* Re: [PATCH] hwrng: core - Do not read data during PM sleep transition
From: Herbert Xu @ 2026-05-22 12:02 UTC (permalink / raw)
To: Thomas Richard (TI)
Cc: Olivia Mackall, Thomas Petazzoni, linux-crypto, linux-kernel,
gregory.clement, richard.genoud, u-kumar1, a-kumar2
In-Reply-To: <20260513-hw-random-fix-hwrng-fillfn-crash-suspend-resume-v1-1-b12551c1c7dd@bootlin.com>
On Wed, May 13, 2026 at 11:27:37AM +0200, Thomas Richard (TI) wrote:
>
> @@ -538,8 +539,9 @@ static int hwrng_fillfn(void *unused)
> }
>
> mutex_lock(&reading_mutex);
> - rc = rng_get_data(rng, rng_fillbuf,
> - rng_buffer_size(), 1);
> + if (!pm_sleep_transition_in_progress())
> + rc = rng_get_data(rng, rng_fillbuf,
> + rng_buffer_size(), 1);
Isn't this going to cause rc to be used uninitialised?
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH bpf-next v8 0/4] Add cryptographic hash and signature verification kfuncs to BPF
From: Daniel Hodges @ 2026-05-22 10:57 UTC (permalink / raw)
To: Felix Maurer
Cc: Daniel Hodges, bpf, linux-crypto, linux-kernel, linux-kselftest,
ast, andrii, daniel, vadim.fedorenko, song, yatsenko, martin.lau,
eddyz87, haoluo, jolsa, john.fastabend, kpsingh, sdf,
yonghong.song, herbert, davem
In-Reply-To: <ag8zGP5azt743BWc@thinkpad>
On Thu, May 21, 2026 at 06:30:16PM +0200, Felix Maurer wrote:
> Hi Daniel,
>
> I found your series because I was about to implement something similar
> like your hashing implementation. In other words, I'd be very happy to
> see this patchset move forward.
>
> Taking an initial look at your hashing patches, I'm wondering: the usual
> interface to hash/digest algorithms is to have three functions: an
> init() function to set up state
Doesn't bpf_crypto_ctx_create already provide the initialization? I was
trying to make that pattern work by adding the bpf_crypto_type_id to
make the code a little more maintainable.
> an update() function that can be called multiple times to hash new
> bytes, and a finalize() function that creates the actual hash.
> Depending on the algorithm, some of them (esp. finalize) may be
> no-ops. Often, a fourth function, like hash(), is provided
I think the bpf_crypto_encrypt should cover that along with the
bpf_crypto_hash in the first patch.
> I think we should provide the same init/update/finalize interface in bpf
> as well to make the API more flexible. That would require splitting out
> the shash_desc from the (mostly static) context. But doing so would also
> address the review comment from bpf-ci bot to patch 1. WDYT?
I was trying to make things work with the existing bpf_crypto_ctx
lifecycle. IIRC in the V1/V2 of the series there was a separate struct
but it was suggested to integrate the changes into bpf_crypto_ctx.
Regarding the bpf-ci bot I think it's somewhat valid, but you could
solve that by putting the bpf_crypto_ctx in a per CPU map or protecting
it with a bpf spinlock. I didn't hear back from the crypto folks so I
sort of left things as is. If you want to give it a go feel free. It
would also be helpful to hear about what your use case is. Thanks for
taking a look!
-Daniel
^ permalink raw reply
* Re: [PATCH] crypto: hisilicon/zip - add backlog support for zip
From: huangchenghai @ 2026-05-22 10:32 UTC (permalink / raw)
To: ZongYu Wu, herbert, davem
Cc: linux-kernel, linux-crypto, fanghao11, liulongfang, qianweili,
wangzhou1
In-Reply-To: <20260515114601.2492524-2-wuzongyu1@huawei.com>
在 2026/5/15 19:45, ZongYu Wu 写道:
> From: Chenghai Huang <huangchenghai2@huawei.com>
>
> When the hardware queue is busy, requests are now queued instead of
> being failed immediately. Queued requests are retried when earlier
> requests complete, which prevents transient failures under heavy load.
>
> The backlog path also provides a fallback mechanism while the hardware
> is temporarily unavailable, such as during device reset.
>
> Signed-off-by: Chenghai Huang <huangchenghai2@huawei.com>
> Signed-off-by: Zongyu Wu <wuzongyu1@huawei.com>
> ---
> drivers/crypto/hisilicon/zip/zip_crypto.c | 284 ++++++++++++++--------
> 1 file changed, 180 insertions(+), 104 deletions(-)
>
> diff --git a/drivers/crypto/hisilicon/zip/zip_crypto.c b/drivers/crypto/hisilicon/zip/zip_crypto.c
> index 70adde049b53..ff287251218e 100644
> --- a/drivers/crypto/hisilicon/zip/zip_crypto.c
> +++ b/drivers/crypto/hisilicon/zip/zip_crypto.c
> @@ -28,6 +28,7 @@
>
> #define HZIP_ALG_DEFLATE GENMASK(5, 4)
> #define HZIP_ALG_LZ4 BIT(8)
> +#define HZIP_INVAL_REQ_ID ((u16)0xFFFF)
>
> static DEFINE_MUTEX(zip_algs_lock);
> static unsigned int zip_available_devs;
> @@ -55,11 +56,11 @@ struct hisi_zip_req {
> dma_addr_t dma_src;
> dma_addr_t dma_dst;
> struct hisi_zip_qp_ctx *qp_ctx;
> + struct list_head list;
> u16 req_id;
> };
>
> struct hisi_zip_req_q {
> - struct hisi_zip_req *q;
> unsigned long *req_bitmap;
> spinlock_t req_lock;
> u16 size;
> @@ -135,42 +136,42 @@ static int hisi_zip_fallback_do_work(struct acomp_req *acomp_req, bool is_decomp
> return ret;
> }
>
> -static struct hisi_zip_req *hisi_zip_create_req(struct hisi_zip_qp_ctx *qp_ctx,
> - struct acomp_req *req)
> +static int hisi_zip_create_req(struct hisi_zip_req *req)
> {
> + struct hisi_zip_qp_ctx *qp_ctx = req->qp_ctx;
> struct hisi_zip_req_q *req_q = &qp_ctx->req_q;
> - struct hisi_zip_req *q = req_q->q;
> - struct hisi_zip_req *req_cache;
> int req_id;
>
> + /* Check whether any request is being queued */
> + if (!list_empty(&qp_ctx->qp->backlog.list))
> + return -EBUSY;
> +
> spin_lock(&req_q->req_lock);
>
> req_id = find_first_zero_bit(req_q->req_bitmap, req_q->size);
> if (req_id >= req_q->size) {
> spin_unlock(&req_q->req_lock);
> dev_dbg(&qp_ctx->qp->qm->pdev->dev, "req cache is full!\n");
> - return ERR_PTR(-EAGAIN);
> + return -EBUSY;
> }
> set_bit(req_id, req_q->req_bitmap);
>
> spin_unlock(&req_q->req_lock);
>
> - req_cache = q + req_id;
> - req_cache->req_id = req_id;
> - req_cache->req = req;
> - req_cache->qp_ctx = qp_ctx;
> + req->req_id = req_id;
>
> - return req_cache;
> + return 0;
> }
>
> -static void hisi_zip_remove_req(struct hisi_zip_qp_ctx *qp_ctx,
> - struct hisi_zip_req *req)
> +static void hisi_zip_remove_req(struct hisi_zip_req *req)
> {
> - struct hisi_zip_req_q *req_q = &qp_ctx->req_q;
> + struct hisi_zip_req_q *req_q = &req->qp_ctx->req_q;
>
> spin_lock(&req_q->req_lock);
> clear_bit(req->req_id, req_q->req_bitmap);
> spin_unlock(&req_q->req_lock);
> +
> + req->req_id = HZIP_INVAL_REQ_ID;
> }
>
> static void hisi_zip_fill_addr(struct hisi_zip_sqe *sqe, struct hisi_zip_req *req)
> @@ -247,19 +248,21 @@ static void hisi_zip_fill_sqe(struct hisi_zip_ctx *ctx, struct hisi_zip_sqe *sqe
> ops->fill_sqe_type(sqe, ops->sqe_type);
> }
>
> -static int hisi_zip_do_work(struct hisi_zip_qp_ctx *qp_ctx,
> - struct hisi_zip_req *req)
> +static void hisi_zip_enqueue_backlog(struct hisi_zip_req *req)
> +{
> + struct hisi_qp *qp = req->qp_ctx->qp;
> +
> + spin_lock_bh(&qp->backlog.lock);
> + list_add_tail(&req->list, &qp->backlog.list);
> + spin_unlock_bh(&qp->backlog.lock);
> +}
> +
> +static int hisi_zip_map_req_buffers(struct hisi_zip_req *req)
> {
> + struct hisi_zip_qp_ctx *qp_ctx = req->qp_ctx;
> struct hisi_acc_sgl_pool *pool = qp_ctx->sgl_pool;
> - struct hisi_zip_dfx *dfx = &qp_ctx->zip_dev->dfx;
> + struct device *dev = &qp_ctx->qp->qm->pdev->dev;
> struct acomp_req *a_req = req->req;
> - struct hisi_qp *qp = qp_ctx->qp;
> - struct device *dev = &qp->qm->pdev->dev;
> - struct hisi_zip_sqe zip_sqe;
> - int ret;
> -
> - if (unlikely(!a_req->src || !a_req->slen || !a_req->dst || !a_req->dlen))
> - return -EINVAL;
>
> req->hw_src = hisi_acc_sg_buf_map_to_hw_sgl(dev, a_req->src, pool,
> req->req_id << 1, &req->dma_src,
> @@ -274,33 +277,110 @@ static int hisi_zip_do_work(struct hisi_zip_qp_ctx *qp_ctx,
> (req->req_id << 1) + 1,
> &req->dma_dst, DMA_FROM_DEVICE);
> if (IS_ERR(req->hw_dst)) {
> - ret = PTR_ERR(req->hw_dst);
> - dev_err(dev, "failed to map the dst buffer to hw sgl (%d)!\n",
> - ret);
> - goto err_unmap_input;
> + dev_err(dev, "failed to map the dst buffer to hw sgl (%ld)!\n",
> + PTR_ERR(req->hw_dst));
> + hisi_acc_sg_buf_unmap(dev, a_req->src, req->hw_src, DMA_TO_DEVICE);
> + return PTR_ERR(req->hw_dst);
> }
>
> + return 0;
> +}
> +
> +static void hisi_zip_unmap_req_buffers(struct hisi_zip_req *req)
> +{
> + struct device *dev = &req->qp_ctx->qp->qm->pdev->dev;
> + struct acomp_req *a_req = req->req;
> +
> + hisi_acc_sg_buf_unmap(dev, a_req->dst, req->hw_dst, DMA_FROM_DEVICE);
> + hisi_acc_sg_buf_unmap(dev, a_req->src, req->hw_src, DMA_TO_DEVICE);
> +}
> +
> +static int hisi_zip_do_work(struct hisi_zip_req *req)
> +{
> + struct hisi_zip_qp_ctx *qp_ctx = req->qp_ctx;
> + struct hisi_zip_dfx *dfx = &qp_ctx->zip_dev->dfx;
> + struct hisi_qp *qp = qp_ctx->qp;
> + struct hisi_zip_sqe zip_sqe;
> + int ret;
> +
> hisi_zip_fill_sqe(qp_ctx->ctx, &zip_sqe, qp_ctx->req_type, req);
>
> /* send command to start a task */
> - atomic64_inc(&dfx->send_cnt);
> ret = hisi_qp_send(qp, &zip_sqe);
> - if (unlikely(ret < 0)) {
> - atomic64_inc(&dfx->send_busy_cnt);
> - ret = -EAGAIN;
> - dev_dbg_ratelimited(dev, "failed to send request!\n");
> - goto err_unmap_output;
> + if (likely(!ret)) {
> + atomic64_inc(&dfx->send_cnt);
> + return -EINPROGRESS;
> }
>
> - return -EINPROGRESS;
> + if (ret == -EBUSY)
> + atomic64_inc(&dfx->send_busy_cnt);
>
> -err_unmap_output:
> - hisi_acc_sg_buf_unmap(dev, a_req->dst, req->hw_dst, DMA_FROM_DEVICE);
> -err_unmap_input:
> - hisi_acc_sg_buf_unmap(dev, a_req->src, req->hw_src, DMA_TO_DEVICE);
> return ret;
> }
>
> +static void hisi_zip_send_backlog_soft(struct hisi_zip_qp_ctx *qp_ctx)
> +{
> + bool is_decomp = qp_ctx->qp->alg_type;
> + struct hisi_zip_req *req, *tmp;
> + int ret;
> +
> + list_for_each_entry_safe(req, tmp, &qp_ctx->qp->backlog.list, list) {
> + list_del(&req->list);
> +
> + if (req->req_id != HZIP_INVAL_REQ_ID) {
> + hisi_zip_unmap_req_buffers(req);
> + hisi_zip_remove_req(req);
> + }
> +
> + ret = hisi_zip_fallback_do_work(req->req, is_decomp);
> +
> + /* Wake up the busy thread first, then return the errno. */
> + if (req->req->base.complete) {
> + acomp_request_complete(req->req, -EINPROGRESS);
> + acomp_request_complete(req->req, ret);
> + }
> + }
> +}
> +
> +static void hisi_zip_send_backlog(struct hisi_qp *qp)
> +{
> + struct hisi_zip_req *req, *tmp;
> + int ret;
> +
> + spin_lock_bh(&qp->backlog.lock);
> + list_for_each_entry_safe(req, tmp, &qp->backlog.list, list) {
> + if (req->req_id == HZIP_INVAL_REQ_ID) {
> + ret = hisi_zip_create_req(req);
> + if (ret)
> + continue;
> +
> + ret = hisi_zip_map_req_buffers(req);
> + if (unlikely(ret)) {
> + hisi_zip_remove_req(req);
> + hisi_zip_send_backlog_soft(req->qp_ctx);
> + goto unlock;
> + }
> + }
> +
> + ret = hisi_zip_do_work(req);
> + switch (ret) {
> + case -EINPROGRESS:
> + list_del(&req->list);
> + if (req->req->base.complete)
> + acomp_request_complete(req->req, -EINPROGRESS);
> + break;
> + case -EBUSY:
> + goto unlock;
> + default:
> + hisi_zip_send_backlog_soft(req->qp_ctx);
> + goto unlock;
> + }
> + }
> +
> +unlock:
> + spin_unlock_bh(&qp->backlog.lock);
> +}
> +
> static u32 hisi_zip_get_status(struct hisi_zip_sqe *sqe)
> {
> return sqe->dw3 & HZIP_BD_STATUS_M;
> @@ -333,73 +413,89 @@ static void hisi_zip_acomp_cb(struct hisi_qp *qp, void *data)
> err = -EIO;
> }
>
> - hisi_acc_sg_buf_unmap(dev, acomp_req->dst, req->hw_dst, DMA_FROM_DEVICE);
> - hisi_acc_sg_buf_unmap(dev, acomp_req->src, req->hw_src, DMA_TO_DEVICE);
> + hisi_zip_unmap_req_buffers(req);
>
> acomp_req->dlen = ops->get_dstlen(sqe);
> + hisi_zip_remove_req(req);
>
> if (acomp_req->base.complete)
> acomp_request_complete(acomp_req, err);
>
> - hisi_zip_remove_req(qp_ctx, req);
> + hisi_zip_send_backlog(qp);
> }
>
> -static int hisi_zip_acompress(struct acomp_req *acomp_req)
> +static int hisi_zip_do_comp(struct hisi_zip_req *req)
> {
> + struct acomp_req *acomp_req = req->req;
> struct hisi_zip_ctx *ctx = crypto_tfm_ctx(acomp_req->base.tfm);
> - struct hisi_zip_qp_ctx *qp_ctx = &ctx->qp_ctx[HZIP_QPC_COMP];
> - struct hisi_zip_req *req;
> - struct device *dev;
> + struct hisi_qp *qp = req->qp_ctx->qp;
> int ret;
>
> - if (ctx->fallback)
> - return hisi_zip_fallback_do_work(acomp_req, 0);
> -
> - dev = &qp_ctx->qp->qm->pdev->dev;
> + if (unlikely(!acomp_req->src || !acomp_req->slen ||
> + !acomp_req->dst || !acomp_req->dlen))
> + return -EINVAL;
>
> - req = hisi_zip_create_req(qp_ctx, acomp_req);
> - if (IS_ERR(req))
> - return PTR_ERR(req);
> + if (ctx->fallback)
> + return hisi_zip_fallback_do_work(acomp_req, qp->alg_type);
Sorry. I found a problem after review again: when the QP allocation
fails, we cannot obtain the service
type through qp->alg_type, because qp is not valid and ctx->fallback
will true at that point.
I'll fix this and send a v2. Sorry again for the mistake. Please ignore
this patch.
Best regards,
Chenghai
> +
> + ret = hisi_zip_create_req(req);
> + if (ret && (acomp_req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)) {
> + /* all req bitmaps are used add to backlog list */
> + req->req_id = HZIP_INVAL_REQ_ID;
> + hisi_zip_enqueue_backlog(req);
> + return -EBUSY;
> + } else if (unlikely(ret)) {
> + return -ENOSPC;
> + }
>
> - ret = hisi_zip_do_work(qp_ctx, req);
> - if (unlikely(ret != -EINPROGRESS)) {
> - dev_info_ratelimited(dev, "failed to do compress (%d)!\n", ret);
> - hisi_zip_remove_req(qp_ctx, req);
> + ret = hisi_zip_map_req_buffers(req);
> + if (unlikely(ret))
> + goto remove_req;
> +
> + ret = hisi_zip_do_work(req);
> + if (ret == -EBUSY && (acomp_req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)) {
> + /* hardwre busy add to backlog list */
> + hisi_zip_enqueue_backlog(req);
> + } else if (unlikely(ret != -EINPROGRESS)) {
> + dev_info_ratelimited(&qp->qm->pdev->dev,
> + "failed to do %scompress (%d)!\n",
> + qp->alg_type ? "de" : "", ret);
> + ret = -ENOSPC;
> + goto unmap_req;
> }
>
> return ret;
> +
> +unmap_req:
> + hisi_zip_unmap_req_buffers(req);
> +remove_req:
> + hisi_zip_remove_req(req);
> + return ret;
> }
>
> -static int hisi_zip_adecompress(struct acomp_req *acomp_req)
> +static int hisi_zip_acompress(struct acomp_req *acomp_req)
> {
> struct hisi_zip_ctx *ctx = crypto_tfm_ctx(acomp_req->base.tfm);
> - struct hisi_zip_qp_ctx *qp_ctx = &ctx->qp_ctx[HZIP_QPC_DECOMP];
> - struct hisi_zip_req *req;
> - struct device *dev;
> - int ret;
> -
> - if (ctx->fallback)
> - return hisi_zip_fallback_do_work(acomp_req, 1);
> + struct hisi_zip_req *req = acomp_request_ctx(acomp_req);
>
> - dev = &qp_ctx->qp->qm->pdev->dev;
> -
> - req = hisi_zip_create_req(qp_ctx, acomp_req);
> - if (IS_ERR(req))
> - return PTR_ERR(req);
> + req->req = acomp_req;
> + req->qp_ctx = &ctx->qp_ctx[HZIP_QPC_COMP];
> + return hisi_zip_do_comp(req);
> +}
>
> - ret = hisi_zip_do_work(qp_ctx, req);
> - if (unlikely(ret != -EINPROGRESS)) {
> - dev_info_ratelimited(dev, "failed to do decompress (%d)!\n",
> - ret);
> - hisi_zip_remove_req(qp_ctx, req);
> - }
> +static int hisi_zip_adecompress(struct acomp_req *acomp_req)
> +{
> + struct hisi_zip_ctx *ctx = crypto_tfm_ctx(acomp_req->base.tfm);
> + struct hisi_zip_req *req = acomp_request_ctx(acomp_req);
>
> - return ret;
> + req->req = acomp_req;
> + req->qp_ctx = &ctx->qp_ctx[HZIP_QPC_DECOMP];
> + return hisi_zip_do_comp(req);
> }
>
> static int hisi_zip_decompress(struct acomp_req *acomp_req)
> {
> - return hisi_zip_fallback_do_work(acomp_req, 1);
> + return hisi_zip_fallback_do_work(acomp_req, HZIP_ALG_TYPE_DECOMP);
> }
>
> static const struct hisi_zip_sqe_ops hisi_zip_ops = {
> @@ -463,7 +559,7 @@ static int hisi_zip_create_req_q(struct hisi_zip_ctx *ctx)
> {
> u16 q_depth = ctx->qp_ctx[0].qp->sq_depth;
> struct hisi_zip_req_q *req_q;
> - int i, ret;
> + int i;
>
> for (i = 0; i < HZIP_CTX_Q_NUM; i++) {
> req_q = &ctx->qp_ctx[i].req_q;
> @@ -471,43 +567,21 @@ static int hisi_zip_create_req_q(struct hisi_zip_ctx *ctx)
>
> req_q->req_bitmap = bitmap_zalloc(req_q->size, GFP_KERNEL);
> if (!req_q->req_bitmap) {
> - ret = -ENOMEM;
> - if (i == 0)
> - return ret;
> -
> - goto err_free_comp_q;
> + bitmap_free(ctx->qp_ctx[HZIP_QPC_COMP].req_q.req_bitmap);
> + return -ENOMEM;
> }
> spin_lock_init(&req_q->req_lock);
> -
> - req_q->q = kzalloc_objs(struct hisi_zip_req, req_q->size);
> - if (!req_q->q) {
> - ret = -ENOMEM;
> - if (i == 0)
> - goto err_free_comp_bitmap;
> - else
> - goto err_free_decomp_bitmap;
> - }
> }
>
> return 0;
> -
> -err_free_decomp_bitmap:
> - bitmap_free(ctx->qp_ctx[HZIP_QPC_DECOMP].req_q.req_bitmap);
> -err_free_comp_q:
> - kfree(ctx->qp_ctx[HZIP_QPC_COMP].req_q.q);
> -err_free_comp_bitmap:
> - bitmap_free(ctx->qp_ctx[HZIP_QPC_COMP].req_q.req_bitmap);
> - return ret;
> }
>
> static void hisi_zip_release_req_q(struct hisi_zip_ctx *ctx)
> {
> int i;
>
> - for (i = 0; i < HZIP_CTX_Q_NUM; i++) {
> - kfree(ctx->qp_ctx[i].req_q.q);
> + for (i = 0; i < HZIP_CTX_Q_NUM; i++)
> bitmap_free(ctx->qp_ctx[i].req_q.req_bitmap);
> - }
> }
>
> static int hisi_zip_create_sgl_pool(struct hisi_zip_ctx *ctx)
> @@ -620,6 +694,7 @@ static struct acomp_alg hisi_zip_acomp_deflate = {
> .cra_module = THIS_MODULE,
> .cra_priority = HZIP_ALG_PRIORITY,
> .cra_ctxsize = sizeof(struct hisi_zip_ctx),
> + .cra_reqsize = sizeof(struct hisi_zip_req),
> }
> };
>
> @@ -658,6 +733,7 @@ static struct acomp_alg hisi_zip_acomp_lz4 = {
> .cra_module = THIS_MODULE,
> .cra_priority = HZIP_ALG_PRIORITY,
> .cra_ctxsize = sizeof(struct hisi_zip_ctx),
> + .cra_reqsize = sizeof(struct hisi_zip_req),
> }
> };
>
^ permalink raw reply
* Re: [PATCH] crypto: loongson - Select CRYPTO_RNG
From: Qunqin Zhao @ 2026-05-22 6:40 UTC (permalink / raw)
To: Eric Biggers
Cc: Huacai Chen, linux-crypto, Herbert Xu, linux-kernel, loongarch,
Yinggang Gu, Lee Jones, kernel test robot, stable
In-Reply-To: <20260522040310.GF5937@quark>
在 2026/5/22 下午12:03, Eric Biggers 写道:
> On Fri, May 22, 2026 at 11:41:15AM +0800, Qunqin Zhao wrote:
>> 在 2026/5/22 上午10:57, Eric Biggers 写道:
>>> On Fri, May 22, 2026 at 10:52:42AM +0800, Huacai Chen wrote:
>>>> On Fri, May 22, 2026 at 10:26 AM Eric Biggers <ebiggers@kernel.org> wrote:
>>>>> This driver registers a rng_alg, so it requires CRYPTO_RNG.
