git.samba.org / sfrench / cifs-2.6.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | combined (merge: 7b075ad be01369)
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
authorDavid S. Miller <davem@davemloft.net>
Fri, 19 Jun 2020 20:03:47 +0000 (13:03 -0700)
committerDavid S. Miller <davem@davemloft.net>
Fri, 19 Jun 2020 20:03:47 +0000 (13:03 -0700)
Steffen Klassert says:

====================
pull request (net): ipsec 2020-06-19

1) Fix double ESP trailer insertion in IPsec crypto offload if
   netif_xmit_frozen_or_stopped is true. From Huy Nguyen.

2) Merge fixup for "remove output_finish indirection from
   xfrm_state_afinfo". From Stephen Rothwell.

3) Select CRYPTO_SEQIV for ESP as this is needed for GCM and several
   other encryption algorithms. Also modernize the crypto algorithm
   selections for ESP and AH, remove those that are maked as "MUST NOT"
   and add those that are marked as "MUST" be implemented in RFC 8221.
   From Eric Biggers.

Please note the merge conflict between commit:

a7f7f6248d97 ("treewide: replace '---help---' in Kconfig files with 'help'")

from Linus' tree and commits:

7d4e39195925 ("esp, ah: consolidate the crypto algorithm selections")
be01369859b8 ("esp, ah: modernize the crypto algorithm selections")

from the ipsec tree.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
1  2 
net/ipv4/Kconfig patch | diff1 | diff2 | blob | history
net/ipv6/Kconfig patch | diff1 | diff2 | blob | history
net/xfrm/Kconfig patch | diff1 | diff2 | blob | history

diff --cc net/ipv4/Kconfig
index 6ecbb0ced1776934de4caeb55b777ff7331b701b,dc9dfaef77e5a405e7ea1b29e0a1c2195ac117a4..e64e59b536d30bb7ce6a4ff8e5eaca4579b08f1c
--- 1/net/ipv4/Kconfig
--- 2/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@@ -340,29 -340,31 +340,31 @@@ config NET_FOU_IP_TUNNEL
  
  config INET_AH
        tristate "IP: AH transformation"
-       select XFRM_ALGO
-       select CRYPTO
-       select CRYPTO_HMAC
-       select CRYPTO_MD5
-       select CRYPTO_SHA1
+       select XFRM_AH
 -      ---help---
 +      help
-         Support for IPsec AH.
+         Support for IPsec AH (Authentication Header).
+         AH can be used with various authentication algorithms.  Besides
+         enabling AH support itself, this option enables the generic
+         implementations of the algorithms that RFC 8221 lists as MUST be
+         implemented.  If you need any other algorithms, you'll need to enable
+         them in the crypto API.  You should also enable accelerated
+         implementations of any needed algorithms when available.
  
          If unsure, say Y.
  
  config INET_ESP
        tristate "IP: ESP transformation"
-       select XFRM_ALGO
-       select CRYPTO
-       select CRYPTO_AUTHENC
-       select CRYPTO_HMAC
-       select CRYPTO_MD5
-       select CRYPTO_CBC
-       select CRYPTO_SHA1
-       select CRYPTO_DES
-       select CRYPTO_ECHAINIV
+       select XFRM_ESP
 -      ---help---
 +      help
-         Support for IPsec ESP.
+         Support for IPsec ESP (Encapsulating Security Payload).
+         ESP can be used with various encryption and authentication algorithms.
+         Besides enabling ESP support itself, this option enables the generic
+         implementations of the algorithms that RFC 8221 lists as MUST be
+         implemented.  If you need any other algorithms, you'll need to enable
+         them in the crypto API.  You should also enable accelerated
+         implementations of any needed algorithms when available.
  
          If unsure, say Y.
  
diff --cc net/ipv6/Kconfig
index 992cf45fb4f66585ec1d3e9f64c687f75ab96d2c,414a68b16869ec57683be8b65675d9c11ae24f81..f4f19e89af5edd44c777f92551cf8b4a7b213621
--- 1/net/ipv6/Kconfig
--- 2/net/ipv6/Kconfig
+++ b/net/ipv6/Kconfig
@@@ -49,29 -49,31 +49,31 @@@ config IPV6_OPTIMISTIC_DA
  
  config INET6_AH
        tristate "IPv6: AH transformation"
-       select XFRM_ALGO
-       select CRYPTO
-       select CRYPTO_HMAC
-       select CRYPTO_MD5
-       select CRYPTO_SHA1
+       select XFRM_AH
 -      ---help---
 +      help
-         Support for IPsec AH.
+         Support for IPsec AH (Authentication Header).
+         AH can be used with various authentication algorithms.  Besides
+         enabling AH support itself, this option enables the generic
+         implementations of the algorithms that RFC 8221 lists as MUST be
+         implemented.  If you need any other algorithms, you'll need to enable
+         them in the crypto API.  You should also enable accelerated
+         implementations of any needed algorithms when available.
  
          If unsure, say Y.
  
  config INET6_ESP
        tristate "IPv6: ESP transformation"
-       select XFRM_ALGO
-       select CRYPTO
-       select CRYPTO_AUTHENC
-       select CRYPTO_HMAC
-       select CRYPTO_MD5
-       select CRYPTO_CBC
-       select CRYPTO_SHA1
-       select CRYPTO_DES
-       select CRYPTO_ECHAINIV
+       select XFRM_ESP
 -      ---help---
 +      help
-         Support for IPsec ESP.
+         Support for IPsec ESP (Encapsulating Security Payload).
+         ESP can be used with various encryption and authentication algorithms.
+         Besides enabling ESP support itself, this option enables the generic
+         implementations of the algorithms that RFC 8221 lists as MUST be
+         implemented.  If you need any other algorithms, you'll need to enable
+         them in the crypto API.  You should also enable accelerated
+         implementations of any needed algorithms when available.
  
          If unsure, say Y.
  
diff --cc net/xfrm/Kconfig
Simple merge
Unnamed repository; edit this file 'description' to name the repository.