]> www.infradead.org Git - users/willy/linux.git/log
users/willy/linux.git
5 months agocrypto: arm64 - drop redundant dependencies on ARM64
Eric Biggers [Tue, 22 Apr 2025 15:27:04 +0000 (08:27 -0700)]
crypto: arm64 - drop redundant dependencies on ARM64

arch/arm64/crypto/Kconfig is sourced only when CONFIG_ARM64=y, so there
is no need for the symbols defined inside it to depend on ARM64.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 months agocrypto: arm64/sha1 - Set finalize for short finup
Herbert Xu [Fri, 25 Apr 2025 10:58:13 +0000 (18:58 +0800)]
crypto: arm64/sha1 - Set finalize for short finup

Always set sctx->finalize before calling finup as it may not have
been set previously on a short final.

Reported-by: Corentin LABBE <clabbe.montjoie@gmail.com>
Fixes: b97d31100e36 ("crypto: arm64/sha1 - Use API partial block handling")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Corentin LABBE <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 months agocrypto: arm/blake2b - Set FINAL_NONZERO
Herbert Xu [Fri, 25 Apr 2025 03:33:39 +0000 (11:33 +0800)]
crypto: arm/blake2b - Set FINAL_NONZERO

Set FINAL_NONZERO as blake2b expects to have at least one byte for
finalisation.

Reported-by: Corentin LABBE <clabbe.montjoie@gmail.com>
Fixes: cc28260ab4fb ("crypto: arm/blake2b - Use API partial block handling")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Corentin LABBE <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: riscv - Use SYM_FUNC_START for functions only called directly
Nathan Chancellor [Fri, 25 Apr 2025 00:23:22 +0000 (17:23 -0700)]
crypto: riscv - Use SYM_FUNC_START for functions only called directly

After some recent changes to the RISC-V crypto code that turned some
indirect function calls into direct ones, builds with CONFIG_CFI_CLANG
fail with:

  ld.lld: error: undefined symbol: __kcfi_typeid_sm3_transform_zvksh_zvkb
  >>> referenced by arch/riscv/crypto/sm3-riscv64-zvksh-zvkb.o:(.text+0x2) in archive vmlinux.a

  ld.lld: error: undefined symbol: __kcfi_typeid_sha512_transform_zvknhb_zvkb
  >>> referenced by arch/riscv/crypto/sha512-riscv64-zvknhb-zvkb.o:(.text+0x2) in archive vmlinux.a

  ld.lld: error: undefined symbol: __kcfi_typeid_sha256_transform_zvknha_or_zvknhb_zvkb
  >>> referenced by arch/riscv/crypto/sha256-riscv64-zvknha_or_zvknhb-zvkb.o:(.text+0x2) in archive vmlinux.a

As these functions are no longer indirectly called (i.e., have their
address taken), the compiler will not emit __kcfi_typeid symbols for
them but SYM_TYPED_FUNC_START expects these to exist at link time.

Switch the definitions of these functions to use SYM_FUNC_START, as they
no longer need kCFI type information since they are only called
directly.

Fixes: 1523eaed0ac5 ("crypto: riscv/sm3 - Use API partial block handling")
Fixes: 561aab1104d8 ("crypto: riscv/sha512 - Use API partial block handling")
Fixes: e6c5597badf2 ("crypto: riscv/sha256 - Use API partial block handling")
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: engine - Remove CRYPTO_ALG_ENGINE bit
Herbert Xu [Thu, 24 Apr 2025 14:42:51 +0000 (22:42 +0800)]
crypto: engine - Remove CRYPTO_ALG_ENGINE bit

Remove the private and obsolete CRYPTO_ALG_ENGINE bit which is
conflicting with the new CRYPTO_ALG_DUP_FIRST bit.

Reported-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Fixes: f1440a90465b ("crypto: api - Add support for duplicating algorithms before registration")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Herbert Xu [Fri, 25 Apr 2025 02:37:30 +0000 (10:37 +0800)]
Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

Merge crypto tree to pick up the scompress scratch refcount fix.  The
merge resolution is slightly non-trivial as the context has shifted.

6 months agocrypto: scompress - increment scomp_scratch_users when already allocated
Sabrina Dubroca [Thu, 24 Apr 2025 20:15:50 +0000 (22:15 +0200)]
crypto: scompress - increment scomp_scratch_users when already allocated

Commit ddd0a42671c0 only increments scomp_scratch_users when it was 0,
causing a panic when using ipcomp:

    Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI
    KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
    CPU: 1 UID: 0 PID: 619 Comm: ping Tainted: G                 N  6.15.0-rc3-net-00032-ga79be02bba5c #41 PREEMPT(full)
    Tainted: [N]=TEST
    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014
    RIP: 0010:inflate_fast+0x5a2/0x1b90
    [...]
    Call Trace:
     <IRQ>
     zlib_inflate+0x2d60/0x6620
     deflate_sdecompress+0x166/0x350
     scomp_acomp_comp_decomp+0x45f/0xa10
     scomp_acomp_decompress+0x21/0x120
     acomp_do_req_chain+0x3e5/0x4e0
     ipcomp_input+0x212/0x550
     xfrm_input+0x2de2/0x72f0
    [...]
    Kernel panic - not syncing: Fatal exception in interrupt
    Kernel Offset: disabled
    ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

Instead, let's keep the old increment, and decrement back to 0 if the
scratch allocation fails.

Fixes: ddd0a42671c0 ("crypto: scompress - Fix scratch allocation failure handling")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: padlock-sha - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:01:13 +0000 (11:01 +0800)]
crypto: padlock-sha - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: nx - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:01:11 +0000 (11:01 +0800)]
crypto: nx - Use API partial block handling

Use the Crypto API partial block handling.

Also switch to the generic export format.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: arm64/sm4 - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:01:09 +0000 (11:01 +0800)]
crypto: arm64/sm4 - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: arm64/aes - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:01:06 +0000 (11:01 +0800)]
crypto: arm64/aes - Use API partial block handling

Use the Crypto API partial block handling.

Also remove the unnecessary SIMD fallback path.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: xcbc - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:01:04 +0000 (11:01 +0800)]
crypto: xcbc - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: cmac - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:01:02 +0000 (11:01 +0800)]
crypto: cmac - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: cbcmac - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:00:59 +0000 (11:00 +0800)]
crypto: cbcmac - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: lib/sm3 - Remove partial block helpers
Herbert Xu [Fri, 18 Apr 2025 03:00:57 +0000 (11:00 +0800)]
crypto: lib/sm3 - Remove partial block helpers

Now that all sm3_base users have been converted to use the API
partial block handling, remove the partial block helpers as well
as the lib/crypto functions.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: x86/sm3 - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:00:55 +0000 (11:00 +0800)]
crypto: x86/sm3 - Use API partial block handling

Use the Crypto API partial block handling.

Also remove the unnecessary SIMD fallback path.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: riscv/sm3 - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:00:52 +0000 (11:00 +0800)]
crypto: riscv/sm3 - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: arm64/sm3-neon - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:00:50 +0000 (11:00 +0800)]
crypto: arm64/sm3-neon - Use API partial block handling

Use the Crypto API partial block handling.

Also remove the unnecessary SIMD fallback path.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: arm64/sm3-ce - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:00:48 +0000 (11:00 +0800)]
crypto: arm64/sm3-ce - Use API partial block handling

Use the Crypto API partial block handling.

Also remove the unnecessary SIMD fallback path.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: sm3-generic - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:00:45 +0000 (11:00 +0800)]
crypto: sm3-generic - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: sha512_base - Remove partial block helpers
Herbert Xu [Fri, 18 Apr 2025 03:00:43 +0000 (11:00 +0800)]
crypto: sha512_base - Remove partial block helpers

Now that all sha256_base users have been converted to use the API
partial block handling, remove the partial block helpers.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: sparc/sha512 - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:00:41 +0000 (11:00 +0800)]
crypto: sparc/sha512 - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: s390/sha512 - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:00:38 +0000 (11:00 +0800)]
crypto: s390/sha512 - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: arm/sha512 - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:00:36 +0000 (11:00 +0800)]
crypto: arm/sha512 - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: arm64/sha512-ce - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:00:34 +0000 (11:00 +0800)]
crypto: arm64/sha512-ce - Use API partial block handling

Use the Crypto API partial block handling.

Also remove the unnecessary SIMD fallback path.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: arm/sha512-asm - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:00:31 +0000 (11:00 +0800)]
crypto: arm/sha512-asm - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: arm/sha512-neon - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:00:29 +0000 (11:00 +0800)]
crypto: arm/sha512-neon - Use API partial block handling

Use the Crypto API partial block handling.

Also remove the unnecessary SIMD fallback path.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: sha512-generic - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:00:27 +0000 (11:00 +0800)]
crypto: sha512-generic - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: riscv/sha512 - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:00:25 +0000 (11:00 +0800)]
crypto: riscv/sha512 - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: mips/octeon-sha512 - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:00:22 +0000 (11:00 +0800)]
crypto: mips/octeon-sha512 - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: x86/sha512 - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:00:20 +0000 (11:00 +0800)]
crypto: x86/sha512 - Use API partial block handling

Use the Crypto API partial block handling.

Also remove the unnecessary SIMD fallback path.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: zynqmp-sha - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:00:18 +0000 (11:00 +0800)]
crypto: zynqmp-sha - Use API partial block handling

Use the Crypto API partial block handling.

As this was the last user of the extra fields in struct sha3_state,
remove them.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: sha3-generic - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:00:15 +0000 (11:00 +0800)]
crypto: sha3-generic - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: s390/sha3 - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:00:13 +0000 (11:00 +0800)]
crypto: s390/sha3 - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: arm64/sha3-ce - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:00:11 +0000 (11:00 +0800)]
crypto: arm64/sha3-ce - Use API partial block handling

Use the Crypto API partial block handling.

Also remove the unnecessary SIMD fallback path.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: sha256_base - Remove partial block helpers
Herbert Xu [Fri, 18 Apr 2025 03:00:08 +0000 (11:00 +0800)]
crypto: sha256_base - Remove partial block helpers

Now that all sha256_base users have been converted to use the API
partial block handling, remove the partial block helpers.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: sparc/sha256 - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:00:06 +0000 (11:00 +0800)]
crypto: sparc/sha256 - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: s390/sha256 - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:00:04 +0000 (11:00 +0800)]
crypto: s390/sha256 - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: powerpc/sha256-spe - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 03:00:01 +0000 (11:00 +0800)]
crypto: powerpc/sha256-spe - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: arm64/sha256 - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:59:59 +0000 (10:59 +0800)]
crypto: arm64/sha256 - Use API partial block handling

Use the Crypto API partial block handling.

Also remove the unnecessary SIMD fallback path.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: arm64/sha256-ce - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:59:57 +0000 (10:59 +0800)]
crypto: arm64/sha256-ce - Use API partial block handling

Use the Crypto API partial block handling.

Also remove the unnecessary SIMD fallback path.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: arm/sha256-asm - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:59:55 +0000 (10:59 +0800)]
crypto: arm/sha256-asm - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: arm/sha256-neon - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:59:52 +0000 (10:59 +0800)]
crypto: arm/sha256-neon - Use API partial block handling

Use the Crypto API partial block handling.

Also remove the unnecessary SIMD fallback path.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: arm/sha256-ce - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:59:50 +0000 (10:59 +0800)]
crypto: arm/sha256-ce - Use API partial block handling

Use the Crypto API partial block handling.

Also remove the unnecessary SIMD fallback path.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: sha256-generic - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:59:48 +0000 (10:59 +0800)]
crypto: sha256-generic - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: riscv/sha256 - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:59:45 +0000 (10:59 +0800)]
crypto: riscv/sha256 - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: mips/octeon-sha256 - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:59:43 +0000 (10:59 +0800)]
crypto: mips/octeon-sha256 - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: x86/sha256 - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:59:41 +0000 (10:59 +0800)]
crypto: x86/sha256 - Use API partial block handling

Use the Crypto API partial block handling.

Also remove the unnecessary SIMD fallback path.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: sha1_base - Remove partial block helpers
Herbert Xu [Fri, 18 Apr 2025 02:59:38 +0000 (10:59 +0800)]
crypto: sha1_base - Remove partial block helpers

Now that all sha1_base users have been converted to use the API
partial block handling, remove the partial block helpers.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: sparc/sha1 - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:59:36 +0000 (10:59 +0800)]
crypto: sparc/sha1 - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: s390/sha1 - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:59:34 +0000 (10:59 +0800)]
crypto: s390/sha1 - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: powerpc/sha1-spe - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:59:31 +0000 (10:59 +0800)]
crypto: powerpc/sha1-spe - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: powerpc/sha1 - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:59:29 +0000 (10:59 +0800)]
crypto: powerpc/sha1 - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: arm/sha1-asm - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:59:27 +0000 (10:59 +0800)]
crypto: arm/sha1-asm - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: arm/sha1-neon - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:59:25 +0000 (10:59 +0800)]
crypto: arm/sha1-neon - Use API partial block handling

Use the Crypto API partial block handling.

Also remove the unnecessary SIMD fallback path.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: arm/sha1-ce - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:59:22 +0000 (10:59 +0800)]
crypto: arm/sha1-ce - Use API partial block handling

Use the Crypto API partial block handling.

Also remove the unnecessary SIMD fallback path.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: sha1-generic - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:59:20 +0000 (10:59 +0800)]
crypto: sha1-generic - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: mips/octeon-sha1 - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:59:18 +0000 (10:59 +0800)]
crypto: mips/octeon-sha1 - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: arm64/sha1 - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:59:15 +0000 (10:59 +0800)]
crypto: arm64/sha1 - Use API partial block handling

Use the Crypto API partial block handling.

Also remove the unnecessary SIMD fallback path.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: x86/sha1 - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:59:13 +0000 (10:59 +0800)]
crypto: x86/sha1 - Use API partial block handling

Use the Crypto API partial block handling.

Also remove the unnecessary SIMD fallback path.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: sparc/md5 - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:59:11 +0000 (10:59 +0800)]
crypto: sparc/md5 - Use API partial block handling

Use the Crypto API partial block handling.

Also switch to the generic export format.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: powerpc/md5 - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:59:08 +0000 (10:59 +0800)]
crypto: powerpc/md5 - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: mips/octeon-md5 - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:59:06 +0000 (10:59 +0800)]
crypto: mips/octeon-md5 - Use API partial block handling

Use the Crypto API partial block handling.

Also switch to the generic export format.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: md5-generic - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:59:04 +0000 (10:59 +0800)]
crypto: md5-generic - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: x86/ghash - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:59:01 +0000 (10:59 +0800)]
crypto: x86/ghash - Use API partial block handling

Use the Crypto API partial block handling.

Also remove the unnecessary SIMD fallback path.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: s390/ghash - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:58:59 +0000 (10:58 +0800)]
crypto: s390/ghash - Use API partial block handling

Use the Crypto API partial block handling.

Also switch to the generic export format.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: riscv/ghash - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:58:57 +0000 (10:58 +0800)]
crypto: riscv/ghash - Use API partial block handling

Use the Crypto API partial block handling.

As this was the last user relying on crypto/ghash.h for gf128mul.h,
remove the unnecessary inclusion of gf128mul.h from crypto/ghash.h.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: arm64/ghash - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:58:54 +0000 (10:58 +0800)]
crypto: arm64/ghash - Use API partial block handling

Use the Crypto API partial block handling.

Also remove the unnecessary SIMD fallback path.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: arm/ghash - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:58:52 +0000 (10:58 +0800)]
crypto: arm/ghash - Use API partial block handling

Use the Crypto API partial block handling.

Also switch to the generic export format.

Finally remove a couple of stray may_use_simd() calls in gcm.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: powerpc/ghash - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:58:50 +0000 (10:58 +0800)]
crypto: powerpc/ghash - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: ghash-generic - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:58:47 +0000 (10:58 +0800)]
crypto: ghash-generic - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: arm/blake2b - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:58:45 +0000 (10:58 +0800)]
crypto: arm/blake2b - Use API partial block handling

Use the Crypto API partial block handling.

Also remove the unnecessary SIMD fallback path.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: blake2b-generic - Use API partial block handling
Herbert Xu [Fri, 18 Apr 2025 02:58:43 +0000 (10:58 +0800)]
crypto: blake2b-generic - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: shash - Handle partial blocks in API
Herbert Xu [Fri, 18 Apr 2025 02:58:41 +0000 (10:58 +0800)]
crypto: shash - Handle partial blocks in API

Provide an option to handle the partial blocks in the shash API.
Almost every hash algorithm has a block size and are only able
to hash partial blocks on finalisation.

Rather than duplicating the partial block handling many times,
add this functionality to the shash API.

It is optional (e.g., hmac would never need this by relying on
the partial block handling of the underlying hash), and to enable
it set the bit CRYPTO_AHASH_ALG_BLOCK_ONLY.

The export format is always that of the underlying hash export,
plus the partial block buffer, followed by a single-byte for the
partial block length.

Set the bit CRYPTO_AHASH_ALG_FINAL_NONZERO to withhold an extra
byte in the partial block.  This will come in handy when this
is extended to ahash where hardware often can't deal with a
zero-length final.

It will also be used for algorithms requiring an extra block for
finalisation (e.g., cmac).

As an optimisation, set the bit CRYPTO_AHASH_ALG_FINUP_MAX if
the algorithm wishes to get as much data as possible instead of
just the last partial block.

The descriptor will be zeroed after finalisation.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: engine - Realign struct crypto_engine to save 8 bytes
Thorsten Blum [Thu, 17 Apr 2025 22:36:49 +0000 (00:36 +0200)]
crypto: engine - Realign struct crypto_engine to save 8 bytes

Realign struct crypto_engine to reduce its size by 8 bytes. Total size
is now 192 bytes, allowing it to fit within 3 cachelines instead of 4.

pahole output before:

  /* size: 200, cachelines: 4, members: 17 */
  /* sum members: 183, holes: 3, sum holes: 17 */
  /* paddings: 1, sum paddings: 4 */
  /* last cacheline: 8 bytes */

and after:

  /* size: 192, cachelines: 3, members: 17 */
  /* sum members: 183, holes: 2, sum holes: 9 */
  /* paddings: 1, sum paddings: 4 */

No functional changes intended.

Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Herbert Xu [Wed, 23 Apr 2025 01:36:39 +0000 (09:36 +0800)]
Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

Merge crypto tree to pick up scompress off-by-one patch.  The
merge resolution is non-trivial as the dst handling code has been
moved in front of the src.

6 months agocrypto: atmel-sha204a - Set hwrng quality to lowest possible
Marek BehĂșn [Tue, 22 Apr 2025 09:57:18 +0000 (11:57 +0200)]
crypto: atmel-sha204a - Set hwrng quality to lowest possible

According to the review by Bill Cox [1], the Atmel SHA204A random number
generator produces random numbers with very low entropy.

Set the lowest possible entropy for this chip just to be safe.

[1] https://www.metzdowd.com/pipermail/cryptography/2014-December/023858.html

Fixes: da001fb651b00e1d ("crypto: atmel-i2c - add support for SHA204A random number generator")
Cc: <stable@vger.kernel.org>
Signed-off-by: Marek BehĂșn <kabel@kernel.org>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: scomp - Fix off-by-one bug when calculating last page
Herbert Xu [Mon, 21 Apr 2025 03:31:31 +0000 (11:31 +0800)]
crypto: scomp - Fix off-by-one bug when calculating last page

Fix off-by-one bug in the last page calculation for src and dst.

Reported-by: Nhat Pham <nphamcs@gmail.com>
Fixes: 2d3553ecb4e3 ("crypto: scomp - Remove support for some non-trivial SG lists")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: lib/poly1305 - restore ability to remove modules
Eric Biggers [Fri, 18 Apr 2025 04:00:17 +0000 (21:00 -0700)]
crypto: lib/poly1305 - restore ability to remove modules

Though the module_exit functions are now no-ops, they should still be
defined, since otherwise the modules become unremovable.

Fixes: 1f81c58279c7 ("crypto: arm/poly1305 - remove redundant shash algorithm")
Fixes: f4b1a73aec5c ("crypto: arm64/poly1305 - remove redundant shash algorithm")
Fixes: 378a337ab40f ("crypto: powerpc/poly1305 - implement library instead of shash")
Fixes: 21969da642a2 ("crypto: x86/poly1305 - remove redundant shash algorithm")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: lib/chacha - restore ability to remove modules
Eric Biggers [Fri, 18 Apr 2025 03:59:09 +0000 (20:59 -0700)]
crypto: lib/chacha - restore ability to remove modules

Though the module_exit functions are now no-ops, they should still be
defined, since otherwise the modules become unremovable.

Fixes: 08820553f33a ("crypto: arm/chacha - remove the redundant skcipher algorithms")
Fixes: 8c28abede16c ("crypto: arm64/chacha - remove the skcipher algorithms")
Fixes: f7915484c020 ("crypto: powerpc/chacha - remove the skcipher algorithms")
Fixes: ceba0eda8313 ("crypto: riscv/chacha - implement library instead of skcipher")
Fixes: 632ab0978f08 ("crypto: x86/chacha - remove the skcipher algorithms")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: acomp - Add missing return statements in compress/decompress
Herbert Xu [Fri, 18 Apr 2025 02:52:34 +0000 (10:52 +0800)]
crypto: acomp - Add missing return statements in compress/decompress

The return statements were missing which causes REQ_CHAIN algorithms
to execute twice for every request.

Reported-by: Eric Biggers <ebiggers@kernel.org>
Fixes: 64929fe8c0a4 ("crypto: acomp - Remove request chaining")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agoRevert "crypto: testmgr - Add multibuffer acomp testing"
Herbert Xu [Sat, 12 Apr 2025 05:36:51 +0000 (13:36 +0800)]
Revert "crypto: testmgr - Add multibuffer acomp testing"

This reverts commit 99585c2192cb1ce212876e82ef01d1c98c7f4699.

Remove the acomp multibuffer tests as they are buggy.

Reported-by: Dmitry Antipov <dmantipov@yandex.ru>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agopowerpc/crc: Include uaccess.h and others
Herbert Xu [Thu, 17 Apr 2025 02:26:28 +0000 (10:26 +0800)]
powerpc/crc: Include uaccess.h and others

The powerpc crc code was relying on pagefault_disable from being
pulled in by random header files.

Fix this by explicitly including uaccess.h.  Also add other missing
header files to prevent similar problems in future.

Reported-by: Eric Biggers <ebiggers@kernel.org>
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Fixes: 7ba8df47810f ("asm-generic: Make simd.h more resilient")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: public_key - Make sig/tfm local to if clause in software_key_query
Herbert Xu [Wed, 16 Apr 2025 07:48:26 +0000 (15:48 +0800)]
crypto: public_key - Make sig/tfm local to if clause in software_key_query

The recent code changes in this function triggered a false-positive
maybe-uninitialized warning in software_key_query.  Rearrange the
code by moving the sig/tfm variables into the if clause where they
are actually used.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: deflate - Make the acomp walk atomic
Herbert Xu [Tue, 15 Apr 2025 09:23:19 +0000 (17:23 +0800)]
crypto: deflate - Make the acomp walk atomic

Add an atomic flag to the acomp walk and use that in deflate.
Due to the use of a per-cpu context, it is impossible to sleep
during the walk in deflate.

Reported-by: kernel test robot <oliver.sang@intel.com>
Closes: https://lore.kernel.org/oe-lkp/202504151654.4c3b6393-lkp@intel.com
Fixes: 08cabc7d3c86 ("crypto: deflate - Convert to acomp")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: sun8i-ss - use API helpers to setup fallback request
Ovidiu Panait [Mon, 7 Apr 2025 12:36:03 +0000 (15:36 +0300)]
crypto: sun8i-ss - use API helpers to setup fallback request

Rather than setting up the fallback request by hand, use
ahash_request_set_callback() and ahash_request_set_crypt() API helpers
to properly setup the new request.

This also ensures that the completion callback is properly passed down
to the fallback algorithm, which avoids a crash with async fallbacks.

Signed-off-by: Ovidiu Panait <ovidiu.panait.oss@gmail.com>
Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: poly1305 - remove rset and sset fields of poly1305_desc_ctx
Eric Biggers [Sun, 13 Apr 2025 04:54:21 +0000 (21:54 -0700)]
crypto: poly1305 - remove rset and sset fields of poly1305_desc_ctx

These fields are no longer needed, so remove them.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: x86/poly1305 - don't select CRYPTO_LIB_POLY1305_GENERIC
Eric Biggers [Sun, 13 Apr 2025 04:54:20 +0000 (21:54 -0700)]
crypto: x86/poly1305 - don't select CRYPTO_LIB_POLY1305_GENERIC

The x86 Poly1305 code never falls back to the generic code, so selecting
CRYPTO_LIB_POLY1305_GENERIC is unnecessary.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: x86/poly1305 - remove redundant shash algorithm
Eric Biggers [Sun, 13 Apr 2025 04:54:19 +0000 (21:54 -0700)]
crypto: x86/poly1305 - remove redundant shash algorithm

Since crypto/poly1305.c now registers a poly1305-$(ARCH) shash algorithm
that uses the architecture's Poly1305 library functions, individual
architectures no longer need to do the same.  Therefore, remove the
redundant shash algorithm from the arch-specific code and leave just the
library functions there.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: mips/poly1305 - remove redundant shash algorithm
Eric Biggers [Sun, 13 Apr 2025 04:54:18 +0000 (21:54 -0700)]
crypto: mips/poly1305 - remove redundant shash algorithm

Since crypto/poly1305.c now registers a poly1305-$(ARCH) shash algorithm
that uses the architecture's Poly1305 library functions, individual
architectures no longer need to do the same.  Therefore, remove the
redundant shash algorithm from the arch-specific code and leave just the
library functions there.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: mips/poly1305 - drop redundant dependency on CONFIG_MIPS
Eric Biggers [Sun, 13 Apr 2025 04:54:17 +0000 (21:54 -0700)]
crypto: mips/poly1305 - drop redundant dependency on CONFIG_MIPS

arch/mips/crypto/Kconfig is sourced only when CONFIG_MIPS is enabled, so
there is no need for options defined in that file to depend on it.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: arm64/poly1305 - remove redundant shash algorithm
Eric Biggers [Sun, 13 Apr 2025 04:54:16 +0000 (21:54 -0700)]
crypto: arm64/poly1305 - remove redundant shash algorithm

Since crypto/poly1305.c now registers a poly1305-$(ARCH) shash algorithm
that uses the architecture's Poly1305 library functions, individual
architectures no longer need to do the same.  Therefore, remove the
redundant shash algorithm from the arch-specific code and leave just the
library functions there.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: arm/poly1305 - remove redundant shash algorithm
Eric Biggers [Sun, 13 Apr 2025 04:54:15 +0000 (21:54 -0700)]
crypto: arm/poly1305 - remove redundant shash algorithm

Since crypto/poly1305.c now registers a poly1305-$(ARCH) shash algorithm
that uses the architecture's Poly1305 library functions, individual
architectures no longer need to do the same.  Therefore, remove the
redundant shash algorithm from the arch-specific code and leave just the
library functions there.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: poly1305 - centralize the shash wrappers for arch code
Eric Biggers [Sun, 13 Apr 2025 04:54:14 +0000 (21:54 -0700)]
crypto: poly1305 - centralize the shash wrappers for arch code

Following the example of the crc32, crc32c, and chacha code, make the
crypto subsystem register both generic and architecture-optimized
poly1305 shash algorithms, both implemented on top of the appropriate
library functions.  This eliminates the need for every architecture to
implement the same shash glue code.

Note that the poly1305 shash requires that the key be prepended to the
data, which differs from the library functions where the key is simply a
parameter to poly1305_init().  Previously this was handled at a fairly
low level, polluting the library code with shash-specific code.
Reorganize things so that the shash code handles this quirk itself.

Also, to register the architecture-optimized shashes only when
architecture-optimized code is actually being used, add a function
poly1305_is_arch_optimized() and make each arch implement it.  Change
each architecture's Poly1305 module_init function to arch_initcall so
that the CPU feature detection is guaranteed to run before
poly1305_is_arch_optimized() gets called by crypto/poly1305.c.  (In
cases where poly1305_is_arch_optimized() just returns true
unconditionally, using arch_initcall is not strictly needed, but it's
still good to be consistent across architectures.)

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: powerpc/poly1305 - implement library instead of shash
Eric Biggers [Sun, 13 Apr 2025 04:54:13 +0000 (21:54 -0700)]
crypto: powerpc/poly1305 - implement library instead of shash

Currently the Power10 optimized Poly1305 is only wired up to the
crypto_shash API, which makes it unavailable to users of the library
API.  The crypto_shash API for Poly1305 is going to change to be
implemented on top of the library API, so the library API needs to be
supported.  And of course it's needed anyway to serve the library users.

Therefore, change the Power10 optimized Poly1305 code to implement the
library API instead of the crypto_shash API.

Cc: Danny Tsen <dtsen@linux.ibm.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: deadcode structs from 'comp' removal
Dr. David Alan Gilbert [Sat, 12 Apr 2025 23:32:41 +0000 (00:32 +0100)]
crypto: deadcode structs from 'comp' removal

Ard's recent series of patches removing 'comp' implementations
left behind a bunch of trivial structs, remove them.

These are:
  crypto842_ctx - commit 2d985ff0072f ("crypto: 842 - drop obsolete 'comp'
implementation")
  lz4_ctx       - commit 33335afe33c9 ("crypto: lz4 - drop obsolete 'comp'
implementation")
  lz4hc_ctx     - commit dbae96559eef ("crypto: lz4hc - drop obsolete
'comp' implementation")
  lzo_ctx       - commit a3e43a25bad0 ("crypto: lzo - drop obsolete
'comp' implementation")
  lzorle_ctx    - commit d32da55c5b0c ("crypto: lzo-rle - drop obsolete
'comp' implementation")

Signed-off-by: Dr. David Alan Gilbert <linux@treblig.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: cbcmac - Set block size properly
Herbert Xu [Sat, 12 Apr 2025 10:57:36 +0000 (18:57 +0800)]
crypto: cbcmac - Set block size properly

The block size of a hash algorithm is meant to be the number of
bytes its block function can handle.  For cbcmac that should be
the block size of the underlying block cipher instead of one.

Set the block size of all cbcmac implementations accordingly.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: sm3-base - Use sm3_init
Herbert Xu [Sat, 12 Apr 2025 10:57:33 +0000 (18:57 +0800)]
crypto: sm3-base - Use sm3_init

Remove the duplicate init code and simply call sm3_init.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: lib/sm3 - Export generic block function
Herbert Xu [Sat, 12 Apr 2025 10:57:31 +0000 (18:57 +0800)]
crypto: lib/sm3 - Export generic block function

Export the generic block function so that it can be used by the
Crypto API.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6 months agocrypto: lib/sm3 - Move sm3 library into lib/crypto
Herbert Xu [Sat, 12 Apr 2025 10:57:29 +0000 (18:57 +0800)]
crypto: lib/sm3 - Move sm3 library into lib/crypto

Move the sm3 library code into lib/crypto.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>