kernel/linux.git/include/crypto, branch v6.19.11

Merge tag 'v6.19-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

2025-12-03T19:28:38+00:00

Pull crypto updates from Herbert Xu: "API: - Rewrite memcpy_sglist from scratch - Add on-stack AEAD request allocation - Fix partial block processing in ahash Algorithms: - Remove ansi_cprng - Remove tcrypt tests for poly1305 - Fix EINPROGRESS processing in authenc - Fix double-free in zstd Drivers: - Use drbg ctr helper when reseeding xilinx-trng - Add support for PCI device 0x115A to ccp - Add support of paes in caam - Add support for aes-xts in dthev2 Others: - Use likely in rhashtable lookup - Fix lockdep false-positive in padata by removing a helper" * tag 'v6.19-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (71 commits) crypto: zstd - fix double-free in per-CPU stream cleanup crypto: ahash - Zero positive err value in ahash_update_finish crypto: ahash - Fix crypto_ahash_import with partial block data crypto: lib/mpi - use min() instead of min_t() crypto: ccp - use min() instead of min_t() hwrng: core - use min3() instead of nested min_t() crypto: aesni - ctr_crypt() use min() instead of min_t() crypto: drbg - Delete unused ctx from struct sdesc crypto: testmgr - Add missing DES weak and semi-weak key tests Revert "crypto: scatterwalk - Move skcipher walk and use it for memcpy_sglist" crypto: scatterwalk - Fix memcpy_sglist() to always succeed crypto: iaa - Request to add Kanchana P Sridhar to Maintainers. crypto: tcrypt - Remove unused poly1305 support crypto: ansi_cprng - Remove unused ansi_cprng algorithm crypto: asymmetric_keys - fix uninitialized pointers with free attribute KEYS: Avoid -Wflex-array-member-not-at-end warning crypto: ccree - Correctly handle return of sg_nents_for_len crypto: starfive - Correctly handle return of sg_nents_for_len crypto: iaa - Fix incorrect return value in save_iaa_wq() crypto: zstd - Remove unnecessary size_t cast ...

Merge tag 'libcrypto-at-least-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux

2025-12-03T02:26:54+00:00

Pull 'at_least' array size update from Eric Biggers: "C supports lower bounds on the sizes of array parameters, using the static keyword as follows: 'void f(int a[static 32]);'. This allows the compiler to warn about a too-small array being passed. As discussed, this reuse of the 'static' keyword, while standard, is a bit obscure. Therefore, add an alias 'at_least' to compiler_types.h. Then, add this 'at_least' annotation to the array parameters of various crypto library functions" * tag 'libcrypto-at-least-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux: lib/crypto: sha2: Add at_least decoration to fixed-size array params lib/crypto: sha1: Add at_least decoration to fixed-size array params lib/crypto: poly1305: Add at_least decoration to fixed-size array params lib/crypto: md5: Add at_least decoration to fixed-size array params lib/crypto: curve25519: Add at_least decoration to fixed-size array params lib/crypto: chacha: Add at_least decoration to fixed-size array params lib/crypto: chacha20poly1305: Statically check fixed array lengths compiler_types: introduce at_least parameter decoration pseudo keyword wifi: iwlwifi: trans: rename at_least variable to min_mode

lib/crypto: sha2: Add at_least decoration to fixed-size array params

2025-11-23T20:19:47+00:00

Add the at_least (i.e. 'static') decoration to the fixed-size array parameters of the sha2 library functions. This causes clang to warn when a too-small array of known size is passed. Acked-by: Ard Biesheuvel Acked-by: "Jason A. Donenfeld" Link: https://lore.kernel.org/r/20251122194206.31822-7-ebiggers@kernel.org Signed-off-by: Eric Biggers

lib/crypto: sha1: Add at_least decoration to fixed-size array params

2025-11-23T20:19:47+00:00

Add the at_least (i.e. 'static') decoration to the fixed-size array parameters of the sha1 library functions. This causes clang to warn when a too-small array of known size is passed. Acked-by: Ard Biesheuvel Acked-by: "Jason A. Donenfeld" Link: https://lore.kernel.org/r/20251122194206.31822-6-ebiggers@kernel.org Signed-off-by: Eric Biggers

lib/crypto: poly1305: Add at_least decoration to fixed-size array params

2025-11-23T20:19:47+00:00

Add the at_least (i.e. 'static') decoration to the fixed-size array parameters of the poly1305 library functions. This causes clang to warn when a too-small array of known size is passed. Acked-by: Ard Biesheuvel Acked-by: "Jason A. Donenfeld" Link: https://lore.kernel.org/r/20251122194206.31822-5-ebiggers@kernel.org Signed-off-by: Eric Biggers

lib/crypto: md5: Add at_least decoration to fixed-size array params

2025-11-23T20:19:47+00:00

Add the at_least (i.e. 'static') decoration to the fixed-size array parameters of the md5 library functions. This causes clang to warn when a too-small array of known size is passed. Acked-by: Ard Biesheuvel Acked-by: "Jason A. Donenfeld" Link: https://lore.kernel.org/r/20251122194206.31822-4-ebiggers@kernel.org Signed-off-by: Eric Biggers

lib/crypto: curve25519: Add at_least decoration to fixed-size array params

2025-11-23T20:19:47+00:00

Add the at_least (i.e. 'static') decoration to the fixed-size array parameters of the curve25519 library functions. This causes clang to warn when a too-small array of known size is passed. Acked-by: Ard Biesheuvel Acked-by: "Jason A. Donenfeld" Link: https://lore.kernel.org/r/20251122194206.31822-3-ebiggers@kernel.org Signed-off-by: Eric Biggers

lib/crypto: chacha: Add at_least decoration to fixed-size array params

2025-11-23T20:19:47+00:00

Add the at_least (i.e. 'static') decoration to the fixed-size array parameters of the chacha library functions. This causes clang to warn when a too-small array of known size is passed. Acked-by: Ard Biesheuvel Acked-by: "Jason A. Donenfeld" Link: https://lore.kernel.org/r/20251122194206.31822-2-ebiggers@kernel.org Signed-off-by: Eric Biggers

lib/crypto: chacha20poly1305: Statically check fixed array lengths

2025-11-23T20:19:21+00:00

Several parameters of the chacha20poly1305 functions require arrays of an exact length. Use the new at_least keyword to instruct gcc and clang to statically check that the caller is passing an object of at least that length. Here it is in action, with this faulty patch to wireguard's cookie.h: struct cookie_checker { u8 secret[NOISE_HASH_LEN]; - u8 cookie_encryption_key[NOISE_SYMMETRIC_KEY_LEN]; + u8 cookie_encryption_key[NOISE_SYMMETRIC_KEY_LEN - 1]; u8 message_mac1_key[NOISE_SYMMETRIC_KEY_LEN]; If I try compiling this code, I get this helpful warning: CC drivers/net/wireguard/cookie.o drivers/net/wireguard/cookie.c: In function ‘wg_cookie_message_create’: drivers/net/wireguard/cookie.c:193:9: warning: ‘xchacha20poly1305_encrypt’ reading 32 bytes from a region of size 31 [-Wstringop-overread] 193 | xchacha20poly1305_encrypt(dst->encrypted_cookie, cookie, COOKIE_LEN, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 194 | macs->mac1, COOKIE_LEN, dst->nonce, | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 195 | checker->cookie_encryption_key); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/net/wireguard/cookie.c:193:9: note: referencing argument 7 of type ‘const u8 *’ {aka ‘const unsigned char *’} In file included from drivers/net/wireguard/messages.h:10, from drivers/net/wireguard/cookie.h:9, from drivers/net/wireguard/cookie.c:6: include/crypto/chacha20poly1305.h:28:6: note: in a call to function ‘xchacha20poly1305_encrypt’ 28 | void xchacha20poly1305_encrypt(u8 *dst, const u8 *src, const size_t src_len, Acked-by: Ard Biesheuvel Signed-off-by: "Jason A. Donenfeld" Link: https://lore.kernel.org/r/20251123054819.2371989-4-Jason@zx2c4.com Signed-off-by: Eric Biggers

Revert "crypto: scatterwalk - Move skcipher walk and use it for memcpy_sglist"

2025-11-22T02:04:50+00:00

This reverts commit 0f8d42bf128d349ad490e87d5574d211245e40f1, with the memcpy_sglist() part dropped. Now that memcpy_sglist() no longer uses the skcipher_walk code, the skcipher_walk code can be moved back to where it belongs. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu