Re: [PATCH 14/14] crc32: Select an algorithm via kconfig

On Fri, Dec 02, 2011 at 08:25:05AM +0800, Herbert Xu wrote: > On Thu, Dec 01, 2011 at 12:15:17PM -0800, Darrick J. Wong wrote: > > Allow the kernel builder to choose a crc32* algorithm for the kernel. > > > > Signed-off-by: Darrick J. Wong > > I don't like this at all. How do you expect distros

Re: [PATCH v5.2 00/14] crc32c: Add faster algorithm and self-test code

On Fri, Dec 02, 2011 at 08:23:58AM +0800, Herbert Xu wrote: > On Thu, Dec 01, 2011 at 12:31:22PM -0800, Darrick J. Wong wrote: > . > > They seem to call crc32c(), which is in crypto/crc32c. If you're > > interested in > > Nope, the crypto API layer will use the SSE implementation > where availab

[PATCH 04/21] KEYS: Move the key config into security/keys/Kconfig [ver #3]

Move the key config into security/keys/Kconfig as there are going to be a lot of key-related options. Signed-off-by: David Howells --- security/Kconfig | 68 +-- security/keys/Kconfig | 71 + 2

[PATCH 03/21] KEYS: Permit key_serial() to be called with a const key pointer [ver #3]

Permit key_serial() to be called with a const key pointer. Signed-off-by: David Howells --- include/linux/key.h |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/include/linux/key.h b/include/linux/key.h index 183a6af..f87b51b 100644 --- a/include/linux/key.h +++ b/incl

[PATCH 01/21] MPILIB: Export some more symbols [ver #3]

Export some more symbols for use by the DSA key subtype. Signed-off-by: David Howells --- lib/mpi/mpi-cmp.c |2 ++ lib/mpi/mpi-div.c |1 + lib/mpi/mpi-inv.c |1 + lib/mpi/mpi-mpow.c |1 + lib/mpi/mpi-mul.c |1 + 5 files changed, 6 insertions(+), 0 deletions(-) diff --g

[PATCH 20/21] MODSIGN: Module ELF verifier [ver #3]

Do preliminary verification of the ELF structure of a module. This is used to make sure that the ELF structure can then be used to check the module signature and access the module data without breaking the module loader. If the module's ELF metadata is determined to be bad, then ELIBBAD will be r

[PATCH 19/21] MODSIGN: Add indications of module ELF types [ver #3]

Add per-arch indications of module ELF types and relocation table entry types. Signed-Off-By: David Howells --- arch/alpha/include/asm/module.h |3 +++ arch/arm/include/asm/module.h |5 + arch/cris/include/asm/module.h|5 + arch/h8300/include/asm/module.h |5

[PATCH 18/21] KEYS: Provide a function to load keys from a PGP keyring blob [ver #3]

Provide a function to load keys from a PGP keyring blob for use in initialising the module signing key keyring: int load_PGP_keys(const u8 *pgpdata, size_t pgpdatalen, struct key *keyring, const char *descprefix); The keys are labelled with descprefix plus a numb

[PATCH 17/21] KEYS: PGP format signature parser [ver #3]

Implement a signature parser that will attempt to parse a signature blob as a PGP packet format message. If it can, it will find an appropriate crypto key and set the public-key algorithm according to the data in the signature. Signed-off-by: David Howells --- security/keys/Makefile |

[PATCH 16/21] KEYS: PGP-based public key signature verification [ver #3]

Provide handlers for PGP-based public-key algorithm signature verification. This does most of the work involved in signature verification as most of it is public-key algorithm agnostic. The public-key verification algorithm itself is just the last little bit and is supplied the complete hash data

[PATCH 15/21] KEYS: PGP data parser [ver #3]

Implement a PGP data parser for the crypto key type to use when instantiating a key. This parser attempts to parse the instantiation data as a PGP packet sequence (RFC 4880) and if it parses okay, attempts to extract a public-key algorithm key or subkey from it. If it finds such a key, it will se

[PATCH 14/21] PGPLIB: Signature parser [ver #3]

Provide some PGP signature parsing helpers: (1) A function to parse V4 signature subpackets and pass the desired ones to a processor function: int pgp_parse_sig_subpkts(const u8 *data, size_t datalen, struct pgp_parse_sig_context *ctx); (2) A func

[PATCH 13/21] PGPLIB: Basic packet parser [ver #3]

Provide a simple parser that extracts the packets from a PGP packet blob and passes the desirous ones to the given processor function: struct pgp_parse_context { u64 types_of_interest; int (*process_packet)(struct pgp_parse_context *context,

[PATCH 12/21] PGPLIB: PGP definitions (RFC 4880) [ver #3]

Provide some useful PGP definitions from RFC 4880. These describe details of public key crypto as used by crypto keys for things like signature verification. Signed-off-by: David Howells --- include/linux/pgp.h | 206 +++ 1 files changed, 206 in

[PATCH 10/21] KEYS: DSA signature verification algorithm [ver #3]

Implement the DSA algorithm (FIPS-186). At this time, only signature verification is supported. This uses the asymmetric public key subtype to hold its key data. Signed-off-by: David Howells --- security/keys/Kconfig |7 ++ security/keys/Makefile |1 security/keys/crypto_dsa

[PATCH 08/21] KEYS: Add signature verification facility [ver #3]

Add a facility whereby a key subtype may be asked to verify a signature against the data it is purported to have signed. This adds four routines: (1) struct crypto_key_verify_context * verify_sig_begin(struct key *keyring, const void *sig, size_t siglen); This sets up a verification c

[PATCH 07/21] KEYS: Create a key type that can be used for general cryptographic operations [ver #3]

Create a key type that can be used for general cryptographic operations, such as encryption, decryption, signature generation and signature verification. The key type is "crypto" and can provide access to a variety of cryptographic algorithms. Signed-off-by: David Howells --- Documentation/sec

[PATCH 06/21] KEYS: Reorganise keys Makefile [ver #3]

Reorganise the keys directory Makefile to put all the core bits together and the type-specific bits after. Signed-off-by: David Howells --- security/keys/Makefile | 12 +--- 1 files changed, 9 insertions(+), 3 deletions(-) diff --git a/security/keys/Makefile b/security/keys/Makefile

[PATCH 11/21] KEYS: RSA signature verification algorithm [ver #3]

Implement the RSA algorithm (PKCS#1 / RFC3447). At this time, only signature verification is supported. This uses the asymmetric public key subtype to hold its key data. Signed-off-by: David Howells --- security/keys/Kconfig |6 + security/keys/Makefile |1 security/keys/cry

[PATCH 09/21] KEYS: Asymmetric public-key algorithm crypto key subtype [ver #3]

Add a subtype for supporting asymmetric public-key encryption algorithms such as DSA (FIPS-186) and RSA (PKCS#1 / RFC1337). Signed-off-by: David Howells --- security/keys/Kconfig |9 security/keys/Makefile |1 security/keys/public_key.c | 55 ++ secu

[PATCH 05/21] KEYS: Announce key type (un)registration [ver #3]

Announce the (un)registration of a key type in the core key code rather than in the callers. Signed-off-by: David Howells --- net/dns_resolver/dns_key.c |5 - security/keys/key.c|3 +++ 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/net/dns_resolver/dns_key.

[PATCH 02/21] MPILIB: Add a missing ENOMEM check [ver #3]

Add a missing ENOMEM check. Signed-off-by: David Howells --- lib/mpi/mpicoder.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/lib/mpi/mpicoder.c b/lib/mpi/mpicoder.c index fe84bb9..716802b 100644 --- a/lib/mpi/mpicoder.c +++ b/lib/mpi/mpicoder.c @@ -255,6 +255,8 @@

[RFC][PATCH 00/21] Crypto keys and module signing [ver #3]

Here are a set of patches that create a framework for using cryptographic keys within the kernel. The patches can also be found at: http://git.kernel.org/?p=linux/kernel/git/dhowells/linux-modsign.git;a=shortlog;h=refs/heads/devel [!!Note I've changed the architecture of this quite a l