Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6

* 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (867 commits)
  [SKY2]: status polling loop (post merge)
  [NET]: Fix NAPI completion handling in some drivers.
  [TCP]: Limit processing lost_retrans loop to work-to-do cases
  [TCP]: Fix lost_retrans loop vs fastpath problems
  [TCP]: No need to re-count fackets_out/sacked_out at RTO
  [TCP]: Extract tcp_match_queue_to_sack from sacktag code
  [TCP]: Kill almost unused variable pcount from sacktag
  [TCP]: Fix mark_head_lost to ignore R-bit when trying to mark L
  [TCP]: Add bytes_acked (ABC) clearing to FRTO too
  [IPv6]: Update setsockopt(IPV6_MULTICAST_IF) to support RFC 3493, try2
  [NETFILTER]: x_tables: add missing ip6t_modulename aliases
  [NETFILTER]: nf_conntrack_tcp: fix connection reopening
  [QETH]: fix qeth_main.c
  [NETLINK]: fib_frontend build fixes
  [IPv6]: Export userland ND options through netlink (RDNSS support)
  [9P]: build fix with !CONFIG_SYSCTL
  [NET]: Fix dev_put() and dev_hold() comments
  [NET]: make netlink user -> kernel interface synchronious
  [NET]: unify netlink kernel socket recognition
  [NET]: cleanup 3rd argument in netlink_sendskb
  ...

Fix up conflicts manually in Documentation/feature-removal-schedule.txt
and my new least favourite crap, the "mod_devicetable" support in the
files include/linux/mod_devicetable.h and scripts/mod/file2alias.c.

(The latter files seem to be explicitly _designed_ to get conflicts when
different subsystems work with them - that have an absolutely horrid
lack of subsystem separation!)

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

24 files changed, 2075 insertions, 158 deletions

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 3d1a1e27944..083d2e1dfc2 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -28,6 +28,10 @@ config CRYPTO_ABLKCIPHER
 	tristate
 	select CRYPTO_BLKCIPHER
 
+config CRYPTO_AEAD
+	tristate
+	select CRYPTO_ALGAPI
+
 config CRYPTO_BLKCIPHER
 	tristate
 	select CRYPTO_ALGAPI
@@ -146,7 +150,6 @@ config CRYPTO_ECB
 	tristate "ECB support"
 	select CRYPTO_BLKCIPHER
 	select CRYPTO_MANAGER
-	default m
 	help
 	  ECB: Electronic CodeBook mode
 	  This is the simplest block cipher algorithm.  It simply encrypts
@@ -156,7 +159,6 @@ config CRYPTO_CBC
 	tristate "CBC support"
 	select CRYPTO_BLKCIPHER
 	select CRYPTO_MANAGER
-	default m
 	help
 	  CBC: Cipher Block Chaining mode
 	  This block cipher algorithm is required for IPSec.
@@ -165,7 +167,6 @@ config CRYPTO_PCBC
 	tristate "PCBC support"
 	select CRYPTO_BLKCIPHER
 	select CRYPTO_MANAGER
-	default m
 	help
 	  PCBC: Propagating Cipher Block Chaining mode
 	  This block cipher algorithm is required for RxRPC.
@@ -183,6 +184,17 @@ config CRYPTO_LRW
 	  The first 128, 192 or 256 bits in the key are used for AES and the
 	  rest is used to tie each cipher block to its logical position.
 
+config CRYPTO_XTS
+	tristate "XTS support (EXPERIMENTAL)"
+	depends on EXPERIMENTAL
+	select CRYPTO_BLKCIPHER
+	select CRYPTO_MANAGER
+	select CRYPTO_GF128MUL
+	help
+	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
+	  key size 256, 384 or 512 bits. This implementation currently
+	  can't handle a sectorsize which is not a multiple of 16 bytes.
+
 config CRYPTO_CRYPTD
 	tristate "Software async crypto daemon"
 	select CRYPTO_ABLKCIPHER
@@ -415,6 +427,20 @@ config CRYPTO_ANUBIS
 	  <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/>
 	  <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html>
 
+config CRYPTO_SEED
+	tristate "SEED cipher algorithm"
+	select CRYPTO_ALGAPI
+	help
+	  SEED cipher algorithm (RFC4269).
+
+	  SEED is a 128-bit symmetric key block cipher that has been
+	  developed by KISA (Korea Information Security Agency) as a
+	  national standard encryption algorithm of the Republic of Korea.
+	  It is a 16 round block cipher with the key size of 128 bit.
+
+	  See also:
+	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
+
 
 config CRYPTO_DEFLATE
 	tristate "Deflate compression algorithm"
@@ -468,6 +494,14 @@ config CRYPTO_TEST
 	help
 	  Quick & dirty crypto test module.
 