>>>>>
>>>>> Fixes: 766b2d724c8d ("crypto: loongson - add Loongson RNG driver support")
>>>>> Reported-by: kernel test robot <lkp@intel.com>
>>>>> Closes: https://lore.kernel.org/oe-kbuild-all/202605201622.qWOiiZTV-lkp@intel.com/
>>>>> Cc: stable@vger.kernel.org
>>>>> Signed-off-by: Eric Biggers <ebiggers@kernel.org>
>>>> Reviewed-by: Huacai Chen <chenhuacai@loongson.cn>
>>>>> ---
>>>>> drivers/crypto/loongson/Kconfig | 1 +
>>>>> 1 file changed, 1 insertion(+)
>>>>>
>>> By the way, do any of the loongson people have any comment on what they
>>> think the point of this driver is? It's not registered with the actual
>> To provide an AF_ALG-based random number generation interface for other
>> modules and user-space programs.
>>
>> Thanks,
>>
>> Qunqin
> AF_ALG is a userspace interface; it's not available for in-kernel use.
> If you mean using crypto_rng directly, note that no kernel code actually
> uses it other than the tests, the implementation of AF_ALG, and the
> FIPS-specific code which uses drbg.c specifically.
>
> So, the first half of your justification doesn't make any sense.
>
> As far as the second half: why would a userspace program do that instead
> of just using the regular Linux RNG (/dev/urandom)?
>
> AFAIK, the only reason to use a HW RNG directly is for certification
> reasons.
>
> However, there's also already an interface for that: /dev/hw_random.
>
> So AF_ALG seems completely redundant for this case.
To be honest, I previously assumed that the `hw_random` was designed
strictly and exclusively for the TRNG mode.
Is it architecturally acceptable or common practice for a PRNG mode to
utilize `hw_random` as well?
Thanks,
Qunqin
>
> - Eric
^ permalink raw reply
* [ANN] Linux Security Summit Europe 2026 CfP
From: Reshetova, Elena @ 2026-05-22 5:56 UTC (permalink / raw)
To: linux-security-module@vger.kernel.org
Cc: Linux Security Summit Program Committee, Friend,
linux-integrity@vger.kernel.org, lwn@lwn.net,
linux-crypto@vger.kernel.org, keyrings@vger.kernel.org,
linux-coco@lists.linux.dev, kernel-hardening@lists.openwall.com
====================================================================
ANNOUNCEMENT AND CALL FOR PARTICIPATION
LINUX SECURITY SUMMIT EUROPE 2026
Thursday, 8 October
Prague, Czechia
====================================================================
DESCRIPTION
Linux Security Summit Europe (LSS-EU) 2026 is a technical forum for
collaboration between Linux developers, researchers, and end-users.
Its primary aim is to foster community efforts in deeply analyzing and
solving Linux operating system security challenges, including those in the
Linux kernel.
This year LSS-EU is a single day event happening right after Linux Plumbers 2026
https://lpc.events/
Proposals to LSS-EU should be submitted via:
https://events.linuxfoundation.org/linux-security-summit-europe/program/cfp/
SUGGESTED TOPICS
* Access Control
* Case Studies
* Cryptography and Key Management
* Emerging Technologies, Threats & Techniques
* Hardware Security
* IoT and Embedded Security
* Integrity Policy and Enforcement
* Open Source Supply Chain for the Linux OS
* Security Tools
* Security UX
* Linux OS Hardening
* Virtualization and Containers
DATES TO REMEMBER:
* CFP Close: Sunday, 28 June at 11:59 PM CEST (UTC +2) / 2:59 PM PDT (UTC -7)
* CFP Notifications: Tuesday, 14 July
* Schedule Announced: Wednesday, 15 July
* Event Date: Thursday, 8 October
WHO SHOULD ATTEND
We're seeking a diverse range of attendees and welcome participation by
people involved in Linux security development, operations, and research.
LSS is a unique global event that provides the opportunity to present and
discuss your work or research with key Linux security community members and
maintainers. It's also useful for those who wish to keep up with the latest
in Linux security development and to provide input to the development
process.
MASTODON
For event updates and announcements, follow:
https://social.kernel.org/LinuxSecSummit
#linuxsecuritysummit
PROGRAM COMMITTEE
The program committee for LSS 2026 is:
* James Morris, Microsoft
* Serge Hallyn, Geico
* Paul Moore, Microsoft
* Stephen Smalley, NSA
* Elena Reshetova, Intel
* John Johansen, Canonical
* Kees Cook, Google
* Casey Schaufler
* Mimi Zohar, IBM
* David A. Wheeler, Linux Foundation
The program committee may be contacted as a group via email:
lss-pc () lists.linuxfoundation.org
^ permalink raw reply
* [PATCH net-next 6/6] crypto: api - Fold crypto_alloc_tfmmem() into crypto_create_tfm_node()
From: Eric Biggers @ 2026-05-22 5:30 UTC (permalink / raw)
To: netdev
Cc: linux-crypto, linux-kernel, Eric Dumazet, Neal Cardwell,
Kuniyuki Iwashima, David S . Miller, David Ahern, Jakub Kicinski,
Paolo Abeni, Simon Horman, Ard Biesheuvel, Jason A . Donenfeld,
Herbert Xu, Dmitry Safonov, Eric Biggers
In-Reply-To: <20260522053028.91165-1-ebiggers@kernel.org>
Fold crypto_alloc_tfmmem() into its only remaining caller,
crypto_create_tfm_node(). Previously crypto_alloc_tfmmem() was called
by crypto_clone_tfm(), but crypto_clone_tfm() was removed.
This rolls back the refactoring that was done in commit 3c3a24cb0ae4
("crypto: api - Add crypto_clone_tfm").
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
crypto/api.c | 33 +++++++--------------------------
1 file changed, 7 insertions(+), 26 deletions(-)
diff --git a/crypto/api.c b/crypto/api.c
index 5bd0db7fa665..4349c2caa23a 100644
--- a/crypto/api.c
+++ b/crypto/api.c
@@ -490,46 +490,27 @@ struct crypto_tfm *crypto_alloc_base(const char *alg_name, u32 type, u32 mask)
return ERR_PTR(err);
}
EXPORT_SYMBOL_GPL(crypto_alloc_base);
-static void *crypto_alloc_tfmmem(struct crypto_alg *alg,
- const struct crypto_type *frontend, int node,
- gfp_t gfp)
-{
- struct crypto_tfm *tfm;
- unsigned int tfmsize;
- unsigned int total;
- char *mem;
-
- tfmsize = frontend->tfmsize;
- total = tfmsize + sizeof(*tfm) + frontend->extsize(alg);
-
- mem = kzalloc_node(total, gfp, node);
- if (mem == NULL)
- return ERR_PTR(-ENOMEM);
-
- tfm = (struct crypto_tfm *)(mem + tfmsize);
- tfm->__crt_alg = alg;
- tfm->node = node;
-
- return mem;
-}
-
void *crypto_create_tfm_node(struct crypto_alg *alg,
const struct crypto_type *frontend,
int node)
{
struct crypto_tfm *tfm;
+ size_t size;
char *mem;
int err;
- mem = crypto_alloc_tfmmem(alg, frontend, node, GFP_KERNEL);
- if (IS_ERR(mem))
- goto out;
+ size = frontend->tfmsize + sizeof(*tfm) + frontend->extsize(alg);
+ mem = kzalloc_node(size, GFP_KERNEL, node);
+ if (!mem)
+ return ERR_PTR(-ENOMEM);
tfm = (struct crypto_tfm *)(mem + frontend->tfmsize);
+ tfm->__crt_alg = alg;
+ tfm->node = node;
tfm->fb = tfm;
err = frontend->init_tfm(tfm);
if (err)
goto out_free_tfm;
--
2.54.0
^ permalink raw reply related
* [PATCH net-next 5/6] crypto: api - Fold __crypto_alloc_tfmgfp() into __crypto_alloc_tfm()
From: Eric Biggers @ 2026-05-22 5:30 UTC (permalink / raw)
To: netdev
Cc: linux-crypto, linux-kernel, Eric Dumazet, Neal Cardwell,
Kuniyuki Iwashima, David S . Miller, David Ahern, Jakub Kicinski,
Paolo Abeni, Simon Horman, Ard Biesheuvel, Jason A . Donenfeld,
Herbert Xu, Dmitry Safonov, Eric Biggers
In-Reply-To: <20260522053028.91165-1-ebiggers@kernel.org>
This reverts commit fa3b3565f3ac ("crypto: api - Add
__crypto_alloc_tfmgfp").
Fold __crypto_alloc_tfmgfp() into its only remaining caller,
__crypto_alloc_tfm(). Previously __crypto_alloc_tfmgfp() was called by
crypto_clone_cipher(), but crypto_clone_cipher() was removed.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
crypto/api.c | 13 +++----------
crypto/internal.h | 2 --
2 files changed, 3 insertions(+), 12 deletions(-)
diff --git a/crypto/api.c b/crypto/api.c
index be9ee104ffc2..5bd0db7fa665 100644
--- a/crypto/api.c
+++ b/crypto/api.c
@@ -403,19 +403,19 @@ void crypto_shoot_alg(struct crypto_alg *alg)
alg->cra_flags |= CRYPTO_ALG_DYING;
up_write(&crypto_alg_sem);
}
EXPORT_SYMBOL_GPL(crypto_shoot_alg);
-struct crypto_tfm *__crypto_alloc_tfmgfp(struct crypto_alg *alg, u32 type,
- u32 mask, gfp_t gfp)
+struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type,
+ u32 mask)
{
struct crypto_tfm *tfm;
unsigned int tfm_size;
int err = -ENOMEM;
tfm_size = sizeof(*tfm) + crypto_ctxsize(alg, type, mask);
- tfm = kzalloc(tfm_size, gfp);
+ tfm = kzalloc(tfm_size, GFP_KERNEL);
if (tfm == NULL)
goto out_err;
tfm->__crt_alg = alg;
@@ -432,17 +432,10 @@ struct crypto_tfm *__crypto_alloc_tfmgfp(struct crypto_alg *alg, u32 type,
out_err:
tfm = ERR_PTR(err);
out:
return tfm;
}
-EXPORT_SYMBOL_GPL(__crypto_alloc_tfmgfp);
-
-struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type,
- u32 mask)
-{
- return __crypto_alloc_tfmgfp(alg, type, mask, GFP_KERNEL);
-}
EXPORT_SYMBOL_GPL(__crypto_alloc_tfm);
/*
* crypto_alloc_base - Locate algorithm and allocate transform
* @alg_name: Name of algorithm
diff --git a/crypto/internal.h b/crypto/internal.h
index b6e437f463d4..b0a10986f61e 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -117,12 +117,10 @@ void crypto_alg_tested(const char *name, int err);
void crypto_remove_spawns(struct crypto_alg *alg, struct list_head *list,
struct crypto_alg *nalg);
void crypto_remove_final(struct list_head *list);
void crypto_shoot_alg(struct crypto_alg *alg);
-struct crypto_tfm *__crypto_alloc_tfmgfp(struct crypto_alg *alg, u32 type,
- u32 mask, gfp_t gfp);
struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type,
u32 mask);
void *crypto_create_tfm_node(struct crypto_alg *alg,
const struct crypto_type *frontend, int node);
--
2.54.0
^ permalink raw reply related
* [PATCH net-next 4/6] crypto: api - Remove per-tfm refcount
From: Eric Biggers @ 2026-05-22 5:30 UTC (permalink / raw)
To: netdev
Cc: linux-crypto, linux-kernel, Eric Dumazet, Neal Cardwell,
Kuniyuki Iwashima, David S . Miller, David Ahern, Jakub Kicinski,
Paolo Abeni, Simon Horman, Ard Biesheuvel, Jason A . Donenfeld,
Herbert Xu, Dmitry Safonov, Eric Biggers
In-Reply-To: <20260522053028.91165-1-ebiggers@kernel.org>
This reverts commit ae131f4970f0 ("crypto: api - Add crypto_tfm_get").
The refcount in struct crypto_tfm was added solely to support
crypto_clone_tfm(). Before then it was a simple non-refcounted object.
Since crypto_clone_tfm() has been removed, remove the refcount as well.
Note that this eliminates an expensive atomic operation from every tfm
freeing operation. So this revert doesn't just remove unused code, but
it also fixes a performance regression.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
crypto/api.c | 4 ----
crypto/internal.h | 6 ------
include/linux/crypto.h | 1 -
3 files changed, 11 deletions(-)
diff --git a/crypto/api.c b/crypto/api.c
index d019d1979857..be9ee104ffc2 100644
--- a/crypto/api.c
+++ b/crypto/api.c
@@ -416,11 +416,10 @@ struct crypto_tfm *__crypto_alloc_tfmgfp(struct crypto_alg *alg, u32 type,
tfm = kzalloc(tfm_size, gfp);
if (tfm == NULL)
goto out_err;
tfm->__crt_alg = alg;
- refcount_set(&tfm->refcnt, 1);
if (!tfm->exit && alg->cra_init && (err = alg->cra_init(tfm)))
goto cra_init_failed;
goto out;
@@ -517,11 +516,10 @@ static void *crypto_alloc_tfmmem(struct crypto_alg *alg,
return ERR_PTR(-ENOMEM);
tfm = (struct crypto_tfm *)(mem + tfmsize);
tfm->__crt_alg = alg;
tfm->node = node;
- refcount_set(&tfm->refcnt, 1);
return mem;
}
void *crypto_create_tfm_node(struct crypto_alg *alg,
@@ -647,12 +645,10 @@ void crypto_destroy_tfm(void *mem, struct crypto_tfm *tfm)
struct crypto_alg *alg;
if (IS_ERR_OR_NULL(mem))
return;
- if (!refcount_dec_and_test(&tfm->refcnt))
- return;
alg = tfm->__crt_alg;
if (!tfm->exit && alg->cra_exit)
alg->cra_exit(tfm);
crypto_exit_ops(tfm);
diff --git a/crypto/internal.h b/crypto/internal.h
index 96f84abfac91..b6e437f463d4 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -8,11 +8,10 @@
#ifndef _CRYPTO_INTERNAL_H
#define _CRYPTO_INTERNAL_H
#include <crypto/algapi.h>
#include <linux/completion.h>
-#include <linux/err.h>
#include <linux/jump_label.h>
#include <linux/list.h>
#include <linux/module.h>
#include <linux/notifier.h>
#include <linux/numa.h>
@@ -207,12 +206,7 @@ static inline void crypto_yield(u32 flags)
static inline int crypto_is_test_larval(struct crypto_larval *larval)
{
return larval->alg.cra_driver_name[0];
}
-static inline struct crypto_tfm *crypto_tfm_get(struct crypto_tfm *tfm)
-{
- return refcount_inc_not_zero(&tfm->refcnt) ? tfm : ERR_PTR(-EOVERFLOW);
-}
-
#endif /* _CRYPTO_INTERNAL_H */
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
index a2137e19be7d..b7c97f1c47c9 100644
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
@@ -407,11 +407,10 @@ int crypto_has_alg(const char *name, u32 type, u32 mask);
* and core processing logic. Managed via crypto_alloc_*() and
* crypto_free_*(), as well as the various helpers below.
*/
struct crypto_tfm {
- refcount_t refcnt;
u32 crt_flags;
int node;
--
2.54.0
^ permalink raw reply related
* [PATCH net-next 3/6] crypto: api - Remove crypto_clone_tfm()
From: Eric Biggers @ 2026-05-22 5:30 UTC (permalink / raw)
To: netdev
Cc: linux-crypto, linux-kernel, Eric Dumazet, Neal Cardwell,
Kuniyuki Iwashima, David S . Miller, David Ahern, Jakub Kicinski,
Paolo Abeni, Simon Horman, Ard Biesheuvel, Jason A . Donenfeld,
Herbert Xu, Dmitry Safonov, Eric Biggers
In-Reply-To: <20260522053028.91165-1-ebiggers@kernel.org>
Since all callers of crypto_clone_tfm() have been removed, remove it.
Note that no tests need to be removed, as this function had no tests.
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
crypto/api.c | 26 --------------------------
crypto/internal.h | 2 --
2 files changed, 28 deletions(-)
diff --git a/crypto/api.c b/crypto/api.c
index 74e17d5049c9..d019d1979857 100644
--- a/crypto/api.c
+++ b/crypto/api.c
@@ -558,36 +558,10 @@ void *crypto_create_tfm_node(struct crypto_alg *alg,
out:
return mem;
}
EXPORT_SYMBOL_GPL(crypto_create_tfm_node);
-void *crypto_clone_tfm(const struct crypto_type *frontend,
- struct crypto_tfm *otfm)
-{
- struct crypto_alg *alg = otfm->__crt_alg;
- struct crypto_tfm *tfm;
- char *mem;
-
- mem = ERR_PTR(-ESTALE);
- if (unlikely(!crypto_mod_get(alg)))
- goto out;
-
- mem = crypto_alloc_tfmmem(alg, frontend, otfm->node, GFP_ATOMIC);
- if (IS_ERR(mem)) {
- crypto_mod_put(alg);
- goto out;
- }
-
- tfm = (struct crypto_tfm *)(mem + frontend->tfmsize);
- tfm->crt_flags = otfm->crt_flags;
- tfm->fb = tfm;
-
-out:
- return mem;
-}
-EXPORT_SYMBOL_GPL(crypto_clone_tfm);
-
struct crypto_alg *crypto_find_alg(const char *alg_name,
const struct crypto_type *frontend,
u32 type, u32 mask)
{
if (frontend) {
diff --git a/crypto/internal.h b/crypto/internal.h
index 8fbe0226d48e..96f84abfac91 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -124,12 +124,10 @@ struct crypto_tfm *__crypto_alloc_tfmgfp(struct crypto_alg *alg, u32 type,
u32 mask, gfp_t gfp);
struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type,
u32 mask);
void *crypto_create_tfm_node(struct crypto_alg *alg,
const struct crypto_type *frontend, int node);
-void *crypto_clone_tfm(const struct crypto_type *frontend,
- struct crypto_tfm *otfm);
static inline void *crypto_create_tfm(struct crypto_alg *alg,
const struct crypto_type *frontend)
{
return crypto_create_tfm_node(alg, frontend, NUMA_NO_NODE);
--
2.54.0
^ permalink raw reply related
* [PATCH net-next 2/6] crypto: cipher - Remove crypto_clone_cipher()
From: Eric Biggers @ 2026-05-22 5:30 UTC (permalink / raw)
To: netdev
Cc: linux-crypto, linux-kernel, Eric Dumazet, Neal Cardwell,
Kuniyuki Iwashima, David S . Miller, David Ahern, Jakub Kicinski,
Paolo Abeni, Simon Horman, Ard Biesheuvel, Jason A . Donenfeld,
Herbert Xu, Dmitry Safonov, Eric Biggers
In-Reply-To: <20260522053028.91165-1-ebiggers@kernel.org>
Since the only caller of crypto_clone_cipher() was cmac_clone_tfm()
which has been removed, remove crypto_clone_cipher() as well.
Note that no tests need to be removed, as this function had no tests.
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
crypto/cipher.c | 28 ----------------------------
include/crypto/internal/cipher.h | 2 --
2 files changed, 30 deletions(-)
diff --git a/crypto/cipher.c b/crypto/cipher.c
index 1fe62bf79656..c9dab656a622 100644
--- a/crypto/cipher.c
+++ b/crypto/cipher.c
@@ -87,33 +87,5 @@ void crypto_cipher_decrypt_one(struct crypto_cipher *tfm,
u8 *dst, const u8 *src)
{
cipher_crypt_one(tfm, dst, src, false);
}
EXPORT_SYMBOL_NS_GPL(crypto_cipher_decrypt_one, "CRYPTO_INTERNAL");
-
-struct crypto_cipher *crypto_clone_cipher(struct crypto_cipher *cipher)
-{
- struct crypto_tfm *tfm = crypto_cipher_tfm(cipher);
- struct crypto_alg *alg = tfm->__crt_alg;
- struct crypto_cipher *ncipher;
- struct crypto_tfm *ntfm;
-
- if (alg->cra_init)
- return ERR_PTR(-ENOSYS);
-
- if (unlikely(!crypto_mod_get(alg)))
- return ERR_PTR(-ESTALE);
-
- ntfm = __crypto_alloc_tfmgfp(alg, CRYPTO_ALG_TYPE_CIPHER,
- CRYPTO_ALG_TYPE_MASK, GFP_ATOMIC);
- if (IS_ERR(ntfm)) {
- crypto_mod_put(alg);
- return ERR_CAST(ntfm);
- }
-
- ntfm->crt_flags = tfm->crt_flags;
-
- ncipher = __crypto_cipher_cast(ntfm);
-
- return ncipher;
-}
-EXPORT_SYMBOL_GPL(crypto_clone_cipher);
diff --git a/include/crypto/internal/cipher.h b/include/crypto/internal/cipher.h
index 5030f6d2df31..a9174ba90250 100644
--- a/include/crypto/internal/cipher.h
+++ b/include/crypto/internal/cipher.h
@@ -174,12 +174,10 @@ void crypto_cipher_encrypt_one(struct crypto_cipher *tfm,
* the plaintext and ciphertext buffers are at least one block in size.
*/
void crypto_cipher_decrypt_one(struct crypto_cipher *tfm,
u8 *dst, const u8 *src);
-struct crypto_cipher *crypto_clone_cipher(struct crypto_cipher *cipher);
-
struct crypto_cipher_spawn {
struct crypto_spawn base;
};
static inline int crypto_grab_cipher(struct crypto_cipher_spawn *spawn,
--
2.54.0
^ permalink raw reply related
* [PATCH net-next 1/6] crypto: hash - Remove support for cloning hash tfms
From: Eric Biggers @ 2026-05-22 5:30 UTC (permalink / raw)
To: netdev
Cc: linux-crypto, linux-kernel, Eric Dumazet, Neal Cardwell,
Kuniyuki Iwashima, David S . Miller, David Ahern, Jakub Kicinski,
Paolo Abeni, Simon Horman, Ard Biesheuvel, Jason A . Donenfeld,
Herbert Xu, Dmitry Safonov, Eric Biggers
In-Reply-To: <20260522053028.91165-1-ebiggers@kernel.org>
Hash transformation cloning no longer has a user, and there's a good
chance no new one will appear because the library API solves the problem
in a much simpler and more efficient way. Remove support for it.
Note that no tests need to be removed, as this feature had no tests.
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
crypto/ahash.c | 70 -------------------------------------------
crypto/cmac.c | 16 ----------
crypto/cryptd.c | 16 ----------
crypto/hmac.c | 31 -------------------
crypto/shash.c | 37 -----------------------
include/crypto/hash.h | 8 -----
6 files changed, 178 deletions(-)
diff --git a/crypto/ahash.c b/crypto/ahash.c
index 7a730324c50e..85dcd120de3e 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c
@@ -860,80 +860,10 @@ bool crypto_hash_alg_has_setkey(struct hash_alg_common *halg)
return __crypto_ahash_alg(alg)->setkey != ahash_nosetkey;
}
EXPORT_SYMBOL_GPL(crypto_hash_alg_has_setkey);
-struct crypto_ahash *crypto_clone_ahash(struct crypto_ahash *hash)
-{
- struct hash_alg_common *halg = crypto_hash_alg_common(hash);
- struct crypto_tfm *tfm = crypto_ahash_tfm(hash);
- struct crypto_ahash *fb = NULL;
- struct crypto_ahash *nhash;
- struct ahash_alg *alg;
- int err;
-
- if (!crypto_hash_alg_has_setkey(halg)) {
- tfm = crypto_tfm_get(tfm);
- if (IS_ERR(tfm))
- return ERR_CAST(tfm);
-
- return hash;
- }
-
- nhash = crypto_clone_tfm(&crypto_ahash_type, tfm);
-
- if (IS_ERR(nhash))
- return nhash;
-
- nhash->reqsize = hash->reqsize;
- nhash->statesize = hash->statesize;
-
- if (likely(hash->using_shash)) {
- struct crypto_shash **nctx = crypto_ahash_ctx(nhash);
- struct crypto_shash *shash;
-
- shash = crypto_clone_shash(ahash_to_shash(hash));
- if (IS_ERR(shash)) {
- err = PTR_ERR(shash);
- goto out_free_nhash;
- }
- crypto_ahash_tfm(nhash)->exit = crypto_exit_ahash_using_shash;
- nhash->using_shash = true;
- *nctx = shash;
- return nhash;
- }
-
- if (crypto_ahash_need_fallback(hash)) {
- fb = crypto_clone_ahash(crypto_ahash_fb(hash));
- err = PTR_ERR(fb);
- if (IS_ERR(fb))
- goto out_free_nhash;
-
- crypto_ahash_tfm(nhash)->fb = crypto_ahash_tfm(fb);
- }
-
- err = -ENOSYS;
- alg = crypto_ahash_alg(hash);
- if (!alg->clone_tfm)
- goto out_free_fb;
-
- err = alg->clone_tfm(nhash, hash);
- if (err)
- goto out_free_fb;
-
- crypto_ahash_tfm(nhash)->exit = crypto_ahash_exit_tfm;
-
- return nhash;
-
-out_free_fb:
- crypto_free_ahash(fb);
-out_free_nhash:
- crypto_free_ahash(nhash);
- return ERR_PTR(err);
-}
-EXPORT_SYMBOL_GPL(crypto_clone_ahash);
-
static int ahash_default_export_core(struct ahash_request *req, void *out)
{
return -ENOSYS;
}
diff --git a/crypto/cmac.c b/crypto/cmac.c
index 1b03964abe00..83e58937f013 100644
--- a/crypto/cmac.c
+++ b/crypto/cmac.c
@@ -149,25 +149,10 @@ static int cmac_init_tfm(struct crypto_shash *tfm)
ctx->child = cipher;
return 0;
}
-static int cmac_clone_tfm(struct crypto_shash *tfm, struct crypto_shash *otfm)
-{
- struct cmac_tfm_ctx *octx = crypto_shash_ctx(otfm);
- struct cmac_tfm_ctx *ctx = crypto_shash_ctx(tfm);
- struct crypto_cipher *cipher;
-
- cipher = crypto_clone_cipher(octx->child);
- if (IS_ERR(cipher))
- return PTR_ERR(cipher);
-
- ctx->child = cipher;
-
- return 0;
-}
-
static void cmac_exit_tfm(struct crypto_shash *tfm)
{
struct cmac_tfm_ctx *ctx = crypto_shash_ctx(tfm);
crypto_free_cipher(ctx->child);
}
@@ -220,11 +205,10 @@ static int cmac_create(struct crypto_template *tmpl, struct rtattr **tb)
inst->alg.init = crypto_cmac_digest_init;
inst->alg.update = crypto_cmac_digest_update;
inst->alg.finup = crypto_cmac_digest_finup;
inst->alg.setkey = crypto_cmac_digest_setkey;
inst->alg.init_tfm = cmac_init_tfm;
- inst->alg.clone_tfm = cmac_clone_tfm;
inst->alg.exit_tfm = cmac_exit_tfm;
inst->free = shash_free_singlespawn_instance;
err = shash_register_instance(tmpl, inst);
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index aba9fe0f23b4..d8dbf07ab426 100644
--- a/crypto/cryptd.c
+++ b/crypto/cryptd.c
@@ -450,25 +450,10 @@ static int cryptd_hash_init_tfm(struct crypto_ahash *tfm)
sizeof(struct cryptd_hash_request_ctx) +
crypto_shash_descsize(hash));
return 0;
}
-static int cryptd_hash_clone_tfm(struct crypto_ahash *ntfm,
- struct crypto_ahash *tfm)
-{
- struct cryptd_hash_ctx *nctx = crypto_ahash_ctx(ntfm);
- struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(tfm);
- struct crypto_shash *hash;
-
- hash = crypto_clone_shash(ctx->child);
- if (IS_ERR(hash))
- return PTR_ERR(hash);
-
- nctx->child = hash;
- return 0;
-}
-
static void cryptd_hash_exit_tfm(struct crypto_ahash *tfm)
{
struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(tfm);
crypto_free_shash(ctx->child);
@@ -698,11 +683,10 @@ static int cryptd_create_hash(struct crypto_template *tmpl, struct rtattr **tb,
inst->alg.halg.digestsize = alg->digestsize;
inst->alg.halg.statesize = alg->statesize;
inst->alg.halg.base.cra_ctxsize = sizeof(struct cryptd_hash_ctx);
inst->alg.init_tfm = cryptd_hash_init_tfm;
- inst->alg.clone_tfm = cryptd_hash_clone_tfm;
inst->alg.exit_tfm = cryptd_hash_exit_tfm;
inst->alg.init = cryptd_hash_init_enqueue;
inst->alg.update = cryptd_hash_update_enqueue;
inst->alg.final = cryptd_hash_final_enqueue;
diff --git a/crypto/hmac.c b/crypto/hmac.c
index 148af460ae97..807e08b252c5 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -156,24 +156,10 @@ static int hmac_init_tfm(struct crypto_shash *parent)
tctx->hash = hash;
return 0;
}
-static int hmac_clone_tfm(struct crypto_shash *dst, struct crypto_shash *src)
-{
- struct hmac_ctx *sctx = crypto_shash_ctx(src);
- struct hmac_ctx *dctx = crypto_shash_ctx(dst);
- struct crypto_shash *hash;
-
- hash = crypto_clone_shash(sctx->hash);
- if (IS_ERR(hash))
- return PTR_ERR(hash);
-
- dctx->hash = hash;
- return 0;
-}
-
static void hmac_exit_tfm(struct crypto_shash *parent)
{
struct hmac_ctx *tctx = crypto_shash_ctx(parent);
crypto_free_shash(tctx->hash);
@@ -233,11 +219,10 @@ static int __hmac_create_shash(struct crypto_template *tmpl,
inst->alg.import = hmac_import;
inst->alg.export_core = hmac_export_core;
inst->alg.import_core = hmac_import_core;
inst->alg.setkey = hmac_setkey;
inst->alg.init_tfm = hmac_init_tfm;
- inst->alg.clone_tfm = hmac_clone_tfm;
inst->alg.exit_tfm = hmac_exit_tfm;
inst->free = shash_free_singlespawn_instance;
err = shash_register_instance(tmpl, inst);
@@ -421,25 +406,10 @@ static int hmac_init_ahash_tfm(struct crypto_ahash *parent)
tctx->hash = hash;
return 0;
}
-static int hmac_clone_ahash_tfm(struct crypto_ahash *dst,
- struct crypto_ahash *src)
-{
- struct ahash_hmac_ctx *sctx = crypto_ahash_ctx(src);
- struct ahash_hmac_ctx *dctx = crypto_ahash_ctx(dst);
- struct crypto_ahash *hash;
-
- hash = crypto_clone_ahash(sctx->hash);
- if (IS_ERR(hash))
- return PTR_ERR(hash);
-
- dctx->hash = hash;
- return 0;
-}
-
static void hmac_exit_ahash_tfm(struct crypto_ahash *parent)
{
struct ahash_hmac_ctx *tctx = crypto_ahash_ctx(parent);
crypto_free_ahash(tctx->hash);
@@ -501,11 +471,10 @@ static int hmac_create_ahash(struct crypto_template *tmpl, struct rtattr **tb,
inst->alg.import = hmac_import_ahash;
inst->alg.export_core = hmac_export_core_ahash;
inst->alg.import_core = hmac_import_core_ahash;
inst->alg.setkey = hmac_setkey_ahash;
inst->alg.init_tfm = hmac_init_ahash_tfm;
- inst->alg.clone_tfm = hmac_clone_ahash_tfm;
inst->alg.exit_tfm = hmac_exit_ahash_tfm;
inst->free = ahash_free_singlespawn_instance;
err = ahash_register_instance(tmpl, inst);
diff --git a/crypto/shash.c b/crypto/shash.c
index 2f07d0bd1f61..351cba3c1107 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -393,47 +393,10 @@ int crypto_has_shash(const char *alg_name, u32 type, u32 mask)
{
return crypto_type_has_alg(alg_name, &crypto_shash_type, type, mask);
}
EXPORT_SYMBOL_GPL(crypto_has_shash);
-struct crypto_shash *crypto_clone_shash(struct crypto_shash *hash)
-{
- struct crypto_tfm *tfm = crypto_shash_tfm(hash);
- struct shash_alg *alg = crypto_shash_alg(hash);
- struct crypto_shash *nhash;
- int err;
-
- if (!crypto_shash_alg_has_setkey(alg)) {
- tfm = crypto_tfm_get(tfm);
- if (IS_ERR(tfm))
- return ERR_CAST(tfm);
-
- return hash;
- }
-
- if (!alg->clone_tfm && (alg->init_tfm || alg->base.cra_init))
- return ERR_PTR(-ENOSYS);
-
- nhash = crypto_clone_tfm(&crypto_shash_type, tfm);
- if (IS_ERR(nhash))
- return nhash;
-
- if (alg->clone_tfm) {
- err = alg->clone_tfm(nhash, hash);
- if (err) {
- crypto_free_shash(nhash);
- return ERR_PTR(err);
- }
- }
-
- if (alg->exit_tfm)
- crypto_shash_tfm(nhash)->exit = crypto_shash_exit_tfm;
-
- return nhash;
-}
-EXPORT_SYMBOL_GPL(crypto_clone_shash);
-
int hash_prepare_alg(struct hash_alg_common *alg)
{
struct crypto_alg *base = &alg->base;
if (alg->digestsize > HASH_MAX_DIGESTSIZE)
diff --git a/include/crypto/hash.h b/include/crypto/hash.h
index 586700332c73..e474f8461ea1 100644
--- a/include/crypto/hash.h
+++ b/include/crypto/hash.h
@@ -146,11 +146,10 @@ struct ahash_request {
* requirement of the transformation and put any software
* fallbacks in place.
* @exit_tfm: Deinitialize the cryptographic transformation object.
* This is a counterpart to @init_tfm, used to remove
* various changes set in @init_tfm.
- * @clone_tfm: Copy transform into new object, may allocate memory.
* @halg: see struct hash_alg_common
*/
struct ahash_alg {
int (*init)(struct ahash_request *req);
int (*update)(struct ahash_request *req);
@@ -163,11 +162,10 @@ struct ahash_alg {
int (*import_core)(struct ahash_request *req, const void *in);
int (*setkey)(struct crypto_ahash *tfm, const u8 *key,
unsigned int keylen);
int (*init_tfm)(struct crypto_ahash *tfm);
void (*exit_tfm)(struct crypto_ahash *tfm);
- int (*clone_tfm)(struct crypto_ahash *dst, struct crypto_ahash *src);
struct hash_alg_common halg;
};
struct shash_desc {
@@ -237,11 +235,10 @@ struct shash_desc {
* requirement of the transformation and put any software
* fallbacks in place.
* @exit_tfm: Deinitialize the cryptographic transformation object.
* This is a counterpart to @init_tfm, used to remove
* various changes set in @init_tfm.
- * @clone_tfm: Copy transform into new object, may allocate memory.
* @descsize: Size of the operational state for the message digest. This state
* size is the memory size that needs to be allocated for
* shash_desc.__ctx
* @halg: see struct hash_alg_common
* @HASH_ALG_COMMON: see struct hash_alg_common
@@ -261,11 +258,10 @@ struct shash_alg {
int (*import_core)(struct shash_desc *desc, const void *in);
int (*setkey)(struct crypto_shash *tfm, const u8 *key,
unsigned int keylen);
int (*init_tfm)(struct crypto_shash *tfm);
void (*exit_tfm)(struct crypto_shash *tfm);
- int (*clone_tfm)(struct crypto_shash *dst, struct crypto_shash *src);
unsigned int descsize;
union {
struct HASH_ALG_COMMON;
@@ -320,12 +316,10 @@ static inline struct crypto_ahash *__crypto_ahash_cast(struct crypto_tfm *tfm)
* of an error, PTR_ERR() returns the error code.
*/
struct crypto_ahash *crypto_alloc_ahash(const char *alg_name, u32 type,
u32 mask);
-struct crypto_ahash *crypto_clone_ahash(struct crypto_ahash *tfm);
-
static inline struct crypto_tfm *crypto_ahash_tfm(struct crypto_ahash *tfm)
{
return &tfm->base;
}
@@ -757,12 +751,10 @@ static inline void ahash_request_set_virt(struct ahash_request *req,
* of an error, PTR_ERR() returns the error code.
*/
struct crypto_shash *crypto_alloc_shash(const char *alg_name, u32 type,
u32 mask);
-struct crypto_shash *crypto_clone_shash(struct crypto_shash *tfm);
-
int crypto_has_shash(const char *alg_name, u32 type, u32 mask);
static inline struct crypto_tfm *crypto_shash_tfm(struct crypto_shash *tfm)
{
return &tfm->base;
--
2.54.0
^ permalink raw reply related
* [PATCH net-next 0/6] Remove unused support for crypto tfm cloning
From: Eric Biggers @ 2026-05-22 5:30 UTC (permalink / raw)
To: netdev
Cc: linux-crypto, linux-kernel, Eric Dumazet, Neal Cardwell,
Kuniyuki Iwashima, David S . Miller, David Ahern, Jakub Kicinski,
Paolo Abeni, Simon Horman, Ard Biesheuvel, Jason A . Donenfeld,
Herbert Xu, Dmitry Safonov, Eric Biggers
This series is targeting net-next because it depends on
"net/tcp: Remove tcp_sigpool". So far no commits in cryptodev conflict
with this, so I suggest that this be taken through net-next for 7.2.
This series removes support for transformation cloning from the crypto
API. Now that the TCP-AO and TCP-MD5 code no longer uses it, it no
longer has a user. And it's unlikely that a new one will appear, as the
library API solves the problem in a much simpler and more efficient way.
This feature also regressed performance for all crypto API users, since
it changed crypto transformation objects into reference-counted objects.
That added expensive atomic operations. The refcount is reverted by
this series, thus fixing the performance regression.
A subset of this was previously sent in
https://lore.kernel.org/r/20260307224341.5644-1-ebiggers@kernel.org
Compared to that version, this version is a bit more comprehensive.
Eric Biggers (6):
crypto: hash - Remove support for cloning hash tfms
crypto: cipher - Remove crypto_clone_cipher()
crypto: api - Remove crypto_clone_tfm()
crypto: api - Remove per-tfm refcount
crypto: api - Fold __crypto_alloc_tfmgfp() into __crypto_alloc_tfm()
crypto: api - Fold crypto_alloc_tfmmem() into crypto_create_tfm_node()
crypto/ahash.c | 70 -----------------------------
crypto/api.c | 76 +++++---------------------------
crypto/cipher.c | 28 ------------
crypto/cmac.c | 16 -------
crypto/cryptd.c | 16 -------
crypto/hmac.c | 31 -------------
crypto/internal.h | 10 -----
crypto/shash.c | 37 ----------------
include/crypto/hash.h | 8 ----
include/crypto/internal/cipher.h | 2 -
include/linux/crypto.h | 1 -
11 files changed, 10 insertions(+), 285 deletions(-)
base-commit: 1a1f055318d82e64485a6ff8420e5f70b4267998
--
2.54.0
^ permalink raw reply
* Re: [PATCH] crypto: talitos - fix rename first/last to first_desc/last_desc
From: Greg Kroah-Hartman @ 2026-05-22 5:12 UTC (permalink / raw)
To: Goetz Goerisch
Cc: Paul Louvel, herve.codina, miquel.raynal, stable,
thomas.petazzoni, Herbert Xu, linux-crypto, Sasha Levin
In-Reply-To: <1464270648.58006.1779377119607@app.mailbox.org>
On Thu, May 21, 2026 at 05:25:18PM +0200, Goetz Goerisch wrote:
> Dear Paul,
>
> Thank you for this review and feedback.
>
> > > Instead of renaming req_ctx->last, commit 9826d1d6ed5f8 ("crypto: talitos - stop
> > > using crypto_ahash::init") should be applied. Ideally before commit
> > > 655ef638a2bc ("crypto: talitos - fix SEC1 32k ahash request limitation") to
> > > avoid any compilation breakage and ensure correctness of the code.
> >
> > Small correction:
> >
> > Ideally before commit 00463d5f864a ("crypto: talitos - fix SEC1 32k ahash
> > request limitation") to avoid any compilation breakage and ensure correctness of
> > the code.
>
> I can confirm your recommendation. Appyling this commit before, fixes the problem. Please disregard my patch.
>
> Greg could you please backport the mentioned commit to 6.6.y in the correct order for the next update?
Can you send a series of backported patches in the correct order for us
to apply, so we know to get them correct? Trying to dig out from an
email like this is usually quite easy to get wrong :)
thanks,
greg k-h
^ permalink raw reply
* [PATCH net-next v2 5/5] crypto: pcbc - Remove support for PCBC mode
From: Eric Biggers @ 2026-05-22 5:07 UTC (permalink / raw)
To: netdev, linux-afs
Cc: David Howells, Marc Dionne, linux-crypto, linux-kernel,
David S . Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
Simon Horman, Eric Biggers, Geert Uytterhoeven
In-Reply-To: <20260522050740.84561-1-ebiggers@kernel.org>
The only user of PCBC mode (Propagating Cipher Block Chaining mode) was
net/rxrpc/rxkad.c, which now uses local code instead.
While PCBC was an interesting cryptographic experiment, it has largely
been relegated to the history books and academic exercises. It is
non-parallelizable (i.e., very slow) and doesn't actually achieve the
integrity properties it was apparently intended to achieve.
Remove support for it from the crypto API.
