From 2f5b5ce1e4b89c76a2b177ee689101a274d1a3c6 Mon Sep 17 00:00:00 2001 From: Randy Dunlap Date: Tue, 24 Feb 2026 17:45:00 -0800 Subject: crypto: acomp - repair kernel-doc warnings Correct kernel-doc: - add the @extra function parameter - add "_extra" to the mismatched function name - spell the "cmpl" parameter correctly to avoid these warnings: Warning: include/crypto/acompress.h:251 function parameter 'extra' not described in 'acomp_request_alloc_extra' Warning: include/crypto/acompress.h:251 expecting prototype for acomp_request_alloc(). Prototype was for acomp_request_alloc_extra() instead Warning: include/crypto/acompress.h:327 function parameter 'cmpl' not described in 'acomp_request_set_callback' Signed-off-by: Randy Dunlap Signed-off-by: Herbert Xu --- include/crypto/acompress.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'include/crypto') diff --git a/include/crypto/acompress.h b/include/crypto/acompress.h index 9eacb9fa375d..5d5358dfab73 100644 --- a/include/crypto/acompress.h +++ b/include/crypto/acompress.h @@ -240,9 +240,10 @@ static inline const char *crypto_acomp_driver_name(struct crypto_acomp *tfm) } /** - * acomp_request_alloc() -- allocates asynchronous (de)compression request + * acomp_request_alloc_extra() -- allocates asynchronous (de)compression request * * @tfm: ACOMPRESS tfm handle allocated with crypto_alloc_acomp() + * @extra: amount of extra memory * @gfp: gfp to pass to kzalloc (defaults to GFP_KERNEL) * * Return: allocated handle in case of success or NULL in case of an error @@ -318,7 +319,7 @@ static inline void acomp_request_free(struct acomp_req *req) * * @req: request that the callback will be set for * @flgs: specify for instance if the operation may backlog - * @cmlp: callback which will be called + * @cmpl: callback which will be called * @data: private data used by the caller */ static inline void acomp_request_set_callback(struct acomp_req *req, -- cgit v1.2.3 From 8fe0cdfd9cb073d4090e2f20f16dd4b44de7526e Mon Sep 17 00:00:00 2001 From: Randy Dunlap Date: Tue, 24 Feb 2026 17:45:18 -0800 Subject: crypto: des - fix all kernel-doc warnings Use correct function parameter names and add Returns: sections to eliminate all kernel-doc warnings in des.h: Warning: include/crypto/des.h:41 function parameter 'keylen' not described in 'des_expand_key' Warning: include/crypto/des.h:41 No description found for return value of 'des_expand_key' Warning: include/crypto/des.h:54 function parameter 'keylen' not described in 'des3_ede_expand_key' Warning: include/crypto/des.h:54 No description found for return value of 'des3_ede_expand_key' Signed-off-by: Randy Dunlap Signed-off-by: Herbert Xu --- include/crypto/des.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'include/crypto') diff --git a/include/crypto/des.h b/include/crypto/des.h index 7812b4331ae4..73eec617f480 100644 --- a/include/crypto/des.h +++ b/include/crypto/des.h @@ -34,9 +34,9 @@ void des3_ede_decrypt(const struct des3_ede_ctx *dctx, u8 *dst, const u8 *src); * des_expand_key - Expand a DES input key into a key schedule * @ctx: the key schedule * @key: buffer containing the input key - * @len: size of the buffer contents + * @keylen: size of the buffer contents * - * Returns 0 on success, -EINVAL if the input key is rejected and -ENOKEY if + * Returns: 0 on success, -EINVAL if the input key is rejected and -ENOKEY if * the key is accepted but has been found to be weak. */ int des_expand_key(struct des_ctx *ctx, const u8 *key, unsigned int keylen); @@ -45,9 +45,9 @@ int des_expand_key(struct des_ctx *ctx, const u8 *key, unsigned int keylen); * des3_ede_expand_key - Expand a triple DES input key into a key schedule * @ctx: the key schedule * @key: buffer containing the input key - * @len: size of the buffer contents + * @keylen: size of the buffer contents * - * Returns 0 on success, -EINVAL if the input key is rejected and -ENOKEY if + * Returns: 0 on success, -EINVAL if the input key is rejected and -ENOKEY if * the key is accepted but has been found to be weak. Note that weak keys will * be rejected (and -EINVAL will be returned) when running in FIPS mode. */ -- cgit v1.2.3 From d2ad1cf29a98adafaf85ddd5ccad6e40c14bcff9 Mon Sep 17 00:00:00 2001 From: Randy Dunlap Date: Tue, 24 Feb 2026 17:45:28 -0800 Subject: crypto: ecc - correct kernel-doc format Fix all kernel-doc warnings in ecc.h: - use correct kernel-doc format - add some Returns: sections - fix spelling and parameter names Fixes these warnings: Warning: include/crypto/internal/ecc.h:82 function parameter 'nbytes' not described in 'ecc_digits_from_bytes' Warning: include/crypto/internal/ecc.h:82 function parameter 'out' not described in 'ecc_digits_from_bytes' Warning: include/crypto/internal/ecc.h:95 No description found for return value of 'ecc_is_key_valid' Warning: include/crypto/internal/ecc.h:110 No description found for return value of 'ecc_gen_privkey' Warning: include/crypto/internal/ecc.h:124 No description found for return value of 'ecc_make_pub_key' Warning: include/crypto/internal/ecc.h:143 No description found for return value of 'crypto_ecdh_shared_secret' Warning: include/crypto/internal/ecc.h:182 No description found for return value of 'vli_is_zero' Warning: include/crypto/internal/ecc.h:194 No description found for return value of 'vli_cmp' Warning: include/crypto/internal/ecc.h:209 function parameter 'right' not described in 'vli_sub' Warning: include/crypto/internal/ecc.h:271 expecting prototype for ecc_aloc_point(). Prototype was for ecc_alloc_point() instead Warning: include/crypto/internal/ecc.h:287 function parameter 'point' not described in 'ecc_point_is_zero' Signed-off-by: Randy Dunlap Signed-off-by: Herbert Xu --- include/crypto/internal/ecc.h | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) (limited to 'include/crypto') diff --git a/include/crypto/internal/ecc.h b/include/crypto/internal/ecc.h index 57cd75242141..a4b48d76f53a 100644 --- a/include/crypto/internal/ecc.h +++ b/include/crypto/internal/ecc.h @@ -72,8 +72,8 @@ static inline void ecc_swap_digits(const void *in, u64 *out, unsigned int ndigit /** * ecc_digits_from_bytes() - Create ndigits-sized digits array from byte array * @in: Input byte array - * @nbytes Size of input byte array - * @out Output digits array + * @nbytes: Size of input byte array + * @out: Output digits array * @ndigits: Number of digits to create from byte array * * The first byte in the input byte array is expected to hold the most @@ -90,7 +90,7 @@ void ecc_digits_from_bytes(const u8 *in, unsigned int nbytes, * @private_key: private key to be used for the given curve * @private_key_len: private key length * - * Returns 0 if the key is acceptable, a negative value otherwise + * Returns: 0 if the key is acceptable, a negative value otherwise */ int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits, const u64 *private_key, unsigned int private_key_len); @@ -104,7 +104,7 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits, * @ndigits: curve number of digits * @private_key: buffer for storing the generated private key * - * Returns 0 if the private key was generated successfully, a negative value + * Returns: 0 if the private key was generated successfully, a negative value * if an error occurred. */ int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, @@ -118,7 +118,7 @@ int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, * @private_key: pregenerated private key for the given curve * @public_key: buffer for storing the generated public key * - * Returns 0 if the public key was generated successfully, a negative value + * Returns: 0 if the public key was generated successfully, a negative value * if an error occurred. */ int ecc_make_pub_key(const unsigned int curve_id, unsigned int ndigits, @@ -136,7 +136,7 @@ int ecc_make_pub_key(const unsigned int curve_id, unsigned int ndigits, * Note: It is recommended that you hash the result of crypto_ecdh_shared_secret * before using it for symmetric encryption or HMAC. * - * Returns 0 if the shared secret was generated successfully, a negative value + * Returns: 0 if the shared secret was generated successfully, a negative value * if an error occurred. */ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits, @@ -179,6 +179,8 @@ int ecc_is_pubkey_valid_full(const struct ecc_curve *curve, * * @vli: vli to check. * @ndigits: length of the @vli + * + * Returns: %true if vli == 0, %false otherwise. */ bool vli_is_zero(const u64 *vli, unsigned int ndigits); @@ -189,7 +191,7 @@ bool vli_is_zero(const u64 *vli, unsigned int ndigits); * @right: vli * @ndigits: length of both vlis * - * Returns sign of @left - @right, i.e. -1 if @left < @right, + * Returns: sign of @left - @right, i.e. -1 if @left < @right, * 0 if @left == @right, 1 if @left > @right. */ int vli_cmp(const u64 *left, const u64 *right, unsigned int ndigits); @@ -199,7 +201,7 @@ int vli_cmp(const u64 *left, const u64 *right, unsigned int ndigits); * * @result: where to write result * @left: vli - * @right vli + * @right: vli * @ndigits: length of all vlis * * Note: can modify in-place. @@ -263,7 +265,7 @@ void vli_mod_mult_slow(u64 *result, const u64 *left, const u64 *right, unsigned int vli_num_bits(const u64 *vli, unsigned int ndigits); /** - * ecc_aloc_point() - Allocate ECC point. + * ecc_alloc_point() - Allocate ECC point. * * @ndigits: Length of vlis in u64 qwords. * @@ -281,7 +283,7 @@ void ecc_free_point(struct ecc_point *p); /** * ecc_point_is_zero() - Check if point is zero. * - * @p: Point to check for zero. + * @point: Point to check for zero. * * Return: true if point is the point at infinity, false otherwise. */ -- cgit v1.2.3 From 7c622c4fa8b475df1977bfe3ac5d28d9da0c57fc Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sat, 14 Mar 2026 14:37:20 -0700 Subject: crypto: simd - Remove unused skcipher support Remove the skcipher algorithm support from crypto/simd.c. It is no longer used, and it is unlikely to gain any new user in the future, given the performance issues with this code. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/simd.c | 235 +---------------------------------------- include/crypto/internal/simd.h | 19 ---- 2 files changed, 5 insertions(+), 249 deletions(-) (limited to 'include/crypto') diff --git a/crypto/simd.c b/crypto/simd.c index 4e6f437e9e77..4e29f797709b 100644 --- a/crypto/simd.c +++ b/crypto/simd.c @@ -13,11 +13,11 @@ /* * Shared crypto SIMD helpers. These functions dynamically create and register - * an skcipher or AEAD algorithm that wraps another, internal algorithm. The - * wrapper ensures that the internal algorithm is only executed in a context - * where SIMD instructions are usable, i.e. where may_use_simd() returns true. - * If SIMD is already usable, the wrapper directly calls the internal algorithm. - * Otherwise it defers execution to a workqueue via cryptd. + * an AEAD algorithm that wraps another, internal algorithm. The wrapper + * ensures that the internal algorithm is only executed in a context where SIMD + * instructions are usable, i.e. where may_use_simd() returns true. If SIMD is + * already usable, the wrapper directly calls the internal algorithm. Otherwise + * it defers execution to a workqueue via cryptd. * * This is an alternative to the internal algorithm implementing a fallback for * the !may_use_simd() case itself. @@ -30,236 +30,11 @@ #include #include #include -#include #include #include #include #include -/* skcipher support */ - -struct simd_skcipher_alg { - const char *ialg_name; - struct skcipher_alg alg; -}; - -struct simd_skcipher_ctx { - struct cryptd_skcipher *cryptd_tfm; -}; - -static int simd_skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key, - unsigned int key_len) -{ - struct simd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm); - struct crypto_skcipher *child = &ctx->cryptd_tfm->base; - - crypto_skcipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); - crypto_skcipher_set_flags(child, crypto_skcipher_get_flags(tfm) & - CRYPTO_TFM_REQ_MASK); - return crypto_skcipher_setkey(child, key, key_len); -} - -static int simd_skcipher_encrypt(struct skcipher_request *req) -{ - struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); - struct simd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm); - struct skcipher_request *subreq; - struct crypto_skcipher *child; - - subreq = skcipher_request_ctx(req); - *subreq = *req; - - if (!crypto_simd_usable() || - (in_atomic() && cryptd_skcipher_queued(ctx->cryptd_tfm))) - child = &ctx->cryptd_tfm->base; - else - child = cryptd_skcipher_child(ctx->cryptd_tfm); - - skcipher_request_set_tfm(subreq, child); - - return crypto_skcipher_encrypt(subreq); -} - -static int simd_skcipher_decrypt(struct skcipher_request *req) -{ - struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); - struct simd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm); - struct skcipher_request *subreq; - struct crypto_skcipher *child; - - subreq = skcipher_request_ctx(req); - *subreq = *req; - - if (!crypto_simd_usable() || - (in_atomic() && cryptd_skcipher_queued(ctx->cryptd_tfm))) - child = &ctx->cryptd_tfm->base; - else - child = cryptd_skcipher_child(ctx->cryptd_tfm); - - skcipher_request_set_tfm(subreq, child); - - return crypto_skcipher_decrypt(subreq); -} - -static void simd_skcipher_exit(struct crypto_skcipher *tfm) -{ - struct simd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm); - - cryptd_free_skcipher(ctx->cryptd_tfm); -} - -static int simd_skcipher_init(struct crypto_skcipher *tfm) -{ - struct simd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm); - struct cryptd_skcipher *cryptd_tfm; - struct simd_skcipher_alg *salg; - struct skcipher_alg *alg; - unsigned reqsize; - - alg = crypto_skcipher_alg(tfm); - salg = container_of(alg, struct simd_skcipher_alg, alg); - - cryptd_tfm = cryptd_alloc_skcipher(salg->ialg_name, - CRYPTO_ALG_INTERNAL, - CRYPTO_ALG_INTERNAL); - if (IS_ERR(cryptd_tfm)) - return PTR_ERR(cryptd_tfm); - - ctx->cryptd_tfm = cryptd_tfm; - - reqsize = crypto_skcipher_reqsize(cryptd_skcipher_child(cryptd_tfm)); - reqsize = max(reqsize, crypto_skcipher_reqsize(&cryptd_tfm->base)); - reqsize += sizeof(struct skcipher_request); - - crypto_skcipher_set_reqsize(tfm, reqsize); - - return 0; -} - -struct simd_skcipher_alg *simd_skcipher_create_compat(struct skcipher_alg *ialg, - const char *algname, - const char *drvname, - const char *basename) -{ - struct simd_skcipher_alg *salg; - struct skcipher_alg *alg; - int err; - - salg = kzalloc_obj(*salg); - if (!salg) { - salg = ERR_PTR(-ENOMEM); - goto out; - } - - salg->ialg_name = basename; - alg = &salg->alg; - - err = -ENAMETOOLONG; - if (snprintf(alg->base.cra_name, CRYPTO_MAX_ALG_NAME, "%s", algname) >= - CRYPTO_MAX_ALG_NAME) - goto out_free_salg; - - if (snprintf(alg->base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s", - drvname) >= CRYPTO_MAX_ALG_NAME) - goto out_free_salg; - - alg->base.cra_flags = CRYPTO_ALG_ASYNC | - (ialg->base.cra_flags & CRYPTO_ALG_INHERITED_FLAGS); - alg->base.cra_priority = ialg->base.cra_priority; - alg->base.cra_blocksize = ialg->base.cra_blocksize; - alg->base.cra_alignmask = ialg->base.cra_alignmask; - alg->base.cra_module = ialg->base.cra_module; - alg->base.cra_ctxsize = sizeof(struct simd_skcipher_ctx); - - alg->ivsize = ialg->ivsize; - alg->chunksize = ialg->chunksize; - alg->min_keysize = ialg->min_keysize; - alg->max_keysize = ialg->max_keysize; - - alg->init = simd_skcipher_init; - alg->exit = simd_skcipher_exit; - - alg->setkey = simd_skcipher_setkey; - alg->encrypt = simd_skcipher_encrypt; - alg->decrypt = simd_skcipher_decrypt; - - err = crypto_register_skcipher(alg); - if (err) - goto out_free_salg; - -out: - return salg; - -out_free_salg: - kfree(salg); - salg = ERR_PTR(err); - goto out; -} -EXPORT_SYMBOL_GPL(simd_skcipher_create_compat); - -void simd_skcipher_free(struct simd_skcipher_alg *salg) -{ - crypto_unregister_skcipher(&salg->alg); - kfree(salg); -} -EXPORT_SYMBOL_GPL(simd_skcipher_free); - -int simd_register_skciphers_compat(struct skcipher_alg *algs, int count, - struct simd_skcipher_alg **simd_algs) -{ - int err; - int i; - const char *algname; - const char *drvname; - const char *basename; - struct simd_skcipher_alg *simd; - - for (i = 0; i < count; i++) { - if (WARN_ON(strncmp(algs[i].base.cra_name, "__", 2) || - strncmp(algs[i].base.cra_driver_name, "__", 2))) - return -EINVAL; - } - - err = crypto_register_skciphers(algs, count); - if (err) - return err; - - for (i = 0; i < count; i++) { - algname = algs[i].base.cra_name + 2; - drvname = algs[i].base.cra_driver_name + 2; - basename = algs[i].base.cra_driver_name; - simd = simd_skcipher_create_compat(algs + i, algname, drvname, basename); - err = PTR_ERR(simd); - if (IS_ERR(simd)) - goto err_unregister; - simd_algs[i] = simd; - } - return 0; - -err_unregister: - simd_unregister_skciphers(algs, count, simd_algs); - return err; -} -EXPORT_SYMBOL_GPL(simd_register_skciphers_compat); - -void simd_unregister_skciphers(struct skcipher_alg *algs, int count, - struct simd_skcipher_alg **simd_algs) -{ - int i; - - crypto_unregister_skciphers(algs, count); - - for (i = 0; i < count; i++) { - if (simd_algs[i]) { - simd_skcipher_free(simd_algs[i]); - simd_algs[i] = NULL; - } - } -} -EXPORT_SYMBOL_GPL(simd_unregister_skciphers); - -/* AEAD support */ - struct simd_aead_alg { const char *ialg_name; struct aead_alg alg; diff --git a/include/crypto/internal/simd.h b/include/crypto/internal/simd.h index 9e338e7aafbd..f5e5d7b63951 100644 --- a/include/crypto/internal/simd.h +++ b/include/crypto/internal/simd.h @@ -10,25 +10,6 @@ #include #include -/* skcipher support */ - -struct simd_skcipher_alg; -struct skcipher_alg; - -struct simd_skcipher_alg *simd_skcipher_create_compat(struct skcipher_alg *ialg, - const char *algname, - const char *drvname, - const char *basename); -void simd_skcipher_free(struct simd_skcipher_alg *alg); - -int simd_register_skciphers_compat(struct skcipher_alg *algs, int count, - struct simd_skcipher_alg **simd_algs); - -void simd_unregister_skciphers(struct skcipher_alg *algs, int count, - struct simd_skcipher_alg **simd_algs); - -/* AEAD support */ - struct simd_aead_alg; struct aead_alg; -- cgit v1.2.3 From f9bbd547cfb98b1c5e535aab9b0671a2ff22453a Mon Sep 17 00:00:00 2001 From: Kit Dallege Date: Sun, 15 Mar 2026 15:57:22 +0100 Subject: crypto: add missing kernel-doc for anonymous union members Document the anonymous SKCIPHER_ALG_COMMON and COMP_ALG_COMMON struct members in skcipher_alg, scomp_alg, and acomp_alg, following the existing pattern used by HASH_ALG_COMMON in shash_alg. This fixes the following kernel-doc warnings: include/crypto/skcipher.h:166: struct member 'SKCIPHER_ALG_COMMON' not described in 'skcipher_alg' include/crypto/internal/scompress.h:39: struct member 'COMP_ALG_COMMON' not described in 'scomp_alg' include/crypto/internal/acompress.h:55: struct member 'COMP_ALG_COMMON' not described in 'acomp_alg' Signed-off-by: Kit Dallege Signed-off-by: Herbert Xu --- include/crypto/internal/acompress.h | 1 + include/crypto/internal/scompress.h | 1 + include/crypto/skcipher.h | 1 + 3 files changed, 3 insertions(+) (limited to 'include/crypto') diff --git a/include/crypto/internal/acompress.h b/include/crypto/internal/acompress.h index 9a3f28baa804..9cd37df32dc4 100644 --- a/include/crypto/internal/acompress.h +++ b/include/crypto/internal/acompress.h @@ -42,6 +42,7 @@ * * @base: Common crypto API algorithm data structure * @calg: Cmonn algorithm data structure shared with scomp + * @COMP_ALG_COMMON: see struct comp_alg_common */ struct acomp_alg { int (*compress)(struct acomp_req *req); diff --git a/include/crypto/internal/scompress.h b/include/crypto/internal/scompress.h index 6a2c5f2e90f9..13a0851a995b 100644 --- a/include/crypto/internal/scompress.h +++ b/include/crypto/internal/scompress.h @@ -22,6 +22,7 @@ struct crypto_scomp { * @decompress: Function performs a de-compress operation * @streams: Per-cpu memory for algorithm * @calg: Cmonn algorithm data structure shared with acomp + * @COMP_ALG_COMMON: see struct comp_alg_common */ struct scomp_alg { int (*compress)(struct crypto_scomp *tfm, const u8 *src, diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h index 9e5853464345..4efe2ca8c4d1 100644 --- a/include/crypto/skcipher.h +++ b/include/crypto/skcipher.h @@ -145,6 +145,7 @@ struct skcipher_alg_common SKCIPHER_ALG_COMMON; * considerably more efficient if it can operate on multiple chunks * in parallel. Should be a multiple of chunksize. * @co: see struct skcipher_alg_common + * @SKCIPHER_ALG_COMMON: see struct skcipher_alg_common * * All fields except @ivsize are mandatory and must be filled. */ -- cgit v1.2.3 From 07fa25957a18cff13f1943ecd213c88c0878b968 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Fri, 20 Mar 2026 15:17:27 -0700 Subject: crypto: cryptd - Remove unused functions Many functions in cryptd.c no longer have any caller. Remove them. Also remove several associated structs and includes. Finally, inline cryptd_shash_desc() into its only caller, allowing it to be removed too. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/cryptd.c | 112 +----------------------------------------------- include/crypto/cryptd.h | 33 -------------- 2 files changed, 2 insertions(+), 143 deletions(-) (limited to 'include/crypto') diff --git a/crypto/cryptd.c b/crypto/cryptd.c index cd38f4676176..aba9fe0f23b4 100644 --- a/crypto/cryptd.c +++ b/crypto/cryptd.c @@ -646,7 +646,8 @@ static int cryptd_hash_import(struct ahash_request *req, const void *in) { struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(tfm); - struct shash_desc *desc = cryptd_shash_desc(req); + struct cryptd_hash_request_ctx *rctx = ahash_request_ctx(req); + struct shash_desc *desc = &rctx->desc; desc->tfm = ctx->child; @@ -952,115 +953,6 @@ static struct crypto_template cryptd_tmpl = { .module = THIS_MODULE, }; -struct cryptd_skcipher *cryptd_alloc_skcipher(const char *alg_name, - u32 type, u32 mask) -{ - char cryptd_alg_name[CRYPTO_MAX_ALG_NAME]; - struct cryptd_skcipher_ctx *ctx; - struct crypto_skcipher *tfm; - - if (snprintf(cryptd_alg_name, CRYPTO_MAX_ALG_NAME, - "cryptd(%s)", alg_name) >= CRYPTO_MAX_ALG_NAME) - return ERR_PTR(-EINVAL); - - tfm = crypto_alloc_skcipher(cryptd_alg_name, type, mask); - if (IS_ERR(tfm)) - return ERR_CAST(tfm); - - if (tfm->base.__crt_alg->cra_module != THIS_MODULE) { - crypto_free_skcipher(tfm); - return ERR_PTR(-EINVAL); - } - - ctx = crypto_skcipher_ctx(tfm); - refcount_set(&ctx->refcnt, 1); - - return container_of(tfm, struct cryptd_skcipher, base); -} -EXPORT_SYMBOL_GPL(cryptd_alloc_skcipher); - -struct crypto_skcipher *cryptd_skcipher_child(struct cryptd_skcipher *tfm) -{ - struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(&tfm->base); - - return ctx->child; -} -EXPORT_SYMBOL_GPL(cryptd_skcipher_child); - -bool cryptd_skcipher_queued(struct cryptd_skcipher *tfm) -{ - struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(&tfm->base); - - return refcount_read(&ctx->refcnt) - 1; -} -EXPORT_SYMBOL_GPL(cryptd_skcipher_queued); - -void cryptd_free_skcipher(struct cryptd_skcipher *tfm) -{ - struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(&tfm->base); - - if (refcount_dec_and_test(&ctx->refcnt)) - crypto_free_skcipher(&tfm->base); -} -EXPORT_SYMBOL_GPL(cryptd_free_skcipher); - -struct cryptd_ahash *cryptd_alloc_ahash(const char *alg_name, - u32 type, u32 mask) -{ - char cryptd_alg_name[CRYPTO_MAX_ALG_NAME]; - struct cryptd_hash_ctx *ctx; - struct crypto_ahash *tfm; - - if (snprintf(cryptd_alg_name, CRYPTO_MAX_ALG_NAME, - "cryptd(%s)", alg_name) >= CRYPTO_MAX_ALG_NAME) - return ERR_PTR(-EINVAL); - tfm = crypto_alloc_ahash(cryptd_alg_name, type, mask); - if (IS_ERR(tfm)) - return ERR_CAST(tfm); - if (tfm->base.__crt_alg->cra_module != THIS_MODULE) { - crypto_free_ahash(tfm); - return ERR_PTR(-EINVAL); - } - - ctx = crypto_ahash_ctx(tfm); - refcount_set(&ctx->refcnt, 1); - - return __cryptd_ahash_cast(tfm); -} -EXPORT_SYMBOL_GPL(cryptd_alloc_ahash); - -struct crypto_shash *cryptd_ahash_child(struct cryptd_ahash *tfm) -{ - struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(&tfm->base); - - return ctx->child; -} -EXPORT_SYMBOL_GPL(cryptd_ahash_child); - -struct shash_desc *cryptd_shash_desc(struct ahash_request *req) -{ - struct cryptd_hash_request_ctx *rctx = ahash_request_ctx(req); - return &rctx->desc; -} -EXPORT_SYMBOL_GPL(cryptd_shash_desc); - -bool cryptd_ahash_queued(struct cryptd_ahash *tfm) -{ - struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(&tfm->base); - - return refcount_read(&ctx->refcnt) - 1; -} -EXPORT_SYMBOL_GPL(cryptd_ahash_queued); - -void cryptd_free_ahash(struct cryptd_ahash *tfm) -{ - struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(&tfm->base); - - if (refcount_dec_and_test(&ctx->refcnt)) - crypto_free_ahash(&tfm->base); -} -EXPORT_SYMBOL_GPL(cryptd_free_ahash); - struct cryptd_aead *cryptd_alloc_aead(const char *alg_name, u32 type, u32 mask) { diff --git a/include/crypto/cryptd.h b/include/crypto/cryptd.h index 796d986e58e1..29c5878a3609 100644 --- a/include/crypto/cryptd.h +++ b/include/crypto/cryptd.h @@ -16,39 +16,6 @@ #include #include -#include -#include - -struct cryptd_skcipher { - struct crypto_skcipher base; -}; - -/* alg_name should be algorithm to be cryptd-ed */ -struct cryptd_skcipher *cryptd_alloc_skcipher(const char *alg_name, - u32 type, u32 mask); -struct crypto_skcipher *cryptd_skcipher_child(struct cryptd_skcipher *tfm); -/* Must be called without moving CPUs. */ -bool cryptd_skcipher_queued(struct cryptd_skcipher *tfm); -void cryptd_free_skcipher(struct cryptd_skcipher *tfm); - -struct cryptd_ahash { - struct crypto_ahash base; -}; - -static inline struct cryptd_ahash *__cryptd_ahash_cast( - struct crypto_ahash *tfm) -{ - return (struct cryptd_ahash *)tfm; -} - -/* alg_name should be algorithm to be cryptd-ed */ -struct cryptd_ahash *cryptd_alloc_ahash(const char *alg_name, - u32 type, u32 mask); -struct crypto_shash *cryptd_ahash_child(struct cryptd_ahash *tfm); -struct shash_desc *cryptd_shash_desc(struct ahash_request *req); -/* Must be called without moving CPUs. */ -bool cryptd_ahash_queued(struct cryptd_ahash *tfm); -void cryptd_free_ahash(struct cryptd_ahash *tfm); struct cryptd_aead { struct crypto_aead base; -- cgit v1.2.3 From 52b84667bbdc656b380983262ac6303caf49ef2c Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 25 Mar 2026 17:14:57 -0700 Subject: crypto: rng - Add crypto_stdrng_get_bytes() All callers of crypto_get_default_rng() use the following sequence: crypto_get_default_rng() crypto_rng_get_bytes(crypto_default_rng, ...) crypto_put_default_rng() While it may have been intended that callers amortize the cost of getting and putting the "default RNG" (i.e. "stdrng") over multiple calls, in practice that optimization is never used. The callers just want a function that gets random bytes from the "stdrng". Therefore, add such a function: crypto_stdrng_get_bytes(). Importantly, this decouples the callers from the crypto_rng API. That allows a later commit to make this function simply call get_random_bytes_wait() unless the kernel is in "FIPS mode". Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/rng.c | 14 ++++++++++++++ include/crypto/rng.h | 13 +++++++++++++ 2 files changed, 27 insertions(+) (limited to 'include/crypto') diff --git a/crypto/rng.c b/crypto/rng.c index c6165c8eb387..53a268ad5104 100644 --- a/crypto/rng.c +++ b/crypto/rng.c @@ -145,6 +145,20 @@ void crypto_put_default_rng(void) } EXPORT_SYMBOL_GPL(crypto_put_default_rng); +int crypto_stdrng_get_bytes(void *buf, unsigned int len) +{ + int err; + + err = crypto_get_default_rng(); + if (err) + return err; + + err = crypto_rng_get_bytes(crypto_default_rng, buf, len); + crypto_put_default_rng(); + return err; +} +EXPORT_SYMBOL_GPL(crypto_stdrng_get_bytes); + #if defined(CONFIG_CRYPTO_RNG) || defined(CONFIG_CRYPTO_RNG_MODULE) int crypto_del_default_rng(void) { diff --git a/include/crypto/rng.h b/include/crypto/rng.h index d451b54b322a..db6c3962a7df 100644 --- a/include/crypto/rng.h +++ b/include/crypto/rng.h @@ -62,6 +62,19 @@ extern struct crypto_rng *crypto_default_rng; int crypto_get_default_rng(void); void crypto_put_default_rng(void); +/** + * crypto_stdrng_get_bytes() - get cryptographically secure random bytes + * @buf: output buffer holding the random numbers + * @len: length of the output buffer + * + * This function fills the caller-allocated buffer with random numbers using the + * highest-priority "stdrng" algorithm in the crypto_rng subsystem. + * + * Context: May sleep + * Return: 0 function was successful; < 0 if an error occurred + */ +int crypto_stdrng_get_bytes(void *buf, unsigned int len); + /** * DOC: Random number generator API * -- cgit v1.2.3 From bdd2cc93bfd051f05084115faad35f9b5402a194 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 25 Mar 2026 17:15:04 -0700 Subject: crypto: rng - Unexport "default RNG" symbols Now that crypto_default_rng, crypto_get_default_rng(), and crypto_put_default_rng() have no users outside crypto/rng.c itself, unexport them and make them static. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/rng.c | 9 +++------ include/crypto/rng.h | 5 ----- 2 files changed, 3 insertions(+), 11 deletions(-) (limited to 'include/crypto') diff --git a/crypto/rng.c b/crypto/rng.c index 53a268ad5104..f52f4793f9ea 100644 --- a/crypto/rng.c +++ b/crypto/rng.c @@ -24,8 +24,7 @@ #include "internal.h" static DEFINE_MUTEX(crypto_default_rng_lock); -struct crypto_rng *crypto_default_rng; -EXPORT_SYMBOL_GPL(crypto_default_rng); +static struct crypto_rng *crypto_default_rng; static int crypto_default_rng_refcnt; int crypto_rng_reset(struct crypto_rng *tfm, const u8 *seed, unsigned int slen) @@ -106,7 +105,7 @@ struct crypto_rng *crypto_alloc_rng(const char *alg_name, u32 type, u32 mask) } EXPORT_SYMBOL_GPL(crypto_alloc_rng); -int crypto_get_default_rng(void) +static int crypto_get_default_rng(void) { struct crypto_rng *rng; int err; @@ -135,15 +134,13 @@ unlock: return err; } -EXPORT_SYMBOL_GPL(crypto_get_default_rng); -void crypto_put_default_rng(void) +static void crypto_put_default_rng(void) { mutex_lock(&crypto_default_rng_lock); crypto_default_rng_refcnt--; mutex_unlock(&crypto_default_rng_lock); } -EXPORT_SYMBOL_GPL(crypto_put_default_rng); int crypto_stdrng_get_bytes(void *buf, unsigned int len) { diff --git a/include/crypto/rng.h b/include/crypto/rng.h index db6c3962a7df..f61e037afed9 100644 --- a/include/crypto/rng.h +++ b/include/crypto/rng.h @@ -57,11 +57,6 @@ struct crypto_rng { struct crypto_tfm base; }; -extern struct crypto_rng *crypto_default_rng; - -int crypto_get_default_rng(void); -void crypto_put_default_rng(void); - /** * crypto_stdrng_get_bytes() - get cryptographically secure random bytes * @buf: output buffer holding the random numbers -- cgit v1.2.3 From 65b3c2f6278516397bebcdbf4698bd3102120ca5 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 25 Mar 2026 17:15:05 -0700 Subject: crypto: rng - Make crypto_stdrng_get_bytes() use normal RNG in non-FIPS mode "stdrng" is needed only in "FIPS mode". Therefore, make crypto_stdrng_get_bytes() delegate to either the normal Linux RNG or to "stdrng", depending on the current mode. This will eliminate the need to built the SP800-90A DRBG and its dependencies into CRYPTO_FIPS=n kernels. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/rng.c | 4 ++-- include/crypto/rng.h | 15 +++++++++++++-- 2 files changed, 15 insertions(+), 4 deletions(-) (limited to 'include/crypto') diff --git a/crypto/rng.c b/crypto/rng.c index f52f4793f9ea..1d4b9177bad4 100644 --- a/crypto/rng.c +++ b/crypto/rng.c @@ -142,7 +142,7 @@ static void crypto_put_default_rng(void) mutex_unlock(&crypto_default_rng_lock); } -int crypto_stdrng_get_bytes(void *buf, unsigned int len) +int __crypto_stdrng_get_bytes(void *buf, unsigned int len) { int err; @@ -154,7 +154,7 @@ int crypto_stdrng_get_bytes(void *buf, unsigned int len) crypto_put_default_rng(); return err; } -EXPORT_SYMBOL_GPL(crypto_stdrng_get_bytes); +EXPORT_SYMBOL_GPL(__crypto_stdrng_get_bytes); #if defined(CONFIG_CRYPTO_RNG) || defined(CONFIG_CRYPTO_RNG_MODULE) int crypto_del_default_rng(void) diff --git a/include/crypto/rng.h b/include/crypto/rng.h index f61e037afed9..07f494b2c881 100644 --- a/include/crypto/rng.h +++ b/include/crypto/rng.h @@ -12,6 +12,8 @@ #include #include #include +#include +#include struct crypto_rng; @@ -57,18 +59,27 @@ struct crypto_rng { struct crypto_tfm base; }; +int __crypto_stdrng_get_bytes(void *buf, unsigned int len); + /** * crypto_stdrng_get_bytes() - get cryptographically secure random bytes * @buf: output buffer holding the random numbers * @len: length of the output buffer * * This function fills the caller-allocated buffer with random numbers using the - * highest-priority "stdrng" algorithm in the crypto_rng subsystem. + * normal Linux RNG if fips_enabled=0, or the highest-priority "stdrng" + * algorithm in the crypto_rng subsystem if fips_enabled=1. * * Context: May sleep * Return: 0 function was successful; < 0 if an error occurred */ -int crypto_stdrng_get_bytes(void *buf, unsigned int len); +static inline int crypto_stdrng_get_bytes(void *buf, unsigned int len) +{ + might_sleep(); + if (fips_enabled) + return __crypto_stdrng_get_bytes(buf, len); + return get_random_bytes_wait(buf, len); +} /** * DOC: Random number generator API -- cgit v1.2.3 From 2418431211d5d348245a79b41cf0cb89bcadc27b Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Tue, 31 Mar 2026 17:36:29 +0900 Subject: crypto: geniv - Remove unused spinlock from struct aead_geniv_ctx The spin lock in geniv hasn't been used in over 10 years. Remove it. Signed-off-by: Herbert Xu --- crypto/geniv.c | 2 -- include/crypto/internal/geniv.h | 2 -- 2 files changed, 4 deletions(-) (limited to 'include/crypto') diff --git a/crypto/geniv.c b/crypto/geniv.c index c619a5ad2fc1..04befe3a7f44 100644 --- a/crypto/geniv.c +++ b/crypto/geniv.c @@ -112,8 +112,6 @@ int aead_init_geniv(struct crypto_aead *aead) struct crypto_aead *child; int err; - spin_lock_init(&ctx->lock); - err = crypto_stdrng_get_bytes(ctx->salt, crypto_aead_ivsize(aead)); if (err) goto out; diff --git a/include/crypto/internal/geniv.h b/include/crypto/internal/geniv.h index 012f5fb22d43..e38d9f0487ec 100644 --- a/include/crypto/internal/geniv.h +++ b/include/crypto/internal/geniv.h @@ -9,11 +9,9 @@ #define _CRYPTO_INTERNAL_GENIV_H #include -#include #include struct aead_geniv_ctx { - spinlock_t lock; struct crypto_aead *child; u8 salt[] __attribute__ ((aligned(__alignof__(u32)))); }; -- cgit v1.2.3