+config CRYPTO_AUTHENC
+	tristate "Authenc support"
+	select CRYPTO_AEAD
+	select CRYPTO_MANAGER
+	help
+	  Authenc: Combined mode wrapper for IPsec.
+	  This is required for IPSec.
+
 source "drivers/crypto/Kconfig"
 
 endif	# if CRYPTO
diff --git a/crypto/Makefile b/crypto/Makefile
index 0cf17f1ea15..43c2a0dc993 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -2,13 +2,14 @@
 # Cryptographic API
 #
 
-obj-$(CONFIG_CRYPTO) += api.o scatterwalk.o cipher.o digest.o compress.o
+obj-$(CONFIG_CRYPTO) += api.o cipher.o digest.o compress.o
 
 crypto_algapi-$(CONFIG_PROC_FS) += proc.o
-crypto_algapi-objs := algapi.o $(crypto_algapi-y)
+crypto_algapi-objs := algapi.o scatterwalk.o $(crypto_algapi-y)
 obj-$(CONFIG_CRYPTO_ALGAPI) += crypto_algapi.o
 
 obj-$(CONFIG_CRYPTO_ABLKCIPHER) += ablkcipher.o
+obj-$(CONFIG_CRYPTO_AEAD) += aead.o
 obj-$(CONFIG_CRYPTO_BLKCIPHER) += blkcipher.o
 
 crypto_hash-objs := hash.o
@@ -20,8 +21,8 @@ obj-$(CONFIG_CRYPTO_XCBC) += xcbc.o
 obj-$(CONFIG_CRYPTO_NULL) += crypto_null.o
 obj-$(CONFIG_CRYPTO_MD4) += md4.o
 obj-$(CONFIG_CRYPTO_MD5) += md5.o
-obj-$(CONFIG_CRYPTO_SHA1) += sha1.o
-obj-$(CONFIG_CRYPTO_SHA256) += sha256.o
+obj-$(CONFIG_CRYPTO_SHA1) += sha1_generic.o
+obj-$(CONFIG_CRYPTO_SHA256) += sha256_generic.o
 obj-$(CONFIG_CRYPTO_SHA512) += sha512.o
 obj-$(CONFIG_CRYPTO_WP512) += wp512.o
 obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o
@@ -30,14 +31,15 @@ obj-$(CONFIG_CRYPTO_ECB) += ecb.o
 obj-$(CONFIG_CRYPTO_CBC) += cbc.o
 obj-$(CONFIG_CRYPTO_PCBC) += pcbc.o
 obj-$(CONFIG_CRYPTO_LRW) += lrw.o
+obj-$(CONFIG_CRYPTO_XTS) += xts.o
 obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o
-obj-$(CONFIG_CRYPTO_DES) += des.o
+obj-$(CONFIG_CRYPTO_DES) += des_generic.o
 obj-$(CONFIG_CRYPTO_FCRYPT) += fcrypt.o
 obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish.o
 obj-$(CONFIG_CRYPTO_TWOFISH) += twofish.o
 obj-$(CONFIG_CRYPTO_TWOFISH_COMMON) += twofish_common.o
 obj-$(CONFIG_CRYPTO_SERPENT) += serpent.o
-obj-$(CONFIG_CRYPTO_AES) += aes.o
+obj-$(CONFIG_CRYPTO_AES) += aes_generic.o
 obj-$(CONFIG_CRYPTO_CAMELLIA) += camellia.o
 obj-$(CONFIG_CRYPTO_CAST5) += cast5.o
 obj-$(CONFIG_CRYPTO_CAST6) += cast6.o
@@ -45,9 +47,11 @@ obj-$(CONFIG_CRYPTO_ARC4) += arc4.o
 obj-$(CONFIG_CRYPTO_TEA) += tea.o
 obj-$(CONFIG_CRYPTO_KHAZAD) += khazad.o
 obj-$(CONFIG_CRYPTO_ANUBIS) += anubis.o
+obj-$(CONFIG_CRYPTO_SEED) += seed.o
 obj-$(CONFIG_CRYPTO_DEFLATE) += deflate.o
 obj-$(CONFIG_CRYPTO_MICHAEL_MIC) += michael_mic.o
 obj-$(CONFIG_CRYPTO_CRC32C) += crc32c.o
+obj-$(CONFIG_CRYPTO_AUTHENC) += authenc.o
 
 obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o
 
diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c
index 3dbb1cc6eab..2731acb86e7 100644
--- a/crypto/ablkcipher.c
+++ b/crypto/ablkcipher.c
@@ -16,10 +16,13 @@
 #include <crypto/algapi.h>
 #include <linux/errno.h>
 #include <linux/init.h>
+#include <linux/kernel.h>
 #include <linux/module.h>
+#include <linux/slab.h>
 #include <linux/seq_file.h>
 