Acked-by: Geert Uytterhoeven <geert@linux-m68k.org> # m68k
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
arch/arm/configs/am200epdkit_defconfig | 1 -
arch/arm/configs/dove_defconfig | 1 -
arch/arm/configs/multi_v5_defconfig | 1 -
arch/arm/configs/mv78xx0_defconfig | 1 -
arch/arm/configs/mvebu_v5_defconfig | 1 -
arch/arm/configs/omap1_defconfig | 1 -
arch/arm/configs/orion5x_defconfig | 1 -
arch/arm/configs/pxa_defconfig | 1 -
arch/arm/configs/wpcm450_defconfig | 1 -
arch/m68k/configs/amiga_defconfig | 1 -
arch/m68k/configs/apollo_defconfig | 1 -
arch/m68k/configs/atari_defconfig | 1 -
arch/m68k/configs/bvme6000_defconfig | 1 -
arch/m68k/configs/hp300_defconfig | 1 -
arch/m68k/configs/mac_defconfig | 1 -
arch/m68k/configs/multi_defconfig | 1 -
arch/m68k/configs/mvme147_defconfig | 1 -
arch/m68k/configs/mvme16x_defconfig | 1 -
arch/m68k/configs/q40_defconfig | 1 -
arch/m68k/configs/sun3_defconfig | 1 -
arch/m68k/configs/sun3x_defconfig | 1 -
arch/mips/configs/bigsur_defconfig | 1 -
arch/mips/configs/decstation_64_defconfig | 1 -
arch/mips/configs/decstation_defconfig | 1 -
arch/mips/configs/decstation_r4k_defconfig | 1 -
arch/mips/configs/fuloong2e_defconfig | 1 -
arch/mips/configs/gpr_defconfig | 1 -
arch/mips/configs/ip22_defconfig | 1 -
arch/mips/configs/ip27_defconfig | 1 -
arch/mips/configs/ip30_defconfig | 1 -
arch/mips/configs/ip32_defconfig | 1 -
arch/mips/configs/lemote2f_defconfig | 1 -
arch/mips/configs/malta_defconfig | 1 -
arch/mips/configs/malta_kvm_defconfig | 1 -
arch/mips/configs/malta_qemu_32r6_defconfig | 1 -
arch/mips/configs/maltaaprp_defconfig | 1 -
arch/mips/configs/maltasmvp_defconfig | 1 -
arch/mips/configs/maltasmvp_eva_defconfig | 1 -
arch/mips/configs/maltaup_defconfig | 1 -
arch/mips/configs/maltaup_xpa_defconfig | 1 -
arch/mips/configs/mtx1_defconfig | 1 -
arch/mips/configs/rm200_defconfig | 1 -
arch/mips/configs/sb1250_swarm_defconfig | 1 -
arch/parisc/configs/generic-64bit_defconfig | 1 -
arch/powerpc/configs/44x/akebono_defconfig | 1 -
arch/powerpc/configs/44x/bamboo_defconfig | 1 -
arch/powerpc/configs/44x/currituck_defconfig | 1 -
arch/powerpc/configs/44x/ebony_defconfig | 1 -
arch/powerpc/configs/44x/eiger_defconfig | 1 -
arch/powerpc/configs/44x/fsp2_defconfig | 1 -
arch/powerpc/configs/44x/icon_defconfig | 1 -
arch/powerpc/configs/44x/iss476-smp_defconfig | 1 -
arch/powerpc/configs/44x/katmai_defconfig | 1 -
arch/powerpc/configs/44x/rainier_defconfig | 1 -
arch/powerpc/configs/44x/redwood_defconfig | 1 -
arch/powerpc/configs/44x/sequoia_defconfig | 1 -
arch/powerpc/configs/44x/taishan_defconfig | 1 -
arch/powerpc/configs/52xx/cm5200_defconfig | 1 -
arch/powerpc/configs/52xx/motionpro_defconfig | 1 -
arch/powerpc/configs/52xx/tqm5200_defconfig | 1 -
arch/powerpc/configs/83xx/asp8347_defconfig | 1 -
.../configs/83xx/mpc8313_rdb_defconfig | 1 -
.../configs/83xx/mpc8315_rdb_defconfig | 1 -
.../configs/83xx/mpc832x_rdb_defconfig | 1 -
.../configs/83xx/mpc834x_itx_defconfig | 1 -
.../configs/83xx/mpc834x_itxgp_defconfig | 1 -
.../configs/83xx/mpc837x_rdb_defconfig | 1 -
arch/powerpc/configs/amigaone_defconfig | 1 -
arch/powerpc/configs/cell_defconfig | 1 -
arch/powerpc/configs/chrp32_defconfig | 1 -
arch/powerpc/configs/ep8248e_defconfig | 1 -
arch/powerpc/configs/fsl-emb-nonhw.config | 1 -
arch/powerpc/configs/g5_defconfig | 1 -
arch/powerpc/configs/linkstation_defconfig | 1 -
arch/powerpc/configs/mgcoge_defconfig | 1 -
arch/powerpc/configs/mpc83xx_defconfig | 1 -
arch/powerpc/configs/mvme5100_defconfig | 1 -
arch/powerpc/configs/pmac32_defconfig | 1 -
arch/powerpc/configs/powernv_defconfig | 1 -
arch/powerpc/configs/ppc44x_defconfig | 1 -
arch/powerpc/configs/ppc64_defconfig | 1 -
arch/powerpc/configs/ppc64e_defconfig | 1 -
arch/powerpc/configs/ppc6xx_defconfig | 1 -
arch/powerpc/configs/ps3_defconfig | 1 -
arch/s390/configs/debug_defconfig | 1 -
arch/s390/configs/defconfig | 1 -
arch/sh/configs/hp6xx_defconfig | 1 -
arch/sh/configs/r7780mp_defconfig | 1 -
arch/sh/configs/r7785rp_defconfig | 1 -
arch/sh/configs/se7712_defconfig | 1 -
arch/sh/configs/sh2007_defconfig | 1 -
arch/sparc/configs/sparc32_defconfig | 1 -
arch/sparc/configs/sparc64_defconfig | 1 -
crypto/Kconfig | 9 -
crypto/Makefile | 1 -
crypto/pcbc.c | 195 ------------------
96 files changed, 298 deletions(-)
delete mode 100644 crypto/pcbc.c
diff --git a/arch/arm/configs/am200epdkit_defconfig b/arch/arm/configs/am200epdkit_defconfig
index 2367b1685c1c..d8198592fe1b 100644
--- a/arch/arm/configs/am200epdkit_defconfig
+++ b/arch/arm/configs/am200epdkit_defconfig
@@ -84,10 +84,9 @@ CONFIG_NLS_ISO8859_1=y
CONFIG_DEBUG_KERNEL=y
# CONFIG_DETECT_SOFTLOCKUP is not set
CONFIG_CRYPTO=y
CONFIG_CRYPTO_CBC=m
CONFIG_CRYPTO_ECB=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_ARC4=m
# CONFIG_DEBUG_BUGVERBOSE is not set
# CONFIG_DEBUG_PREEMPT is not set
CONFIG_DEBUG_USER=y
diff --git a/arch/arm/configs/dove_defconfig b/arch/arm/configs/dove_defconfig
index e98c35df675e..9743b0b7ec61 100644
--- a/arch/arm/configs/dove_defconfig
+++ b/arch/arm/configs/dove_defconfig
@@ -116,11 +116,10 @@ CONFIG_TIMER_STATS=y
CONFIG_CRYPTO_NULL=y
CONFIG_CRYPTO_BLOWFISH=y
CONFIG_CRYPTO_TEA=y
CONFIG_CRYPTO_TWOFISH=y
CONFIG_CRYPTO_ECB=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_MD4=y
CONFIG_CRYPTO_SHA1=y
CONFIG_CRYPTO_SHA256=y
CONFIG_CRYPTO_SHA512=y
diff --git a/arch/arm/configs/multi_v5_defconfig b/arch/arm/configs/multi_v5_defconfig
index 59b020e66a0b..95afc972047e 100644
--- a/arch/arm/configs/multi_v5_defconfig
+++ b/arch/arm/configs/multi_v5_defconfig
@@ -284,11 +284,10 @@ CONFIG_NLS_CODEPAGE_437=y
CONFIG_NLS_CODEPAGE_850=y
CONFIG_NLS_ISO8859_1=y
CONFIG_NLS_ISO8859_2=y
CONFIG_NLS_UTF8=y
CONFIG_CRYPTO_CBC=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_DEV_MARVELL_CESA=y
CONFIG_DEBUG_KERNEL=y
CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y
CONFIG_MAGIC_SYSRQ=y
CONFIG_DEBUG_FS=y
diff --git a/arch/arm/configs/mv78xx0_defconfig b/arch/arm/configs/mv78xx0_defconfig
index d3a26efe766c..a652ccd1358b 100644
--- a/arch/arm/configs/mv78xx0_defconfig
+++ b/arch/arm/configs/mv78xx0_defconfig
@@ -109,11 +109,10 @@ CONFIG_NLS_CODEPAGE_437=y
CONFIG_NLS_CODEPAGE_850=y
CONFIG_NLS_ISO8859_1=y
CONFIG_NLS_ISO8859_2=y
CONFIG_CRYPTO_CBC=m
CONFIG_CRYPTO_ECB=m
-CONFIG_CRYPTO_PCBC=m
# CONFIG_DEBUG_BUGVERBOSE is not set
CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y
CONFIG_MAGIC_SYSRQ=y
CONFIG_DEBUG_FS=y
CONFIG_DEBUG_KERNEL=y
diff --git a/arch/arm/configs/mvebu_v5_defconfig b/arch/arm/configs/mvebu_v5_defconfig
index d1742a7cae6a..4cf77df183b3 100644
--- a/arch/arm/configs/mvebu_v5_defconfig
+++ b/arch/arm/configs/mvebu_v5_defconfig
@@ -183,11 +183,10 @@ CONFIG_NLS_CODEPAGE_437=y
CONFIG_NLS_CODEPAGE_850=y
CONFIG_NLS_ISO8859_1=y
CONFIG_NLS_ISO8859_2=y
CONFIG_NLS_UTF8=y
CONFIG_CRYPTO_CBC=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_DEV_MARVELL_CESA=y
CONFIG_DEBUG_KERNEL=y
CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y
CONFIG_MAGIC_SYSRQ=y
CONFIG_DEBUG_FS=y
diff --git a/arch/arm/configs/omap1_defconfig b/arch/arm/configs/omap1_defconfig
index c6155f101fc9..7bf58e8a5ab5 100644
--- a/arch/arm/configs/omap1_defconfig
+++ b/arch/arm/configs/omap1_defconfig
@@ -213,11 +213,10 @@ CONFIG_NLS_KOI8_R=y
CONFIG_NLS_UTF8=y
# CONFIG_ENABLE_MUST_CHECK is not set
CONFIG_DEBUG_KERNEL=y
CONFIG_SECURITY=y
CONFIG_CRYPTO_ECB=y
-CONFIG_CRYPTO_PCBC=y
CONFIG_CRYPTO_DEFLATE=y
CONFIG_CRYPTO_LZO=y
CONFIG_FONTS=y
CONFIG_FONT_8x8=y
CONFIG_FONT_8x16=y
diff --git a/arch/arm/configs/orion5x_defconfig b/arch/arm/configs/orion5x_defconfig
index 002c9145026b..f5be2e26d9ae 100644
--- a/arch/arm/configs/orion5x_defconfig
+++ b/arch/arm/configs/orion5x_defconfig
@@ -132,11 +132,10 @@ CONFIG_NLS_CODEPAGE_437=y
CONFIG_NLS_CODEPAGE_850=y
CONFIG_NLS_ISO8859_1=y
CONFIG_NLS_ISO8859_2=y
CONFIG_CRYPTO_CBC=m
CONFIG_CRYPTO_ECB=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_DEV_MARVELL_CESA=y
# CONFIG_DEBUG_BUGVERBOSE is not set
CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y
CONFIG_MAGIC_SYSRQ=y
CONFIG_DEBUG_FS=y
diff --git a/arch/arm/configs/pxa_defconfig b/arch/arm/configs/pxa_defconfig
index 53f1e5820c49..83d1ed3a37f5 100644
--- a/arch/arm/configs/pxa_defconfig
+++ b/arch/arm/configs/pxa_defconfig
@@ -644,11 +644,10 @@ CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
CONFIG_CRYPTO_SHA512=m
CONFIG_CRYPTO_TGR192=m
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_ANUBIS=m
diff --git a/arch/arm/configs/wpcm450_defconfig b/arch/arm/configs/wpcm450_defconfig
index cd4b3e70ff68..67b64a378166 100644
--- a/arch/arm/configs/wpcm450_defconfig
+++ b/arch/arm/configs/wpcm450_defconfig
@@ -179,11 +179,10 @@ CONFIG_KEYS=y
CONFIG_HARDENED_USERCOPY=y
CONFIG_FORTIFY_SOURCE=y
CONFIG_CRYPTO_RSA=y
CONFIG_CRYPTO_AES=y
CONFIG_CRYPTO_CBC=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_CCM=y
CONFIG_CRYPTO_GCM=y
CONFIG_CRYPTO_CMAC=y
CONFIG_CRYPTO_SHA256=y
CONFIG_ASYMMETRIC_KEY_TYPE=y
diff --git a/arch/m68k/configs/amiga_defconfig b/arch/m68k/configs/amiga_defconfig
index ca45670a6af4..aadff466830f 100644
--- a/arch/m68k/configs/amiga_defconfig
+++ b/arch/m68k/configs/amiga_defconfig
@@ -533,11 +533,10 @@ CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_ADIANTUM=m
CONFIG_CRYPTO_ARC4=m
CONFIG_CRYPTO_CTS=m
CONFIG_CRYPTO_HCTR2=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
CONFIG_CRYPTO_AEGIS128=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_SHA1=m
diff --git a/arch/m68k/configs/apollo_defconfig b/arch/m68k/configs/apollo_defconfig
index 2732a5b8b694..ea9487a39884 100644
--- a/arch/m68k/configs/apollo_defconfig
+++ b/arch/m68k/configs/apollo_defconfig
@@ -488,11 +488,10 @@ CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_ADIANTUM=m
CONFIG_CRYPTO_ARC4=m
CONFIG_CRYPTO_CTS=m
CONFIG_CRYPTO_HCTR2=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
CONFIG_CRYPTO_AEGIS128=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_SHA1=m
diff --git a/arch/m68k/configs/atari_defconfig b/arch/m68k/configs/atari_defconfig
index 242882b05fa4..a70127ac7a2d 100644
--- a/arch/m68k/configs/atari_defconfig
+++ b/arch/m68k/configs/atari_defconfig
@@ -510,11 +510,10 @@ CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_ADIANTUM=m
CONFIG_CRYPTO_ARC4=m
CONFIG_CRYPTO_CTS=m
CONFIG_CRYPTO_HCTR2=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
CONFIG_CRYPTO_AEGIS128=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_SHA1=m
diff --git a/arch/m68k/configs/bvme6000_defconfig b/arch/m68k/configs/bvme6000_defconfig
index 07e73c78a9e2..83da79382538 100644
--- a/arch/m68k/configs/bvme6000_defconfig
+++ b/arch/m68k/configs/bvme6000_defconfig
@@ -480,11 +480,10 @@ CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_ADIANTUM=m
CONFIG_CRYPTO_ARC4=m
CONFIG_CRYPTO_CTS=m
CONFIG_CRYPTO_HCTR2=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
CONFIG_CRYPTO_AEGIS128=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_SHA1=m
diff --git a/arch/m68k/configs/hp300_defconfig b/arch/m68k/configs/hp300_defconfig
index 7188948da864..cea5ab74b3b1 100644
--- a/arch/m68k/configs/hp300_defconfig
+++ b/arch/m68k/configs/hp300_defconfig
@@ -490,11 +490,10 @@ CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_ADIANTUM=m
CONFIG_CRYPTO_ARC4=m
CONFIG_CRYPTO_CTS=m
CONFIG_CRYPTO_HCTR2=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
CONFIG_CRYPTO_AEGIS128=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_SHA1=m
diff --git a/arch/m68k/configs/mac_defconfig b/arch/m68k/configs/mac_defconfig
index fa5b04d59aa6..26406777376d 100644
--- a/arch/m68k/configs/mac_defconfig
+++ b/arch/m68k/configs/mac_defconfig
@@ -509,11 +509,10 @@ CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_ADIANTUM=m
CONFIG_CRYPTO_ARC4=m
CONFIG_CRYPTO_CTS=m
CONFIG_CRYPTO_HCTR2=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
CONFIG_CRYPTO_AEGIS128=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_SHA1=m
diff --git a/arch/m68k/configs/multi_defconfig b/arch/m68k/configs/multi_defconfig
index 3bc9911549c0..8357491645ad 100644
--- a/arch/m68k/configs/multi_defconfig
+++ b/arch/m68k/configs/multi_defconfig
@@ -596,11 +596,10 @@ CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_ADIANTUM=m
CONFIG_CRYPTO_ARC4=m
CONFIG_CRYPTO_CTS=m
CONFIG_CRYPTO_HCTR2=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
CONFIG_CRYPTO_AEGIS128=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_SHA1=m
diff --git a/arch/m68k/configs/mvme147_defconfig b/arch/m68k/configs/mvme147_defconfig
index 9f5c8e0a07f3..fe94f95862e7 100644
--- a/arch/m68k/configs/mvme147_defconfig
+++ b/arch/m68k/configs/mvme147_defconfig
@@ -480,11 +480,10 @@ CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_ADIANTUM=m
CONFIG_CRYPTO_ARC4=m
CONFIG_CRYPTO_CTS=m
CONFIG_CRYPTO_HCTR2=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
CONFIG_CRYPTO_AEGIS128=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_SHA1=m
diff --git a/arch/m68k/configs/mvme16x_defconfig b/arch/m68k/configs/mvme16x_defconfig
index e5a6299aeae0..ba67cacc079e 100644
--- a/arch/m68k/configs/mvme16x_defconfig
+++ b/arch/m68k/configs/mvme16x_defconfig
@@ -481,11 +481,10 @@ CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_ADIANTUM=m
CONFIG_CRYPTO_ARC4=m
CONFIG_CRYPTO_CTS=m
CONFIG_CRYPTO_HCTR2=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
CONFIG_CRYPTO_AEGIS128=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_SHA1=m
diff --git a/arch/m68k/configs/q40_defconfig b/arch/m68k/configs/q40_defconfig
index e79bbb397261..552399979e4b 100644
--- a/arch/m68k/configs/q40_defconfig
+++ b/arch/m68k/configs/q40_defconfig
@@ -499,11 +499,10 @@ CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_ADIANTUM=m
CONFIG_CRYPTO_ARC4=m
CONFIG_CRYPTO_CTS=m
CONFIG_CRYPTO_HCTR2=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
CONFIG_CRYPTO_AEGIS128=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_SHA1=m
diff --git a/arch/m68k/configs/sun3_defconfig b/arch/m68k/configs/sun3_defconfig
index 7aa76de5c472..b4f3935d3d18 100644
--- a/arch/m68k/configs/sun3_defconfig
+++ b/arch/m68k/configs/sun3_defconfig
@@ -478,11 +478,10 @@ CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_ADIANTUM=m
CONFIG_CRYPTO_ARC4=m
CONFIG_CRYPTO_CTS=m
CONFIG_CRYPTO_HCTR2=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
CONFIG_CRYPTO_AEGIS128=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_SHA1=m
diff --git a/arch/m68k/configs/sun3x_defconfig b/arch/m68k/configs/sun3x_defconfig
index 2ecd8bd097ea..bb519520ae6e 100644
--- a/arch/m68k/configs/sun3x_defconfig
+++ b/arch/m68k/configs/sun3x_defconfig
@@ -478,11 +478,10 @@ CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_ADIANTUM=m
CONFIG_CRYPTO_ARC4=m
CONFIG_CRYPTO_CTS=m
CONFIG_CRYPTO_HCTR2=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
CONFIG_CRYPTO_AEGIS128=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_SHA1=m
diff --git a/arch/mips/configs/bigsur_defconfig b/arch/mips/configs/bigsur_defconfig
index 74c6821e4c37..611dc0dd392d 100644
--- a/arch/mips/configs/bigsur_defconfig
+++ b/arch/mips/configs/bigsur_defconfig
@@ -205,11 +205,10 @@ CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_CRYPTO_NULL=y
CONFIG_CRYPTO_CCM=m
CONFIG_CRYPTO_GCM=m
CONFIG_CRYPTO_CTS=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_XCBC=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_RMD160=m
diff --git a/arch/mips/configs/decstation_64_defconfig b/arch/mips/configs/decstation_64_defconfig
index e98d218ed4c1..0e8e4e827515 100644
--- a/arch/mips/configs/decstation_64_defconfig
+++ b/arch/mips/configs/decstation_64_defconfig
@@ -172,11 +172,10 @@ CONFIG_CRYPTO_CCM=m
CONFIG_CRYPTO_GCM=m
CONFIG_CRYPTO_CHACHA20POLY1305=m
CONFIG_CRYPTO_CTS=m
CONFIG_CRYPTO_LRW=m
CONFIG_CRYPTO_OFB=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
CONFIG_CRYPTO_CMAC=m
CONFIG_CRYPTO_XCBC=m
CONFIG_CRYPTO_CRC32=m
CONFIG_CRYPTO_MD4=m
diff --git a/arch/mips/configs/decstation_defconfig b/arch/mips/configs/decstation_defconfig
index 2b4e06cc238b..c664928efb9f 100644
--- a/arch/mips/configs/decstation_defconfig
+++ b/arch/mips/configs/decstation_defconfig
@@ -167,11 +167,10 @@ CONFIG_CRYPTO_CCM=m
CONFIG_CRYPTO_GCM=m
CONFIG_CRYPTO_CHACHA20POLY1305=m
CONFIG_CRYPTO_CTS=m
CONFIG_CRYPTO_LRW=m
CONFIG_CRYPTO_OFB=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
CONFIG_CRYPTO_CMAC=m
CONFIG_CRYPTO_XCBC=m
CONFIG_CRYPTO_CRC32=m
CONFIG_CRYPTO_MD4=m
diff --git a/arch/mips/configs/decstation_r4k_defconfig b/arch/mips/configs/decstation_r4k_defconfig
index 280553269156..402255ae09ec 100644
--- a/arch/mips/configs/decstation_r4k_defconfig
+++ b/arch/mips/configs/decstation_r4k_defconfig
@@ -167,11 +167,10 @@ CONFIG_CRYPTO_CCM=m
CONFIG_CRYPTO_GCM=m
CONFIG_CRYPTO_CHACHA20POLY1305=m
CONFIG_CRYPTO_CTS=m
CONFIG_CRYPTO_LRW=m
CONFIG_CRYPTO_OFB=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
CONFIG_CRYPTO_CMAC=m
CONFIG_CRYPTO_XCBC=m
CONFIG_CRYPTO_CRC32=m
CONFIG_CRYPTO_MD4=m
diff --git a/arch/mips/configs/fuloong2e_defconfig b/arch/mips/configs/fuloong2e_defconfig
index b6fe3c962464..405799a9ed2a 100644
--- a/arch/mips/configs/fuloong2e_defconfig
+++ b/arch/mips/configs/fuloong2e_defconfig
@@ -207,11 +207,10 @@ CONFIG_NLS_CODEPAGE_936=y
CONFIG_NLS_ISO8859_1=y
CONFIG_NLS_UTF8=y
CONFIG_CRYPTO_AUTHENC=m
CONFIG_CRYPTO_GCM=m
CONFIG_CRYPTO_CTS=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_DEFLATE=m
diff --git a/arch/mips/configs/gpr_defconfig b/arch/mips/configs/gpr_defconfig
index ed1a8f80f96e..47016655a089 100644
--- a/arch/mips/configs/gpr_defconfig
+++ b/arch/mips/configs/gpr_defconfig
@@ -247,11 +247,10 @@ CONFIG_ROOT_NFS=y
CONFIG_NLS_CODEPAGE_437=y
CONFIG_NLS_CODEPAGE_850=y
CONFIG_NLS_ISO8859_1=y
CONFIG_CRYPTO_AUTHENC=m
CONFIG_CRYPTO_BENCHMARK=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_SHA512=m
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_BLOWFISH=m
diff --git a/arch/mips/configs/ip22_defconfig b/arch/mips/configs/ip22_defconfig
index 50895ed06592..822cc1ed64c2 100644
--- a/arch/mips/configs/ip22_defconfig
+++ b/arch/mips/configs/ip22_defconfig
@@ -304,11 +304,10 @@ CONFIG_NLS_UTF8=m
CONFIG_KEYS=y
CONFIG_CRYPTO_CRYPTD=m
CONFIG_CRYPTO_GCM=m
CONFIG_CRYPTO_CTS=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_XCBC=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_WP512=m
diff --git a/arch/mips/configs/ip27_defconfig b/arch/mips/configs/ip27_defconfig
index ff7e06b92f58..d108fd7b752b 100644
--- a/arch/mips/configs/ip27_defconfig
+++ b/arch/mips/configs/ip27_defconfig
@@ -294,11 +294,10 @@ CONFIG_OMFS_FS=m
CONFIG_NFS_FS=y
CONFIG_SECURITYFS=y
CONFIG_CRYPTO_CRYPTD=m
CONFIG_CRYPTO_CTS=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_XCBC=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_RMD160=m
diff --git a/arch/mips/configs/ip30_defconfig b/arch/mips/configs/ip30_defconfig
index d9f748f8cfaa..028286029877 100644
--- a/arch/mips/configs/ip30_defconfig
+++ b/arch/mips/configs/ip30_defconfig
@@ -168,11 +168,10 @@ CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_CTS=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_WP512=m
diff --git a/arch/mips/configs/ip32_defconfig b/arch/mips/configs/ip32_defconfig
index 4b15f895be63..5ddbaa0aafaf 100644
--- a/arch/mips/configs/ip32_defconfig
+++ b/arch/mips/configs/ip32_defconfig
@@ -152,11 +152,10 @@ CONFIG_NLS_UTF8=m
CONFIG_KEYS=y
CONFIG_CRYPTO_NULL=y
CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_ECB=y
CONFIG_CRYPTO_LRW=y
-CONFIG_CRYPTO_PCBC=y
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_XCBC=y
CONFIG_CRYPTO_MD4=y
CONFIG_CRYPTO_SHA1=y
CONFIG_CRYPTO_SHA256=y
diff --git a/arch/mips/configs/lemote2f_defconfig b/arch/mips/configs/lemote2f_defconfig
index bbcdfc8134cb..326f30748030 100644
--- a/arch/mips/configs/lemote2f_defconfig
+++ b/arch/mips/configs/lemote2f_defconfig
@@ -302,11 +302,10 @@ CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_SHA1=m
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_XCBC=m
diff --git a/arch/mips/configs/malta_defconfig b/arch/mips/configs/malta_defconfig
index 85e781607299..61c9d5cd1a75 100644
--- a/arch/mips/configs/malta_defconfig
+++ b/arch/mips/configs/malta_defconfig
@@ -386,11 +386,10 @@ CONFIG_NLS_ISO8859_14=m
CONFIG_NLS_ISO8859_15=m
CONFIG_NLS_KOI8_R=m
CONFIG_NLS_KOI8_U=m
CONFIG_CRYPTO_CRYPTD=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_XCBC=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_SHA512=m
CONFIG_CRYPTO_WP512=m
diff --git a/arch/mips/configs/malta_kvm_defconfig b/arch/mips/configs/malta_kvm_defconfig
index 2db5f50fed3b..f862fbc7fbb7 100644
--- a/arch/mips/configs/malta_kvm_defconfig
+++ b/arch/mips/configs/malta_kvm_defconfig
@@ -393,11 +393,10 @@ CONFIG_NLS_ISO8859_14=m
CONFIG_NLS_ISO8859_15=m
CONFIG_NLS_KOI8_R=m
CONFIG_NLS_KOI8_U=m
CONFIG_CRYPTO_CRYPTD=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_XCBC=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_SHA512=m
CONFIG_CRYPTO_WP512=m
diff --git a/arch/mips/configs/malta_qemu_32r6_defconfig b/arch/mips/configs/malta_qemu_32r6_defconfig
index 5687e10c1bc8..14cdd23f1acb 100644
--- a/arch/mips/configs/malta_qemu_32r6_defconfig
+++ b/arch/mips/configs/malta_qemu_32r6_defconfig
@@ -161,11 +161,10 @@ CONFIG_ROOT_NFS=y
CONFIG_CIFS=m
CONFIG_CIFS_XATTR=y
CONFIG_CIFS_POSIX=y
CONFIG_NLS_CODEPAGE_437=m
CONFIG_NLS_ISO8859_1=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAST5=m
diff --git a/arch/mips/configs/maltaaprp_defconfig b/arch/mips/configs/maltaaprp_defconfig
index abd22bff517b..2943593264b9 100644
--- a/arch/mips/configs/maltaaprp_defconfig
+++ b/arch/mips/configs/maltaaprp_defconfig
@@ -162,11 +162,10 @@ CONFIG_ROOT_NFS=y
CONFIG_CIFS=m
CONFIG_CIFS_XATTR=y
CONFIG_CIFS_POSIX=y
CONFIG_NLS_CODEPAGE_437=m
CONFIG_NLS_ISO8859_1=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAST5=m
diff --git a/arch/mips/configs/maltasmvp_defconfig b/arch/mips/configs/maltasmvp_defconfig
index 3fb3def8112d..47226fca0548 100644
--- a/arch/mips/configs/maltasmvp_defconfig
+++ b/arch/mips/configs/maltasmvp_defconfig
@@ -163,11 +163,10 @@ CONFIG_ROOT_NFS=y
CONFIG_CIFS=m
CONFIG_CIFS_XATTR=y
CONFIG_CIFS_POSIX=y
CONFIG_NLS_CODEPAGE_437=m
CONFIG_NLS_ISO8859_1=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAST5=m
diff --git a/arch/mips/configs/maltasmvp_eva_defconfig b/arch/mips/configs/maltasmvp_eva_defconfig
index 92e026912f68..09187a78409f 100644
--- a/arch/mips/configs/maltasmvp_eva_defconfig
+++ b/arch/mips/configs/maltasmvp_eva_defconfig
@@ -165,11 +165,10 @@ CONFIG_ROOT_NFS=y
CONFIG_CIFS=m
CONFIG_CIFS_XATTR=y
CONFIG_CIFS_POSIX=y
CONFIG_NLS_CODEPAGE_437=m
CONFIG_NLS_ISO8859_1=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAST5=m
diff --git a/arch/mips/configs/maltaup_defconfig b/arch/mips/configs/maltaup_defconfig
index 7a675fd3321f..a80783097c1e 100644
--- a/arch/mips/configs/maltaup_defconfig
+++ b/arch/mips/configs/maltaup_defconfig
@@ -161,11 +161,10 @@ CONFIG_ROOT_NFS=y
CONFIG_CIFS=m
CONFIG_CIFS_XATTR=y
CONFIG_CIFS_POSIX=y
CONFIG_NLS_CODEPAGE_437=m
CONFIG_NLS_ISO8859_1=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAST5=m
diff --git a/arch/mips/configs/maltaup_xpa_defconfig b/arch/mips/configs/maltaup_xpa_defconfig
index 865ae23bf11d..e660c503654e 100644
--- a/arch/mips/configs/maltaup_xpa_defconfig
+++ b/arch/mips/configs/maltaup_xpa_defconfig
@@ -392,11 +392,10 @@ CONFIG_NLS_ISO8859_14=m
CONFIG_NLS_ISO8859_15=m
CONFIG_NLS_KOI8_R=m
CONFIG_NLS_KOI8_U=m
CONFIG_CRYPTO_CRYPTD=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_XCBC=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_SHA512=m
CONFIG_CRYPTO_WP512=m
diff --git a/arch/mips/configs/mtx1_defconfig b/arch/mips/configs/mtx1_defconfig
index 3629afbe5d75..42a0f4f70437 100644
--- a/arch/mips/configs/mtx1_defconfig
+++ b/arch/mips/configs/mtx1_defconfig
@@ -624,11 +624,10 @@ CONFIG_NLS_ISO8859_14=m
CONFIG_NLS_ISO8859_15=m
CONFIG_NLS_KOI8_R=m
CONFIG_NLS_KOI8_U=m
CONFIG_NLS_UTF8=m
CONFIG_CRYPTO_BENCHMARK=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_BLOWFISH=m
diff --git a/arch/mips/configs/rm200_defconfig b/arch/mips/configs/rm200_defconfig
index 7e04a6b1b4eb..291c6644035d 100644
--- a/arch/mips/configs/rm200_defconfig
+++ b/arch/mips/configs/rm200_defconfig
@@ -370,11 +370,10 @@ CONFIG_NLS_ISO8859_14=m
CONFIG_NLS_ISO8859_15=m
CONFIG_NLS_KOI8_R=m
CONFIG_NLS_KOI8_U=m
CONFIG_NLS_UTF8=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_XCBC=m
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_BLOWFISH=m
diff --git a/arch/mips/configs/sb1250_swarm_defconfig b/arch/mips/configs/sb1250_swarm_defconfig
index fe8a5a3ff328..a5b66b9f6d39 100644
--- a/arch/mips/configs/sb1250_swarm_defconfig
+++ b/arch/mips/configs/sb1250_swarm_defconfig
@@ -78,11 +78,10 @@ CONFIG_NFS_FS=y
CONFIG_ROOT_NFS=y
CONFIG_CRYPTO_CRYPTD=m
CONFIG_CRYPTO_AUTHENC=m
CONFIG_CRYPTO_CBC=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_XCBC=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_SHA512=m
diff --git a/arch/parisc/configs/generic-64bit_defconfig b/arch/parisc/configs/generic-64bit_defconfig
index 0503b4ef4c7a..406f8174a1d2 100644
--- a/arch/parisc/configs/generic-64bit_defconfig
+++ b/arch/parisc/configs/generic-64bit_defconfig
@@ -280,11 +280,10 @@ CONFIG_NLS_CODEPAGE_1251=m
CONFIG_NLS_ASCII=m
CONFIG_NLS_ISO8859_1=m
CONFIG_NLS_ISO8859_2=m
CONFIG_NLS_UTF8=m
CONFIG_CRYPTO_ECB=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_DEFLATE=m
# CONFIG_CRYPTO_HW is not set
CONFIG_PRINTK_TIME=y
diff --git a/arch/powerpc/configs/44x/akebono_defconfig b/arch/powerpc/configs/44x/akebono_defconfig
index 11ad5ed3cc90..bdb0e6ece6ec 100644
--- a/arch/powerpc/configs/44x/akebono_defconfig
+++ b/arch/powerpc/configs/44x/akebono_defconfig
@@ -122,9 +122,8 @@ CONFIG_DETECT_HUNG_TASK=y
CONFIG_XMON=y
CONFIG_XMON_DEFAULT=y
CONFIG_PPC_EARLY_DEBUG=y
CONFIG_PPC_EARLY_DEBUG_44x_PHYSLOW=0x00010000
CONFIG_PPC_EARLY_DEBUG_44x_PHYSHIGH=0x33f
-CONFIG_CRYPTO_PCBC=y
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_DES=y
# CONFIG_CRYPTO_HW is not set
diff --git a/arch/powerpc/configs/44x/bamboo_defconfig b/arch/powerpc/configs/44x/bamboo_defconfig
index acbce718eaa8..bfffea3a54b2 100644
--- a/arch/powerpc/configs/44x/bamboo_defconfig
+++ b/arch/powerpc/configs/44x/bamboo_defconfig
@@ -44,8 +44,7 @@ CONFIG_DEBUG_FS=y
CONFIG_MAGIC_SYSRQ=y
CONFIG_DETECT_HUNG_TASK=y
# CONFIG_DEBUG_BUGVERBOSE is not set
CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_ECB=y
-CONFIG_CRYPTO_PCBC=y
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_DES=y
diff --git a/arch/powerpc/configs/44x/currituck_defconfig b/arch/powerpc/configs/44x/currituck_defconfig
index 7283b7d4a1a5..6d6ec5d569b1 100644
--- a/arch/powerpc/configs/44x/currituck_defconfig
+++ b/arch/powerpc/configs/44x/currituck_defconfig
@@ -81,9 +81,8 @@ CONFIG_XMON_DEFAULT=y
CONFIG_PPC_EARLY_DEBUG=y
CONFIG_PPC_EARLY_DEBUG_44x_PHYSLOW=0x10000000
CONFIG_PPC_EARLY_DEBUG_44x_PHYSHIGH=0x200
CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_ECB=y
-CONFIG_CRYPTO_PCBC=y
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_DES=y
# CONFIG_CRYPTO_HW is not set
diff --git a/arch/powerpc/configs/44x/ebony_defconfig b/arch/powerpc/configs/44x/ebony_defconfig
index 93d2a4e64af9..0d6f9bdf8ad3 100644
--- a/arch/powerpc/configs/44x/ebony_defconfig
+++ b/arch/powerpc/configs/44x/ebony_defconfig
@@ -50,9 +50,8 @@ CONFIG_ROOT_NFS=y
CONFIG_DEBUG_FS=y
CONFIG_MAGIC_SYSRQ=y
CONFIG_DETECT_HUNG_TASK=y
CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_ECB=y
-CONFIG_CRYPTO_PCBC=y
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_DES=y
# CONFIG_CRYPTO_HW is not set
diff --git a/arch/powerpc/configs/44x/eiger_defconfig b/arch/powerpc/configs/44x/eiger_defconfig
index 509300f400e2..48ab405ab80b 100644
--- a/arch/powerpc/configs/44x/eiger_defconfig
+++ b/arch/powerpc/configs/44x/eiger_defconfig
@@ -77,11 +77,10 @@ CONFIG_CRYPTO_AUTHENC=y
CONFIG_CRYPTO_CCM=y
CONFIG_CRYPTO_GCM=y
CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_CTS=y
CONFIG_CRYPTO_LRW=y
-CONFIG_CRYPTO_PCBC=y
CONFIG_CRYPTO_XTS=y
CONFIG_CRYPTO_XCBC=y
CONFIG_CRYPTO_MD4=y
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_SHA1=y
diff --git a/arch/powerpc/configs/44x/fsp2_defconfig b/arch/powerpc/configs/44x/fsp2_defconfig
index 5492537f4c6c..b8b21fa15a07 100644
--- a/arch/powerpc/configs/44x/fsp2_defconfig
+++ b/arch/powerpc/configs/44x/fsp2_defconfig
@@ -113,9 +113,8 @@ CONFIG_DYNAMIC_DEBUG=y
CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y
CONFIG_MAGIC_SYSRQ=y
CONFIG_DETECT_HUNG_TASK=y
CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_ECB=y
-CONFIG_CRYPTO_PCBC=y
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_DES=y
# CONFIG_CRYPTO_HW is not set
diff --git a/arch/powerpc/configs/44x/icon_defconfig b/arch/powerpc/configs/44x/icon_defconfig
index fb9a15573546..4f7cd127dc77 100644
--- a/arch/powerpc/configs/44x/icon_defconfig
+++ b/arch/powerpc/configs/44x/icon_defconfig
@@ -80,8 +80,7 @@ CONFIG_NLS_ISO8859_15=y
CONFIG_MAGIC_SYSRQ=y
CONFIG_DETECT_HUNG_TASK=y
# CONFIG_DEBUG_BUGVERBOSE is not set
CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_ECB=y
-CONFIG_CRYPTO_PCBC=y
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_DES=y
diff --git a/arch/powerpc/configs/44x/iss476-smp_defconfig b/arch/powerpc/configs/44x/iss476-smp_defconfig
index 0f6380e1e612..5188ec5406fd 100644
--- a/arch/powerpc/configs/44x/iss476-smp_defconfig
+++ b/arch/powerpc/configs/44x/iss476-smp_defconfig
@@ -60,9 +60,8 @@ CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y
CONFIG_MAGIC_SYSRQ=y
CONFIG_DETECT_HUNG_TASK=y
CONFIG_PPC_EARLY_DEBUG=y
CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_ECB=y
-CONFIG_CRYPTO_PCBC=y
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_DES=y
# CONFIG_CRYPTO_HW is not set
diff --git a/arch/powerpc/configs/44x/katmai_defconfig b/arch/powerpc/configs/44x/katmai_defconfig
index 1a0f1c3e0ee9..59622bd1327d 100644
--- a/arch/powerpc/configs/44x/katmai_defconfig
+++ b/arch/powerpc/configs/44x/katmai_defconfig
@@ -49,8 +49,7 @@ CONFIG_ROOT_NFS=y
CONFIG_MAGIC_SYSRQ=y
CONFIG_DETECT_HUNG_TASK=y
# CONFIG_DEBUG_BUGVERBOSE is not set
CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_ECB=y
-CONFIG_CRYPTO_PCBC=y
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_DES=y
diff --git a/arch/powerpc/configs/44x/rainier_defconfig b/arch/powerpc/configs/44x/rainier_defconfig
index 6dd67de06a0b..22d10c33f374 100644
--- a/arch/powerpc/configs/44x/rainier_defconfig
+++ b/arch/powerpc/configs/44x/rainier_defconfig
@@ -55,8 +55,7 @@ CONFIG_DETECT_HUNG_TASK=y
# CONFIG_DEBUG_BUGVERBOSE is not set
CONFIG_PPC_EARLY_DEBUG=y
CONFIG_PPC_EARLY_DEBUG_44x_PHYSLOW=0xef600300
CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_ECB=y
-CONFIG_CRYPTO_PCBC=y
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_DES=y
diff --git a/arch/powerpc/configs/44x/redwood_defconfig b/arch/powerpc/configs/44x/redwood_defconfig
index e28d76416537..1e883938ca11 100644
--- a/arch/powerpc/configs/44x/redwood_defconfig
+++ b/arch/powerpc/configs/44x/redwood_defconfig
@@ -76,11 +76,10 @@ CONFIG_CRYPTO_AUTHENC=y
CONFIG_CRYPTO_CCM=y
CONFIG_CRYPTO_GCM=y
CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_CTS=y
CONFIG_CRYPTO_LRW=y
-CONFIG_CRYPTO_PCBC=y
CONFIG_CRYPTO_XTS=y
CONFIG_CRYPTO_XCBC=y
CONFIG_CRYPTO_MD4=y
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_SHA1=y
diff --git a/arch/powerpc/configs/44x/sequoia_defconfig b/arch/powerpc/configs/44x/sequoia_defconfig
index b4984eab43eb..ce8912b406eb 100644
--- a/arch/powerpc/configs/44x/sequoia_defconfig
+++ b/arch/powerpc/configs/44x/sequoia_defconfig
@@ -56,8 +56,7 @@ CONFIG_DEBUG_FS=y
CONFIG_MAGIC_SYSRQ=y
CONFIG_DETECT_HUNG_TASK=y
# CONFIG_DEBUG_BUGVERBOSE is not set
CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_ECB=y
-CONFIG_CRYPTO_PCBC=y
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_DES=y
diff --git a/arch/powerpc/configs/44x/taishan_defconfig b/arch/powerpc/configs/44x/taishan_defconfig
index 3ea5932ab852..8263b3b7d0a1 100644
--- a/arch/powerpc/configs/44x/taishan_defconfig
+++ b/arch/powerpc/configs/44x/taishan_defconfig
@@ -50,8 +50,7 @@ CONFIG_DEBUG_FS=y
CONFIG_MAGIC_SYSRQ=y
CONFIG_DETECT_HUNG_TASK=y
# CONFIG_DEBUG_BUGVERBOSE is not set
CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_ECB=y
-CONFIG_CRYPTO_PCBC=y
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_DES=y
diff --git a/arch/powerpc/configs/52xx/cm5200_defconfig b/arch/powerpc/configs/52xx/cm5200_defconfig
index 2412a6bf7ee6..ddf1280fe295 100644
--- a/arch/powerpc/configs/52xx/cm5200_defconfig
+++ b/arch/powerpc/configs/52xx/cm5200_defconfig
@@ -73,6 +73,5 @@ CONFIG_NLS_CODEPAGE_437=y
CONFIG_NLS_ISO8859_1=y
CONFIG_PRINTK_TIME=y
CONFIG_DETECT_HUNG_TASK=y
# CONFIG_DEBUG_BUGVERBOSE is not set
CONFIG_CRYPTO_ECB=y
-CONFIG_CRYPTO_PCBC=y
diff --git a/arch/powerpc/configs/52xx/motionpro_defconfig b/arch/powerpc/configs/52xx/motionpro_defconfig
index 6186ead1e105..d7165dbed529 100644
--- a/arch/powerpc/configs/52xx/motionpro_defconfig
+++ b/arch/powerpc/configs/52xx/motionpro_defconfig
@@ -86,6 +86,5 @@ CONFIG_NLS_ISO8859_1=y
CONFIG_PRINTK_TIME=y
CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y
CONFIG_DETECT_HUNG_TASK=y
# CONFIG_DEBUG_BUGVERBOSE is not set
CONFIG_CRYPTO_ECB=y
-CONFIG_CRYPTO_PCBC=y
diff --git a/arch/powerpc/configs/52xx/tqm5200_defconfig b/arch/powerpc/configs/52xx/tqm5200_defconfig
index 688f703d8e22..1d2d68b0f137 100644
--- a/arch/powerpc/configs/52xx/tqm5200_defconfig
+++ b/arch/powerpc/configs/52xx/tqm5200_defconfig
@@ -87,6 +87,5 @@ CONFIG_NLS_ISO8859_1=y
CONFIG_PRINTK_TIME=y
CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y
CONFIG_DETECT_HUNG_TASK=y
# CONFIG_DEBUG_BUGVERBOSE is not set
CONFIG_CRYPTO_ECB=y
-CONFIG_CRYPTO_PCBC=y
diff --git a/arch/powerpc/configs/83xx/asp8347_defconfig b/arch/powerpc/configs/83xx/asp8347_defconfig
index 10192410b33c..07e00c8d6023 100644
--- a/arch/powerpc/configs/83xx/asp8347_defconfig
+++ b/arch/powerpc/configs/83xx/asp8347_defconfig
@@ -66,6 +66,5 @@ CONFIG_TMPFS=y
CONFIG_JFFS2_FS=y
CONFIG_NFS_FS=y
CONFIG_NFS_V4=y
CONFIG_ROOT_NFS=y
CONFIG_CRYPTO_ECB=m
-CONFIG_CRYPTO_PCBC=m
diff --git a/arch/powerpc/configs/83xx/mpc8313_rdb_defconfig b/arch/powerpc/configs/83xx/mpc8313_rdb_defconfig
index 16a42e2267fb..140dd429278e 100644
--- a/arch/powerpc/configs/83xx/mpc8313_rdb_defconfig
+++ b/arch/powerpc/configs/83xx/mpc8313_rdb_defconfig
@@ -81,6 +81,5 @@ CONFIG_TMPFS=y
CONFIG_JFFS2_FS=y
CONFIG_NFS_FS=y
CONFIG_NFS_V4=y
CONFIG_ROOT_NFS=y
CONFIG_DETECT_HUNG_TASK=y
-CONFIG_CRYPTO_PCBC=m
diff --git a/arch/powerpc/configs/83xx/mpc8315_rdb_defconfig b/arch/powerpc/configs/83xx/mpc8315_rdb_defconfig
index 80d40ae668eb..7616771f072c 100644
--- a/arch/powerpc/configs/83xx/mpc8315_rdb_defconfig
+++ b/arch/powerpc/configs/83xx/mpc8315_rdb_defconfig
@@ -80,6 +80,5 @@ CONFIG_TMPFS=y
CONFIG_JFFS2_FS=y
CONFIG_NFS_FS=y
CONFIG_NFS_V4=y
CONFIG_ROOT_NFS=y
CONFIG_DETECT_HUNG_TASK=y
-CONFIG_CRYPTO_PCBC=m
diff --git a/arch/powerpc/configs/83xx/mpc832x_rdb_defconfig b/arch/powerpc/configs/83xx/mpc832x_rdb_defconfig
index b99caba8724a..e670d16e6fd7 100644
--- a/arch/powerpc/configs/83xx/mpc832x_rdb_defconfig
+++ b/arch/powerpc/configs/83xx/mpc832x_rdb_defconfig
@@ -72,6 +72,5 @@ CONFIG_ROOT_NFS=y
CONFIG_NLS_CODEPAGE_437=y
CONFIG_NLS_CODEPAGE_932=y
CONFIG_NLS_ISO8859_8=y
CONFIG_NLS_ISO8859_1=y
CONFIG_CRYPTO_ECB=m
-CONFIG_CRYPTO_PCBC=m
diff --git a/arch/powerpc/configs/83xx/mpc834x_itx_defconfig b/arch/powerpc/configs/83xx/mpc834x_itx_defconfig
index 11163052fdba..fcf91b52af2d 100644
--- a/arch/powerpc/configs/83xx/mpc834x_itx_defconfig
+++ b/arch/powerpc/configs/83xx/mpc834x_itx_defconfig
@@ -78,6 +78,5 @@ CONFIG_VFAT_FS=y
CONFIG_PROC_KCORE=y
CONFIG_TMPFS=y
CONFIG_NFS_FS=y
CONFIG_NFS_V4=y
CONFIG_ROOT_NFS=y
-CONFIG_CRYPTO_PCBC=m
diff --git a/arch/powerpc/configs/83xx/mpc834x_itxgp_defconfig b/arch/powerpc/configs/83xx/mpc834x_itxgp_defconfig
index 312d39e4242c..7d060b6f49ca 100644
--- a/arch/powerpc/configs/83xx/mpc834x_itxgp_defconfig
+++ b/arch/powerpc/configs/83xx/mpc834x_itxgp_defconfig
@@ -70,6 +70,5 @@ CONFIG_VFAT_FS=y
CONFIG_PROC_KCORE=y
CONFIG_TMPFS=y
CONFIG_NFS_FS=y
CONFIG_NFS_V4=y
CONFIG_ROOT_NFS=y
-CONFIG_CRYPTO_PCBC=m
diff --git a/arch/powerpc/configs/83xx/mpc837x_rdb_defconfig b/arch/powerpc/configs/83xx/mpc837x_rdb_defconfig
index ac27f99faab8..4567345aea9a 100644
--- a/arch/powerpc/configs/83xx/mpc837x_rdb_defconfig
+++ b/arch/powerpc/configs/83xx/mpc837x_rdb_defconfig
@@ -74,6 +74,5 @@ CONFIG_PROC_KCORE=y
CONFIG_TMPFS=y
CONFIG_NFS_FS=y
CONFIG_NFS_V4=y
CONFIG_ROOT_NFS=y
CONFIG_CRYPTO_ECB=m
-CONFIG_CRYPTO_PCBC=m
diff --git a/arch/powerpc/configs/amigaone_defconfig b/arch/powerpc/configs/amigaone_defconfig
index 7a515390646b..11dfd964465a 100644
--- a/arch/powerpc/configs/amigaone_defconfig
+++ b/arch/powerpc/configs/amigaone_defconfig
@@ -109,7 +109,6 @@ CONFIG_MAGIC_SYSRQ=y
CONFIG_DEBUG_KERNEL=y
CONFIG_DEBUG_MUTEXES=y
CONFIG_XMON=y
CONFIG_XMON_DEFAULT=y
CONFIG_CRYPTO_CBC=m
-CONFIG_CRYPTO_PCBC=m
# CONFIG_CRYPTO_HW is not set
diff --git a/arch/powerpc/configs/cell_defconfig b/arch/powerpc/configs/cell_defconfig
index 7a31b52e92e1..b5ed8945ec33 100644
--- a/arch/powerpc/configs/cell_defconfig
+++ b/arch/powerpc/configs/cell_defconfig
@@ -195,7 +195,6 @@ CONFIG_MAGIC_SYSRQ=y
CONFIG_DEBUG_KERNEL=y
CONFIG_DEBUG_MUTEXES=y
CONFIG_XMON=y
CONFIG_XMON_DEFAULT=y
CONFIG_CRYPTO_ECB=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_HMAC=y
diff --git a/arch/powerpc/configs/chrp32_defconfig b/arch/powerpc/configs/chrp32_defconfig
index 66eae5b7e16c..36662f293587 100644
--- a/arch/powerpc/configs/chrp32_defconfig
+++ b/arch/powerpc/configs/chrp32_defconfig
@@ -113,7 +113,6 @@ CONFIG_MAGIC_SYSRQ=y
CONFIG_DEBUG_KERNEL=y
CONFIG_DEBUG_MUTEXES=y
CONFIG_XMON=y
CONFIG_XMON_DEFAULT=y
CONFIG_CRYPTO_CBC=m
-CONFIG_CRYPTO_PCBC=m
