Commit aab66c40 authored by Linus Torvalds's avatar Linus Torvalds

Merge bk://kernel.bkbits.net/davem/net-2.6

into ppc970.osdl.org:/home/torvalds/v2.6/linux
parents 1332bcc3 f533ba4b
...@@ -227,6 +227,9 @@ TEA/XTEA algorithm contributors: ...@@ -227,6 +227,9 @@ TEA/XTEA algorithm contributors:
Khazad algorithm contributors: Khazad algorithm contributors:
Aaron Grothe Aaron Grothe
Whirlpool algorithm contributors:
Aaron Grothe
Generic scatterwalk code by Adam J. Richter <adam@yggdrasil.com> Generic scatterwalk code by Adam J. Richter <adam@yggdrasil.com>
Please send any credits updates or corrections to: Please send any credits updates or corrections to:
......
...@@ -67,6 +67,21 @@ config CRYPTO_SHA512 ...@@ -67,6 +67,21 @@ config CRYPTO_SHA512
This code also includes SHA-384, a 384 bit hash with 192 bits This code also includes SHA-384, a 384 bit hash with 192 bits
of security against collision attacks. of security against collision attacks.
config CRYPTO_WHIRLPOOL
tristate "Whirlpool digest algorithm"
depends on CRYPTO
help
Whirlpool hash algorithm.
Whirlpool is part of the NESSIE cryptographic primtives.
Whirlpool works on messages shorter than 2^256 bits and
produces a 512 bit hash.
Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
See also:
http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html
config CRYPTO_DES config CRYPTO_DES
tristate "DES and Triple DES EDE cipher algorithms" tristate "DES and Triple DES EDE cipher algorithms"
depends on CRYPTO depends on CRYPTO
......
...@@ -14,6 +14,7 @@ obj-$(CONFIG_CRYPTO_MD5) += md5.o ...@@ -14,6 +14,7 @@ obj-$(CONFIG_CRYPTO_MD5) += md5.o
obj-$(CONFIG_CRYPTO_SHA1) += sha1.o obj-$(CONFIG_CRYPTO_SHA1) += sha1.o
obj-$(CONFIG_CRYPTO_SHA256) += sha256.o obj-$(CONFIG_CRYPTO_SHA256) += sha256.o
obj-$(CONFIG_CRYPTO_SHA512) += sha512.o obj-$(CONFIG_CRYPTO_SHA512) += sha512.o
obj-$(CONFIG_CRYPTO_WHIRLPOOL) += whirlpool.o
obj-$(CONFIG_CRYPTO_DES) += des.o obj-$(CONFIG_CRYPTO_DES) += des.o
obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish.o obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish.o
obj-$(CONFIG_CRYPTO_TWOFISH) += twofish.o obj-$(CONFIG_CRYPTO_TWOFISH) += twofish.o
......
...@@ -61,7 +61,8 @@ static char *tvmem; ...@@ -61,7 +61,8 @@ static char *tvmem;
static char *check[] = { static char *check[] = {
"des", "md5", "des3_ede", "rot13", "sha1", "sha256", "blowfish", "des", "md5", "des3_ede", "rot13", "sha1", "sha256", "blowfish",
"twofish", "serpent", "sha384", "sha512", "md4", "aes", "cast6", "twofish", "serpent", "sha384", "sha512", "md4", "aes", "cast6",
"arc4", "michael_mic", "deflate", "crc32c", "tea", "xtea", NULL "arc4", "michael_mic", "deflate", "crc32c", "tea", "xtea",
"whirlpool", NULL
}; };
static void static void
...@@ -680,6 +681,7 @@ do_test(void) ...@@ -680,6 +681,7 @@ do_test(void)
test_hash("sha384", sha384_tv_template, SHA384_TEST_VECTORS); test_hash("sha384", sha384_tv_template, SHA384_TEST_VECTORS);
test_hash("sha512", sha512_tv_template, SHA512_TEST_VECTORS); test_hash("sha512", sha512_tv_template, SHA512_TEST_VECTORS);
test_hash("whirlpool", whirlpool_tv_template, WHIRLPOOL_TEST_VECTORS);
test_deflate(); test_deflate();
test_crc32c(); test_crc32c();
#ifdef CONFIG_CRYPTO_HMAC #ifdef CONFIG_CRYPTO_HMAC
...@@ -791,6 +793,11 @@ do_test(void) ...@@ -791,6 +793,11 @@ do_test(void)
test_cipher ("khazad", MODE_ECB, DECRYPT, khazad_dec_tv_template, KHAZAD_DEC_TEST_VECTORS); test_cipher ("khazad", MODE_ECB, DECRYPT, khazad_dec_tv_template, KHAZAD_DEC_TEST_VECTORS);
break; break;
case 22:
test_hash("whirlpool", whirlpool_tv_template, WHIRLPOOL_TEST_VECTORS);
break;
#ifdef CONFIG_CRYPTO_HMAC #ifdef CONFIG_CRYPTO_HMAC
case 100: case 100:
test_hmac("md5", hmac_md5_tv_template, HMAC_MD5_TEST_VECTORS); test_hmac("md5", hmac_md5_tv_template, HMAC_MD5_TEST_VECTORS);
......
...@@ -301,6 +301,110 @@ struct hash_testvec sha512_tv_template[] = { ...@@ -301,6 +301,110 @@ struct hash_testvec sha512_tv_template[] = {
}, },
}; };
/*
* WHIRLPOOL test vectors from Whirlpool package
* by Vincent Rijmen and Paulo S. L. M. Barreto as part of the NESSIE
* submission
*/
#define WHIRLPOOL_TEST_VECTORS 8
struct hash_testvec whirlpool_tv_template[] = {
{
.plaintext = "",
.psize = 0,
.digest = { 0x19, 0xFA, 0x61, 0xD7, 0x55, 0x22, 0xA4, 0x66,
0x9B, 0x44, 0xE3, 0x9C, 0x1D, 0x2E, 0x17, 0x26,
0xC5, 0x30, 0x23, 0x21, 0x30, 0xD4, 0x07, 0xF8,
0x9A, 0xFE, 0xE0, 0x96, 0x49, 0x97, 0xF7, 0xA7,
0x3E, 0x83, 0xBE, 0x69, 0x8B, 0x28, 0x8F, 0xEB,
0xCF, 0x88, 0xE3, 0xE0, 0x3C, 0x4F, 0x07, 0x57,
0xEA, 0x89, 0x64, 0xE5, 0x9B, 0x63, 0xD9, 0x37,
0x08, 0xB1, 0x38, 0xCC, 0x42, 0xA6, 0x6E, 0xB3 },
}, {
.plaintext = "a",
.psize = 1,
.digest = { 0x8A, 0xCA, 0x26, 0x02, 0x79, 0x2A, 0xEC, 0x6F,
0x11, 0xA6, 0x72, 0x06, 0x53, 0x1F, 0xB7, 0xD7,
0xF0, 0xDF, 0xF5, 0x94, 0x13, 0x14, 0x5E, 0x69,
0x73, 0xC4, 0x50, 0x01, 0xD0, 0x08, 0x7B, 0x42,
0xD1, 0x1B, 0xC6, 0x45, 0x41, 0x3A, 0xEF, 0xF6,
0x3A, 0x42, 0x39, 0x1A, 0x39, 0x14, 0x5A, 0x59,
0x1A, 0x92, 0x20, 0x0D, 0x56, 0x01, 0x95, 0xE5,
0x3B, 0x47, 0x85, 0x84, 0xFD, 0xAE, 0x23, 0x1A },
}, {
.plaintext = "abc",
.psize = 3,
.digest = { 0x4E, 0x24, 0x48, 0xA4, 0xC6, 0xF4, 0x86, 0xBB,
0x16, 0xB6, 0x56, 0x2C, 0x73, 0xB4, 0x02, 0x0B,
0xF3, 0x04, 0x3E, 0x3A, 0x73, 0x1B, 0xCE, 0x72,
0x1A, 0xE1, 0xB3, 0x03, 0xD9, 0x7E, 0x6D, 0x4C,
0x71, 0x81, 0xEE, 0xBD, 0xB6, 0xC5, 0x7E, 0x27,
0x7D, 0x0E, 0x34, 0x95, 0x71, 0x14, 0xCB, 0xD6,
0xC7, 0x97, 0xFC, 0x9D, 0x95, 0xD8, 0xB5, 0x82,
0xD2, 0x25, 0x29, 0x20, 0x76, 0xD4, 0xEE, 0xF5 },
}, {
.plaintext = "message digest",
.psize = 14,
.digest = { 0x37, 0x8C, 0x84, 0xA4, 0x12, 0x6E, 0x2D, 0xC6,
0xE5, 0x6D, 0xCC, 0x74, 0x58, 0x37, 0x7A, 0xAC,
0x83, 0x8D, 0x00, 0x03, 0x22, 0x30, 0xF5, 0x3C,
0xE1, 0xF5, 0x70, 0x0C, 0x0F, 0xFB, 0x4D, 0x3B,
0x84, 0x21, 0x55, 0x76, 0x59, 0xEF, 0x55, 0xC1,
0x06, 0xB4, 0xB5, 0x2A, 0xC5, 0xA4, 0xAA, 0xA6,
0x92, 0xED, 0x92, 0x00, 0x52, 0x83, 0x8F, 0x33,