-static int setkey_unaligned(struct crypto_ablkcipher *tfm, const u8 *key, unsigned int keylen)
+static int setkey_unaligned(struct crypto_ablkcipher *tfm, const u8 *key,
+			    unsigned int keylen)
 {
 	struct ablkcipher_alg *cipher = crypto_ablkcipher_alg(tfm);
 	unsigned long alignmask = crypto_ablkcipher_alignmask(tfm);
@@ -91,10 +94,6 @@ static void crypto_ablkcipher_show(struct seq_file *m, struct crypto_alg *alg)
 	seq_printf(m, "min keysize  : %u\n", ablkcipher->min_keysize);
 	seq_printf(m, "max keysize  : %u\n", ablkcipher->max_keysize);
 	seq_printf(m, "ivsize       : %u\n", ablkcipher->ivsize);
-	if (ablkcipher->queue) {
-		seq_printf(m, "qlen         : %u\n", ablkcipher->queue->qlen);
-		seq_printf(m, "max qlen     : %u\n", ablkcipher->queue->max_qlen);
-	}
 }
 
 const struct crypto_type crypto_ablkcipher_type = {
diff --git a/crypto/aead.c b/crypto/aead.c
new file mode 100644
index 00000000000..84a3501fb47
--- /dev/null
+++ b/crypto/aead.c
@@ -0,0 +1,101 @@
+/*
+ * AEAD: Authenticated Encryption with Associated Data
+ * 
+ * This file provides API support for AEAD algorithms.
+ *
+ * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option) 
+ * any later version.
+ *
+ */
+
+#include <crypto/algapi.h>
+#include <linux/errno.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/slab.h>
+#include <linux/seq_file.h>
+
+static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key,
+			    unsigned int keylen)
+{
+	struct aead_alg *aead = crypto_aead_alg(tfm);
+	unsigned long alignmask = crypto_aead_alignmask(tfm);
+	int ret;
+	u8 *buffer, *alignbuffer;
+	unsigned long absize;
+
+	absize = keylen + alignmask;
+	buffer = kmalloc(absize, GFP_ATOMIC);
+	if (!buffer)
+		return -ENOMEM;
+
+	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
+	memcpy(alignbuffer, key, keylen);
+	ret = aead->setkey(tfm, alignbuffer, keylen);
+	memset(alignbuffer, 0, keylen);
+	kfree(buffer);
+	return ret;
+}
+
+static int setkey(struct crypto_aead *tfm, const u8 *key, unsigned int keylen)
+{
+	struct aead_alg *aead = crypto_aead_alg(tfm);
+	unsigned long alignmask = crypto_aead_alignmask(tfm);
+
+	if ((unsigned long)key & alignmask)
+		return setkey_unaligned(tfm, key, keylen);
+
+	return aead->setkey(tfm, key, keylen);
+}
+
+static unsigned int crypto_aead_ctxsize(struct crypto_alg *alg, u32 type,
+					u32 mask)
+{
+	return alg->cra_ctxsize;
+}
+
+static int crypto_init_aead_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
+{
+	struct aead_alg *alg = &tfm->__crt_alg->cra_aead;
+	struct aead_tfm *crt = &tfm->crt_aead;
+
+	if (max(alg->authsize, alg->ivsize) > PAGE_SIZE / 8)
+		return -EINVAL;
+
+	crt->setkey = setkey;
+	crt->encrypt = alg->encrypt;
+	crt->decrypt = alg->decrypt;
+	crt->ivsize = alg->ivsize;
+	crt->authsize = alg->authsize;
+
+	return 0;
+}
+
+static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg)
+	__attribute__ ((unused));
+static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg)
+{
+	struct aead_alg *aead = &alg->cra_aead;
+
+	seq_printf(m, "type         : aead\n");
+	seq_printf(m, "blocksize    : %u\n", alg->cra_blocksize);
+	seq_printf(m, "ivsize       : %u\n", aead->ivsize);
+	seq_printf(m, "authsize     : %u\n", aead->authsize);
+}
+
+const struct crypto_type crypto_aead_type = {
+	.ctxsize = crypto_aead_ctxsize,
+	.init = crypto_init_aead_ops,
+#ifdef CONFIG_PROC_FS
+	.show = crypto_aead_show,
+#endif
+};
+EXPORT_SYMBOL_GPL(crypto_aead_type);
+
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("Authenticated Encryption with Associated Data (AEAD)");
diff --git a/crypto/aes.c b/crypto/aes_generic.c
index e2440773878..9401dca85e8 100644
--- a/crypto/aes.c
+++ b/crypto/aes_generic.c
@@ -453,4 +453,4 @@ module_exit(aes_fini);
 
 MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm");
 MODULE_LICENSE("Dual BSD/GPL");
-
+MODULE_ALIAS("aes");
diff --git a/crypto/algapi.c b/crypto/algapi.c
index 38aa9e99470..8ff8c2656d9 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -63,9 +63,6 @@ static int crypto_check_alg(struct crypto_alg *alg)
 	if (alg->cra_alignmask & (alg->cra_alignmask + 1))
 		return -EINVAL;
 
-	if (alg->cra_alignmask & alg->cra_blocksize)
-		return -EINVAL;
-
 	if (alg->cra_blocksize > PAGE_SIZE / 8)
 		return -EINVAL;
 
@@ -152,6 +149,11 @@ static int __crypto_register_alg(struct crypto_alg *alg,
 		if (crypto_is_larval(q)) {
 			struct crypto_larval *larval = (void *)q;
 
+			/*
+			 * Check to see if either our generic name or
+			 * specific name can satisfy the name requested
+			 * by the larval entry q.
+			 */
 			if (strcmp(alg->cra_name, q->cra_name) &&
 			    strcmp(alg->cra_driver_name, q->cra_name))
 				continue;
@@ -439,13 +441,15 @@ EXPORT_SYMBOL_GPL(crypto_unregister_notifier);
 
 struct crypto_attr_type *crypto_get_attr_type(struct rtattr **tb)
 {
-	struct rtattr *rta = tb[CRYPTOA_TYPE - 1];
+	struct rtattr *rta = tb[0];
 	struct crypto_attr_type *algt;
 
 	if (!rta)
 		return ERR_PTR(-ENOENT);
 	if (RTA_PAYLOAD(rta) < sizeof(*algt))
 		return ERR_PTR(-EINVAL);
+	if (rta->rta_type != CRYPTOA_TYPE)
+		return ERR_PTR(-EINVAL);
 
 	algt = RTA_DATA(rta);
 
@@ -468,22 +472,41 @@ int crypto_check_attr_type(struct rtattr **tb, u32 type)
 }
 EXPORT_SYMBOL_GPL(crypto_check_attr_type);
 
-struct crypto_alg *crypto_get_attr_alg(struct rtattr **tb, u32 type, u32 mask)
+struct crypto_alg *crypto_attr_alg(struct rtattr *rta, u32 type, u32 mask)
 {
-	struct rtattr *rta = tb[CRYPTOA_ALG - 1];
 	struct crypto_attr_alg *alga;
 
 	if (!rta)
 		return ERR_PTR(-ENOENT);
 	if (RTA_PAYLOAD(rta) < sizeof(*alga))
 		return ERR_PTR(-EINVAL);
+	if (rta->rta_type != CRYPTOA_ALG)
+		return ERR_PTR(-EINVAL);
 
 	alga = RTA_DATA(rta);
 	alga->name[CRYPTO_MAX_ALG_NAME - 1] = 0;
 
 	return crypto_alg_mod_lookup(alga->name, type, mask);
 }
-EXPORT_SYMBOL_GPL(crypto_get_attr_alg);
+EXPORT_SYMBOL_GPL(crypto_attr_alg);
+
+int crypto_attr_u32(struct rtattr *rta, u32 *num)
+{
+	struct crypto_attr_u32 *nu32;
+
+	if (!rta)
+		return -ENOENT;
+	if (RTA_PAYLOAD(rta) < sizeof(*nu32))
+		return -EINVAL;
+	if (rta->rta_type != CRYPTOA_U32)
+		return -EINVAL;
+
+	nu32 = RTA_DATA(rta);
+	*num = nu32->num;
+
+	return 0;
+}
+EXPORT_SYMBOL_GPL(crypto_attr_u32);
 
 struct crypto_instance *crypto_alloc_instance(const char *name,
 					      struct crypto_alg *alg)
diff --git a/crypto/authenc.c b/crypto/authenc.c
new file mode 100644
index 00000000000..0b29a6ae673
--- /dev/null
+++ b/crypto/authenc.c
@@ -0,0 +1,400 @@
+/*
+ * Authenc: Simple AEAD wrapper for IPsec
+ *
+ * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ */
+
+#include <crypto/algapi.h>
+#include <linux/err.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/slab.h>
+#include <linux/spinlock.h>
+
+#include "scatterwalk.h"
+
+struct authenc_instance_ctx {
+	struct crypto_spawn auth;
+	struct crypto_spawn enc;
+
+	unsigned int authsize;
+	unsigned int enckeylen;
+};
+
+struct crypto_authenc_ctx {
+	spinlock_t auth_lock;
+	struct crypto_hash *auth;
+	struct crypto_ablkcipher *enc;
+};
+
+static int crypto_authenc_setkey(struct crypto_aead *authenc, const u8 *key,
+				 unsigned int keylen)
+{
+	struct authenc_instance_ctx *ictx =
+		crypto_instance_ctx(crypto_aead_alg_instance(authenc));
+	unsigned int enckeylen = ictx->enckeylen;
+	unsigned int authkeylen;
+	struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
+	struct crypto_hash *auth = ctx->auth;
+	struct crypto_ablkcipher *enc = ctx->enc;
+	int err = -EINVAL;
+
+	if (keylen < enckeylen) {
+		crypto_aead_set_flags(authenc, CRYPTO_TFM_RES_BAD_KEY_LEN);
+		goto out;
+	}
+	authkeylen = keylen - enckeylen;
+
+	crypto_hash_clear_flags(auth, CRYPTO_TFM_REQ_MASK);
+	crypto_hash_set_flags(auth, crypto_aead_get_flags(authenc) &
+				    CRYPTO_TFM_REQ_MASK);
+	err = crypto_hash_setkey(auth, key, authkeylen);
+	crypto_aead_set_flags(authenc, crypto_hash_get_flags(auth) &
+				       CRYPTO_TFM_RES_MASK);
+
+	if (err)
+		goto out;
+
+	crypto_ablkcipher_clear_flags(enc, CRYPTO_TFM_REQ_MASK);
+	crypto_ablkcipher_set_flags(enc, crypto_aead_get_flags(authenc) &
+					 CRYPTO_TFM_REQ_MASK);
+	err = crypto_ablkcipher_setkey(enc, key + authkeylen, enckeylen);
+	crypto_aead_set_flags(authenc, crypto_ablkcipher_get_flags(enc) &
+				       CRYPTO_TFM_RES_MASK);
+
+out:
+	return err;
+}
+
+static int crypto_authenc_hash(struct aead_request *req)
+{
+	struct crypto_aead *authenc = crypto_aead_reqtfm(req);
+	struct authenc_instance_ctx *ictx =
+		crypto_instance_ctx(crypto_aead_alg_instance(authenc));
+	struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
+	struct crypto_hash *auth = ctx->auth;
+	struct hash_desc desc = {
+		.tfm = auth,
+	};
+	u8 *hash = aead_request_ctx(req);
+	struct scatterlist *dst;
+	unsigned int cryptlen;
+	int err;
+
+	hash = (u8 *)ALIGN((unsigned long)hash + crypto_hash_alignmask(auth), 
+			   crypto_hash_alignmask(auth) + 1);
+
+	spin_lock_bh(&ctx->auth_lock);
+	err = crypto_hash_init(&desc);
+	if (err)
+		goto auth_unlock;
+
+	err = crypto_hash_update(&desc, req->assoc, req->assoclen);
+	if (err)
+		goto auth_unlock;
+
+	cryptlen = req->cryptlen;
+	dst = req->dst;
+	err = crypto_hash_update(&desc, dst, cryptlen);
+	if (err)
+		goto auth_unlock;
+
+	err = crypto_hash_final(&desc, hash);
+auth_unlock:
+	spin_unlock_bh(&ctx->auth_lock);
+
+	if (err)
+		return err;
+
+	scatterwalk_map_and_copy(hash, dst, cryptlen, ictx->authsize, 1);
+	return 0;
+}
+
+static void crypto_authenc_encrypt_done(struct crypto_async_request *req,
+					int err)
+{
+	if (!err)
+		err = crypto_authenc_hash(req->data);
+
+	aead_request_complete(req->data, err);
+}
+
+static int crypto_authenc_encrypt(struct aead_request *req)
+{
+	struct crypto_aead *authenc = crypto_aead_reqtfm(req);
+	struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
+	struct ablkcipher_request *abreq = aead_request_ctx(req);
+	int err;
+
+	ablkcipher_request_set_tfm(abreq, ctx->enc);
+	ablkcipher_request_set_callback(abreq, aead_request_flags(req),
+					crypto_authenc_encrypt_done, req);
+	ablkcipher_request_set_crypt(abreq, req->src, req->dst, req->cryptlen,
+				     req->iv);
+
+	err = crypto_ablkcipher_encrypt(abreq);
+	if (err)
+		return err;
+
+	return crypto_authenc_hash(req);
+}
+
+static int crypto_authenc_verify(struct aead_request *req)
+{
+	struct crypto_aead *authenc = crypto_aead_reqtfm(req);
+	struct authenc_instance_ctx *ictx =
+		crypto_instance_ctx(crypto_aead_alg_instance(authenc));
+	struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
+	struct crypto_hash *auth = ctx->auth;
+	struct hash_desc desc = {
+		.tfm = auth,
+		.flags = aead_request_flags(req),
+	};
+	u8 *ohash = aead_request_ctx(req);
+	u8 *ihash;
+	struct scatterlist *src;
+	unsigned int cryptlen;
+	unsigned int authsize;
+	int err;
+
+	ohash = (u8 *)ALIGN((unsigned long)ohash + crypto_hash_alignmask(auth), 
+			    crypto_hash_alignmask(auth) + 1);
+	ihash = ohash + crypto_hash_digestsize(auth);
+
+	spin_lock_bh(&ctx->auth_lock);
+	err = crypto_hash_init(&desc);
+	if (err)
+		goto auth_unlock;
+
+	err = crypto_hash_update(&desc, req->assoc, req->assoclen);
+	if (err)
+		goto auth_unlock;
+
+	cryptlen = req->cryptlen;
+	src = req->src;
+	err = crypto_hash_update(&desc, src, cryptlen);
+	if (err)
+		goto auth_unlock;
+
+	err = crypto_hash_final(&desc, ohash);
+auth_unlock:
+	spin_unlock_bh(&ctx->auth_lock);
+
+	if (err)
+		return err;
+
+	authsize = ictx->authsize;
+	scatterwalk_map_and_copy(ihash, src, cryptlen, authsize, 0);
+	return memcmp(ihash, ohash, authsize) ? -EINVAL : 0;
+}
+
+static void crypto_authenc_decrypt_done(struct crypto_async_request *req,
+					int err)
+{
+	aead_request_complete(req->data, err);
+}
+
+static int crypto_authenc_decrypt(struct aead_request *req)
+{
+	struct crypto_aead *authenc = crypto_aead_reqtfm(req);
+	struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
+	struct ablkcipher_request *abreq = aead_request_ctx(req);
+	int err;
+
+	err = crypto_authenc_verify(req);
+	if (err)
+		return err;
+
+	ablkcipher_request_set_tfm(abreq, ctx->enc);
+	ablkcipher_request_set_callback(abreq, aead_request_flags(req),
+					crypto_authenc_decrypt_done, req);
+	ablkcipher_request_set_crypt(abreq, req->src, req->dst, req->cryptlen,
+				     req->iv);
+
+	return crypto_ablkcipher_decrypt(abreq);
+}
+
+static int crypto_authenc_init_tfm(struct crypto_tfm *tfm)
+{
+	struct crypto_instance *inst = (void *)tfm->__crt_alg;
+	struct authenc_instance_ctx *ictx = crypto_instance_ctx(inst);
+	struct crypto_authenc_ctx *ctx = crypto_tfm_ctx(tfm);
+	struct crypto_hash *auth;
+	struct crypto_ablkcipher *enc;
+	unsigned int digestsize;
+	int err;
+
+	auth = crypto_spawn_hash(&ictx->auth);
+	if (IS_ERR(auth))
+		return PTR_ERR(auth);
+
+	err = -EINVAL;
+	digestsize = crypto_hash_digestsize(auth);
+	if (ictx->authsize > digestsize)
+		goto err_free_hash;
+
+	enc = crypto_spawn_ablkcipher(&ictx->enc);
+	err = PTR_ERR(enc);
+	if (IS_ERR(enc))
+		goto err_free_hash;
+
+	ctx->auth = auth;
+	ctx->enc = enc;
+	tfm->crt_aead.reqsize = max_t(unsigned int,
+				      (crypto_hash_alignmask(auth) &
+				       ~(crypto_tfm_ctx_alignment() - 1)) +
+				      digestsize * 2,
+				      sizeof(struct ablkcipher_request) +
+				      crypto_ablkcipher_reqsize(enc));
+
+	spin_lock_init(&ctx->auth_lock);
+
+	return 0;
+
+err_free_hash:
+	crypto_free_hash(auth);
+	return err;
+}
+
+static void crypto_authenc_exit_tfm(struct crypto_tfm *tfm)
+{
+	struct crypto_authenc_ctx *ctx = crypto_tfm_ctx(tfm);
+
+	crypto_free_hash(ctx->auth);
+	crypto_free_ablkcipher(ctx->enc);
+}
+
+static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb)
+{
+	struct crypto_instance *inst;
+	struct crypto_alg *auth;
+	struct crypto_alg *enc;
+	struct authenc_instance_ctx *ctx;
+	unsigned int authsize;
+	unsigned int enckeylen;
+	int err;
+
+	err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_AEAD);
+	if (err)
+		return ERR_PTR(err);
+
+	auth = crypto_attr_alg(tb[1], CRYPTO_ALG_TYPE_HASH,
+			       CRYPTO_ALG_TYPE_HASH_MASK);
+	if (IS_ERR(auth))
+		return ERR_PTR(PTR_ERR(auth));
+
+	err = crypto_attr_u32(tb[2], &authsize);
+	inst = ERR_PTR(err);
+	if (err)
+		goto out_put_auth;
+
+	enc = crypto_attr_alg(tb[3], CRYPTO_ALG_TYPE_BLKCIPHER,
+			      CRYPTO_ALG_TYPE_MASK);
+	inst = ERR_PTR(PTR_ERR(enc));
+	if (IS_ERR(enc))
+		goto out_put_auth;
+
+	err = crypto_attr_u32(tb[4], &enckeylen);
+	if (err)
+		goto out_put_enc;
+
+	inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);
+	err = -ENOMEM;
+	if (!inst)
+		goto out_put_enc;
+
+	err = -ENAMETOOLONG;
+	if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME,
+		     "authenc(%s,%u,%s,%u)", auth->cra_name, authsize,
+		     enc->cra_name, enckeylen) >= CRYPTO_MAX_ALG_NAME)
+		goto err_free_inst;
+
+	if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
+		     "authenc(%s,%u,%s,%u)", auth->cra_driver_name,
+		     authsize, enc->cra_driver_name, enckeylen) >=
+	    CRYPTO_MAX_ALG_NAME)
+		goto err_free_inst;
+
+	ctx = crypto_instance_ctx(inst);
+	ctx->authsize = authsize;
+	ctx->enckeylen = enckeylen;
+
+	err = crypto_init_spawn(&ctx->auth, auth, inst, CRYPTO_ALG_TYPE_MASK);
+	if (err)
+		goto err_free_inst;
+
+	err = crypto_init_spawn(&ctx->enc, enc, inst, CRYPTO_ALG_TYPE_MASK);
+	if (err)
+		goto err_drop_auth;
+
+	inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC;
+	inst->alg.cra_priority = enc->cra_priority * 10 + auth->cra_priority;
+	inst->alg.cra_blocksize = enc->cra_blocksize;
+	inst->alg.cra_alignmask = max(auth->cra_alignmask, enc->cra_alignmask);
+	inst->alg.cra_type = &crypto_aead_type;
+
+	inst->alg.cra_aead.ivsize = enc->cra_blkcipher.ivsize;
+	inst->alg.cra_aead.authsize = authsize;
+
+	inst->alg.cra_ctxsize = sizeof(struct crypto_authenc_ctx);
+
+	inst->alg.cra_init = crypto_authenc_init_tfm;
+	inst->alg.cra_exit = crypto_authenc_exit_tfm;
+
+	inst->alg.cra_aead.setkey = crypto_authenc_setkey;
+	inst->alg.cra_aead.encrypt = crypto_authenc_encrypt;
+	inst->alg.cra_aead.decrypt = crypto_authenc_decrypt;
+
+out:
+	crypto_mod_put(enc);
+out_put_auth:
+	crypto_mod_put(auth);
+	return inst;
+
+err_drop_auth:
+	crypto_drop_spawn(&ctx->auth);
+err_free_inst:
+	kfree(inst);
+out_put_enc:
+	inst = ERR_PTR(err);
+	goto out;
+}
+
+static void crypto_authenc_free(struct crypto_instance *inst)
+{
+	struct authenc_instance_ctx *ctx = crypto_instance_ctx(inst);
+
+	crypto_drop_spawn(&ctx->enc);
+	crypto_drop_spawn(&ctx->auth);
+	kfree(inst);
+}
+
+static struct crypto_template crypto_authenc_tmpl = {
+	.name = "authenc",
+	.alloc = crypto_authenc_alloc,
+	.free = crypto_authenc_free,
+	.module = THIS_MODULE,
+};
+
+static int __init crypto_authenc_module_init(void)
+{
+	return crypto_register_template(&crypto_authenc_tmpl);
+}
+
+static void __exit crypto_authenc_module_exit(void)
+{
+	crypto_unregister_template(&crypto_authenc_tmpl);
+}
+
+module_init(crypto_authenc_module_init);
+module_exit(crypto_authenc_module_exit);
+
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("Simple AEAD wrapper for IPsec");
diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
index d8f8ec32021..f6c67f9d4e5 100644
--- a/crypto/blkcipher.c
+++ b/crypto/blkcipher.c
@@ -65,7 +65,7 @@ static inline void blkcipher_unmap_dst(struct blkcipher_walk *walk)
 static inline u8 *blkcipher_get_spot(u8 *start, unsigned int len)
 {
 	u8 *end_page = (u8 *)(((unsigned long)(start + len - 1)) & PAGE_MASK);
-	return start > end_page ? start : end_page;
+	return max(start, end_page);
 }
 
 static inline unsigned int blkcipher_done_slow(struct crypto_blkcipher *tfm,
@@ -84,8 +84,6 @@ static inline unsigned int blkcipher_done_slow(struct crypto_blkcipher *tfm,
 static inline unsigned int blkcipher_done_fast(struct blkcipher_walk *walk,
 					       unsigned int n)
 {
-	n = walk->nbytes - n;
-
 	if (walk->flags & BLKCIPHER_WALK_COPY) {
 		blkcipher_map_dst(walk);
 		memcpy(walk->dst.virt.addr, walk->page, n);
@@ -109,13 +107,15 @@ int blkcipher_walk_done(struct blkcipher_desc *desc,
 	unsigned int nbytes = 0;
 
 	if (likely(err >= 0)) {
-		unsigned int bsize = crypto_blkcipher_blocksize(tfm);
-		unsigned int n;
+		unsigned int n = walk->nbytes - err;
 
 		if (likely(!(walk->flags & BLKCIPHER_WALK_SLOW)))
-			n = blkcipher_done_fast(walk, err);
-		else
-			n = blkcipher_done_slow(tfm, walk, bsize);
+			n = blkcipher_done_fast(walk, n);
+		else if (WARN_ON(err)) {
+			err = -EINVAL;
+			goto err;
+		} else
+			n = blkcipher_done_slow(tfm, walk, n);
 
 		nbytes = walk->total - n;
 		err = 0;
@@ -132,6 +132,7 @@ int blkcipher_walk_done(struct blkcipher_desc *desc,
 		return blkcipher_walk_next(desc, walk);
 	}
 
+err:
 	if (walk->iv != desc->info)
 		memcpy(desc->info, walk->iv, crypto_blkcipher_ivsize(tfm));
 	if (walk->buffer != walk->page)
@@ -149,6 +150,7 @@ static inline int blkcipher_next_slow(struct blkcipher_desc *desc,
 				      unsigned int alignmask)
 {
 	unsigned int n;
+	unsigned aligned_bsize = ALIGN(bsize, alignmask + 1);
 
 	if (walk->buffer)
 		goto ok;
@@ -157,7 +159,7 @@ static inline int blkcipher_next_slow(struct blkcipher_desc *desc,
 	if (walk->buffer)
 		goto ok;
 
-	n = bsize * 3 - (alignmask + 1) +
+	n = aligned_bsize * 3 - (alignmask + 1) +
 	    (alignmask & ~(crypto_tfm_ctx_alignment() - 1));
 	walk->buffer = kmalloc(n, GFP_ATOMIC);
 	if (!walk->buffer)
@@ -167,8 +169,8 @@ ok:
 	walk->dst.virt.addr = (u8 *)ALIGN((unsigned long)walk->buffer,
 					  alignmask + 1);
 	walk->dst.virt.addr = blkcipher_get_spot(walk->dst.virt.addr, bsize);
-	walk->src.virt.addr = blkcipher_get_spot(walk->dst.virt.addr + bsize,
-						 bsize);
+	walk->src.virt.addr = blkcipher_get_spot(walk->dst.virt.addr +
+						 aligned_bsize, bsize);
 
 	scatterwalk_copychunks(walk->src.virt.addr, &walk->in, bsize, 0);
 
@@ -224,12 +226,12 @@ static int blkcipher_walk_next(struct blkcipher_desc *desc,
 {
 	struct crypto_blkcipher *tfm = desc->tfm;
 	unsigned int alignmask = crypto_blkcipher_alignmask(tfm);
-	unsigned int bsize = crypto_blkcipher_blocksize(tfm);
+	unsigned int bsize;
 	unsigned int n;
 	int err;
 
 	n = walk->total;
-	if (unlikely(n < bsize)) {
+	if (unlikely(n < crypto_blkcipher_blocksize(tfm))) {
 		desc->flags |= CRYPTO_TFM_RES_BAD_BLOCK_LEN;
 		return blkcipher_walk_done(desc, walk, -EINVAL);
 	}
@@ -246,6 +248,7 @@ static int blkcipher_walk_next(struct blkcipher_desc *desc,
 		}
 	}
 
+	bsize = min(walk->blocksize, n);