kernel/linux.git/crypto/testmgr.c, branch v6.19.11

Merge tag 'v6.19-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

2025-12-03T19:28:38+00:00

Pull crypto updates from Herbert Xu: "API: - Rewrite memcpy_sglist from scratch - Add on-stack AEAD request allocation - Fix partial block processing in ahash Algorithms: - Remove ansi_cprng - Remove tcrypt tests for poly1305 - Fix EINPROGRESS processing in authenc - Fix double-free in zstd Drivers: - Use drbg ctr helper when reseeding xilinx-trng - Add support for PCI device 0x115A to ccp - Add support of paes in caam - Add support for aes-xts in dthev2 Others: - Use likely in rhashtable lookup - Fix lockdep false-positive in padata by removing a helper" * tag 'v6.19-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (71 commits) crypto: zstd - fix double-free in per-CPU stream cleanup crypto: ahash - Zero positive err value in ahash_update_finish crypto: ahash - Fix crypto_ahash_import with partial block data crypto: lib/mpi - use min() instead of min_t() crypto: ccp - use min() instead of min_t() hwrng: core - use min3() instead of nested min_t() crypto: aesni - ctr_crypt() use min() instead of min_t() crypto: drbg - Delete unused ctx from struct sdesc crypto: testmgr - Add missing DES weak and semi-weak key tests Revert "crypto: scatterwalk - Move skcipher walk and use it for memcpy_sglist" crypto: scatterwalk - Fix memcpy_sglist() to always succeed crypto: iaa - Request to add Kanchana P Sridhar to Maintainers. crypto: tcrypt - Remove unused poly1305 support crypto: ansi_cprng - Remove unused ansi_cprng algorithm crypto: asymmetric_keys - fix uninitialized pointers with free attribute KEYS: Avoid -Wflex-array-member-not-at-end warning crypto: ccree - Correctly handle return of sg_nents_for_len crypto: starfive - Correctly handle return of sg_nents_for_len crypto: iaa - Fix incorrect return value in save_iaa_wq() crypto: zstd - Remove unnecessary size_t cast ...

crypto: ansi_cprng - Remove unused ansi_cprng algorithm

2025-11-22T02:04:50+00:00

Remove ansi_cprng, since it's obsolete and unused, as confirmed at https://lore.kernel.org/r/aQxpnckYMgAAOLpZ@gondor.apana.org.au/ This was originally added in 2008, apparently as a FIPS approved random number generator. Whether this has ever belonged upstream is questionable. Either way, ansi_cprng is no longer usable for this purpose, since it's been superseded by the more modern algorithms in crypto/drbg.c, and FIPS itself no longer allows it. (NIST SP 800-131A Rev 1 (2015) says that RNGs based on ANSI X9.31 will be disallowed after 2015. NIST SP 800-131A Rev 2 (2019) confirms they are now disallowed.) Therefore, there is no reason to keep it around. Suggested-by: Herbert Xu Cc: Haotian Zhang Cc: Neil Horman Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu

crypto: testmgr - Remove polyval tests

2025-11-11T19:07:52+00:00

These are no longer used, since polyval support has been removed from the crypto_shash API. POLYVAL remains supported via lib/crypto/, where it has a KUnit test suite instead. Reviewed-by: Ard Biesheuvel Link: https://lore.kernel.org/r/20251109234726.638437-9-ebiggers@kernel.org Signed-off-by: Eric Biggers

crypto: hctr2 - Convert to use POLYVAL library

2025-11-11T19:03:38+00:00

The "hash function" in hctr2 is fixed at POLYVAL; it can never vary. Just use the POLYVAL library, which is much easier to use than the crypto_shash API. It's faster, uses fixed-size structs, and never fails (all the functions return void). Note that this eliminates the only known user of the polyval support in crypto_shash. A later commit will remove support for polyval from crypto_shash, given that the library API is sufficient. Reviewed-by: Ard Biesheuvel Link: https://lore.kernel.org/r/20251109234726.638437-7-ebiggers@kernel.org Signed-off-by: Eric Biggers

crypto: sha3 - Reimplement using library API

2025-11-06T04:30:51+00:00

Replace sha3_generic.c with a new file sha3.c which implements the SHA-3 crypto_shash algorithms on top of the SHA-3 library API. Change the driver name suffix from "-generic" to "-lib" to reflect that these algorithms now just use the (possibly arch-optimized) library. This closely mirrors crypto/{md5,sha1,sha256,sha512,blake2b}.c. Implement export_core and import_core, since crypto/hmac.c expects these to be present. (Note that there is no security purpose in wrapping SHA-3 with HMAC. HMAC was designed for older algorithms that don't resist length extension attacks. But since someone could be using "hmac(sha3-*)" via crypto_shash anyway, keep supporting it for now.) Reviewed-by: Ard Biesheuvel Tested-by: Harald Freudenberger Link: https://lore.kernel.org/r/20251026055032.1413733-15-ebiggers@kernel.org Signed-off-by: Eric Biggers

crypto: blake2b - Reimplement using library API

2025-10-30T05:04:24+00:00

Replace blake2b_generic.c with a new file blake2b.c which implements the BLAKE2b crypto_shash algorithms on top of the BLAKE2b library API. Change the driver name suffix from "-generic" to "-lib" to reflect that these algorithms now just use the (possibly arch-optimized) library. This closely mirrors crypto/{md5,sha1,sha256,sha512}.c. Remove include/crypto/internal/blake2b.h since it is no longer used. Likewise, remove struct blake2b_state from include/crypto/blake2b.h. Omit support for import_core and export_core, since there are no legacy drivers that need these for these algorithms. Reviewed-by: Ard Biesheuvel Link: https://lore.kernel.org/r/20251018043106.375964-10-ebiggers@kernel.org Signed-off-by: Eric Biggers

Merge tag 'v6.18-p2' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

2025-10-08T16:38:31+00:00

Pull crypto fixes from Herbert Xu: - Fix zstd regression - Ensure ti driver algorithm are set as async - Revert patch disabling SHA1 in FIPS mode - Fix RNG set_ent null-pointer dereference * tag 'v6.18-p2' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: rng - Ensure set_ent is always present Revert "crypto: testmgr - desupport SHA-1 for FIPS 140" crypto: ti - Add CRYPTO_ALG_ASYNC flag to DTHEv2 AES algos crypto: zstd - Fix compression bug caused by truncation

Revert "crypto: testmgr - desupport SHA-1 for FIPS 140"

2025-10-06T02:10:27+00:00

This reverts commit 9d50a25eeb05c45fef46120f4527885a14c84fb2. Reported-by: Jiri Slaby Reported-by: Jon Kohler Link: https://lore.kernel.org/all/05b7ef65-37bb-4391-9ec9-c382d51bae4d@kernel.org/ Link: https://lore.kernel.org/all/26F8FCC9-B448-4A89-81DF-6BAADA03E174@nutanix.com/ Signed-off-by: Herbert Xu

crypto: testmgr - Remove curve25519 kpp tests

2025-09-06T21:45:49+00:00

Curve25519 is used only via the library API, not the crypto_kpp API. In preparation for removing the unused crypto_kpp API for Curve25519, remove the tests for the "curve25519" kpp from crypto/testmgr.c. Note that these tests just duplicated lib/crypto/curve25519-selftest.c, which uses the same list of test vectors. So they didn't really provide any additional value. Link: https://lore.kernel.org/r/20250906213523.84915-6-ebiggers@kernel.org Signed-off-by: Eric Biggers

crypto: chacha - register only "-lib" drivers

2025-08-29T16:50:19+00:00

For the "chacha20", "xchacha20", and "xchacha12" skcipher algorithms, instead of registering "*-generic" drivers as well as conditionally registering "*-$(ARCH)" drivers, instead just register "*-lib" drivers. These just use the regular library functions, so they just do the right thing and are fully accelerated when supported by the CPU. This eliminates the need for the ChaCha library to support chacha_crypt_generic() and hchacha_block_generic() as part of its external interface. A later commit will make chacha_crypt_generic() a static function. Since this commit removes several "*-generic" driver names which crypto/testmgr.c expects to exist, update testmgr.c accordingly. Reviewed-by: Ard Biesheuvel Link: https://lore.kernel.org/r/20250827151131.27733-3-ebiggers@kernel.org Signed-off-by: Eric Biggers