0x62, 0xE8, 0x6D, 0xBD, 0x37, 0xA8, 0x90, 0x3E },
}, {
.plaintext = "abcdefghijklmnopqrstuvwxyz",
.psize = 26,
.digest = { 0xF1, 0xD7, 0x54, 0x66, 0x26, 0x36, 0xFF, 0xE9,
0x2C, 0x82, 0xEB, 0xB9, 0x21, 0x2A, 0x48, 0x4A,
0x8D, 0x38, 0x63, 0x1E, 0xAD, 0x42, 0x38, 0xF5,
0x44, 0x2E, 0xE1, 0x3B, 0x80, 0x54, 0xE4, 0x1B,
0x08, 0xBF, 0x2A, 0x92, 0x51, 0xC3, 0x0B, 0x6A,
0x0B, 0x8A, 0xAE, 0x86, 0x17, 0x7A, 0xB4, 0xA6,
0xF6, 0x8F, 0x67, 0x3E, 0x72, 0x07, 0x86, 0x5D,
0x5D, 0x98, 0x19, 0xA3, 0xDB, 0xA4, 0xEB, 0x3B },
}, {
.plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz0123456789",
.psize = 62,
.digest = { 0xDC, 0x37, 0xE0, 0x08, 0xCF, 0x9E, 0xE6, 0x9B,
0xF1, 0x1F, 0x00, 0xED, 0x9A, 0xBA, 0x26, 0x90,
0x1D, 0xD7, 0xC2, 0x8C, 0xDE, 0xC0, 0x66, 0xCC,
0x6A, 0xF4, 0x2E, 0x40, 0xF8, 0x2F, 0x3A, 0x1E,
0x08, 0xEB, 0xA2, 0x66, 0x29, 0x12, 0x9D, 0x8F,
0xB7, 0xCB, 0x57, 0x21, 0x1B, 0x92, 0x81, 0xA6,
0x55, 0x17, 0xCC, 0x87, 0x9D, 0x7B, 0x96, 0x21,
0x42, 0xC6, 0x5F, 0x5A, 0x7A, 0xF0, 0x14, 0x67 },
}, {
.plaintext = "1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890",
.psize = 80,
.digest = { 0x46, 0x6E, 0xF1, 0x8B, 0xAB, 0xB0, 0x15, 0x4D,
0x25, 0xB9, 0xD3, 0x8A, 0x64, 0x14, 0xF5, 0xC0,
0x87, 0x84, 0x37, 0x2B, 0xCC, 0xB2, 0x04, 0xD6,
0x54, 0x9C, 0x4A, 0xFA, 0xDB, 0x60, 0x14, 0x29,
0x4D, 0x5B, 0xD8, 0xDF, 0x2A, 0x6C, 0x44, 0xE5,
0x38, 0xCD, 0x04, 0x7B, 0x26, 0x81, 0xA5, 0x1A,
0x2C, 0x60, 0x48, 0x1E, 0x88, 0xC5, 0xA2, 0x0B,
0x2C, 0x2A, 0x80, 0xCF, 0x3A, 0x9A, 0x08, 0x3B },
}, {
.plaintext = "abcdbcdecdefdefgefghfghighijhijk",
.psize = 32,
.digest = { 0x2A, 0x98, 0x7E, 0xA4, 0x0F, 0x91, 0x70, 0x61,
0xF5, 0xD6, 0xF0, 0xA0, 0xE4, 0x64, 0x4F, 0x48,
0x8A, 0x7A, 0x5A, 0x52, 0xDE, 0xEE, 0x65, 0x62,
0x07, 0xC5, 0x62, 0xF9, 0x88, 0xE9, 0x5C, 0x69,
0x16, 0xBD, 0xC8, 0x03, 0x1B, 0xC5, 0xBE, 0x1B,
0x7B, 0x94, 0x76, 0x39, 0xFE, 0x05, 0x0B, 0x56,
0x93, 0x9B, 0xAA, 0xA0, 0xAD, 0xFF, 0x9A, 0xE6,
0x74, 0x5B, 0x7B, 0x18, 0x1C, 0x3B, 0xE3, 0xFD },
},
};
#ifdef CONFIG_CRYPTO_HMAC #ifdef CONFIG_CRYPTO_HMAC
/* /*
* HMAC-MD5 test vectors from RFC2202 * HMAC-MD5 test vectors from RFC2202
......
This diff is collapsed.
...@@ -428,6 +428,7 @@ u16 xfrm_flowi_sport(struct flowi *fl) ...@@ -428,6 +428,7 @@ u16 xfrm_flowi_sport(struct flowi *fl)
switch(fl->proto) { switch(fl->proto) {
case IPPROTO_TCP: case IPPROTO_TCP:
case IPPROTO_UDP: case IPPROTO_UDP:
case IPPROTO_SCTP:
port = fl->fl_ip_sport; port = fl->fl_ip_sport;
break; break;
case IPPROTO_ICMP: case IPPROTO_ICMP:
...@@ -447,6 +448,7 @@ u16 xfrm_flowi_dport(struct flowi *fl) ...@@ -447,6 +448,7 @@ u16 xfrm_flowi_dport(struct flowi *fl)
switch(fl->proto) { switch(fl->proto) {
case IPPROTO_TCP: case IPPROTO_TCP:
case IPPROTO_UDP: case IPPROTO_UDP:
case IPPROTO_SCTP:
port = fl->fl_ip_dport; port = fl->fl_ip_dport;
break; break;
case IPPROTO_ICMP: case IPPROTO_ICMP:
......
...@@ -15,6 +15,7 @@ ...@@ -15,6 +15,7 @@
#include <net/ip.h> #include <net/ip.h>
#include <net/checksum.h> #include <net/checksum.h>
#include <linux/netfilter.h> #include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter_ipv4/ip_conntrack.h> #include <linux/netfilter_ipv4/ip_conntrack.h>
#include <linux/netfilter_ipv4/ip_conntrack_core.h> #include <linux/netfilter_ipv4/ip_conntrack_core.h>
#include <linux/netfilter_ipv4/ip_conntrack_protocol.h> #include <linux/netfilter_ipv4/ip_conntrack_protocol.h>
......
...@@ -33,6 +33,7 @@ ...@@ -33,6 +33,7 @@
#include <net/tcp.h> #include <net/tcp.h>
#include <linux/netfilter.h> #include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter_ipv4/ip_conntrack.h> #include <linux/netfilter_ipv4/ip_conntrack.h>
#include <linux/netfilter_ipv4/ip_conntrack_protocol.h> #include <linux/netfilter_ipv4/ip_conntrack_protocol.h>
#include <linux/netfilter_ipv4/lockhelp.h> #include <linux/netfilter_ipv4/lockhelp.h>
......
...@@ -14,6 +14,7 @@ ...@@ -14,6 +14,7 @@
#include <linux/udp.h> #include <linux/udp.h>
#include <net/checksum.h> #include <net/checksum.h>
#include <linux/netfilter.h> #include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter_ipv4/ip_conntrack_protocol.h> #include <linux/netfilter_ipv4/ip_conntrack_protocol.h>
unsigned long ip_ct_udp_timeout = 30*HZ; unsigned long ip_ct_udp_timeout = 30*HZ;
......
...@@ -58,8 +58,7 @@ static void xfrm4_encap(struct sk_buff *skb) ...@@ -58,8 +58,7 @@ static void xfrm4_encap(struct sk_buff *skb)
if (!top_iph->frag_off) if (!top_iph->frag_off)
__ip_select_ident(top_iph, dst, 0); __ip_select_ident(top_iph, dst, 0);
/* TTL disclosed */ top_iph->ttl = dst_path_metric(dst, RTAX_HOPLIMIT);
top_iph->ttl = iph->ttl;
top_iph->saddr = x->props.saddr.a4; top_iph->saddr = x->props.saddr.a4;
top_iph->daddr = x->id.daddr.a4; top_iph->daddr = x->id.daddr.a4;
......
...@@ -820,9 +820,12 @@ int ip6_route_add(struct in6_rtmsg *rtmsg, struct nlmsghdr *nlh, void *_rtattr) ...@@ -820,9 +820,12 @@ int ip6_route_add(struct in6_rtmsg *rtmsg, struct nlmsghdr *nlh, void *_rtattr)
*/ */
if ((rtmsg->rtmsg_flags&RTF_REJECT) || if ((rtmsg->rtmsg_flags&RTF_REJECT) ||
(dev && (dev->flags&IFF_LOOPBACK) && !(addr_type&IPV6_ADDR_LOOPBACK))) { (dev && (dev->flags&IFF_LOOPBACK) && !(addr_type&IPV6_ADDR_LOOPBACK))) {
if (dev && dev != &loopback_dev) { /* hold loopback dev/idev if we haven't done so. */
dev_put(dev); if (dev != &loopback_dev) {
in6_dev_put(idev); if (dev) {
dev_put(dev);
in6_dev_put(idev);
}
dev = &loopback_dev; dev = &loopback_dev;
dev_hold(dev); dev_hold(dev);
idev = in6_dev_get(dev); idev = in6_dev_get(dev);
......
