user/sven/linux.git/include/crypto, branch next/masterLinux Kernel
https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=next%2Fmaster2026-04-07T11:58:31ZMerge branch 'for-next' of https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux.git2026-04-07T11:58:31ZMark Brownbroonie@kernel.org2026-04-07T11:58:20Zurn:sha1:b21fa17bf21c78b5b3c6ee6abbe12d7b0a6db74cMerge branch 'libcrypto-next' of https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git2026-04-07T11:57:04ZMark Brownbroonie@kernel.org2026-04-07T11:57:04Zurn:sha1:84a09031953ba719d2e706251463bb95cb00bb25Merge branch 'master' of https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git2026-04-07T11:57:01ZMark Brownbroonie@kernel.org2026-04-07T11:57:01Zurn:sha1:0595c348f4ba7d53b2e6f94ccc08a8c2115a4875crypto: rng - Make crypto_stdrng_get_bytes() use normal RNG in non-FIPS mode2026-04-03T00:56:12ZEric Biggersebiggers@kernel.org2026-03-26T00:15:05Zurn:sha1:65b3c2f6278516397bebcdbf4698bd3102120ca5
"stdrng" is needed only in "FIPS mode". Therefore, make
crypto_stdrng_get_bytes() delegate to either the normal Linux RNG or to
"stdrng", depending on the current mode.
This will eliminate the need to built the SP800-90A DRBG and its
dependencies into CRYPTO_FIPS=n kernels.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: rng - Unexport "default RNG" symbols2026-04-03T00:56:12ZEric Biggersebiggers@kernel.org2026-03-26T00:15:04Zurn:sha1:bdd2cc93bfd051f05084115faad35f9b5402a194
Now that crypto_default_rng, crypto_get_default_rng(), and
crypto_put_default_rng() have no users outside crypto/rng.c itself,
unexport them and make them static.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: rng - Add crypto_stdrng_get_bytes()2026-04-03T00:56:11ZEric Biggersebiggers@kernel.org2026-03-26T00:14:57Zurn:sha1:52b84667bbdc656b380983262ac6303caf49ef2c
All callers of crypto_get_default_rng() use the following sequence:
crypto_get_default_rng()
crypto_rng_get_bytes(crypto_default_rng, ...)
crypto_put_default_rng()
While it may have been intended that callers amortize the cost of
getting and putting the "default RNG" (i.e. "stdrng") over multiple
calls, in practice that optimization is never used. The callers just
want a function that gets random bytes from the "stdrng".
Therefore, add such a function: crypto_stdrng_get_bytes().
Importantly, this decouples the callers from the crypto_rng API. That
allows a later commit to make this function simply call
get_random_bytes_wait() unless the kernel is in "FIPS mode".
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
lib/crypto: arm64/aes: Remove obsolete chunking logic2026-04-01T20:02:09ZEric Biggersebiggers@kernel.org2026-04-01T00:05:40Zurn:sha1:11d6bc70fff310cf0c4bbfa740144b0e350cd706
Since commit aefbab8e77eb ("arm64: fpsimd: Preserve/restore kernel mode
NEON at context switch"), kernel-mode NEON sections have been
preemptible on arm64. And since commit 7dadeaa6e851 ("sched: Further
restrict the preemption modes"), voluntary preemption is no longer
supported on arm64 either. Therefore, there's no longer any need to
limit the length of kernel-mode NEON sections on arm64.
Simplify the AES-CBC-MAC code accordingly.
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20260401000548.133151-2-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
crypto: algif_aead - Revert to operating out-of-place2026-03-31T08:11:47ZHerbert Xuherbert@gondor.apana.org.au2026-03-26T06:30:20Zurn:sha1:a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5
This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.
There is no benefit in operating in-place in algif_aead since the
source and destination come from different mappings. Get rid of
all the complexity added for in-place operation and just copy the
AD directly.
Fixes: 72548b093ee3 ("crypto: algif_aead - copy AAD from src to dst")
Reported-by: Taeyang Lee <0wn@theori.io>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
lib/crypto: tests: Migrate ChaCha20Poly1305 self-test to KUnit2026-03-30T19:35:30ZEric Biggersebiggers@kernel.org2026-03-27T22:42:29Zurn:sha1:d2a68aba8505ce88b39c34ecb3b707c776af79d4
Move the ChaCha20Poly1305 test from an ad-hoc self-test to a KUnit test.
Keep the same test logic for now, just translated to KUnit.
Moving to KUnit has multiple benefits, such as:
- Consistency with the rest of the lib/crypto/ tests.
- Kernel developers familiar with KUnit, which is used kernel-wide, can
quickly understand the test and how to enable and run it.
- The test will be automatically run by anyone using
lib/crypto/.kunitconfig or KUnit's all_tests.config.
- Results are reported using the standard KUnit mechanism.
- It eliminates one of the few remaining back-references to crypto/ from
lib/crypto/, specifically a reference to CONFIG_CRYPTO_SELFTESTS.
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20260327224229.137532-1-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
crypto: remove HKDF library2026-03-27T14:35:03ZEric Biggersebiggers@kernel.org2026-03-02T07:59:59Zurn:sha1:6d888db2cfd910ad5b2070659e9b2598bbe4081f
Remove crypto/hkdf.c, since it's no longer used. Originally it had two
users, but now both of them just inline the needed HMAC computations
using the HMAC library APIs. That ends up being better, since it
eliminates all the complexity and performance issues associated with the
crypto_shash abstraction and multi-step HMAC input formatting.
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Keith Busch <kbusch@kernel.org>