Commit dff97d55 authored by David S. Miller's avatar David S. Miller

Merge nuts.ninka.net:/home/davem/src/BK/network-2.5

into nuts.ninka.net:/home/davem/src/BK/net-2.5
parents 90a8d4f3 6fe50d81
...@@ -101,6 +101,14 @@ will not be included in the mainline until around 2011), and be based ...@@ -101,6 +101,14 @@ will not be included in the mainline until around 2011), and be based
on a recognized standard and/or have been subjected to appropriate on a recognized standard and/or have been subjected to appropriate
peer review. peer review.
Also check for any RFCs which may relate to the use of specific algorithms,
as well as general application notes such as RFC2451 ("The ESP CBC-Mode
Cipher Algorithms").
It's a good idea to avoid using lots of macros and use inlined functions
instead, as gcc does a good job with inlining, while excessive use of
macros can cause compilation problems on some platforms.
BUGS BUGS
...@@ -163,7 +171,8 @@ Original developers of the initial set of crypto algorithms: ...@@ -163,7 +171,8 @@ Original developers of the initial set of crypto algorithms:
Dana L. How (DES) Dana L. How (DES)
Andrew Tridgell and Steve French (MD4) Andrew Tridgell and Steve French (MD4)
Colin Plumb (MD5) Colin Plumb (MD5)
Steve Raid (SHA1) Steve Reid (SHA1)
Jean-Luc Cooke (SHA256)
Kazunori Miyazawa / USAGI (HMAC) Kazunori Miyazawa / USAGI (HMAC)
The DES code was subsequently redeveloped by: The DES code was subsequently redeveloped by:
...@@ -172,6 +181,11 @@ The DES code was subsequently redeveloped by: ...@@ -172,6 +181,11 @@ The DES code was subsequently redeveloped by:
Gisle Sælensminde Gisle Sælensminde
Niels Möller Niels Möller
The Blowfish code was subsequently redeveloped by:
Herbert Valerio Riedel
Kyle McMartin
Please send any credits updates or corrections to: Please send any credits updates or corrections to:
James Morris <jmorris@intercode.com.au> James Morris <jmorris@intercode.com.au>
...@@ -29,10 +29,19 @@ config CRYPTO_MD5 ...@@ -29,10 +29,19 @@ config CRYPTO_MD5
MD5 message digest algorithm (RFC1321). MD5 message digest algorithm (RFC1321).
config CRYPTO_SHA1 config CRYPTO_SHA1
tristate "SHA-1 digest algorithm" tristate "SHA1 digest algorithm"
depends on CRYPTO depends on CRYPTO
help help
SHA-1 secure hash standard (FIPS 180-1). SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
config CRYPTO_SHA256
tristate "SHA256 digest algorithm"
depends on CRYPTO
help
SHA256 secure hash standard (DFIPS 180-2).
This version of SHA implements a 256 bit hash with 128 bits of
security against collision attacks.
config CRYPTO_DES config CRYPTO_DES
tristate "DES and Triple DES EDE cipher algorithms" tristate "DES and Triple DES EDE cipher algorithms"
...@@ -40,6 +49,19 @@ config CRYPTO_DES ...@@ -40,6 +49,19 @@ config CRYPTO_DES
help help
DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
config CRYPTO_BLOWFISH
tristate "Blowfish cipher algorithm"
depends on CRYPTO
help
Blowfish cipher algorithm, by Bruce Schneier.
This is a variable key length cipher which can use keys from 32
bits to 448 bits in length. It's fast, simple and specifically
designed for use on "large microprocessors".
See also:
http://www.counterpane.com/blowfish.html
config CRYPTO_TEST config CRYPTO_TEST
tristate "Testing module" tristate "Testing module"
depends on CRYPTO depends on CRYPTO
......
...@@ -12,7 +12,9 @@ obj-$(CONFIG_CRYPTO_HMAC) += hmac.o ...@@ -12,7 +12,9 @@ obj-$(CONFIG_CRYPTO_HMAC) += hmac.o
obj-$(CONFIG_CRYPTO_MD4) += md4.o obj-$(CONFIG_CRYPTO_MD4) += md4.o
obj-$(CONFIG_CRYPTO_MD5) += md5.o obj-$(CONFIG_CRYPTO_MD5) += md5.o
obj-$(CONFIG_CRYPTO_SHA1) += sha1.o obj-$(CONFIG_CRYPTO_SHA1) += sha1.o
obj-$(CONFIG_CRYPTO_SHA256) += sha256.o
obj-$(CONFIG_CRYPTO_DES) += des.o obj-$(CONFIG_CRYPTO_DES) += des.o
obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish.o
obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o
......
...@@ -269,8 +269,12 @@ static int c_show(struct seq_file *m, void *p) ...@@ -269,8 +269,12 @@ static int c_show(struct seq_file *m, void *p)
switch (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) { switch (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) {
case CRYPTO_ALG_TYPE_CIPHER: case CRYPTO_ALG_TYPE_CIPHER:
seq_printf(m, "keysize : %u\n", alg->cra_cipher.cia_keysize); seq_printf(m, "min keysize : %u\n",
seq_printf(m, "ivsize : %u\n", alg->cra_cipher.cia_ivsize); alg->cra_cipher.cia_min_keysize);
seq_printf(m, "max keysize : %u\n",
alg->cra_cipher.cia_max_keysize);
seq_printf(m, "ivsize : %u\n",
alg->cra_cipher.cia_ivsize);
break; break;
case CRYPTO_ALG_TYPE_DIGEST: case CRYPTO_ALG_TYPE_DIGEST:
......
This diff is collapsed.
...@@ -188,8 +188,14 @@ static void ecb_process(struct crypto_tfm *tfm, u8 *block, ...@@ -188,8 +188,14 @@ static void ecb_process(struct crypto_tfm *tfm, u8 *block,
static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen)
{ {
return tfm->__crt_alg->cra_cipher.cia_setkey(tfm->crt_ctx, key, struct cipher_alg *cia = &tfm->__crt_alg->cra_cipher;
keylen, &tfm->crt_flags);
if (keylen < cia->cia_min_keysize || keylen > cia->cia_max_keysize) {
tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
return -EINVAL;
} else
return cia->cia_setkey(tfm->crt_ctx, key, keylen,
&tfm->crt_flags);
} }
static int ecb_encrypt(struct crypto_tfm *tfm, static int ecb_encrypt(struct crypto_tfm *tfm,
......
...@@ -1032,11 +1032,6 @@ static int setkey(u32 *expkey, const u8 *key, unsigned int keylen, u32 *flags) ...@@ -1032,11 +1032,6 @@ static int setkey(u32 *expkey, const u8 *key, unsigned int keylen, u32 *flags)
u32 n, w; u32 n, w;
u8 bits0[56], bits1[56]; u8 bits0[56], bits1[56];
if (keylen != DES_KEY_SIZE) {
*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
return -EINVAL;
}
n = parity[key[0]]; n <<= 4; n = parity[key[0]]; n <<= 4;
n |= parity[key[1]]; n <<= 4; n |= parity[key[1]]; n <<= 4;
n |= parity[key[2]]; n <<= 4; n |= parity[key[2]]; n <<= 4;
...@@ -1208,11 +1203,6 @@ static int des3_ede_setkey(void *ctx, const u8 *key, ...@@ -1208,11 +1203,6 @@ static int des3_ede_setkey(void *ctx, const u8 *key,
unsigned int i, off; unsigned int i, off;
struct des3_ede_ctx *dctx = ctx; struct des3_ede_ctx *dctx = ctx;
if (keylen != DES3_EDE_KEY_SIZE) {
*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
return -EINVAL;
}
if (!(memcmp(key, &key[DES_KEY_SIZE], DES_KEY_SIZE) && if (!(memcmp(key, &key[DES_KEY_SIZE], DES_KEY_SIZE) &&
memcmp(&key[DES_KEY_SIZE], &key[DES_KEY_SIZE * 2], memcmp(&key[DES_KEY_SIZE], &key[DES_KEY_SIZE * 2],
DES_KEY_SIZE))) { DES_KEY_SIZE))) {
...@@ -1256,7 +1246,8 @@ static struct crypto_alg des_alg = { ...@@ -1256,7 +1246,8 @@ static struct crypto_alg des_alg = {
.cra_module = THIS_MODULE, .cra_module = THIS_MODULE,
.cra_list = LIST_HEAD_INIT(des_alg.cra_list), .cra_list = LIST_HEAD_INIT(des_alg.cra_list),
.cra_u = { .cipher = { .cra_u = { .cipher = {
.cia_keysize = DES_KEY_SIZE, .cia_min_keysize = DES_KEY_SIZE,
.cia_max_keysize = DES_KEY_SIZE,
.cia_ivsize = DES_BLOCK_SIZE, .cia_ivsize = DES_BLOCK_SIZE,
.cia_setkey = des_setkey, .cia_setkey = des_setkey,
.cia_encrypt = des_encrypt, .cia_encrypt = des_encrypt,
...@@ -1271,7 +1262,8 @@ static struct crypto_alg des3_ede_alg = { ...@@ -1271,7 +1262,8 @@ static struct crypto_alg des3_ede_alg = {
.cra_module = THIS_MODULE, .cra_module = THIS_MODULE,
.cra_list = LIST_HEAD_INIT(des3_ede_alg.cra_list), .cra_list = LIST_HEAD_INIT(des3_ede_alg.cra_list),
.cra_u = { .cipher = { .cra_u = { .cipher = {
.cia_keysize = DES3_EDE_KEY_SIZE, .cia_min_keysize = DES3_EDE_KEY_SIZE,
.cia_max_keysize = DES3_EDE_KEY_SIZE,
.cia_ivsize = DES3_EDE_BLOCK_SIZE, .cia_ivsize = DES3_EDE_BLOCK_SIZE,
.cia_setkey = des3_ede_setkey, .cia_setkey = des3_ede_setkey,
.cia_encrypt = des3_ede_encrypt, .cia_encrypt = des3_ede_encrypt,
......
...@@ -5,10 +5,10 @@ ...@@ -5,10 +5,10 @@
* *
* Derived from cryptoapi implementation, adapted for in-place * Derived from cryptoapi implementation, adapted for in-place
* scatterlist interface. Originally based on the public domain * scatterlist interface. Originally based on the public domain
* implementation written by Steve Raid. * implementation written by Steve Reid.
* *
* Copyright (c) Alan Smithee. * Copyright (c) Alan Smithee.
* Copyright (c) McDonald <andrew@mcdonald.org.uk> * Copyright (c) Andrew McDonald <andrew@mcdonald.org.uk>
* Copyright (c) Jean-Francois Dive <jef@linuxbe.org> * Copyright (c) Jean-Francois Dive <jef@linuxbe.org>
* *
* This program is free software; you can redistribute it and/or modify it * This program is free software; you can redistribute it and/or modify it
......
This diff is collapsed.
...@@ -46,7 +46,10 @@ static int mode = 0; ...@@ -46,7 +46,10 @@ static int mode = 0;
static char *xbuf; static char *xbuf;
static char *tvmem; static char *tvmem;
static char *check[] = { "des", "md5", "des3_ede", "rot13", "sha1", NULL }; static char *check[] = {
"des", "md5", "des3_ede", "rot13", "sha1", "sha256", "blowfish",
NULL
};
static void static void
hexdump(unsigned char *buf, unsigned int len) hexdump(unsigned char *buf, unsigned int len)
...@@ -289,6 +292,66 @@ test_hmac_sha1(void) ...@@ -289,6 +292,66 @@ test_hmac_sha1(void)
out: out:
crypto_free_tfm(tfm); crypto_free_tfm(tfm);
} }
static void
test_hmac_sha256(void)
{
char *p;
unsigned int i, klen;
struct crypto_tfm *tfm;
struct hmac_sha256_testvec *hmac_sha256_tv;
struct scatterlist sg[2];
unsigned int tsize;
char result[SHA256_DIGEST_SIZE];
tfm = crypto_alloc_tfm("sha256", 0);
if (tfm == NULL) {
printk("failed to load transform for sha256\n");
return;
}
printk("\ntesting hmac_sha256\n");
tsize = sizeof (hmac_sha256_tv_template);
if (tsize > TVMEMSIZE) {
printk("template (%u) too big for tvmem (%u)\n", tsize,
TVMEMSIZE);
goto out;
}
memcpy(tvmem, hmac_sha256_tv_template, tsize);
hmac_sha256_tv = (void *) tvmem;
for (i = 0; i < HMAC_SHA256_TEST_VECTORS; i++) {
printk("test %u:\n", i + 1);
memset(result, 0, sizeof (result));
p = hmac_sha256_tv[i].plaintext;
sg[0].page = virt_to_page(p);
sg[0].offset = ((long) p & ~PAGE_MASK);
sg[0].length = strlen(hmac_sha256_tv[i].plaintext);
klen = strlen(hmac_sha256_tv[i].key);
//printk("DS=%u\n", crypto_tfm_alg_digestsize(tfm));
//printk("K=");
hexdump(hmac_sha256_tv[i].key, strlen(hmac_sha256_tv[i].key));
//printk("P=%s\n", hmac_sha256_tv[i].plaintext);
crypto_hmac(tfm, hmac_sha256_tv[i].key, &klen, sg, 1, result);
//printk("H=");
hexdump(result, crypto_tfm_alg_digestsize(tfm));
printk("%s\n",
memcmp(result, hmac_sha256_tv[i].digest,
crypto_tfm_alg_digestsize(tfm)) ? "fail" : "pass");
}
out:
crypto_free_tfm(tfm);
}
#endif /* CONFIG_CRYPTO_HMAC */ #endif /* CONFIG_CRYPTO_HMAC */
static void static void
...@@ -416,6 +479,82 @@ test_sha1(void) ...@@ -416,6 +479,82 @@ test_sha1(void)
crypto_free_tfm(tfm); crypto_free_tfm(tfm);
} }
static void
test_sha256(void)
{
char *p;
unsigned int i;
struct crypto_tfm *tfm;
struct sha256_testvec *sha256_tv;
struct scatterlist sg[2];
unsigned int tsize;
char result[SHA256_DIGEST_SIZE];
printk("\ntesting sha256\n");
tsize = sizeof (sha256_tv_template);
if (tsize > TVMEMSIZE) {
printk("template (%u) too big for tvmem (%u)\n", tsize,
TVMEMSIZE);
return;
}
memcpy(tvmem, sha256_tv_template, tsize);
sha256_tv = (void *) tvmem;
tfm = crypto_alloc_tfm("sha256", 0);
if (tfm == NULL) {
printk("failed to load transform for sha256\n");
return;
}
for (i = 0; i < SHA256_TEST_VECTORS; i++) {
printk("test %u:\n", i + 1);
memset(result, 0, sizeof (result));
p = sha256_tv[i].plaintext;
sg[0].page = virt_to_page(p);
sg[0].offset = ((long) p & ~PAGE_MASK);
sg[0].length = strlen(sha256_tv[i].plaintext);
crypto_digest_init(tfm);
crypto_digest_update(tfm, sg, 1);
crypto_digest_final(tfm, result);
hexdump(result, crypto_tfm_alg_digestsize(tfm));
printk("%s\n",
memcmp(result, sha256_tv[i].digest,
crypto_tfm_alg_digestsize(tfm)) ? "fail" :
"pass");
}
printk("\ntesting sha256 across pages\n");
/* setup the dummy buffer first */
memset(xbuf, 0, sizeof (xbuf));
memcpy(&xbuf[IDX1], "abcdbcdecdefdefgefghfghighij", 28);
memcpy(&xbuf[IDX2], "hijkijkljklmklmnlmnomnopnopq", 28);
p = &xbuf[IDX1];
sg[0].page = virt_to_page(p);
sg[0].offset = ((long) p & ~PAGE_MASK);
sg[0].length = 28;
p = &xbuf[IDX2];
sg[1].page = virt_to_page(p);
sg[1].offset = ((long) p & ~PAGE_MASK);
sg[1].length = 28;
memset(result, 0, sizeof (result));
crypto_digest_digest(tfm, sg, 2, result);
hexdump(result, crypto_tfm_alg_digestsize(tfm));
printk("%s\n",
memcmp(result, sha256_tv[1].digest,
crypto_tfm_alg_digestsize(tfm)) ? "fail" : "pass");
crypto_free_tfm(tfm);
}
void void
test_des(void) test_des(void)
{ {
...@@ -774,7 +913,7 @@ test_des(void) ...@@ -774,7 +913,7 @@ test_des(void)
hexdump(q, 8); hexdump(q, 8);
printk("%s\n", memcmp(q, des_tv[i].result + 8, 8) ? "fail" : "pass"); printk("%s\n", memcmp(q, des_tv[i].result + 8, 8) ? "fail" : "pass");
printk("\ntesting des ecb encryption chunking scenario D (atomic)\n"); printk("\ntesting des ecb encryption chunking scenario D\n");
/* /*
* Scenario D, torture test, one byte per frag. * Scenario D, torture test, one byte per frag.
...@@ -1013,7 +1152,7 @@ test_des(void) ...@@ -1013,7 +1152,7 @@ test_des(void)
return; return;
} }
printk("\ntesting des cbc encryption (atomic)\n"); printk("\ntesting des cbc encryption\n");
tsize = sizeof (des_cbc_enc_tv_template); tsize = sizeof (des_cbc_enc_tv_template);
if (tsize > TVMEMSIZE) { if (tsize > TVMEMSIZE) {
...@@ -1341,6 +1480,210 @@ test_des3_ede(void) ...@@ -1341,6 +1480,210 @@ test_des3_ede(void)
crypto_free_tfm(tfm); crypto_free_tfm(tfm);
} }
void
test_blowfish(void)
{
unsigned int ret, i;
unsigned int tsize;
char *p, *q;
struct crypto_tfm *tfm;
char *key;
struct bf_tv *bf_tv;
struct scatterlist sg[1];
printk("\ntesting blowfish encryption\n");
tsize = sizeof (bf_enc_tv_template);
if (tsize > TVMEMSIZE) {
printk("template (%u) too big for tvmem (%u)\n", tsize,
TVMEMSIZE);
return;
}
memcpy(tvmem, bf_enc_tv_template, tsize);
bf_tv = (void *) tvmem;
tfm = crypto_alloc_tfm("blowfish", 0);
if (tfm == NULL) {
printk("failed to load transform for blowfish (default ecb)\n");
return;
}
for (i = 0; i < BF_ENC_TEST_VECTORS; i++) {
printk("test %u (%d bit key):\n",
i + 1, bf_tv[i].keylen * 8);
key = bf_tv[i].key;
ret = crypto_cipher_setkey(tfm, key, bf_tv[i].keylen);
if (ret) {
printk("setkey() failed flags=%x\n", tfm->crt_flags);
if (!bf_tv[i].fail)
goto out;
}
p = bf_tv[i].plaintext;
sg[0].page = virt_to_page(p);
sg[0].offset = ((long) p & ~PAGE_MASK);
sg[0].length = bf_tv[i].plen;
ret = crypto_cipher_encrypt(tfm, sg, 1);
if (ret) {
printk("encrypt() failed flags=%x\n", tfm->crt_flags);
goto out;
}
q = kmap(sg[0].page) + sg[0].offset;
hexdump(q, bf_tv[i].rlen);
printk("%s\n", memcmp(q, bf_tv[i].result, bf_tv[i].rlen) ?
"fail" : "pass");
}
printk("\ntesting blowfish decryption\n");
tsize = sizeof (bf_dec_tv_template);
if (tsize > TVMEMSIZE) {
printk("template (%u) too big for tvmem (%u)\n", tsize,
TVMEMSIZE);
return;
}
memcpy(tvmem, bf_dec_tv_template, tsize);
bf_tv = (void *) tvmem;
for (i = 0; i < BF_DEC_TEST_VECTORS; i++) {
printk("test %u (%d bit key):\n",
i + 1, bf_tv[i].keylen * 8);
key = bf_tv[i].key;
ret = crypto_cipher_setkey(tfm, key, bf_tv[i].keylen);
if (ret) {
printk("setkey() failed flags=%x\n", tfm->crt_flags);
if (!bf_tv[i].fail)
goto out;
}
p = bf_tv[i].plaintext;
sg[0].page = virt_to_page(p);
sg[0].offset = ((long) p & ~PAGE_MASK);
sg[0].length = bf_tv[i].plen;
ret = crypto_cipher_decrypt(tfm, sg, 1);
if (ret) {
printk("decrypt() failed flags=%x\n", tfm->crt_flags);
goto out;
}
q = kmap(sg[0].page) + sg[0].offset;
hexdump(q, bf_tv[i].rlen);
printk("%s\n", memcmp(q, bf_tv[i].result, bf_tv[i].rlen) ?
"fail" : "pass");
}
crypto_free_tfm(tfm);
tfm = crypto_alloc_tfm("blowfish", CRYPTO_TFM_MODE_CBC);
if (tfm == NULL) {
printk("failed to load transform for blowfish cbc\n");
return;
}
printk("\ntesting blowfish cbc encryption\n");
tsize = sizeof (bf_cbc_enc_tv_template);
if (tsize > TVMEMSIZE) {
printk("template (%u) too big for tvmem (%u)\n", tsize,
TVMEMSIZE);
goto out;
}
memcpy(tvmem, bf_cbc_enc_tv_template, tsize);
bf_tv = (void *) tvmem;
for (i = 0; i < BF_CBC_ENC_TEST_VECTORS; i++) {
printk("test %u (%d bit key):\n",
i + 1, bf_tv[i].keylen * 8);
key = bf_tv[i].key;
ret = crypto_cipher_setkey(tfm, key, bf_tv[i].keylen);
if (ret) {
printk("setkey() failed flags=%x\n", tfm->crt_flags);
goto out;
}
p = bf_tv[i].plaintext;
sg[0].page = virt_to_page(p);
sg[0].offset = ((long) p & ~PAGE_MASK);
sg[0].length = bf_tv[i].plen;;
crypto_cipher_set_iv(tfm, bf_tv[i].iv,
crypto_tfm_alg_ivsize(tfm));
ret = crypto_cipher_encrypt(tfm, sg, 1);
if (ret) {
printk("blowfish_cbc_encrypt() failed flags=%x\n",
tfm->crt_flags);
goto out;
}
q = kmap(sg[0].page) + sg[0].offset;
hexdump(q, bf_tv[i].rlen);
printk("%s\n", memcmp(q, bf_tv[i].result, bf_tv[i].rlen)
? "fail" : "pass");
}
printk("\ntesting blowfish cbc decryption\n");
tsize = sizeof (bf_cbc_dec_tv_template);
if (tsize > TVMEMSIZE) {
printk("template (%u) too big for tvmem (%u)\n", tsize,
TVMEMSIZE);
goto out;
}
memcpy(tvmem, bf_cbc_dec_tv_template, tsize);
bf_tv = (void *) tvmem;
for (i = 0; i < BF_CBC_ENC_TEST_VECTORS; i++) {
printk("test %u (%d bit key):\n",
i + 1, bf_tv[i].keylen * 8);
key = bf_tv[i].key;
ret = crypto_cipher_setkey(tfm, key, bf_tv[i].keylen);
if (ret) {
printk("setkey() failed flags=%x\n", tfm->crt_flags);
goto out;
}
p = bf_tv[i].plaintext;
sg[0].page = virt_to_page(p);
sg[0].offset = ((long) p & ~PAGE_MASK);
sg[0].length = bf_tv[i].plen;;
crypto_cipher_set_iv(tfm, bf_tv[i].iv,
crypto_tfm_alg_ivsize(tfm));
ret = crypto_cipher_decrypt(tfm, sg, 1);
if (ret) {
printk("blowfish_cbc_decrypt() failed flags=%x\n",
tfm->crt_flags);
goto out;
}
q = kmap(sg[0].page) + sg[0].offset;
hexdump(q, bf_tv[i].rlen);
printk("%s\n", memcmp(q, bf_tv[i].result, bf_tv[i].rlen)
? "fail" : "pass");
}
out:
crypto_free_tfm(tfm);
}
static void static void
test_available(void) test_available(void)
{ {
...@@ -1365,9 +1708,12 @@ do_test(void) ...@@ -1365,9 +1708,12 @@ do_test(void)
test_des(); test_des();
test_des3_ede(); test_des3_ede();
test_md4(); test_md4();
test_sha256();
test_blowfish();
#ifdef CONFIG_CRYPTO_HMAC #ifdef CONFIG_CRYPTO_HMAC
test_hmac_md5(); test_hmac_md5();
test_hmac_sha1(); test_hmac_sha1();
test_hmac_sha256();
#endif #endif
break; break;
...@@ -1391,15 +1737,27 @@ do_test(void) ...@@ -1391,15 +1737,27 @@ do_test(void)
test_md4(); test_md4();
break; break;
case 6:
test_sha256();
break;
case 7:
test_blowfish();
break;
#ifdef CONFIG_CRYPTO_HMAC #ifdef CONFIG_CRYPTO_HMAC
case 100: case 100:
test_hmac_md5(); test_hmac_md5();
break; break;
case 101: case 101:
test_hmac_sha1(); test_hmac_sha1();
break; break;
case 102:
test_hmac_sha256();
break;
#endif #endif
case 1000: case 1000:
......
This diff is collapsed.
...@@ -67,7 +67,8 @@ struct scatterlist; ...@@ -67,7 +67,8 @@ struct scatterlist;
* via crypto_register_alg() and crypto_unregister_alg(). * via crypto_register_alg() and crypto_unregister_alg().
*/ */
struct cipher_alg { struct cipher_alg {
unsigned int cia_keysize; unsigned int cia_min_keysize;
unsigned int cia_max_keysize;
unsigned int cia_ivsize; unsigned int cia_ivsize;
int (*cia_setkey)(void *ctx, const u8 *key, int (*cia_setkey)(void *ctx, const u8 *key,
unsigned int keylen, u32 *flags); unsigned int keylen, u32 *flags);
...@@ -208,9 +209,14 @@ static inline u32 crypto_tfm_alg_type(struct crypto_tfm *tfm) ...@@ -208,9 +209,14 @@ static inline u32 crypto_tfm_alg_type(struct crypto_tfm *tfm)
return tfm->__crt_alg->cra_flags & CRYPTO_ALG_TYPE_MASK; return tfm->__crt_alg->cra_flags & CRYPTO_ALG_TYPE_MASK;
} }
static inline unsigned int crypto_tfm_alg_keysize(struct crypto_tfm *tfm) static inline unsigned int crypto_tfm_alg_min_keysize(struct crypto_tfm *tfm)
{ {
return tfm->__crt_alg->cra_cipher.cia_keysize; return tfm->__crt_alg->cra_cipher.cia_min_keysize;
}
static inline unsigned int crypto_tfm_alg_max_keysize(struct crypto_tfm *tfm)
{
return tfm->__crt_alg->cra_cipher.cia_max_keysize;
} }
static inline unsigned int crypto_tfm_alg_ivsize(struct crypto_tfm *tfm) static inline unsigned int crypto_tfm_alg_ivsize(struct crypto_tfm *tfm)
......
...@@ -391,10 +391,10 @@ config BRIDGE ...@@ -391,10 +391,10 @@ config BRIDGE
for location. Please read the Bridge mini-HOWTO for more for location. Please read the Bridge mini-HOWTO for more
information. information.
Note that if your box acts as a bridge, it probably contains several If you enable iptables support along with the bridge support then you
Ethernet devices, but the kernel is not able to recognize more than turn your bridge into a bridging firewall.
one at boot time without help; for details read the Ethernet-HOWTO, iptables will then see the IP packets being bridged, so you need to
available from in <http://www.linuxdoc.org/docs.html#howto>. take this into account when setting up your firewall rules.
If you want to compile this code as a module ( = code which can be If you want to compile this code as a module ( = code which can be
inserted in and removed from the running kernel whenever you want), inserted in and removed from the running kernel whenever you want),
......
...@@ -98,6 +98,10 @@ void ax25_dev_device_up(struct net_device *dev) ...@@ -98,6 +98,10 @@ void ax25_dev_device_up(struct net_device *dev)
ax25_dev->values[AX25_VALUES_PROTOCOL] = AX25_DEF_PROTOCOL; ax25_dev->values[AX25_VALUES_PROTOCOL] = AX25_DEF_PROTOCOL;
ax25_dev->values[AX25_VALUES_DS_TIMEOUT]= AX25_DEF_DS_TIMEOUT; ax25_dev->values[AX25_VALUES_DS_TIMEOUT]= AX25_DEF_DS_TIMEOUT;
#if defined(CONFIG_AX25_DAMA_SLAVE) || defined(CONFIG_AX25_DAMA_MASTER)
init_timer(&ax25_dev->dama.slave_timer);
#endif
spin_lock_bh(&ax25_dev_lock); spin_lock_bh(&ax25_dev_lock);
ax25_dev->next = ax25_dev_list; ax25_dev->next = ax25_dev_list;
ax25_dev_list = ax25_dev; ax25_dev_list = ax25_dev;
......
...@@ -106,6 +106,8 @@ static struct net_bridge *new_nb(char *name) ...@@ -106,6 +106,8 @@ static struct net_bridge *new_nb(char *name)
memset(br, 0, sizeof(*br)); memset(br, 0, sizeof(*br));
dev = &br->dev; dev = &br->dev;
init_timer(&br->tick);
strncpy(dev->name, name, IFNAMSIZ); strncpy(dev->name, name, IFNAMSIZ);
dev->priv = br; dev->priv = br;
ether_setup(dev); ether_setup(dev);
......
...@@ -172,7 +172,7 @@ static struct packet_type *ptype_all; /* Taps */ ...@@ -172,7 +172,7 @@ static struct packet_type *ptype_all; /* Taps */
#ifdef OFFLINE_SAMPLE #ifdef OFFLINE_SAMPLE
static void sample_queue(unsigned long dummy); static void sample_queue(unsigned long dummy);
static struct timer_list samp_timer = { function: sample_queue }; static struct timer_list samp_timer = TIMER_INITIALIZER(sample_queue, 0, 0);
#endif #endif
#ifdef CONFIG_HOTPLUG #ifdef CONFIG_HOTPLUG
......
...@@ -39,7 +39,7 @@ static void dst_run_gc(unsigned long); ...@@ -39,7 +39,7 @@ static void dst_run_gc(unsigned long);
static void ___dst_free(struct dst_entry * dst); static void ___dst_free(struct dst_entry * dst);
static struct timer_list dst_gc_timer = static struct timer_list dst_gc_timer =
{ data: DST_GC_MIN, function: dst_run_gc }; TIMER_INITIALIZER(dst_run_gc, 0, DST_GC_MIN);
static void dst_run_gc(unsigned long dummy) static void dst_run_gc(unsigned long dummy)
{ {
......
...@@ -34,8 +34,7 @@ long alpha_hi; ...@@ -34,8 +34,7 @@ long alpha_hi;
static void alpha_tick(unsigned long); static void alpha_tick(unsigned long);
static struct timer_list alpha_timer = static struct timer_list alpha_timer = TIMER_INITIALIZER(alpha_tick, 0, 0);
{ .function = alpha_tick };
void alpha_tick(unsigned long dummy) void alpha_tick(unsigned long dummy)
{ {
...@@ -158,7 +157,7 @@ static void whitehole_inject(unsigned long); ...@@ -158,7 +157,7 @@ static void whitehole_inject(unsigned long);
int whitehole_init(struct net_device *dev); int whitehole_init(struct net_device *dev);
static struct timer_list whitehole_timer = static struct timer_list whitehole_timer =
{ .function = whitehole_inject }; TIMER_INITIALIZER(whitehole_inject, 0, 0);
static struct net_device whitehole_dev = { static struct net_device whitehole_dev = {
"whitehole", 0x0, 0x0, 0x0, 0x0, 0, 0, 0, 0, 0, NULL, whitehole_init, }; "whitehole", 0x0, 0x0, 0x0, 0x0, 0, 0, 0, 0, 0, NULL, whitehole_init, };
......
...@@ -109,7 +109,8 @@ static struct dn_rt_hash_bucket *dn_rt_hash_table; ...@@ -109,7 +109,8 @@ static struct dn_rt_hash_bucket *dn_rt_hash_table;
static unsigned dn_rt_hash_mask; static unsigned dn_rt_hash_mask;
static struct timer_list dn_route_timer; static struct timer_list dn_route_timer;
static struct timer_list dn_rt_flush_timer = { .function = dn_run_flush }; static struct timer_list dn_rt_flush_timer =
TIMER_INITIALIZER(dn_run_flush, 0, 0);
int decnet_dst_gc_interval = 2; int decnet_dst_gc_interval = 2;
static struct dst_ops dn_dst_ops = { static struct dst_ops dn_dst_ops = {
...@@ -1260,6 +1261,7 @@ void __init dn_route_init(void) ...@@ -1260,6 +1261,7 @@ void __init dn_route_init(void)
if (!dn_dst_ops.kmem_cachep) if (!dn_dst_ops.kmem_cachep)
panic("DECnet: Failed to allocate dn_dst_cache\n"); panic("DECnet: Failed to allocate dn_dst_cache\n");
init_timer(&dn_route_timer);
dn_route_timer.function = dn_dst_check_expire; dn_route_timer.function = dn_dst_check_expire;
dn_route_timer.expires = jiffies + decnet_dst_gc_interval * HZ; dn_route_timer.expires = jiffies + decnet_dst_gc_interval * HZ;
add_timer(&dn_route_timer); add_timer(&dn_route_timer);
......
...@@ -722,6 +722,7 @@ int inet_getname(struct socket *sock, struct sockaddr *uaddr, ...@@ -722,6 +722,7 @@ int inet_getname(struct socket *sock, struct sockaddr *uaddr,
sin->sin_port = inet->sport; sin->sin_port = inet->sport;
sin->sin_addr.s_addr = addr; sin->sin_addr.s_addr = addr;
} }
memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
*uaddr_len = sizeof(*sin); *uaddr_len = sizeof(*sin);
return 0; return 0;
} }
......
...@@ -430,7 +430,7 @@ static int raw_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, ...@@ -430,7 +430,7 @@ static int raw_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
{ .daddr = daddr, { .daddr = daddr,
.saddr = saddr, .saddr = saddr,
.tos = tos } }, .tos = tos } },
.proto = IPPROTO_RAW }; .proto = inet->hdrincl ? IPPROTO_RAW : sk->protocol };
err = ip_route_output_flow(&rt, &fl, sk, msg->msg_flags&MSG_DONTWAIT); err = ip_route_output_flow(&rt, &fl, sk, msg->msg_flags&MSG_DONTWAIT);
} }
if (err) if (err)
......
...@@ -272,6 +272,25 @@ void xfrm_policy_kill(struct xfrm_policy *policy) ...@@ -272,6 +272,25 @@ void xfrm_policy_kill(struct xfrm_policy *policy)
write_unlock_bh(&policy->lock); write_unlock_bh(&policy->lock);
} }
/* Generate new index... KAME seems to generate them ordered by cost
* of an absolute inpredictability of ordering of rules. This will not pass. */
static u32 xfrm_gen_index(int dir)
{
u32 idx;
struct xfrm_policy *p;
static u32 pol_id;
for (;;) {
idx = (++pol_id ? : ++pol_id);
for (p = xfrm_policy_list[dir]; p; p = p->next) {
if (p->index == idx)
break;
}
if (!p)
return idx;
}
}
int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl)
{ {
struct xfrm_policy *pol, **p; struct xfrm_policy *pol, **p;
...@@ -290,6 +309,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) ...@@ -290,6 +309,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl)
policy->next = pol ? pol->next : NULL; policy->next = pol ? pol->next : NULL;
*p = policy; *p = policy;
xfrm_policy_genid++; xfrm_policy_genid++;
policy->index = pol ? pol->index : xfrm_gen_index(dir);
write_unlock_bh(&xfrm_policy_lock); write_unlock_bh(&xfrm_policy_lock);
if (pol) { if (pol) {
......
#include <net/xfrm.h> #include <net/xfrm.h>
#include <linux/pfkeyv2.h> #include <linux/pfkeyv2.h>
#include <linux/ipsec.h>
/* Each xfrm_state is linked to three tables: /* Each xfrm_state is linked to three tables:
...@@ -91,7 +92,7 @@ void xfrm_state_flush(u8 proto) ...@@ -91,7 +92,7 @@ void xfrm_state_flush(u8 proto)
for (i = 0; i < XFRM_DST_HSIZE; i++) { for (i = 0; i < XFRM_DST_HSIZE; i++) {
restart: restart:
list_for_each_entry(x, xfrm_state_bydst+i, bydst) { list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
if (!proto || x->id.proto == proto) { if (proto == IPSEC_PROTO_ANY || x->id.proto == proto) {
atomic_inc(&x->refcnt); atomic_inc(&x->refcnt);
spin_unlock_bh(&xfrm_state_lock); spin_unlock_bh(&xfrm_state_lock);
...@@ -389,7 +390,7 @@ int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*), ...@@ -389,7 +390,7 @@ int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
spin_lock_bh(&xfrm_state_lock); spin_lock_bh(&xfrm_state_lock);
for (i = 0; i < XFRM_DST_HSIZE; i++) { for (i = 0; i < XFRM_DST_HSIZE; i++) {
list_for_each_entry(x, xfrm_state_bydst+i, bydst) { list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
if (proto == 255 || x->id.proto == proto) if (proto == IPSEC_PROTO_ANY || x->id.proto == proto)
count++; count++;
} }
} }
...@@ -400,7 +401,7 @@ int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*), ...@@ -400,7 +401,7 @@ int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
for (i = 0; i < XFRM_DST_HSIZE; i++) { for (i = 0; i < XFRM_DST_HSIZE; i++) {
list_for_each_entry(x, xfrm_state_bydst+i, bydst) { list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
if (proto != 255 && x->id.proto != proto) if (proto != IPSEC_PROTO_ANY && x->id.proto != proto)
continue; continue;
err = func(x, --count, data); err = func(x, --count, data);
if (err) if (err)
......
...@@ -94,7 +94,8 @@ rwlock_t addrconf_lock = RW_LOCK_UNLOCKED; ...@@ -94,7 +94,8 @@ rwlock_t addrconf_lock = RW_LOCK_UNLOCKED;
static void addrconf_verify(unsigned long); static void addrconf_verify(unsigned long);
static struct timer_list addr_chk_timer = { .function = addrconf_verify }; static struct timer_list addr_chk_timer =
TIMER_INITIALIZER(addrconf_verify, 0, 0);
static spinlock_t addrconf_verify_lock = SPIN_LOCK_UNLOCKED; static spinlock_t addrconf_verify_lock = SPIN_LOCK_UNLOCKED;
static int addrconf_ifdown(struct net_device *dev, int how); static int addrconf_ifdown(struct net_device *dev, int how);
......
...@@ -93,7 +93,7 @@ static struct fib6_node * fib6_repair_tree(struct fib6_node *fn); ...@@ -93,7 +93,7 @@ static struct fib6_node * fib6_repair_tree(struct fib6_node *fn);
static __u32 rt_sernum = 0; static __u32 rt_sernum = 0;
static struct timer_list ip6_fib_timer = { .function = fib6_run_gc }; static struct timer_list ip6_fib_timer = TIMER_INITIALIZER(fib6_run_gc, 0, 0);
static struct fib6_walker_t fib6_walker_list = { static struct fib6_walker_t fib6_walker_list = {
&fib6_walker_list, &fib6_walker_list, &fib6_walker_list, &fib6_walker_list,
......
...@@ -314,7 +314,7 @@ ip6_frag_create(unsigned int hash, u32 id, struct in6_addr *src, struct in6_addr ...@@ -314,7 +314,7 @@ ip6_frag_create(unsigned int hash, u32 id, struct in6_addr *src, struct in6_addr
ipv6_addr_copy(&fq->saddr, src); ipv6_addr_copy(&fq->saddr, src);
ipv6_addr_copy(&fq->daddr, dst); ipv6_addr_copy(&fq->daddr, dst);
/* init_timer has been done by the memset */ init_timer(&fq->timer);
fq->timer.function = ip6_frag_expire; fq->timer.function = ip6_frag_expire;
fq->timer.data = (long) fq; fq->timer.data = (long) fq;
fq->lock = SPIN_LOCK_UNLOCKED; fq->lock = SPIN_LOCK_UNLOCKED;
......
This diff is collapsed.
...@@ -1105,8 +1105,7 @@ PSCHED_WATCHER psched_time_mark; ...@@ -1105,8 +1105,7 @@ PSCHED_WATCHER psched_time_mark;
static void psched_tick(unsigned long); static void psched_tick(unsigned long);
static struct timer_list psched_timer = static struct timer_list psched_timer = TIMER_INITIALIZER(psched_tick, 0, 0);
{ function: psched_tick };
static void psched_tick(unsigned long dummy) static void psched_tick(unsigned long dummy)
{ {
......
...@@ -512,6 +512,7 @@ static struct sock *wanpipe_alloc_socket(void) ...@@ -512,6 +512,7 @@ static struct sock *wanpipe_alloc_socket(void)
/* Use timer to send data to the driver. This will act /* Use timer to send data to the driver. This will act
* as a BH handler for sendmsg functions */ * as a BH handler for sendmsg functions */
init_timer(&wan_opt->tx_timer);
wan_opt->tx_timer.data = (unsigned long)sk; wan_opt->tx_timer.data = (unsigned long)sk;
wan_opt->tx_timer.function = wanpipe_delayed_transmit; wan_opt->tx_timer.function = wanpipe_delayed_transmit;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment