enable those tests? I was going to > complain about the "default y" anyway, now I'm _really_ complaining, > because you've now made it impossible to disable those tests. Why? As requested, this patch sets the default to y and removes the EMBEDDED dependency. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>