aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
authorLinus Torvalds <torvalds@linux-foundation.org>2026-06-16 09:01:23 +0530
committerLinus Torvalds <torvalds@linux-foundation.org>2026-06-16 09:01:23 +0530
commit0d8c1134936f1fb6678156ab4248ac740d274525 (patch)
tree77ce4235e5512003e636d24bd47946dab23058d3 /include
parentf8115f0e8a0585ef1c03d07a68b989023097d16c (diff)
parent6ea0ce3a19f9c37a014099e2b0a46b27fa164564 (diff)
downloadath-0d8c1134936f1fb6678156ab4248ac740d274525.tar.gz
Merge tag 'v7.2-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto updates from Herbert Xu: "API: - Drop support for off-CPU cryptography in af_alg - Document that af_alg is *always* slower - Document the deprecation of af_alg - Remove zero-copy support from skcipher and aead in af_alg - Cap AEAD AD length to 0x80000000 in af_alg - Free default RNG on module exit Algorithms: - Fix vli multiplication carry overflow in ecc - Drop unused cipher_null crypto_alg - Remove unused variants of drbg - Use lib/crypto in drbg - Use memcpy_from/to_sglist in authencesn - Allow authenc(hmac(sha{256,384}),cts(cbc(aes))) in FIPS mode - Disallow RSA PKCS#1 SHA-1 sig algs in FIPS mode - Filter out async aead implementations at alloc in krb5 - Fix non-parallel fallback by rstoring callback in pcrypt - Validate poly1305 template argument in chacha20poly1305 Drivers: - Add sysfs PCI reset support to qat - Add KPT support for GEN6 devices to qat - Remove unused character device and ioctls from qat - Add support for hw access via SMCC to mtk - Remove prng support from crypto4xx - Remove prng support from hisi-trng - Remove prng support from sun4i-ss - Remove prng support from xilinx-trng - Remove loongson-rng - Remove exynos-rng Others: - Remove support for AIO on sockets" * tag 'v7.2-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (196 commits) crypto: tegra - fix refcount leak in tegra_se_host1x_submit() crypto: rng - Free default RNG on module exit crypto: testmgr - allow authenc(hmac(sha{256,384}),cts(cbc(aes))) in FIPS mode hwrng: jh7110 - fix refcount leak in starfive_trng_read() crypto: atmel-ecc - drop dead code in atmel_ecdh_max_size crypto: cavium/cpt - fix DMA cleanup using wrong loop index crypto: marvell/octeontx - fix DMA cleanup using wrong loop index MAINTAINERS: make myself the maintainer of the Qualcomm QCE driver crypto: amcc - convert irq_of_parse_and_map to platform_get_irq crypto: sun4i-ss - Remove insecure and unused rng_alg hwrng: xilinx - Move xilinx-rng into drivers/char/hw_random/ crypto: xilinx-trng - Replace crypto_drbg_ctr_df() with HMAC-SHA512 crypto: xilinx-trng - Fix return value of xtrng_hwrng_trng_read() crypto: xilinx-trng - Remove crypto_rng interface crypto: exynos-rng - Remove exynos-rng driver hwrng: hisi-trng - Move hisi-trng into drivers/char/hw_random/ crypto: hisi-trng - Remove crypto_rng interface crypto: loongson - Remove broken and unused loongson-rng crypto: crypto4xx - Remove insecure and unused rng_alg crypto: qat - validate RSA CRT component lengths ...
Diffstat (limited to 'include')
-rw-r--r--include/crypto/df_sp80090a.h28
-rw-r--r--include/crypto/drbg.h263
-rw-r--r--include/crypto/if_alg.h19
-rw-r--r--include/crypto/internal/drbg.h54
-rw-r--r--include/linux/hisi_acc_qm.h15
-rw-r--r--include/linux/platform_data/crypto-ux500.h22
-rw-r--r--include/linux/socket.h1
7 files changed, 28 insertions, 374 deletions
diff --git a/include/crypto/df_sp80090a.h b/include/crypto/df_sp80090a.h
deleted file mode 100644
index cb5d6fe15d40c..0000000000000
--- a/include/crypto/df_sp80090a.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0 */
-
-/*
- * Copyright Stephan Mueller <smueller@chronox.de>, 2014
- */
-
-#ifndef _CRYPTO_DF80090A_H
-#define _CRYPTO_DF80090A_H
-
-#include <crypto/internal/cipher.h>
-#include <crypto/aes.h>
-
-static inline int crypto_drbg_ctr_df_datalen(u8 statelen, u8 blocklen)
-{
- return statelen + /* df_data */
- blocklen + /* pad */
- blocklen + /* iv */
- statelen + blocklen; /* temp */
-}
-
-int crypto_drbg_ctr_df(struct aes_enckey *aes,
- unsigned char *df_data,
- size_t bytes_to_return,
- struct list_head *seedlist,
- u8 blocklen_bytes,
- u8 statelen);
-
-#endif /* _CRYPTO_DF80090A_H */
diff --git a/include/crypto/drbg.h b/include/crypto/drbg.h
deleted file mode 100644
index 2d42518cbdce8..0000000000000
--- a/include/crypto/drbg.h
+++ /dev/null
@@ -1,263 +0,0 @@
-/*
- * DRBG based on NIST SP800-90A
- *
- * Copyright Stephan Mueller <smueller@chronox.de>, 2014
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, and the entire permission notice in its entirety,
- * including the disclaimer of warranties.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote
- * products derived from this software without specific prior
- * written permission.
- *
- * ALTERNATIVELY, this product may be distributed under the terms of
- * the GNU General Public License, in which case the provisions of the GPL are
- * required INSTEAD OF the above restrictions. (This clause is
- * necessary due to a potential bad interaction between the GPL and
- * the restrictions contained in a BSD-style copyright.)
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
- * WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
- * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
- * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- */
-
-#ifndef _DRBG_H
-#define _DRBG_H
-
-
-#include <linux/random.h>
-#include <linux/scatterlist.h>
-#include <crypto/hash.h>
-#include <crypto/skcipher.h>
-#include <linux/module.h>
-#include <linux/crypto.h>
-#include <linux/slab.h>
-#include <crypto/internal/drbg.h>
-#include <crypto/internal/rng.h>
-#include <crypto/rng.h>
-#include <linux/fips.h>
-#include <linux/mutex.h>
-#include <linux/list.h>
-#include <linux/workqueue.h>
-
-struct drbg_state;
-typedef uint32_t drbg_flag_t;
-
-struct drbg_core {
- drbg_flag_t flags; /* flags for the cipher */
- __u8 statelen; /* maximum state length */
- __u8 blocklen_bytes; /* block size of output in bytes */
- char cra_name[CRYPTO_MAX_ALG_NAME]; /* mapping to kernel crypto API */
- /* kernel crypto API backend cipher name */
- char backend_cra_name[CRYPTO_MAX_ALG_NAME];
-};
-
-struct drbg_state_ops {
- int (*update)(struct drbg_state *drbg, struct list_head *seed,
- int reseed);
- int (*generate)(struct drbg_state *drbg,
- unsigned char *buf, unsigned int buflen,
- struct list_head *addtl);
- int (*crypto_init)(struct drbg_state *drbg);
- int (*crypto_fini)(struct drbg_state *drbg);
-
-};
-
-struct drbg_test_data {
- struct drbg_string *testentropy; /* TEST PARAMETER: test entropy */
-};
-
-enum drbg_seed_state {
- DRBG_SEED_STATE_UNSEEDED,
- DRBG_SEED_STATE_PARTIAL, /* Seeded with !rng_is_initialized() */
- DRBG_SEED_STATE_FULL,
-};
-
-struct drbg_state {
- struct mutex drbg_mutex; /* lock around DRBG */
- unsigned char *V; /* internal state 10.1.1.1 1a) */
- unsigned char *Vbuf;
- /* hash: static value 10.1.1.1 1b) hmac / ctr: key */
- unsigned char *C;
- unsigned char *Cbuf;
- /* Number of RNG requests since last reseed -- 10.1.1.1 1c) */
- size_t reseed_ctr;
- size_t reseed_threshold;
- /* some memory the DRBG can use for its operation */
- unsigned char *scratchpad;
- unsigned char *scratchpadbuf;
- void *priv_data; /* Cipher handle */
-
- struct crypto_skcipher *ctr_handle; /* CTR mode cipher handle */
- struct skcipher_request *ctr_req; /* CTR mode request handle */
- __u8 *outscratchpadbuf; /* CTR mode output scratchpad */
- __u8 *outscratchpad; /* CTR mode aligned outbuf */
- struct crypto_wait ctr_wait; /* CTR mode async wait obj */
- struct scatterlist sg_in, sg_out; /* CTR mode SGLs */
-
- enum drbg_seed_state seeded; /* DRBG fully seeded? */
- unsigned long last_seed_time;
- bool pr; /* Prediction resistance enabled? */
- bool fips_primed; /* Continuous test primed? */
- unsigned char *prev; /* FIPS 140-2 continuous test value */
- struct crypto_rng *jent;
- const struct drbg_state_ops *d_ops;
- const struct drbg_core *core;
- struct drbg_string test_data;
-};
-
-static inline __u8 drbg_statelen(struct drbg_state *drbg)
-{
- if (drbg && drbg->core)
- return drbg->core->statelen;
- return 0;
-}
-
-static inline __u8 drbg_blocklen(struct drbg_state *drbg)
-{
- if (drbg && drbg->core)
- return drbg->core->blocklen_bytes;
- return 0;
-}
-
-static inline __u8 drbg_keylen(struct drbg_state *drbg)
-{
- if (drbg && drbg->core)
- return (drbg->core->statelen - drbg->core->blocklen_bytes);
- return 0;
-}
-
-static inline size_t drbg_max_request_bytes(struct drbg_state *drbg)
-{
- /* SP800-90A requires the limit 2**19 bits, but we return bytes */
- return (1 << 16);
-}
-
-static inline size_t drbg_max_addtl(struct drbg_state *drbg)
-{
- /* SP800-90A requires 2**35 bytes additional info str / pers str */
-#if (__BITS_PER_LONG == 32)
- /*
- * SP800-90A allows smaller maximum numbers to be returned -- we
- * return SIZE_MAX - 1 to allow the verification of the enforcement
- * of this value in drbg_healthcheck_sanity.
- */
- return (SIZE_MAX - 1);
-#else
- return (1UL<<35);
-#endif
-}
-
-static inline size_t drbg_max_requests(struct drbg_state *drbg)
-{
- /* SP800-90A requires 2**48 maximum requests before reseeding */
- return (1<<20);
-}
-
-/*
- * This is a wrapper to the kernel crypto API function of
- * crypto_rng_generate() to allow the caller to provide additional data.
- *
- * @drng DRBG handle -- see crypto_rng_get_bytes
- * @outbuf output buffer -- see crypto_rng_get_bytes
- * @outlen length of output buffer -- see crypto_rng_get_bytes
- * @addtl_input additional information string input buffer
- * @addtllen length of additional information string buffer
- *
- * return
- * see crypto_rng_get_bytes
- */
-static inline int crypto_drbg_get_bytes_addtl(struct crypto_rng *drng,
- unsigned char *outbuf, unsigned int outlen,
- struct drbg_string *addtl)
-{
- return crypto_rng_generate(drng, addtl->buf, addtl->len,
- outbuf, outlen);
-}
-
-/*
- * TEST code
- *
- * This is a wrapper to the kernel crypto API function of
- * crypto_rng_generate() to allow the caller to provide additional data and
- * allow furnishing of test_data
- *
- * @drng DRBG handle -- see crypto_rng_get_bytes
- * @outbuf output buffer -- see crypto_rng_get_bytes
- * @outlen length of output buffer -- see crypto_rng_get_bytes
- * @addtl_input additional information string input buffer
- * @addtllen length of additional information string buffer
- * @test_data filled test data
- *
- * return
- * see crypto_rng_get_bytes
- */
-static inline int crypto_drbg_get_bytes_addtl_test(struct crypto_rng *drng,
- unsigned char *outbuf, unsigned int outlen,
- struct drbg_string *addtl,
- struct drbg_test_data *test_data)
-{
- crypto_rng_set_entropy(drng, test_data->testentropy->buf,
- test_data->testentropy->len);
- return crypto_rng_generate(drng, addtl->buf, addtl->len,
- outbuf, outlen);
-}
-
-/*
- * TEST code
- *
- * This is a wrapper to the kernel crypto API function of
- * crypto_rng_reset() to allow the caller to provide test_data
- *
- * @drng DRBG handle -- see crypto_rng_reset
- * @pers personalization string input buffer
- * @perslen length of additional information string buffer
- * @test_data filled test data
- *
- * return
- * see crypto_rng_reset
- */
-static inline int crypto_drbg_reset_test(struct crypto_rng *drng,
- struct drbg_string *pers,
- struct drbg_test_data *test_data)
-{
- crypto_rng_set_entropy(drng, test_data->testentropy->buf,
- test_data->testentropy->len);
- return crypto_rng_reset(drng, pers->buf, pers->len);
-}
-
-/* DRBG type flags */
-#define DRBG_CTR ((drbg_flag_t)1<<0)
-#define DRBG_HMAC ((drbg_flag_t)1<<1)
-#define DRBG_HASH ((drbg_flag_t)1<<2)
-#define DRBG_TYPE_MASK (DRBG_CTR | DRBG_HMAC | DRBG_HASH)
-/* DRBG strength flags */
-#define DRBG_STRENGTH128 ((drbg_flag_t)1<<3)
-#define DRBG_STRENGTH192 ((drbg_flag_t)1<<4)
-#define DRBG_STRENGTH256 ((drbg_flag_t)1<<5)
-#define DRBG_STRENGTH_MASK (DRBG_STRENGTH128 | DRBG_STRENGTH192 | \
- DRBG_STRENGTH256)
-
-enum drbg_prefixes {
- DRBG_PREFIX0 = 0x00,
- DRBG_PREFIX1,
- DRBG_PREFIX2,
- DRBG_PREFIX3
-};
-
-#endif /* _DRBG_H */
diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h
index 0cc8fa749f68d..7643ba954125a 100644
--- a/include/crypto/if_alg.h
+++ b/include/crypto/if_alg.h
@@ -41,7 +41,7 @@ struct af_alg_control {
};
struct af_alg_type {
- void *(*bind)(const char *name, u32 type, u32 mask);
+ void *(*bind)(const char *name);
void (*release)(void *private);
int (*setkey)(void *private, const u8 *key, unsigned int keylen);
int (*setentropy)(void *private, sockptr_t entropy, unsigned int len);
@@ -80,7 +80,6 @@ struct af_alg_rsgl {
/**
* struct af_alg_async_req - definition of crypto request
- * @iocb: IOCB for AIO operations
* @sk: Socket the request is associated with
* @first_rsgl: First RX SG
* @last_rsgl: Pointer to last RX SG
@@ -92,7 +91,6 @@ struct af_alg_rsgl {
* @cra_u: Cipher request
*/
struct af_alg_async_req {
- struct kiocb *iocb;
struct sock *sk;
struct af_alg_rsgl first_rsgl;
@@ -138,7 +136,7 @@ struct af_alg_async_req {
* @write: True if we are in the middle of a write.
* @init: True if metadata has been sent.
* @len: Length of memory allocated for this data structure.
- * @inflight: Non-zero when AIO requests are in flight.
+ * @inflight: Non-zero when requests are in flight, for debugging only.
*/
struct af_alg_ctx {
struct list_head tsgl_list;
@@ -237,7 +235,6 @@ int af_alg_wait_for_data(struct sock *sk, unsigned flags, unsigned min);
int af_alg_sendmsg(struct socket *sock, struct msghdr *msg, size_t size,
unsigned int ivsize);
void af_alg_free_resources(struct af_alg_async_req *areq);
-void af_alg_async_cb(void *data, int err);
__poll_t af_alg_poll(struct file *file, struct socket *sock,
poll_table *wait);
struct af_alg_async_req *af_alg_alloc_areq(struct sock *sk,
@@ -246,4 +243,16 @@ int af_alg_get_rsgl(struct sock *sk, struct msghdr *msg, int flags,
struct af_alg_async_req *areq, size_t maxsize,
size_t *outlen);
+/*
+ * Mask used to disable unsupported algorithm implementations.
+ *
+ * This is the same as FSCRYPT_CRYPTOAPI_MASK in fs/crypto/fscrypt_private.h.
+ * In additions to the motivations there, this API is exposed to userspace
+ * that might not be fully trusted.
+ */
+#define AF_ALG_CRYPTOAPI_MASK \
+ (CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY | \
+ CRYPTO_ALG_KERN_DRIVER_ONLY)
+
+
#endif /* _CRYPTO_IF_ALG_H */
diff --git a/include/crypto/internal/drbg.h b/include/crypto/internal/drbg.h
deleted file mode 100644
index 371e52dcee6c5..0000000000000
--- a/include/crypto/internal/drbg.h
+++ /dev/null
@@ -1,54 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0 */
-
-/*
- * NIST SP800-90A DRBG derivation function
- *
- * Copyright (C) 2014, Stephan Mueller <smueller@chronox.de>
- */
-
-#ifndef _INTERNAL_DRBG_H
-#define _INTERNAL_DRBG_H
-
-/*
- * Convert an integer into a byte representation of this integer.
- * The byte representation is big-endian
- *
- * @val value to be converted
- * @buf buffer holding the converted integer -- caller must ensure that
- * buffer size is at least 32 bit
- */
-static inline void drbg_cpu_to_be32(__u32 val, unsigned char *buf)
-{
- struct s {
- __be32 conv;
- };
- struct s *conversion = (struct s *)buf;
-
- conversion->conv = cpu_to_be32(val);
-}
-
-/*
- * Concatenation Helper and string operation helper
- *
- * SP800-90A requires the concatenation of different data. To avoid copying
- * buffers around or allocate additional memory, the following data structure
- * is used to point to the original memory with its size. In addition, it
- * is used to build a linked list. The linked list defines the concatenation
- * of individual buffers. The order of memory block referenced in that
- * linked list determines the order of concatenation.
- */
-struct drbg_string {
- const unsigned char *buf;
- size_t len;
- struct list_head list;
-};
-
-static inline void drbg_string_fill(struct drbg_string *string,
- const unsigned char *buf, size_t len)
-{
- string->buf = buf;
- string->len = len;
- INIT_LIST_HEAD(&string->list);
-}
-
-#endif //_INTERNAL_DRBG_H
diff --git a/include/linux/hisi_acc_qm.h b/include/linux/hisi_acc_qm.h
index a6268dc4f7cbe..f7570a4099054 100644
--- a/include/linux/hisi_acc_qm.h
+++ b/include/linux/hisi_acc_qm.h
@@ -115,10 +115,22 @@
#define QM_ECC_MBIT BIT(2)
+/**
+ * enum qm_stop_reason - Queue manager stop reasons
+ * @QM_NORMAL: Graceful stop. Used for device unbind, driver removal,
+ * or runtime power management (runtime_suspend).
+ * @QM_SOFT_RESET: Error recovery reset. Triggered by unrecoverable hardware
+ * errors (e.g., PCIe AER, timeout) to recover device state.
+ * @QM_DOWN: Function Level Reset. Used when the device needs to
+ * be reset at the function level without resetting the link.
+ * @QM_SHUTDOWN: System shutdown. Used during system poweroff, reboot, or
+ * kexec to ensure hardware is in a safe state.
+ */
enum qm_stop_reason {
QM_NORMAL,
QM_SOFT_RESET,
QM_DOWN,
+ QM_SHUTDOWN,
};
enum qm_state {
@@ -158,7 +170,6 @@ enum qm_vf_state {
enum qm_misc_ctl_bits {
QM_DRIVER_REMOVING = 0x0,
- QM_RST_SCHED,
QM_RESETTING,
QM_MODULE_PARAM,
};
@@ -249,6 +260,7 @@ enum acc_err_result {
ACC_ERR_NONE,
ACC_ERR_NEED_RESET,
ACC_ERR_RECOVERED,
+ ACC_ERR_NEED_FUNC_RESET,
};
struct hisi_qm_err_mask {
@@ -552,6 +564,7 @@ static inline void hisi_qm_del_list(struct hisi_qm *qm, struct hisi_qm_list *qm_
mutex_unlock(&qm_list->lock);
}
+int hisi_qm_register_uacce(struct hisi_qm *qm);
int hisi_qm_q_num_set(const char *val, const struct kernel_param *kp,
unsigned int device);
int hisi_qm_init(struct hisi_qm *qm);
diff --git a/include/linux/platform_data/crypto-ux500.h b/include/linux/platform_data/crypto-ux500.h
deleted file mode 100644
index 5d43350e32cca..0000000000000
--- a/include/linux/platform_data/crypto-ux500.h
+++ /dev/null
@@ -1,22 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0-only */
-/*
- * Copyright (C) ST-Ericsson SA 2011
- *
- * Author: Joakim Bech <joakim.xx.bech@stericsson.com> for ST-Ericsson
- */
-#ifndef _CRYPTO_UX500_H
-#define _CRYPTO_UX500_H
-#include <linux/dmaengine.h>
-#include <linux/platform_data/dma-ste-dma40.h>
-
-struct hash_platform_data {
- void *mem_to_engine;
- bool (*dma_filter)(struct dma_chan *chan, void *filter_param);
-};
-
-struct cryp_platform_data {
- struct stedma40_chan_cfg mem_to_engine;
- struct stedma40_chan_cfg engine_to_mem;
-};
-
-#endif
diff --git a/include/linux/socket.h b/include/linux/socket.h
index ec4a0a0257939..3ffdfe184b23d 100644
--- a/include/linux/socket.h
+++ b/include/linux/socket.h
@@ -89,7 +89,6 @@ struct msghdr {
bool msg_get_inq : 1;/* return INQ after receive */
unsigned int msg_flags; /* flags on received message */
__kernel_size_t msg_controllen; /* ancillary data buffer length */
- struct kiocb *msg_iocb; /* ptr to iocb for async requests */
struct ubuf_info *msg_ubuf;
int (*sg_from_iter)(struct sk_buff *skb,
struct iov_iter *from, size_t length);