Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=master 2026-03-24T00:50:59+00:00 2026-03-24T00:50:59+00:00 Eric Biggers ebiggers@kernel.org 2026-03-21T04:09:35+00:00 urn:sha1:e37f28529b380265904af64996d34c647d917ef1 Update one driver that used sizeof(struct sm3_state) to use sizeof(struct sm3_ctx) instead. Then, remove struct sm3_state and SM3_STATE_SIZE. This completes the replacement of struct sm3_state with struct sm3_ctx. Acked-by: Ard Biesheuvel <ardb@kernel.org> Link: https://lore.kernel.org/r/20260321040935.410034-13-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@kernel.org> 2026-03-24T00:50:59+00:00 Eric Biggers ebiggers@kernel.org 2026-03-21T04:09:29+00:00 urn:sha1:ed065bd06ebe8d92d1647d230a14b9c035ad5b30 Reimplement the "sm3" crypto_shash on top of the SM3 library, closely mirroring the other hash algorithms (e.g. SHA-*). The result, after later commits migrate the architecture-optimized SM3 code into the library as well, is that crypto/sm3.c will be the single point of integration between crypto_shash and the actual SM3 implementations, simplifying the code. Note: to see the diff from crypto/sm3_generic.c to crypto/sm3.c, view this commit with 'git show -M10'. Acked-by: Ard Biesheuvel <ardb@kernel.org> Link: https://lore.kernel.org/r/20260321040935.410034-7-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@kernel.org> 2026-03-24T00:50:59+00:00 Eric Biggers ebiggers@kernel.org 2026-03-21T04:09:26+00:00 urn:sha1:6dc7fce91041ec8d2f5e6fd589ee2962898d9f44 The kconfig options for generic crypto API modules have traditionally *not* had a "_GENERIC" suffix. Also, the "_GENERIC" suffix will make even less sense once the architecture-optimized SM3 code is moved into lib/crypto/ and the "sm3" crypto_shash is reimplemented on top of that. Thus, rename CRYPTO_SM3_GENERIC to CRYPTO_SM3. Acked-by: Ard Biesheuvel <ardb@kernel.org> Link: https://lore.kernel.org/r/20260321040935.410034-4-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@kernel.org> 2026-03-23T23:44:29+00:00 Eric Biggers ebiggers@kernel.org 2026-03-19T06:17:16+00:00 urn:sha1:9f4e9553a1f40841ebce9ab749896e9312b1701b Make the "gcm" template access GHASH using the library API instead of crypto_ahash. This is much simpler and more efficient, especially given that all GHASH implementations are synchronous and CPU-based anyway. Note that this allows "ghash" to be removed from the crypto_ahash (and crypto_shash) API, which a later commit will do. This mirrors the similar cleanup that was done with POLYVAL. Acked-by: Ard Biesheuvel <ardb@kernel.org> Link: https://lore.kernel.org/r/20260319061723.1140720-16-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@kernel.org> 2026-03-09T20:27:20+00:00 Eric Biggers ebiggers@kernel.org 2026-02-18T21:34:48+00:00 urn:sha1:7137cbf2b5c9feb6302d6da116eab2047c5f05d2 Update the "aes" module to implement "cmac(aes)", "xcbc(aes)", and "cbcmac(aes)" algorithms using the corresponding library functions, and register these with the crypto_shash API. Each algorithm is included only if the corresponding existing kconfig option is enabled. This allows the architecture-optimized implementations of these algorithms to continue to be accessible via the crypto_shash API once they are migrated into the library. For "xcbc(aes)", I also fixed the bug where AES key lengths other than 128 bits were allowed, so that this bug didn't have to be implemented in the library. The AES-XCBC-MAC specification (RFC 3566) is clear that key lengths other than 128 bits MUST NOT be supported. AES-XCBC-MAC derives a 128-bit subkey internally, so the nonstandard support for longer AES keys didn't really work: AES-128 was still used internally. In the unlikely event that someone is actually relying on the broken and nonstandard support for longer AES-XCBC-MAC keys, we can fairly easily reintroduce it. But it seems unnecessary: the only user of "xcbc(aes)" seems to be IPsec, which uses 128-bit keys with it. Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Link: https://lore.kernel.org/r/20260218213501.136844-3-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@kernel.org> 2026-02-10T16:36:42+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-10T16:36:42+00:00 urn:sha1:08df88fa142f3ba298bf0f7840fa9187e2fb5956 Pull crypto update from Herbert Xu: "API: - Fix race condition in hwrng core by using RCU Algorithms: - Allow authenc(sha224,rfc3686) in fips mode - Add test vectors for authenc(hmac(sha384),cbc(aes)) - Add test vectors for authenc(hmac(sha224),cbc(aes)) - Add test vectors for authenc(hmac(md5),cbc(des3_ede)) - Add lz4 support in hisi_zip - Only allow clear key use during self-test in s390/{phmac,paes} Drivers: - Set rng quality to 900 in airoha - Add gcm(aes) support for AMD/Xilinx Versal device - Allow tfms to share device in hisilicon/trng" * tag 'v7.0-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (100 commits) crypto: img-hash - Use unregister_ahashes in img_{un}register_algs crypto: testmgr - Add test vectors for authenc(hmac(md5),cbc(des3_ede)) crypto: cesa - Simplify return statement in mv_cesa_dequeue_req_locked crypto: testmgr - Add test vectors for authenc(hmac(sha224),cbc(aes)) crypto: testmgr - Add test vectors for authenc(hmac(sha384),cbc(aes)) hwrng: core - use RCU and work_struct to fix race condition crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req() crypto: xilinx - Fix inconsistant indentation crypto: rng - Use unregister_rngs in register_rngs crypto: atmel - Use unregister_{aeads,ahashes,skciphers} hwrng: optee - simplify OP-TEE context match crypto: ccp - Add sysfs attribute for boot integrity dt-bindings: crypto: atmel,at91sam9g46-sha: add microchip,lan9691-sha dt-bindings: crypto: atmel,at91sam9g46-aes: add microchip,lan9691-aes dt-bindings: crypto: qcom,inline-crypto-engine: document the Milos ICE crypto: caam - fix netdev memory leak in dpaa2_caam_probe crypto: hisilicon/qm - increase wait time for mailbox crypto: hisilicon/qm - obtain the mailbox configuration at one time crypto: hisilicon/qm - remove unnecessary code in qm_mb_write() crypto: hisilicon/qm - move the barrier before writing to the mailbox register ... 2026-02-06T10:52:22+00:00 Zilin Guan zilin@seu.edu.cn 2026-01-29T15:10:16+00:00 urn:sha1:ccb679fdae2e62ed92fd9acb25ed809c0226fcc6 The starfive_aes_aead_do_one_req() function allocates rctx->adata with kzalloc() but fails to free it if sg_copy_to_buffer() or starfive_aes_hw_init() fails, which lead to memory leaks. Since rctx->adata is unconditionally freed after the write_adata operations, ensure consistent cleanup by freeing the allocation in these earlier error paths as well. Compile tested only. Issue found using a prototype static analysis tool and code review. Fixes: 7467147ef9bf ("crypto: starfive - Use dma for aes requests") Signed-off-by: Zilin Guan <zilin@seu.edu.cn> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2026-01-12T19:39:58+00:00 Eric Biggers ebiggers@kernel.org 2026-01-12T19:20:07+00:00 urn:sha1:a2484474272ef98d9580d8c610b0f7c6ed2f146c Now that the AES library's performance has been improved, replace aes_generic.c with a new file aes.c which wraps the AES library. In preparation for making the AES library actually utilize the kernel's existing architecture-optimized AES code including AES instructions, set the driver name to "aes-lib" instead of "aes-generic". This mirrors what's been done for the hash algorithms. Update testmgr.c accordingly. Since this removes the crypto_aes_set_key() helper function, add temporary replacements for it to arch/arm/crypto/aes-cipher-glue.c and arch/arm64/crypto/aes-cipher-glue.c. This is temporary, as that code will be migrated into lib/crypto/ in later commits. Acked-by: Ard Biesheuvel <ardb@kernel.org> Link: https://lore.kernel.org/r/20260112192035.10427-10-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@kernel.org> 2025-12-19T06:47:46+00:00 Gustavo A. R. Silva gustavoars@kernel.org 2025-11-21T03:56:21+00:00 urn:sha1:b6f27c0ad00896b6ef20aa78a4282c7cc63ab56b -Wflex-array-member-not-at-end was introduced in GCC-14, and we are getting ready to enable it, globally. Move the conflicting declaration to the end of the corresponding structure. Notice that `struct ahash_request` is a flexible structure, this is a structure that contains a flexible-array member. With these changes fix the following warning: drivers/crypto/starfive/jh7110-cryp.h:219:49: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2025-11-22T02:04:49+00:00 Haotian Zhang vulab@iscas.ac.cn 2025-11-10T06:54:38+00:00 urn:sha1:e9eb52037a529fbb307c290e9951a62dd728b03d The return value of sg_nents_for_len was assigned to an unsigned long in starfive_hash_digest, causing negative error codes to be converted to large positive integers. Add error checking for sg_nents_for_len and return immediately on failure to prevent potential buffer overflows. Fixes: 7883d1b28a2b ("crypto: starfive - Add hash and HMAC support") Signed-off-by: Haotian Zhang <vulab@iscas.ac.cn> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>