...@@ -64,7 +64,7 @@ static void xfrm6_encap(struct sk_buff *skb) ...@@ -64,7 +64,7 @@ static void xfrm6_encap(struct sk_buff *skb)
top_iph->flow_lbl[1] = iph->flow_lbl[1]; top_iph->flow_lbl[1] = iph->flow_lbl[1];
top_iph->flow_lbl[2] = iph->flow_lbl[2]; top_iph->flow_lbl[2] = iph->flow_lbl[2];
top_iph->nexthdr = IPPROTO_IPV6; top_iph->nexthdr = IPPROTO_IPV6;
top_iph->hop_limit = iph->hop_limit; top_iph->hop_limit = dst_path_metric(dst, RTAX_HOPLIMIT);
ipv6_addr_copy(&top_iph->saddr, (struct in6_addr *)&x->props.saddr); ipv6_addr_copy(&top_iph->saddr, (struct in6_addr *)&x->props.saddr);
ipv6_addr_copy(&top_iph->daddr, (struct in6_addr *)&x->id.daddr); ipv6_addr_copy(&top_iph->daddr, (struct in6_addr *)&x->id.daddr);
} }
......
...@@ -2796,7 +2796,7 @@ static void selinux_task_to_inode(struct task_struct *p, ...@@ -2796,7 +2796,7 @@ static void selinux_task_to_inode(struct task_struct *p,
/* Returns error only if unable to parse addresses */ /* Returns error only if unable to parse addresses */
static int selinux_parse_skb_ipv4(struct sk_buff *skb, struct avc_audit_data *ad) static int selinux_parse_skb_ipv4(struct sk_buff *skb, struct avc_audit_data *ad)
{ {
int offset, ihlen, ret; int offset, ihlen, ret = -EINVAL;
struct iphdr _iph, *ih; struct iphdr _iph, *ih;
offset = skb->nh.raw - skb->data; offset = skb->nh.raw - skb->data;
...@@ -2810,6 +2810,7 @@ static int selinux_parse_skb_ipv4(struct sk_buff *skb, struct avc_audit_data *ad ...@@ -2810,6 +2810,7 @@ static int selinux_parse_skb_ipv4(struct sk_buff *skb, struct avc_audit_data *ad
ad->u.net.v4info.saddr = ih->saddr; ad->u.net.v4info.saddr = ih->saddr;
ad->u.net.v4info.daddr = ih->daddr; ad->u.net.v4info.daddr = ih->daddr;
ret = 0;
switch (ih->protocol) { switch (ih->protocol) {
case IPPROTO_TCP: { case IPPROTO_TCP: {
...@@ -2857,7 +2858,7 @@ static int selinux_parse_skb_ipv4(struct sk_buff *skb, struct avc_audit_data *ad ...@@ -2857,7 +2858,7 @@ static int selinux_parse_skb_ipv4(struct sk_buff *skb, struct avc_audit_data *ad
static int selinux_parse_skb_ipv6(struct sk_buff *skb, struct avc_audit_data *ad) static int selinux_parse_skb_ipv6(struct sk_buff *skb, struct avc_audit_data *ad)
{ {
u8 nexthdr; u8 nexthdr;
int ret, offset; int ret = -EINVAL, offset;
struct ipv6hdr _ipv6h, *ip6; struct ipv6hdr _ipv6h, *ip6;
offset = skb->nh.raw - skb->data; offset = skb->nh.raw - skb->data;
...@@ -2867,6 +2868,7 @@ static int selinux_parse_skb_ipv6(struct sk_buff *skb, struct avc_audit_data *ad ...@@ -2867,6 +2868,7 @@ static int selinux_parse_skb_ipv6(struct sk_buff *skb, struct avc_audit_data *ad
ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr); ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr);
ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr); ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr);
ret = 0;
nexthdr = ip6->nexthdr; nexthdr = ip6->nexthdr;
offset += sizeof(_ipv6h); offset += sizeof(_ipv6h);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment