kernel/linux.git/crypto/internal.h, branch v6.18.21Linux kernel stable tree (mirror)https://git.radix-linux.su/kernel/linux.git/atom?h=v6.18.212025-05-12T05:33:14+00:00crypto: testmgr - replace CRYPTO_MANAGER_DISABLE_TESTS with CRYPTO_SELFTESTS2025-05-12T05:33:14+00:00Eric Biggersebiggers@google.com2025-05-05T20:33:41+00:00urn:sha1:40b9969796bfa49ed1b0f7ddc254f48cb2ac6d2c
The negative-sense of CRYPTO_MANAGER_DISABLE_TESTS is a longstanding
mistake that regularly causes confusion. Especially bad is that you can
have CRYPTO=n && CRYPTO_MANAGER_DISABLE_TESTS=n, which is ambiguous.
Replace CRYPTO_MANAGER_DISABLE_TESTS with CRYPTO_SELFTESTS which has the
expected behavior.
The tests continue to be disabled by default.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: api - Add support for duplicating algorithms before registration2025-04-16T07:36:24+00:00Herbert Xuherbert@gondor.apana.org.au2025-04-12T05:16:43+00:00urn:sha1:f1440a90465bea1993f937ac7add592ce1e4ff44
If the bit CRYPTO_ALG_DUP_FIRST is set, an algorithm will be
duplicated by kmemdup before registration. This is inteded for
hardware-based algorithms that may be unplugged at will.
Do not use this if the algorithm data structure is embedded in a
bigger data structure. Perform the duplication in the driver
instead.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: api - Ensure cra_type->destroy is done in process context2025-04-07T05:22:25+00:00Herbert Xuherbert@gondor.apana.org.au2025-03-17T08:33:57+00:00urn:sha1:138804c2c18ca8bd1443dea173b3cc2643995919
Move the cra_type->destroy call out of crypto_alg_put and into
crypto_unregister_alg and crypto_free_instance. This ensures
that it's always done in process context so calls such as flush_work
can be done.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: api - Add cra_type->destroy hook2025-03-15T08:21:22+00:00Herbert Xuherbert@gondor.apana.org.au2025-03-09T02:43:12+00:00urn:sha1:3d6979bf3bd51f47e889327e10e4653d55168c21
Add a cra_type->destroy hook so that resources can be freed after
the last user of a registered algorithm is gone.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: api - Move struct crypto_type into internal.h2025-03-08T08:23:22+00:00Herbert Xuherbert@gondor.apana.org.au2025-02-25T05:03:26+00:00urn:sha1:c3e054dbdb08fef653ea3ef9e6dca449a214c976
Move the definition of struct crypto_type into internal.h as it
is only used by API implementors and not algorithm implementors.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: akcipher - Drop sign/verify operations2024-10-05T05:22:04+00:00Lukas Wunnerlukas@wunner.de2024-09-10T14:30:21+00:00urn:sha1:6b34562f0cfe81f1f207fc7c146c4ff4b31eb625
A sig_alg backend has just been introduced and all asymmetric
sign/verify algorithms have been migrated to it.
The sign/verify operations can thus be dropped from akcipher_alg.
It is now purely for asymmetric encrypt/decrypt.
Move struct crypto_akcipher_sync_data from internal.h to akcipher.c and
unexport crypto_akcipher_sync_{prep,post}(): They're no longer used by
sig.c but only locally in akcipher.c.
In crypto_akcipher_sync_{prep,post}(), drop various NULL pointer checks
for data->dst as they were only necessary for the verify operation.
In the crypto_sig_*() API calls, remove the forks that were necessary
while algorithms were converted from crypto_akcipher to crypto_sig
one by one.
In struct akcipher_testvec, remove the "params", "param_len" and "algo"
elements as they were only needed for the ecrdsa verify operation.
Remove corresponding dead code from test_akcipher_one() as well.
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: api - Do not wait for tests during registration2024-08-24T13:39:15+00:00Herbert Xuherbert@gondor.apana.org.au2024-08-17T06:57:40+00:00urn:sha1:37da5d0ffa7b61f79156fbbd3369f17b9a1638bd
As registration is usually carried out during module init, this
is a context where as little work as possible should be carried
out. Testing may trigger module loads of underlying components,
which could even lead back to the module that is registering at
the moment. This may lead to dead-locks outside of the Crypto API.
Avoid this by not waiting for the tests to complete. They will
be scheduled but completion will be asynchronous. Any users will
still wait for completion.
Reported-by: Russell King <linux@armlinux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: api - Disable boot-test-finished if algapi is a module2024-05-31T09:34:56+00:00Herbert Xuherbert@gondor.apana.org.au2024-05-21T02:54:50+00:00urn:sha1:f9110822fca5b92daefc2bfae4cfcda7dcfb03c9
The boot-test-finished toggle is only necessary if algapi
is built into the kernel. Do not include this code if it is a module.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: sig - Fix verify call2023-06-27T07:40:24+00:00Herbert Xuherbert@gondor.apana.org.au2023-06-26T10:33:44+00:00urn:sha1:891ebfdfa3d08bf55ebec523c99bb68ac9c34cf7
The dst SG list needs to be set to NULL for verify calls. Do
this as otherwise the underlying algorithm may fail.
Furthermore the digest needs to be copied just like the source.
Fixes: 6cb8815f41a9 ("crypto: sig - Add interface for sign/verify")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: sig - Add interface for sign/verify2023-06-23T08:15:36+00:00Herbert Xuherbert@gondor.apana.org.au2023-06-15T10:28:48+00:00urn:sha1:6cb8815f41a966b217c0d9826c592254d72dcc31
Split out the sign/verify functionality from the existing akcipher
interface. Most algorithms in akcipher either support encryption
and decryption, or signing and verify. Only one supports both.
As a signature algorithm may not support encryption at all, these
two should be spearated.
For now sig is simply a wrapper around akcipher as all algorithms
remain unchanged. This is a first step and allows users to start
allocating sig instead of akcipher.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>