# CONFIG_CRYPTO_HW is not set
diff --git a/arch/powerpc/configs/ep8248e_defconfig b/arch/powerpc/configs/ep8248e_defconfig
index 0d8d3f41f194..c3167726706d 100644
--- a/arch/powerpc/configs/ep8248e_defconfig
+++ b/arch/powerpc/configs/ep8248e_defconfig
@@ -62,9 +62,8 @@ CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y
CONFIG_MAGIC_SYSRQ=y
# CONFIG_SCHED_DEBUG is not set
CONFIG_BDI_SWITCH=y
CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_ECB=y
-CONFIG_CRYPTO_PCBC=y
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_DES=y
# CONFIG_CRYPTO_HW is not set
diff --git a/arch/powerpc/configs/fsl-emb-nonhw.config b/arch/powerpc/configs/fsl-emb-nonhw.config
index 2f81bc2d819e..391c99117ee0 100644
--- a/arch/powerpc/configs/fsl-emb-nonhw.config
+++ b/arch/powerpc/configs/fsl-emb-nonhw.config
@@ -17,11 +17,10 @@ CONFIG_CGROUPS=y
# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set
CONFIG_CPUSETS=y
CONFIG_CRAMFS=y
CONFIG_CRYPTO_MD4=y
CONFIG_CRYPTO_NULL=y
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_SHA256=y
CONFIG_CRYPTO_SHA512=y
CONFIG_DEBUG_FS=y
CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y
CONFIG_DEBUG_KERNEL=y
diff --git a/arch/powerpc/configs/g5_defconfig b/arch/powerpc/configs/g5_defconfig
index 5ca1676e6058..04afb1594890 100644
--- a/arch/powerpc/configs/g5_defconfig
+++ b/arch/powerpc/configs/g5_defconfig
@@ -233,11 +233,10 @@ CONFIG_NLS_UTF8=y
CONFIG_MAGIC_SYSRQ=y
CONFIG_DEBUG_KERNEL=y
CONFIG_DEBUG_MUTEXES=y
CONFIG_BOOTX_TEXT=y
CONFIG_CRYPTO_BENCHMARK=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_SHA512=m
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_BLOWFISH=m
diff --git a/arch/powerpc/configs/linkstation_defconfig b/arch/powerpc/configs/linkstation_defconfig
index 31f84d08b6ef..e1c1b00b0c81 100644
--- a/arch/powerpc/configs/linkstation_defconfig
+++ b/arch/powerpc/configs/linkstation_defconfig
@@ -126,11 +126,10 @@ CONFIG_NLS_CODEPAGE_932=m
CONFIG_NLS_ISO8859_1=m
CONFIG_NLS_UTF8=m
CONFIG_MAGIC_SYSRQ=y
CONFIG_DEBUG_KERNEL=y
CONFIG_DETECT_HUNG_TASK=y
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_SHA1=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_DEFLATE=m
diff --git a/arch/powerpc/configs/mgcoge_defconfig b/arch/powerpc/configs/mgcoge_defconfig
index f65001e7877f..a31e1184f912 100644
--- a/arch/powerpc/configs/mgcoge_defconfig
+++ b/arch/powerpc/configs/mgcoge_defconfig
@@ -76,7 +76,6 @@ CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y
CONFIG_DEBUG_FS=y
CONFIG_MAGIC_SYSRQ=y
# CONFIG_SCHED_DEBUG is not set
CONFIG_BDI_SWITCH=y
CONFIG_CRYPTO_ECB=y
-CONFIG_CRYPTO_PCBC=y
# CONFIG_CRYPTO_HW is not set
diff --git a/arch/powerpc/configs/mpc83xx_defconfig b/arch/powerpc/configs/mpc83xx_defconfig
index a815d9e5e3e8..d603d8e93958 100644
--- a/arch/powerpc/configs/mpc83xx_defconfig
+++ b/arch/powerpc/configs/mpc83xx_defconfig
@@ -96,8 +96,7 @@ CONFIG_PROC_KCORE=y
CONFIG_TMPFS=y
CONFIG_NFS_FS=y
CONFIG_NFS_V4=y
CONFIG_ROOT_NFS=y
CONFIG_CRYPTO_ECB=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_SHA512=y
CONFIG_CRYPTO_DEV_TALITOS=y
diff --git a/arch/powerpc/configs/mvme5100_defconfig b/arch/powerpc/configs/mvme5100_defconfig
index c82754c14e15..3918768d7cd2 100644
--- a/arch/powerpc/configs/mvme5100_defconfig
+++ b/arch/powerpc/configs/mvme5100_defconfig
@@ -111,11 +111,10 @@ CONFIG_XZ_DEC=y
CONFIG_MAGIC_SYSRQ=y
CONFIG_DEBUG_KERNEL=y
CONFIG_DETECT_HUNG_TASK=y
CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=20
CONFIG_CRYPTO_CBC=y
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_SHA1=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_DES=y
CONFIG_CRYPTO_SERPENT=m
diff --git a/arch/powerpc/configs/pmac32_defconfig b/arch/powerpc/configs/pmac32_defconfig
index ae45f70b29f0..728c8cabfb83 100644
--- a/arch/powerpc/configs/pmac32_defconfig
+++ b/arch/powerpc/configs/pmac32_defconfig
@@ -279,11 +279,10 @@ CONFIG_MAGIC_SYSRQ=y
CONFIG_DEBUG_KERNEL=y
CONFIG_DETECT_HUNG_TASK=y
CONFIG_XMON=y
CONFIG_XMON_DEFAULT=y
CONFIG_BOOTX_TEXT=y
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_SHA512=m
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_BLOWFISH=m
diff --git a/arch/powerpc/configs/powernv_defconfig b/arch/powerpc/configs/powernv_defconfig
index 5d32c2767a65..2b9b46704180 100644
--- a/arch/powerpc/configs/powernv_defconfig
+++ b/arch/powerpc/configs/powernv_defconfig
@@ -312,11 +312,10 @@ CONFIG_PPC_EMULATED_STATS=y
CONFIG_CODE_PATCHING_SELFTEST=y
CONFIG_FTR_FIXUP_SELFTEST=y
CONFIG_MSI_BITMAP_SELFTEST=y
CONFIG_XMON=y
CONFIG_CRYPTO_BENCHMARK=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_SHA256=y
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_BLOWFISH=m
diff --git a/arch/powerpc/configs/ppc44x_defconfig b/arch/powerpc/configs/ppc44x_defconfig
index 41c930f74ed4..0dc537f6aff3 100644
--- a/arch/powerpc/configs/ppc44x_defconfig
+++ b/arch/powerpc/configs/ppc44x_defconfig
@@ -91,8 +91,7 @@ CONFIG_ROOT_NFS=y
CONFIG_NLS_CODEPAGE_437=m
CONFIG_NLS_ISO8859_1=m
CONFIG_MAGIC_SYSRQ=y
CONFIG_DETECT_HUNG_TASK=y
CONFIG_CRYPTO_ECB=y
-CONFIG_CRYPTO_PCBC=y
# CONFIG_CRYPTO_HW is not set
CONFIG_VIRTUALIZATION=y
diff --git a/arch/powerpc/configs/ppc64_defconfig b/arch/powerpc/configs/ppc64_defconfig
index 6316ca4df25d..f795b74602ec 100644
--- a/arch/powerpc/configs/ppc64_defconfig
+++ b/arch/powerpc/configs/ppc64_defconfig
@@ -376,11 +376,10 @@ CONFIG_IMA_APPRAISE_MODSIG=y
CONFIG_CRYPTO_BENCHMARK=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAST6=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_TWOFISH=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_SHA256=y
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_LZO=m
CONFIG_CRYPTO_AES_GCM_P10=m
CONFIG_CRYPTO_DEV_NX=y
diff --git a/arch/powerpc/configs/ppc64e_defconfig b/arch/powerpc/configs/ppc64e_defconfig
index 20cc17dce94d..f365b79c7802 100644
--- a/arch/powerpc/configs/ppc64e_defconfig
+++ b/arch/powerpc/configs/ppc64e_defconfig
@@ -218,11 +218,10 @@ CONFIG_FTR_FIXUP_SELFTEST=y
CONFIG_MSI_BITMAP_SELFTEST=y
CONFIG_XMON=y
CONFIG_CRYPTO_BENCHMARK=m
CONFIG_CRYPTO_CCM=m
CONFIG_CRYPTO_GCM=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_SHA512=m
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_BLOWFISH=m
diff --git a/arch/powerpc/configs/ppc6xx_defconfig b/arch/powerpc/configs/ppc6xx_defconfig
index db3a8da4ccd3..00a2e003ee9f 100644
--- a/arch/powerpc/configs/ppc6xx_defconfig
+++ b/arch/powerpc/configs/ppc6xx_defconfig
@@ -1050,11 +1050,10 @@ CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_DISABLE=y
CONFIG_CRYPTO_BENCHMARK=m
CONFIG_CRYPTO_CTS=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_XCBC=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_SHA1=y
diff --git a/arch/powerpc/configs/ps3_defconfig b/arch/powerpc/configs/ps3_defconfig
index 7cfae0b7b2f3..22cfe85b7db7 100644
--- a/arch/powerpc/configs/ps3_defconfig
+++ b/arch/powerpc/configs/ps3_defconfig
@@ -143,11 +143,10 @@ CONFIG_NFS_SWAP=y
CONFIG_ROOT_NFS=y
CONFIG_CIFS=m
CONFIG_NLS=y
CONFIG_NLS_CODEPAGE_437=y
CONFIG_NLS_ISO8859_1=y
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_LZO=m
CONFIG_PRINTK_TIME=y
CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y
CONFIG_MAGIC_SYSRQ=y
CONFIG_DEBUG_MEMORY_INIT=y
diff --git a/arch/s390/configs/debug_defconfig b/arch/s390/configs/debug_defconfig
index b69f626b7cce..12511bdb9579 100644
--- a/arch/s390/configs/debug_defconfig
+++ b/arch/s390/configs/debug_defconfig
@@ -784,11 +784,10 @@ CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_ADIANTUM=m
CONFIG_CRYPTO_ARC4=m
CONFIG_CRYPTO_HCTR2=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_AEGIS128=m
CONFIG_CRYPTO_GCM=y
CONFIG_CRYPTO_SEQIV=y
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_MD5=y
diff --git a/arch/s390/configs/defconfig b/arch/s390/configs/defconfig
index 9ea820882fdf..9d44dd968ecc 100644
--- a/arch/s390/configs/defconfig
+++ b/arch/s390/configs/defconfig
@@ -768,11 +768,10 @@ CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_ADIANTUM=m
CONFIG_CRYPTO_ARC4=m
CONFIG_CRYPTO_HCTR2=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_AEGIS128=m
CONFIG_CRYPTO_GCM=y
CONFIG_CRYPTO_SEQIV=y
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_MD5=y
diff --git a/arch/sh/configs/hp6xx_defconfig b/arch/sh/configs/hp6xx_defconfig
index b6116a203a27..bdc476dcfa43 100644
--- a/arch/sh/configs/hp6xx_defconfig
+++ b/arch/sh/configs/hp6xx_defconfig
@@ -49,8 +49,7 @@ CONFIG_VFAT_FS=y
CONFIG_PROC_KCORE=y
CONFIG_NLS_CODEPAGE_850=y
CONFIG_CRYPTO=y
CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_ECB=y
-CONFIG_CRYPTO_PCBC=y
CONFIG_CRYPTO_MD5=y
# CONFIG_CRYPTO_HW is not set
diff --git a/arch/sh/configs/r7780mp_defconfig b/arch/sh/configs/r7780mp_defconfig
index af954f75444b..7b46f62fe7db 100644
--- a/arch/sh/configs/r7780mp_defconfig
+++ b/arch/sh/configs/r7780mp_defconfig
@@ -99,7 +99,6 @@ CONFIG_DEBUG_FS=y
CONFIG_DEBUG_KERNEL=y
CONFIG_DETECT_HUNG_TASK=y
# CONFIG_DEBUG_PREEMPT is not set
CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y
CONFIG_CRYPTO_ECB=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_HMAC=y
diff --git a/arch/sh/configs/r7785rp_defconfig b/arch/sh/configs/r7785rp_defconfig
index a66dd6d74cf1..6d2461a85f19 100644
--- a/arch/sh/configs/r7785rp_defconfig
+++ b/arch/sh/configs/r7785rp_defconfig
@@ -97,7 +97,6 @@ CONFIG_DEBUG_LOCKING_API_SELFTESTS=y
CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y
CONFIG_SH_STANDARD_BIOS=y
CONFIG_DEBUG_STACK_USAGE=y
CONFIG_4KSTACKS=y
CONFIG_CRYPTO_ECB=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_HMAC=y
diff --git a/arch/sh/configs/se7712_defconfig b/arch/sh/configs/se7712_defconfig
index dee1d88f6a7d..8d8a311c60b1 100644
--- a/arch/sh/configs/se7712_defconfig
+++ b/arch/sh/configs/se7712_defconfig
@@ -91,6 +91,5 @@ CONFIG_NFS_FS=y
CONFIG_ROOT_NFS=y
CONFIG_DEBUG_KERNEL=y
CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y
CONFIG_FRAME_POINTER=y
CONFIG_CRYPTO_ECB=m
-CONFIG_CRYPTO_PCBC=m
diff --git a/arch/sh/configs/sh2007_defconfig b/arch/sh/configs/sh2007_defconfig
index 4a67f9c85806..3060bcd9cc5f 100644
--- a/arch/sh/configs/sh2007_defconfig
+++ b/arch/sh/configs/sh2007_defconfig
@@ -163,11 +163,10 @@ CONFIG_FRAME_POINTER=y
CONFIG_SH_STANDARD_BIOS=y
CONFIG_CRYPTO_NULL=y
CONFIG_CRYPTO_AUTHENC=y
CONFIG_CRYPTO_ECB=y
CONFIG_CRYPTO_LRW=y
-CONFIG_CRYPTO_PCBC=y
CONFIG_CRYPTO_XTS=y
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_XCBC=y
CONFIG_CRYPTO_MD4=y
CONFIG_CRYPTO_SHA1=y
diff --git a/arch/sparc/configs/sparc32_defconfig b/arch/sparc/configs/sparc32_defconfig
index 48d834acafb4..d5579217fb4c 100644
--- a/arch/sparc/configs/sparc32_defconfig
+++ b/arch/sparc/configs/sparc32_defconfig
@@ -78,11 +78,10 @@ CONFIG_DETECT_HUNG_TASK=y
# CONFIG_SCHED_DEBUG is not set
CONFIG_KGDB=y
CONFIG_KGDB_TESTS=y
CONFIG_CRYPTO_NULL=m
CONFIG_CRYPTO_ECB=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_MD4=y
CONFIG_CRYPTO_SHA256=m
CONFIG_CRYPTO_SHA512=m
CONFIG_CRYPTO_AES=m
CONFIG_CRYPTO_ARC4=m
diff --git a/arch/sparc/configs/sparc64_defconfig b/arch/sparc/configs/sparc64_defconfig
index c6009ebc806d..3763108c3bd4 100644
--- a/arch/sparc/configs/sparc64_defconfig
+++ b/arch/sparc/configs/sparc64_defconfig
@@ -204,11 +204,10 @@ CONFIG_BLK_DEV_IO_TRACE=y
CONFIG_UPROBE_EVENTS=y
CONFIG_KEYS=y
CONFIG_CRYPTO_NULL=m
CONFIG_CRYPTO_BENCHMARK=m
CONFIG_CRYPTO_LRW=m
-CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
CONFIG_CRYPTO_XCBC=y
CONFIG_CRYPTO_MD4=y
CONFIG_CRYPTO_SHA256=m
CONFIG_CRYPTO_SHA512=m
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 0727cd5877da..f8d5801a4d5e 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -701,19 +701,10 @@ config CRYPTO_LRW
The first 128, 192 or 256 bits in the key are used for AES and the
rest is used to tie each cipher block to its logical position.
See https://people.csail.mit.edu/rivest/pubs/LRW02.pdf
-config CRYPTO_PCBC
- tristate "PCBC (Propagating Cipher Block Chaining)"
- select CRYPTO_SKCIPHER
- select CRYPTO_MANAGER
- help
- PCBC (Propagating Cipher Block Chaining) mode
-
- This block cipher mode is required for RxRPC.
-
config CRYPTO_XCTR
tristate
select CRYPTO_SKCIPHER
select CRYPTO_MANAGER
help
diff --git a/crypto/Makefile b/crypto/Makefile
index 1827f84192e6..9081ed10ce61 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -87,11 +87,10 @@ obj-$(CONFIG_CRYPTO_STREEBOG) += streebog_generic.o
obj-$(CONFIG_CRYPTO_WP512) += wp512.o
CFLAGS_wp512.o := $(call cc-option,-fno-schedule-insns) # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79149
obj-$(CONFIG_CRYPTO_BLAKE2B) += blake2b.o
obj-$(CONFIG_CRYPTO_ECB) += ecb.o
obj-$(CONFIG_CRYPTO_CBC) += cbc.o
-obj-$(CONFIG_CRYPTO_PCBC) += pcbc.o
obj-$(CONFIG_CRYPTO_CTS) += cts.o
obj-$(CONFIG_CRYPTO_LRW) += lrw.o
obj-$(CONFIG_CRYPTO_XTS) += xts.o
obj-$(CONFIG_CRYPTO_CTR) += ctr.o
obj-$(CONFIG_CRYPTO_XCTR) += xctr.o
diff --git a/crypto/pcbc.c b/crypto/pcbc.c
deleted file mode 100644
index d092717ea4fc..000000000000
--- a/crypto/pcbc.c
+++ /dev/null
@@ -1,195 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * PCBC: Propagating Cipher Block Chaining mode
- *
- * Copyright (C) 2006 Red Hat, Inc. All Rights Reserved.
- * Written by David Howells (dhowells@redhat.com)
- *
- * Derived from cbc.c
- * - Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au>
- */
-
-#include <crypto/algapi.h>
-#include <crypto/internal/cipher.h>
-#include <crypto/internal/skcipher.h>
-#include <linux/err.h>
-#include <linux/init.h>
-#include <linux/kernel.h>
-#include <linux/module.h>
-
-static int crypto_pcbc_encrypt_segment(struct skcipher_request *req,
- struct skcipher_walk *walk,
- struct crypto_cipher *tfm)
-{
- int bsize = crypto_cipher_blocksize(tfm);
- const u8 *src = walk->src.virt.addr;
- unsigned int nbytes = walk->nbytes;
- u8 *dst = walk->dst.virt.addr;
- u8 * const iv = walk->iv;
-
- do {
- crypto_xor(iv, src, bsize);
- crypto_cipher_encrypt_one(tfm, dst, iv);
- crypto_xor_cpy(iv, dst, src, bsize);
-
- src += bsize;
- dst += bsize;
- } while ((nbytes -= bsize) >= bsize);
-
- return nbytes;
-}
-
-static int crypto_pcbc_encrypt_inplace(struct skcipher_request *req,
- struct skcipher_walk *walk,
- struct crypto_cipher *tfm)
-{
- int bsize = crypto_cipher_blocksize(tfm);
- unsigned int nbytes = walk->nbytes;
- u8 *dst = walk->dst.virt.addr;
- u8 * const iv = walk->iv;
- u8 tmpbuf[MAX_CIPHER_BLOCKSIZE];
-
- do {
- memcpy(tmpbuf, dst, bsize);
- crypto_xor(iv, dst, bsize);
- crypto_cipher_encrypt_one(tfm, dst, iv);
- crypto_xor_cpy(iv, tmpbuf, dst, bsize);
-
- dst += bsize;
- } while ((nbytes -= bsize) >= bsize);
-
- return nbytes;
-}
-
-static int crypto_pcbc_encrypt(struct skcipher_request *req)
-{
- struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
- struct crypto_cipher *cipher = skcipher_cipher_simple(tfm);
- struct skcipher_walk walk;
- unsigned int nbytes;
- int err;
-
- err = skcipher_walk_virt(&walk, req, false);
-
- while (walk.nbytes) {
- if (walk.src.virt.addr == walk.dst.virt.addr)
- nbytes = crypto_pcbc_encrypt_inplace(req, &walk,
- cipher);
- else
- nbytes = crypto_pcbc_encrypt_segment(req, &walk,
- cipher);
- err = skcipher_walk_done(&walk, nbytes);
- }
-
- return err;
-}
-
-static int crypto_pcbc_decrypt_segment(struct skcipher_request *req,
- struct skcipher_walk *walk,
- struct crypto_cipher *tfm)
-{
- int bsize = crypto_cipher_blocksize(tfm);
- const u8 *src = walk->src.virt.addr;
- unsigned int nbytes = walk->nbytes;
- u8 *dst = walk->dst.virt.addr;
- u8 * const iv = walk->iv;
-
- do {
- crypto_cipher_decrypt_one(tfm, dst, src);
- crypto_xor(dst, iv, bsize);
- crypto_xor_cpy(iv, dst, src, bsize);
-
- src += bsize;
- dst += bsize;
- } while ((nbytes -= bsize) >= bsize);
-
- return nbytes;
-}
-
-static int crypto_pcbc_decrypt_inplace(struct skcipher_request *req,
- struct skcipher_walk *walk,
- struct crypto_cipher *tfm)
-{
- int bsize = crypto_cipher_blocksize(tfm);
- unsigned int nbytes = walk->nbytes;
- u8 *dst = walk->dst.virt.addr;
- u8 * const iv = walk->iv;
- u8 tmpbuf[MAX_CIPHER_BLOCKSIZE] __aligned(__alignof__(u32));
-
- do {
- memcpy(tmpbuf, dst, bsize);
- crypto_cipher_decrypt_one(tfm, dst, dst);
- crypto_xor(dst, iv, bsize);
- crypto_xor_cpy(iv, dst, tmpbuf, bsize);
-
- dst += bsize;
- } while ((nbytes -= bsize) >= bsize);
-
- return nbytes;
-}
-
-static int crypto_pcbc_decrypt(struct skcipher_request *req)
-{
- struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
- struct crypto_cipher *cipher = skcipher_cipher_simple(tfm);
- struct skcipher_walk walk;
- unsigned int nbytes;
- int err;
-
- err = skcipher_walk_virt(&walk, req, false);
-
- while (walk.nbytes) {
- if (walk.src.virt.addr == walk.dst.virt.addr)
- nbytes = crypto_pcbc_decrypt_inplace(req, &walk,
- cipher);
- else
- nbytes = crypto_pcbc_decrypt_segment(req, &walk,
- cipher);
- err = skcipher_walk_done(&walk, nbytes);
- }
-
- return err;
-}
-
-static int crypto_pcbc_create(struct crypto_template *tmpl, struct rtattr **tb)
-{
- struct skcipher_instance *inst;
- int err;
-
- inst = skcipher_alloc_instance_simple(tmpl, tb);
- if (IS_ERR(inst))
- return PTR_ERR(inst);
-
- inst->alg.encrypt = crypto_pcbc_encrypt;
- inst->alg.decrypt = crypto_pcbc_decrypt;
-
- err = skcipher_register_instance(tmpl, inst);
- if (err)
- inst->free(inst);
-
- return err;
-}
-
-static struct crypto_template crypto_pcbc_tmpl = {
- .name = "pcbc",
- .create = crypto_pcbc_create,
- .module = THIS_MODULE,
-};
-
-static int __init crypto_pcbc_module_init(void)
-{
- return crypto_register_template(&crypto_pcbc_tmpl);
-}
-
-static void __exit crypto_pcbc_module_exit(void)
-{
- crypto_unregister_template(&crypto_pcbc_tmpl);
-}
-
-module_init(crypto_pcbc_module_init);
-module_exit(crypto_pcbc_module_exit);
-
-MODULE_LICENSE("GPL");
-MODULE_DESCRIPTION("PCBC block cipher mode of operation");
-MODULE_ALIAS_CRYPTO("pcbc");
-MODULE_IMPORT_NS("CRYPTO_INTERNAL");
--
2.54.0
^ permalink raw reply related
* [PATCH net-next v2 4/5] crypto: fcrypt - Remove support for FCrypt block cipher
From: Eric Biggers @ 2026-05-22 5:07 UTC (permalink / raw)
To: netdev, linux-afs
Cc: David Howells, Marc Dionne, linux-crypto, linux-kernel,
David S . Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
Simon Horman, Eric Biggers, Geert Uytterhoeven
In-Reply-To: <20260522050740.84561-1-ebiggers@kernel.org>
Remove the insecure FCrypt block cipher from the crypto API. Its only
user was net/rxrpc/, but now net/rxrpc/ implements it locally. The
crypto API implementation is no longer needed.
For some additional context: FCrypt was designed in 1988 and is
essentially a weakened version of DES. It has the same 56-bit key size
as DES, which is easily brute forced. Moreover, it's cryptographically
weak and doesn't even provide the intended 56-bit security level. Its
author considers it to be a mistake, as well
(https://lists.openafs.org/pipermail/openafs-devel/2000-December/005320.html).
But fortunately this 1980s-era homebrew block cipher was never adopted
outside of net/rxrpc/. So its code can just be kept there.
Acked-by: Geert Uytterhoeven <geert@linux-m68k.org> # m68k
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
arch/arm/configs/pxa_defconfig | 1 -
arch/m68k/configs/amiga_defconfig | 1 -
arch/m68k/configs/apollo_defconfig | 1 -
arch/m68k/configs/atari_defconfig | 1 -
arch/m68k/configs/bvme6000_defconfig | 1 -
arch/m68k/configs/hp300_defconfig | 1 -
arch/m68k/configs/mac_defconfig | 1 -
arch/m68k/configs/multi_defconfig | 1 -
arch/m68k/configs/mvme147_defconfig | 1 -
arch/m68k/configs/mvme16x_defconfig | 1 -
arch/m68k/configs/q40_defconfig | 1 -
arch/m68k/configs/sun3_defconfig | 1 -
arch/m68k/configs/sun3x_defconfig | 1 -
arch/mips/configs/bigsur_defconfig | 1 -
arch/mips/configs/decstation_64_defconfig | 1 -
arch/mips/configs/decstation_defconfig | 1 -
arch/mips/configs/decstation_r4k_defconfig | 1 -
arch/mips/configs/ip22_defconfig | 1 -
arch/mips/configs/ip27_defconfig | 1 -
arch/mips/configs/ip30_defconfig | 1 -
arch/mips/configs/ip32_defconfig | 1 -
arch/mips/configs/lemote2f_defconfig | 1 -
arch/mips/configs/malta_defconfig | 1 -
arch/mips/configs/malta_kvm_defconfig | 1 -
arch/mips/configs/maltaup_xpa_defconfig | 1 -
arch/mips/configs/rm200_defconfig | 1 -
arch/mips/configs/sb1250_swarm_defconfig | 1 -
arch/parisc/configs/generic-64bit_defconfig | 1 -
arch/powerpc/configs/ppc6xx_defconfig | 1 -
arch/s390/configs/debug_defconfig | 1 -
arch/s390/configs/defconfig | 1 -
arch/sh/configs/sh2007_defconfig | 1 -
arch/sparc/configs/sparc64_defconfig | 1 -
crypto/Kconfig | 9 -
crypto/Makefile | 1 -
crypto/fcrypt.c | 420 --------------------
crypto/tcrypt.c | 4 -
crypto/testmgr.c | 15 -
crypto/testmgr.h | 45 ---
39 files changed, 527 deletions(-)
delete mode 100644 crypto/fcrypt.c
diff --git a/arch/arm/configs/pxa_defconfig b/arch/arm/configs/pxa_defconfig
index c51ae373ca88..53f1e5820c49 100644
--- a/arch/arm/configs/pxa_defconfig
+++ b/arch/arm/configs/pxa_defconfig
@@ -638,11 +638,10 @@ CONFIG_CRYPTO_CRYPTD=m
CONFIG_CRYPTO_AUTHENC=m
CONFIG_CRYPTO_BENCHMARK=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
diff --git a/arch/m68k/configs/amiga_defconfig b/arch/m68k/configs/amiga_defconfig
index 47e48c18e55c..ca45670a6af4 100644
--- a/arch/m68k/configs/amiga_defconfig
+++ b/arch/m68k/configs/amiga_defconfig
@@ -522,11 +522,10 @@ CONFIG_CRYPTO_ARIA=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
CONFIG_CRYPTO_DES=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4_GENERIC=m
CONFIG_CRYPTO_TEA=m
diff --git a/arch/m68k/configs/apollo_defconfig b/arch/m68k/configs/apollo_defconfig
index 161586d611ab..2732a5b8b694 100644
--- a/arch/m68k/configs/apollo_defconfig
+++ b/arch/m68k/configs/apollo_defconfig
@@ -477,11 +477,10 @@ CONFIG_CRYPTO_ARIA=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
CONFIG_CRYPTO_DES=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4_GENERIC=m
CONFIG_CRYPTO_TEA=m
diff --git a/arch/m68k/configs/atari_defconfig b/arch/m68k/configs/atari_defconfig
index c13c6deeac22..242882b05fa4 100644
--- a/arch/m68k/configs/atari_defconfig
+++ b/arch/m68k/configs/atari_defconfig
@@ -499,11 +499,10 @@ CONFIG_CRYPTO_ARIA=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
CONFIG_CRYPTO_DES=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4_GENERIC=m
CONFIG_CRYPTO_TEA=m
diff --git a/arch/m68k/configs/bvme6000_defconfig b/arch/m68k/configs/bvme6000_defconfig
index d4f3f94b61ff..07e73c78a9e2 100644
--- a/arch/m68k/configs/bvme6000_defconfig
+++ b/arch/m68k/configs/bvme6000_defconfig
@@ -469,11 +469,10 @@ CONFIG_CRYPTO_ARIA=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
CONFIG_CRYPTO_DES=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4_GENERIC=m
CONFIG_CRYPTO_TEA=m
diff --git a/arch/m68k/configs/hp300_defconfig b/arch/m68k/configs/hp300_defconfig
index 58288f83349d..7188948da864 100644
--- a/arch/m68k/configs/hp300_defconfig
+++ b/arch/m68k/configs/hp300_defconfig
@@ -479,11 +479,10 @@ CONFIG_CRYPTO_ARIA=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
CONFIG_CRYPTO_DES=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4_GENERIC=m
CONFIG_CRYPTO_TEA=m
diff --git a/arch/m68k/configs/mac_defconfig b/arch/m68k/configs/mac_defconfig
index abb369fd1f55..fa5b04d59aa6 100644
--- a/arch/m68k/configs/mac_defconfig
+++ b/arch/m68k/configs/mac_defconfig
@@ -498,11 +498,10 @@ CONFIG_CRYPTO_ARIA=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
CONFIG_CRYPTO_DES=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4_GENERIC=m
CONFIG_CRYPTO_TEA=m
diff --git a/arch/m68k/configs/multi_defconfig b/arch/m68k/configs/multi_defconfig
index cb8de979700f..3bc9911549c0 100644
--- a/arch/m68k/configs/multi_defconfig
+++ b/arch/m68k/configs/multi_defconfig
@@ -585,11 +585,10 @@ CONFIG_CRYPTO_ARIA=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
CONFIG_CRYPTO_DES=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4_GENERIC=m
CONFIG_CRYPTO_TEA=m
diff --git a/arch/m68k/configs/mvme147_defconfig b/arch/m68k/configs/mvme147_defconfig
index 176540bd5074..9f5c8e0a07f3 100644
--- a/arch/m68k/configs/mvme147_defconfig
+++ b/arch/m68k/configs/mvme147_defconfig
@@ -469,11 +469,10 @@ CONFIG_CRYPTO_ARIA=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
CONFIG_CRYPTO_DES=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4_GENERIC=m
CONFIG_CRYPTO_TEA=m
diff --git a/arch/m68k/configs/mvme16x_defconfig b/arch/m68k/configs/mvme16x_defconfig
index 8b2e5cf4d2f2..e5a6299aeae0 100644
--- a/arch/m68k/configs/mvme16x_defconfig
+++ b/arch/m68k/configs/mvme16x_defconfig
@@ -470,11 +470,10 @@ CONFIG_CRYPTO_ARIA=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
CONFIG_CRYPTO_DES=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4_GENERIC=m
CONFIG_CRYPTO_TEA=m
diff --git a/arch/m68k/configs/q40_defconfig b/arch/m68k/configs/q40_defconfig
index d48f3cf5285b..e79bbb397261 100644
--- a/arch/m68k/configs/q40_defconfig
+++ b/arch/m68k/configs/q40_defconfig
@@ -488,11 +488,10 @@ CONFIG_CRYPTO_ARIA=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
CONFIG_CRYPTO_DES=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4_GENERIC=m
CONFIG_CRYPTO_TEA=m
diff --git a/arch/m68k/configs/sun3_defconfig b/arch/m68k/configs/sun3_defconfig
index 0b96428f25d4..7aa76de5c472 100644
--- a/arch/m68k/configs/sun3_defconfig
+++ b/arch/m68k/configs/sun3_defconfig
@@ -467,11 +467,10 @@ CONFIG_CRYPTO_ARIA=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
CONFIG_CRYPTO_DES=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4_GENERIC=m
CONFIG_CRYPTO_TEA=m
diff --git a/arch/m68k/configs/sun3x_defconfig b/arch/m68k/configs/sun3x_defconfig
index 6140e18244a1..2ecd8bd097ea 100644
--- a/arch/m68k/configs/sun3x_defconfig
+++ b/arch/m68k/configs/sun3x_defconfig
@@ -467,11 +467,10 @@ CONFIG_CRYPTO_ARIA=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
CONFIG_CRYPTO_DES=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4_GENERIC=m
CONFIG_CRYPTO_TEA=m
diff --git a/arch/mips/configs/bigsur_defconfig b/arch/mips/configs/bigsur_defconfig
index aa63ada62e28..74c6821e4c37 100644
--- a/arch/mips/configs/bigsur_defconfig
+++ b/arch/mips/configs/bigsur_defconfig
@@ -217,11 +217,10 @@ CONFIG_CRYPTO_SHA512=m
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST6=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
diff --git a/arch/mips/configs/decstation_64_defconfig b/arch/mips/configs/decstation_64_defconfig
index 7c43352fac6b..e98d218ed4c1 100644
--- a/arch/mips/configs/decstation_64_defconfig
+++ b/arch/mips/configs/decstation_64_defconfig
@@ -187,11 +187,10 @@ CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_ARC4=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
diff --git a/arch/mips/configs/decstation_defconfig b/arch/mips/configs/decstation_defconfig
index aee10274f048..2b4e06cc238b 100644
--- a/arch/mips/configs/decstation_defconfig
+++ b/arch/mips/configs/decstation_defconfig
@@ -182,11 +182,10 @@ CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_ARC4=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
diff --git a/arch/mips/configs/decstation_r4k_defconfig b/arch/mips/configs/decstation_r4k_defconfig
index a1698049aa7a..280553269156 100644
--- a/arch/mips/configs/decstation_r4k_defconfig
+++ b/arch/mips/configs/decstation_r4k_defconfig
@@ -182,11 +182,10 @@ CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_ARC4=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
diff --git a/arch/mips/configs/ip22_defconfig b/arch/mips/configs/ip22_defconfig
index e123848f94ab..50895ed06592 100644
--- a/arch/mips/configs/ip22_defconfig
+++ b/arch/mips/configs/ip22_defconfig
@@ -315,11 +315,10 @@ CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
diff --git a/arch/mips/configs/ip27_defconfig b/arch/mips/configs/ip27_defconfig
index fea0ccee6948..ff7e06b92f58 100644
--- a/arch/mips/configs/ip27_defconfig
+++ b/arch/mips/configs/ip27_defconfig
@@ -307,11 +307,10 @@ CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
diff --git a/arch/mips/configs/ip30_defconfig b/arch/mips/configs/ip30_defconfig
index 718f3060d9fa..d9f748f8cfaa 100644
--- a/arch/mips/configs/ip30_defconfig
+++ b/arch/mips/configs/ip30_defconfig
@@ -164,11 +164,10 @@ CONFIG_SECURITYFS=y
CONFIG_CRYPTO_CRYPTD=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_CTS=m
CONFIG_CRYPTO_LRW=m
CONFIG_CRYPTO_PCBC=m
diff --git a/arch/mips/configs/ip32_defconfig b/arch/mips/configs/ip32_defconfig
index 9020c309dcda..4b15f895be63 100644
--- a/arch/mips/configs/ip32_defconfig
+++ b/arch/mips/configs/ip32_defconfig
@@ -167,11 +167,10 @@ CONFIG_CRYPTO_ARC4=y
CONFIG_CRYPTO_BLOWFISH=y
CONFIG_CRYPTO_CAMELLIA=y
CONFIG_CRYPTO_CAST5=y
CONFIG_CRYPTO_CAST6=y
CONFIG_CRYPTO_DES=y
-CONFIG_CRYPTO_FCRYPT=y
CONFIG_CRYPTO_KHAZAD=y
CONFIG_CRYPTO_SERPENT=y
CONFIG_CRYPTO_TEA=y
CONFIG_CRYPTO_TWOFISH=y
CONFIG_CRYPTO_DEFLATE=y
diff --git a/arch/mips/configs/lemote2f_defconfig b/arch/mips/configs/lemote2f_defconfig
index b9f3e1641105..bbcdfc8134cb 100644
--- a/arch/mips/configs/lemote2f_defconfig
+++ b/arch/mips/configs/lemote2f_defconfig
@@ -299,11 +299,10 @@ CONFIG_CRYPTO_CRYPTD=m
CONFIG_CRYPTO_BENCHMARK=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_LRW=m
CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
diff --git a/arch/mips/configs/malta_defconfig b/arch/mips/configs/malta_defconfig
index 81704ec67f09..85e781607299 100644
--- a/arch/mips/configs/malta_defconfig
+++ b/arch/mips/configs/malta_defconfig
@@ -397,10 +397,9 @@ CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
diff --git a/arch/mips/configs/malta_kvm_defconfig b/arch/mips/configs/malta_kvm_defconfig
index 82a97f58bce1..2db5f50fed3b 100644
--- a/arch/mips/configs/malta_kvm_defconfig
+++ b/arch/mips/configs/malta_kvm_defconfig
@@ -404,11 +404,10 @@ CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_RCU_CPU_STALL_TIMEOUT=60
diff --git a/arch/mips/configs/maltaup_xpa_defconfig b/arch/mips/configs/maltaup_xpa_defconfig
index 0f9ef20744f9..865ae23bf11d 100644
--- a/arch/mips/configs/maltaup_xpa_defconfig
+++ b/arch/mips/configs/maltaup_xpa_defconfig
@@ -403,10 +403,9 @@ CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
diff --git a/arch/mips/configs/rm200_defconfig b/arch/mips/configs/rm200_defconfig
index ad9fbd0cbb38..7e04a6b1b4eb 100644
--- a/arch/mips/configs/rm200_defconfig
+++ b/arch/mips/configs/rm200_defconfig
@@ -378,10 +378,9 @@ CONFIG_CRYPTO_XCBC=m
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST6=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
diff --git a/arch/mips/configs/sb1250_swarm_defconfig b/arch/mips/configs/sb1250_swarm_defconfig
index 4a25b8d3e507..fe8a5a3ff328 100644
--- a/arch/mips/configs/sb1250_swarm_defconfig
+++ b/arch/mips/configs/sb1250_swarm_defconfig
@@ -90,11 +90,10 @@ CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
CONFIG_CRYPTO_DES=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_DEFLATE=m
CONFIG_CRYPTO_LZO=m
# CONFIG_CRYPTO_HW is not set
diff --git a/arch/parisc/configs/generic-64bit_defconfig b/arch/parisc/configs/generic-64bit_defconfig
index 0c4d54df9cf0..0503b4ef4c7a 100644
--- a/arch/parisc/configs/generic-64bit_defconfig
+++ b/arch/parisc/configs/generic-64bit_defconfig
@@ -279,11 +279,10 @@ CONFIG_NLS_CODEPAGE_1250=m
CONFIG_NLS_CODEPAGE_1251=m
CONFIG_NLS_ASCII=m
CONFIG_NLS_ISO8859_1=m
CONFIG_NLS_ISO8859_2=m
CONFIG_NLS_UTF8=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_ECB=m
CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_DEFLATE=m
diff --git a/arch/powerpc/configs/ppc6xx_defconfig b/arch/powerpc/configs/ppc6xx_defconfig
index eda1fec7ffd9..db3a8da4ccd3 100644
--- a/arch/powerpc/configs/ppc6xx_defconfig
+++ b/arch/powerpc/configs/ppc6xx_defconfig
@@ -1062,11 +1062,10 @@ CONFIG_CRYPTO_SHA512=m
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST6=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
diff --git a/arch/s390/configs/debug_defconfig b/arch/s390/configs/debug_defconfig
index c28f9a7d0bd8..b69f626b7cce 100644
--- a/arch/s390/configs/debug_defconfig
+++ b/arch/s390/configs/debug_defconfig
@@ -774,11 +774,10 @@ CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_ARIA=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
CONFIG_CRYPTO_DES=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4_GENERIC=m
CONFIG_CRYPTO_TEA=m
diff --git a/arch/s390/configs/defconfig b/arch/s390/configs/defconfig
index d89c988f33ea..9ea820882fdf 100644
--- a/arch/s390/configs/defconfig
+++ b/arch/s390/configs/defconfig
@@ -758,11 +758,10 @@ CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_ARIA=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
CONFIG_CRYPTO_DES=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4_GENERIC=m
CONFIG_CRYPTO_TEA=m
diff --git a/arch/sh/configs/sh2007_defconfig b/arch/sh/configs/sh2007_defconfig
index 5d9080499485..4a67f9c85806 100644
--- a/arch/sh/configs/sh2007_defconfig
+++ b/arch/sh/configs/sh2007_defconfig
@@ -180,11 +180,10 @@ CONFIG_CRYPTO_ANUBIS=y
CONFIG_CRYPTO_ARC4=y
CONFIG_CRYPTO_BLOWFISH=y
CONFIG_CRYPTO_CAMELLIA=y
CONFIG_CRYPTO_CAST5=y
CONFIG_CRYPTO_CAST6=y
-CONFIG_CRYPTO_FCRYPT=y
CONFIG_CRYPTO_KHAZAD=y
CONFIG_CRYPTO_SEED=y
CONFIG_CRYPTO_SERPENT=y
CONFIG_CRYPTO_TEA=y
CONFIG_CRYPTO_TWOFISH=y
diff --git a/arch/sparc/configs/sparc64_defconfig b/arch/sparc/configs/sparc64_defconfig
index 632081a262ba..c6009ebc806d 100644
--- a/arch/sparc/configs/sparc64_defconfig
+++ b/arch/sparc/configs/sparc64_defconfig
@@ -218,11 +218,10 @@ CONFIG_CRYPTO_AES=m
CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
-CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 103d1f58cb7c..0727cd5877da 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -462,19 +462,10 @@ config CRYPTO_DES
help
DES (Data Encryption Standard)(FIPS 46-2, ISO/IEC 18033-3) and
Triple DES EDE (Encrypt/Decrypt/Encrypt) (FIPS 46-3, ISO/IEC 18033-3)
cipher algorithms
-config CRYPTO_FCRYPT
- tristate "FCrypt"
- select CRYPTO_ALGAPI
- select CRYPTO_SKCIPHER
- help
- FCrypt algorithm used by RxRPC
-
- See https://ota.polyonymo.us/fcrypt-paper.txt
-
config CRYPTO_KHAZAD
tristate "Khazad"
depends on CRYPTO_USER_API_ENABLE_OBSOLETE
select CRYPTO_ALGAPI
help
diff --git a/crypto/Makefile b/crypto/Makefile
index 162242593c7c..1827f84192e6 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -124,11 +124,10 @@ endif
CFLAGS_aegis128-neon-inner.o += -isystem $(shell $(CC) -print-file-name=include)
obj-$(CONFIG_CRYPTO_PCRYPT) += pcrypt.o
obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o
obj-$(CONFIG_CRYPTO_DES) += des_generic.o
-obj-$(CONFIG_CRYPTO_FCRYPT) += fcrypt.o
obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish_generic.o
obj-$(CONFIG_CRYPTO_BLOWFISH_COMMON) += blowfish_common.o
obj-$(CONFIG_CRYPTO_TWOFISH) += twofish_generic.o
obj-$(CONFIG_CRYPTO_TWOFISH_COMMON) += twofish_common.o
obj-$(CONFIG_CRYPTO_SERPENT) += serpent_generic.o
diff --git a/crypto/fcrypt.c b/crypto/fcrypt.c
deleted file mode 100644
index 80036835cec5..000000000000
--- a/crypto/fcrypt.c
+++ /dev/null
@@ -1,420 +0,0 @@
-/* FCrypt encryption algorithm
- *
- * Copyright (C) 2006 Red Hat, Inc. All Rights Reserved.
- * Written by David Howells (dhowells@redhat.com)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version
- * 2 of the License, or (at your option) any later version.
- *
- * Based on code:
- *
- * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <asm/byteorder.h>
-#include <crypto/algapi.h>
-#include <linux/bitops.h>
-#include <linux/init.h>
-#include <linux/module.h>
-
-#define ROUNDS 16
-
-struct fcrypt_ctx {
- __be32 sched[ROUNDS];
-};
-
-/* Rotate right two 32 bit numbers as a 56 bit number */
-#define ror56(hi, lo, n) \
-do { \
- u32 t = lo & ((1 << n) - 1); \
- lo = (lo >> n) | ((hi & ((1 << n) - 1)) << (32 - n)); \
- hi = (hi >> n) | (t << (24-n)); \
-} while (0)
-
-/* Rotate right one 64 bit number as a 56 bit number */
-#define ror56_64(k, n) (k = (k >> n) | ((k & ((1 << n) - 1)) << (56 - n)))
-
-/*
- * Sboxes for Feistel network derived from
- * /afs/transarc.com/public/afsps/afs.rel31b.export-src/rxkad/sboxes.h
- */
-#undef Z
-#define Z(x) cpu_to_be32(x << 3)
-static const __be32 sbox0[256] = {
- Z(0xea), Z(0x7f), Z(0xb2), Z(0x64), Z(0x9d), Z(0xb0), Z(0xd9), Z(0x11),
- Z(0xcd), Z(0x86), Z(0x86), Z(0x91), Z(0x0a), Z(0xb2), Z(0x93), Z(0x06),
- Z(0x0e), Z(0x06), Z(0xd2), Z(0x65), Z(0x73), Z(0xc5), Z(0x28), Z(0x60),
- Z(0xf2), Z(0x20), Z(0xb5), Z(0x38), Z(0x7e), Z(0xda), Z(0x9f), Z(0xe3),
- Z(0xd2), Z(0xcf), Z(0xc4), Z(0x3c), Z(0x61), Z(0xff), Z(0x4a), Z(0x4a),
- Z(0x35), Z(0xac), Z(0xaa), Z(0x5f), Z(0x2b), Z(0xbb), Z(0xbc), Z(0x53),
- Z(0x4e), Z(0x9d), Z(0x78), Z(0xa3), Z(0xdc), Z(0x09), Z(0x32), Z(0x10),
- Z(0xc6), Z(0x6f), Z(0x66), Z(0xd6), Z(0xab), Z(0xa9), Z(0xaf), Z(0xfd),
- Z(0x3b), Z(0x95), Z(0xe8), Z(0x34), Z(0x9a), Z(0x81), Z(0x72), Z(0x80),
- Z(0x9c), Z(0xf3), Z(0xec), Z(0xda), Z(0x9f), Z(0x26), Z(0x76), Z(0x15),
- Z(0x3e), Z(0x55), Z(0x4d), Z(0xde), Z(0x84), Z(0xee), Z(0xad), Z(0xc7),
- Z(0xf1), Z(0x6b), Z(0x3d), Z(0xd3), Z(0x04), Z(0x49), Z(0xaa), Z(0x24),
- Z(0x0b), Z(0x8a), Z(0x83), Z(0xba), Z(0xfa), Z(0x85), Z(0xa0), Z(0xa8),
- Z(0xb1), Z(0xd4), Z(0x01), Z(0xd8), Z(0x70), Z(0x64), Z(0xf0), Z(0x51),
- Z(0xd2), Z(0xc3), Z(0xa7), Z(0x75), Z(0x8c), Z(0xa5), Z(0x64), Z(0xef),
- Z(0x10), Z(0x4e), Z(0xb7), Z(0xc6), Z(0x61), Z(0x03), Z(0xeb), Z(0x44),
- Z(0x3d), Z(0xe5), Z(0xb3), Z(0x5b), Z(0xae), Z(0xd5), Z(0xad), Z(0x1d),
- Z(0xfa), Z(0x5a), Z(0x1e), Z(0x33), Z(0xab), Z(0x93), Z(0xa2), Z(0xb7),
- Z(0xe7), Z(0xa8), Z(0x45), Z(0xa4), Z(0xcd), Z(0x29), Z(0x63), Z(0x44),
- Z(0xb6), Z(0x69), Z(0x7e), Z(0x2e), Z(0x62), Z(0x03), Z(0xc8), Z(0xe0),
- Z(0x17), Z(0xbb), Z(0xc7), Z(0xf3), Z(0x3f), Z(0x36), Z(0xba), Z(0x71),
- Z(0x8e), Z(0x97), Z(0x65), Z(0x60), Z(0x69), Z(0xb6), Z(0xf6), Z(0xe6),
- Z(0x6e), Z(0xe0), Z(0x81), Z(0x59), Z(0xe8), Z(0xaf), Z(0xdd), Z(0x95),
- Z(0x22), Z(0x99), Z(0xfd), Z(0x63), Z(0x19), Z(0x74), Z(0x61), Z(0xb1),
- Z(0xb6), Z(0x5b), Z(0xae), Z(0x54), Z(0xb3), Z(0x70), Z(0xff), Z(0xc6),
- Z(0x3b), Z(0x3e), Z(0xc1), Z(0xd7), Z(0xe1), Z(0x0e), Z(0x76), Z(0xe5),
- Z(0x36), Z(0x4f), Z(0x59), Z(0xc7), Z(0x08), Z(0x6e), Z(0x82), Z(0xa6),
- Z(0x93), Z(0xc4), Z(0xaa), Z(0x26), Z(0x49), Z(0xe0), Z(0x21), Z(0x64),
- Z(0x07), Z(0x9f), Z(0x64), Z(0x81), Z(0x9c), Z(0xbf), Z(0xf9), Z(0xd1),
- Z(0x43), Z(0xf8), Z(0xb6), Z(0xb9), Z(0xf1), Z(0x24), Z(0x75), Z(0x03),
- Z(0xe4), Z(0xb0), Z(0x99), Z(0x46), Z(0x3d), Z(0xf5), Z(0xd1), Z(0x39),
- Z(0x72), Z(0x12), Z(0xf6), Z(0xba), Z(0x0c), Z(0x0d), Z(0x42), Z(0x2e)
-};
-
-#undef Z
-#define Z(x) cpu_to_be32(((x & 0x1f) << 27) | (x >> 5))
-static const __be32 sbox1[256] = {
- Z(0x77), Z(0x14), Z(0xa6), Z(0xfe), Z(0xb2), Z(0x5e), Z(0x8c), Z(0x3e),
- Z(0x67), Z(0x6c), Z(0xa1), Z(0x0d), Z(0xc2), Z(0xa2), Z(0xc1), Z(0x85),
- Z(0x6c), Z(0x7b), Z(0x67), Z(0xc6), Z(0x23), Z(0xe3), Z(0xf2), Z(0x89),
- Z(0x50), Z(0x9c), Z(0x03), Z(0xb7), Z(0x73), Z(0xe6), Z(0xe1), Z(0x39),
- Z(0x31), Z(0x2c), Z(0x27), Z(0x9f), Z(0xa5), Z(0x69), Z(0x44), Z(0xd6),
- Z(0x23), Z(0x83), Z(0x98), Z(0x7d), Z(0x3c), Z(0xb4), Z(0x2d), Z(0x99),
- Z(0x1c), Z(0x1f), Z(0x8c), Z(0x20), Z(0x03), Z(0x7c), Z(0x5f), Z(0xad),
- Z(0xf4), Z(0xfa), Z(0x95), Z(0xca), Z(0x76), Z(0x44), Z(0xcd), Z(0xb6),
- Z(0xb8), Z(0xa1), Z(0xa1), Z(0xbe), Z(0x9e), Z(0x54), Z(0x8f), Z(0x0b),
- Z(0x16), Z(0x74), Z(0x31), Z(0x8a), Z(0x23), Z(0x17), Z(0x04), Z(0xfa),
- Z(0x79), Z(0x84), Z(0xb1), Z(0xf5), Z(0x13), Z(0xab), Z(0xb5), Z(0x2e),
- Z(0xaa), Z(0x0c), Z(0x60), Z(0x6b), Z(0x5b), Z(0xc4), Z(0x4b), Z(0xbc),
- Z(0xe2), Z(0xaf), Z(0x45), Z(0x73), Z(0xfa), Z(0xc9), Z(0x49), Z(0xcd),
- Z(0x00), Z(0x92), Z(0x7d), Z(0x97), Z(0x7a), Z(0x18), Z(0x60), Z(0x3d),
- Z(0xcf), Z(0x5b), Z(0xde), Z(0xc6), Z(0xe2), Z(0xe6), Z(0xbb), Z(0x8b),
- Z(0x06), Z(0xda), Z(0x08), Z(0x15), Z(0x1b), Z(0x88), Z(0x6a), Z(0x17),
- Z(0x89), Z(0xd0), Z(0xa9), Z(0xc1), Z(0xc9), Z(0x70), Z(0x6b), Z(0xe5),
- Z(0x43), Z(0xf4), Z(0x68), Z(0xc8), Z(0xd3), Z(0x84), Z(0x28), Z(0x0a),
- Z(0x52), Z(0x66), Z(0xa3), Z(0xca), Z(0xf2), Z(0xe3), Z(0x7f), Z(0x7a),
- Z(0x31), Z(0xf7), Z(0x88), Z(0x94), Z(0x5e), Z(0x9c), Z(0x63), Z(0xd5),
- Z(0x24), Z(0x66), Z(0xfc), Z(0xb3), Z(0x57), Z(0x25), Z(0xbe), Z(0x89),
- Z(0x44), Z(0xc4), Z(0xe0), Z(0x8f), Z(0x23), Z(0x3c), Z(0x12), Z(0x52),
- Z(0xf5), Z(0x1e), Z(0xf4), Z(0xcb), Z(0x18), Z(0x33), Z(0x1f), Z(0xf8),
- Z(0x69), Z(0x10), Z(0x9d), Z(0xd3), Z(0xf7), Z(0x28), Z(0xf8), Z(0x30),
- Z(0x05), Z(0x5e), Z(0x32), Z(0xc0), Z(0xd5), Z(0x19), Z(0xbd), Z(0x45),
- Z(0x8b), Z(0x5b), Z(0xfd), Z(0xbc), Z(0xe2), Z(0x5c), Z(0xa9), Z(0x96),
- Z(0xef), Z(0x70), Z(0xcf), Z(0xc2), Z(0x2a), Z(0xb3), Z(0x61), Z(0xad),
- Z(0x80), Z(0x48), Z(0x81), Z(0xb7), Z(0x1d), Z(0x43), Z(0xd9), Z(0xd7),
- Z(0x45), Z(0xf0), Z(0xd8), Z(0x8a), Z(0x59), Z(0x7c), Z(0x57), Z(0xc1),
- Z(0x79), Z(0xc7), Z(0x34), Z(0xd6), Z(0x43), Z(0xdf), Z(0xe4), Z(0x78),
- Z(0x16), Z(0x06), Z(0xda), Z(0x92), Z(0x76), Z(0x51), Z(0xe1), Z(0xd4),
- Z(0x70), Z(0x03), Z(0xe0), Z(0x2f), Z(0x96), Z(0x91), Z(0x82), Z(0x80)
-};
-
-#undef Z
-#define Z(x) cpu_to_be32(x << 11)
-static const __be32 sbox2[256] = {
- Z(0xf0), Z(0x37), Z(0x24), Z(0x53), Z(0x2a), Z(0x03), Z(0x83), Z(0x86),
- Z(0xd1), Z(0xec), Z(0x50), Z(0xf0), Z(0x42), Z(0x78), Z(0x2f), Z(0x6d),
- Z(0xbf), Z(0x80), Z(0x87), Z(0x27), Z(0x95), Z(0xe2), Z(0xc5), Z(0x5d),
- Z(0xf9), Z(0x6f), Z(0xdb), Z(0xb4), Z(0x65), Z(0x6e), Z(0xe7), Z(0x24),
- Z(0xc8), Z(0x1a), Z(0xbb), Z(0x49), Z(0xb5), Z(0x0a), Z(0x7d), Z(0xb9),
- Z(0xe8), Z(0xdc), Z(0xb7), Z(0xd9), Z(0x45), Z(0x20), Z(0x1b), Z(0xce),
- Z(0x59), Z(0x9d), Z(0x6b), Z(0xbd), Z(0x0e), Z(0x8f), Z(0xa3), Z(0xa9),
- Z(0xbc), Z(0x74), Z(0xa6), Z(0xf6), Z(0x7f), Z(0x5f), Z(0xb1), Z(0x68),
- Z(0x84), Z(0xbc), Z(0xa9), Z(0xfd), Z(0x55), Z(0x50), Z(0xe9), Z(0xb6),
- Z(0x13), Z(0x5e), Z(0x07), Z(0xb8), Z(0x95), Z(0x02), Z(0xc0), Z(0xd0),
- Z(0x6a), Z(0x1a), Z(0x85), Z(0xbd), Z(0xb6), Z(0xfd), Z(0xfe), Z(0x17),
- Z(0x3f), Z(0x09), Z(0xa3), Z(0x8d), Z(0xfb), Z(0xed), Z(0xda), Z(0x1d),
- Z(0x6d), Z(0x1c), Z(0x6c), Z(0x01), Z(0x5a), Z(0xe5), Z(0x71), Z(0x3e),
- Z(0x8b), Z(0x6b), Z(0xbe), Z(0x29), Z(0xeb), Z(0x12), Z(0x19), Z(0x34),
- Z(0xcd), Z(0xb3), Z(0xbd), Z(0x35), Z(0xea), Z(0x4b), Z(0xd5), Z(0xae),
- Z(0x2a), Z(0x79), Z(0x5a), Z(0xa5), Z(0x32), Z(0x12), Z(0x7b), Z(0xdc),
- Z(0x2c), Z(0xd0), Z(0x22), Z(0x4b), Z(0xb1), Z(0x85), Z(0x59), Z(0x80),
- Z(0xc0), Z(0x30), Z(0x9f), Z(0x73), Z(0xd3), Z(0x14), Z(0x48), Z(0x40),
- Z(0x07), Z(0x2d), Z(0x8f), Z(0x80), Z(0x0f), Z(0xce), Z(0x0b), Z(0x5e),
- Z(0xb7), Z(0x5e), Z(0xac), Z(0x24), Z(0x94), Z(0x4a), Z(0x18), Z(0x15),
- Z(0x05), Z(0xe8), Z(0x02), Z(0x77), Z(0xa9), Z(0xc7), Z(0x40), Z(0x45),
- Z(0x89), Z(0xd1), Z(0xea), Z(0xde), Z(0x0c), Z(0x79), Z(0x2a), Z(0x99),
- Z(0x6c), Z(0x3e), Z(0x95), Z(0xdd), Z(0x8c), Z(0x7d), Z(0xad), Z(0x6f),
- Z(0xdc), Z(0xff), Z(0xfd), Z(0x62), Z(0x47), Z(0xb3), Z(0x21), Z(0x8a),
- Z(0xec), Z(0x8e), Z(0x19), Z(0x18), Z(0xb4), Z(0x6e), Z(0x3d), Z(0xfd),
- Z(0x74), Z(0x54), Z(0x1e), Z(0x04), Z(0x85), Z(0xd8), Z(0xbc), Z(0x1f),
- Z(0x56), Z(0xe7), Z(0x3a), Z(0x56), Z(0x67), Z(0xd6), Z(0xc8), Z(0xa5),
- Z(0xf3), Z(0x8e), Z(0xde), Z(0xae), Z(0x37), Z(0x49), Z(0xb7), Z(0xfa),
- Z(0xc8), Z(0xf4), Z(0x1f), Z(0xe0), Z(0x2a), Z(0x9b), Z(0x15), Z(0xd1),
- Z(0x34), Z(0x0e), Z(0xb5), Z(0xe0), Z(0x44), Z(0x78), Z(0x84), Z(0x59),
- Z(0x56), Z(0x68), Z(0x77), Z(0xa5), Z(0x14), Z(0x06), Z(0xf5), Z(0x2f),
- Z(0x8c), Z(0x8a), Z(0x73), Z(0x80), Z(0x76), Z(0xb4), Z(0x10), Z(0x86)
-};
-
-#undef Z
-#define Z(x) cpu_to_be32(x << 19)
-static const __be32 sbox3[256] = {
- Z(0xa9), Z(0x2a), Z(0x48), Z(0x51), Z(0x84), Z(0x7e), Z(0x49), Z(0xe2),
- Z(0xb5), Z(0xb7), Z(0x42), Z(0x33), Z(0x7d), Z(0x5d), Z(0xa6), Z(0x12),
- Z(0x44), Z(0x48), Z(0x6d), Z(0x28), Z(0xaa), Z(0x20), Z(0x6d), Z(0x57),
- Z(0xd6), Z(0x6b), Z(0x5d), Z(0x72), Z(0xf0), Z(0x92), Z(0x5a), Z(0x1b),
- Z(0x53), Z(0x80), Z(0x24), Z(0x70), Z(0x9a), Z(0xcc), Z(0xa7), Z(0x66),
- Z(0xa1), Z(0x01), Z(0xa5), Z(0x41), Z(0x97), Z(0x41), Z(0x31), Z(0x82),
- Z(0xf1), Z(0x14), Z(0xcf), Z(0x53), Z(0x0d), Z(0xa0), Z(0x10), Z(0xcc),
- Z(0x2a), Z(0x7d), Z(0xd2), Z(0xbf), Z(0x4b), Z(0x1a), Z(0xdb), Z(0x16),
- Z(0x47), Z(0xf6), Z(0x51), Z(0x36), Z(0xed), Z(0xf3), Z(0xb9), Z(0x1a),
- Z(0xa7), Z(0xdf), Z(0x29), Z(0x43), Z(0x01), Z(0x54), Z(0x70), Z(0xa4),
- Z(0xbf), Z(0xd4), Z(0x0b), Z(0x53), Z(0x44), Z(0x60), Z(0x9e), Z(0x23),
- Z(0xa1), Z(0x18), Z(0x68), Z(0x4f), Z(0xf0), Z(0x2f), Z(0x82), Z(0xc2),
- Z(0x2a), Z(0x41), Z(0xb2), Z(0x42), Z(0x0c), Z(0xed), Z(0x0c), Z(0x1d),
- Z(0x13), Z(0x3a), Z(0x3c), Z(0x6e), Z(0x35), Z(0xdc), Z(0x60), Z(0x65),
- Z(0x85), Z(0xe9), Z(0x64), Z(0x02), Z(0x9a), Z(0x3f), Z(0x9f), Z(0x87),
- Z(0x96), Z(0xdf), Z(0xbe), Z(0xf2), Z(0xcb), Z(0xe5), Z(0x6c), Z(0xd4),
- Z(0x5a), Z(0x83), Z(0xbf), Z(0x92), Z(0x1b), Z(0x94), Z(0x00), Z(0x42),
- Z(0xcf), Z(0x4b), Z(0x00), Z(0x75), Z(0xba), Z(0x8f), Z(0x76), Z(0x5f),
- Z(0x5d), Z(0x3a), Z(0x4d), Z(0x09), Z(0x12), Z(0x08), Z(0x38), Z(0x95),
- Z(0x17), Z(0xe4), Z(0x01), Z(0x1d), Z(0x4c), Z(0xa9), Z(0xcc), Z(0x85),
- Z(0x82), Z(0x4c), Z(0x9d), Z(0x2f), Z(0x3b), Z(0x66), Z(0xa1), Z(0x34),
- Z(0x10), Z(0xcd), Z(0x59), Z(0x89), Z(0xa5), Z(0x31), Z(0xcf), Z(0x05),
- Z(0xc8), Z(0x84), Z(0xfa), Z(0xc7), Z(0xba), Z(0x4e), Z(0x8b), Z(0x1a),
- Z(0x19), Z(0xf1), Z(0xa1), Z(0x3b), Z(0x18), Z(0x12), Z(0x17), Z(0xb0),
- Z(0x98), Z(0x8d), Z(0x0b), Z(0x23), Z(0xc3), Z(0x3a), Z(0x2d), Z(0x20),
- Z(0xdf), Z(0x13), Z(0xa0), Z(0xa8), Z(0x4c), Z(0x0d), Z(0x6c), Z(0x2f),
- Z(0x47), Z(0x13), Z(0x13), Z(0x52), Z(0x1f), Z(0x2d), Z(0xf5), Z(0x79),
- Z(0x3d), Z(0xa2), Z(0x54), Z(0xbd), Z(0x69), Z(0xc8), Z(0x6b), Z(0xf3),
- Z(0x05), Z(0x28), Z(0xf1), Z(0x16), Z(0x46), Z(0x40), Z(0xb0), Z(0x11),
- Z(0xd3), Z(0xb7), Z(0x95), Z(0x49), Z(0xcf), Z(0xc3), Z(0x1d), Z(0x8f),
- Z(0xd8), Z(0xe1), Z(0x73), Z(0xdb), Z(0xad), Z(0xc8), Z(0xc9), Z(0xa9),
- Z(0xa1), Z(0xc2), Z(0xc5), Z(0xe3), Z(0xba), Z(0xfc), Z(0x0e), Z(0x25)
-};
-
-/*
- * This is a 16 round Feistel network with permutation F_ENCRYPT
- */
-#define F_ENCRYPT(R, L, sched) \
-do { \
- union lc4 { __be32 l; u8 c[4]; } u; \
- u.l = sched ^ R; \
- L ^= sbox0[u.c[0]] ^ sbox1[u.c[1]] ^ sbox2[u.c[2]] ^ sbox3[u.c[3]]; \
-} while (0)
-
-/*
- * encryptor
- */
-static void fcrypt_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
-{
- const struct fcrypt_ctx *ctx = crypto_tfm_ctx(tfm);
- struct {
- __be32 l, r;
- } X;
-
- memcpy(&X, src, sizeof(X));
-
- F_ENCRYPT(X.r, X.l, ctx->sched[0x0]);
- F_ENCRYPT(X.l, X.r, ctx->sched[0x1]);
- F_ENCRYPT(X.r, X.l, ctx->sched[0x2]);
- F_ENCRYPT(X.l, X.r, ctx->sched[0x3]);
- F_ENCRYPT(X.r, X.l, ctx->sched[0x4]);
- F_ENCRYPT(X.l, X.r, ctx->sched[0x5]);
- F_ENCRYPT(X.r, X.l, ctx->sched[0x6]);
- F_ENCRYPT(X.l, X.r, ctx->sched[0x7]);
- F_ENCRYPT(X.r, X.l, ctx->sched[0x8]);
- F_ENCRYPT(X.l, X.r, ctx->sched[0x9]);
- F_ENCRYPT(X.r, X.l, ctx->sched[0xa]);
- F_ENCRYPT(X.l, X.r, ctx->sched[0xb]);
- F_ENCRYPT(X.r, X.l, ctx->sched[0xc]);
- F_ENCRYPT(X.l, X.r, ctx->sched[0xd]);
- F_ENCRYPT(X.r, X.l, ctx->sched[0xe]);
- F_ENCRYPT(X.l, X.r, ctx->sched[0xf]);
-
- memcpy(dst, &X, sizeof(X));
-}
-
-/*
- * decryptor
- */
-static void fcrypt_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
-{
- const struct fcrypt_ctx *ctx = crypto_tfm_ctx(tfm);
- struct {
- __be32 l, r;
- } X;
-
- memcpy(&X, src, sizeof(X));
-
- F_ENCRYPT(X.l, X.r, ctx->sched[0xf]);
- F_ENCRYPT(X.r, X.l, ctx->sched[0xe]);
- F_ENCRYPT(X.l, X.r, ctx->sched[0xd]);
- F_ENCRYPT(X.r, X.l, ctx->sched[0xc]);
- F_ENCRYPT(X.l, X.r, ctx->sched[0xb]);
- F_ENCRYPT(X.r, X.l, ctx->sched[0xa]);
- F_ENCRYPT(X.l, X.r, ctx->sched[0x9]);
- F_ENCRYPT(X.r, X.l, ctx->sched[0x8]);
- F_ENCRYPT(X.l, X.r, ctx->sched[0x7]);
- F_ENCRYPT(X.r, X.l, ctx->sched[0x6]);
- F_ENCRYPT(X.l, X.r, ctx->sched[0x5]);
- F_ENCRYPT(X.r, X.l, ctx->sched[0x4]);
- F_ENCRYPT(X.l, X.r, ctx->sched[0x3]);
- F_ENCRYPT(X.r, X.l, ctx->sched[0x2]);
- F_ENCRYPT(X.l, X.r, ctx->sched[0x1]);
- F_ENCRYPT(X.r, X.l, ctx->sched[0x0]);
-
- memcpy(dst, &X, sizeof(X));
-}
-
-/*
- * Generate a key schedule from key, the least significant bit in each key byte
- * is parity and shall be ignored. This leaves 56 significant bits in the key
- * to scatter over the 16 key schedules. For each schedule extract the low
- * order 32 bits and use as schedule, then rotate right by 11 bits.
- */
-static int fcrypt_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen)
-{
- struct fcrypt_ctx *ctx = crypto_tfm_ctx(tfm);
-
-#if BITS_PER_LONG == 64 /* the 64-bit version can also be used for 32-bit
- * kernels - it seems to be faster but the code is
- * larger */
-
- u64 k; /* k holds all 56 non-parity bits */
-
- /* discard the parity bits */
- k = (*key++) >> 1;
- k <<= 7;
- k |= (*key++) >> 1;
- k <<= 7;
- k |= (*key++) >> 1;
- k <<= 7;
- k |= (*key++) >> 1;
- k <<= 7;
- k |= (*key++) >> 1;
- k <<= 7;
- k |= (*key++) >> 1;
- k <<= 7;
- k |= (*key++) >> 1;
- k <<= 7;
- k |= (*key) >> 1;
-
- /* Use lower 32 bits for schedule, rotate by 11 each round (16 times) */
- ctx->sched[0x0] = cpu_to_be32(k); ror56_64(k, 11);
- ctx->sched[0x1] = cpu_to_be32(k); ror56_64(k, 11);
- ctx->sched[0x2] = cpu_to_be32(k); ror56_64(k, 11);
- ctx->sched[0x3] = cpu_to_be32(k); ror56_64(k, 11);
- ctx->sched[0x4] = cpu_to_be32(k); ror56_64(k, 11);
- ctx->sched[0x5] = cpu_to_be32(k); ror56_64(k, 11);
- ctx->sched[0x6] = cpu_to_be32(k); ror56_64(k, 11);
- ctx->sched[0x7] = cpu_to_be32(k); ror56_64(k, 11);
- ctx->sched[0x8] = cpu_to_be32(k); ror56_64(k, 11);
- ctx->sched[0x9] = cpu_to_be32(k); ror56_64(k, 11);
- ctx->sched[0xa] = cpu_to_be32(k); ror56_64(k, 11);
- ctx->sched[0xb] = cpu_to_be32(k); ror56_64(k, 11);
- ctx->sched[0xc] = cpu_to_be32(k); ror56_64(k, 11);
- ctx->sched[0xd] = cpu_to_be32(k); ror56_64(k, 11);
- ctx->sched[0xe] = cpu_to_be32(k); ror56_64(k, 11);
- ctx->sched[0xf] = cpu_to_be32(k);
-
- return 0;
-#else
- u32 hi, lo; /* hi is upper 24 bits and lo lower 32, total 56 */
-
- /* discard the parity bits */
- lo = (*key++) >> 1;
- lo <<= 7;
- lo |= (*key++) >> 1;
- lo <<= 7;
- lo |= (*key++) >> 1;
- lo <<= 7;
- lo |= (*key++) >> 1;
- hi = lo >> 4;
- lo &= 0xf;
- lo <<= 7;
- lo |= (*key++) >> 1;
- lo <<= 7;
- lo |= (*key++) >> 1;
- lo <<= 7;
- lo |= (*key++) >> 1;
- lo <<= 7;
- lo |= (*key) >> 1;
-
- /* Use lower 32 bits for schedule, rotate by 11 each round (16 times) */
- ctx->sched[0x0] = cpu_to_be32(lo); ror56(hi, lo, 11);
- ctx->sched[0x1] = cpu_to_be32(lo); ror56(hi, lo, 11);
- ctx->sched[0x2] = cpu_to_be32(lo); ror56(hi, lo, 11);
- ctx->sched[0x3] = cpu_to_be32(lo); ror56(hi, lo, 11);
- ctx->sched[0x4] = cpu_to_be32(lo); ror56(hi, lo, 11);
- ctx->sched[0x5] = cpu_to_be32(lo); ror56(hi, lo, 11);
- ctx->sched[0x6] = cpu_to_be32(lo); ror56(hi, lo, 11);
- ctx->sched[0x7] = cpu_to_be32(lo); ror56(hi, lo, 11);
- ctx->sched[0x8] = cpu_to_be32(lo); ror56(hi, lo, 11);
- ctx->sched[0x9] = cpu_to_be32(lo); ror56(hi, lo, 11);
- ctx->sched[0xa] = cpu_to_be32(lo); ror56(hi, lo, 11);
- ctx->sched[0xb] = cpu_to_be32(lo); ror56(hi, lo, 11);
- ctx->sched[0xc] = cpu_to_be32(lo); ror56(hi, lo, 11);
- ctx->sched[0xd] = cpu_to_be32(lo); ror56(hi, lo, 11);
- ctx->sched[0xe] = cpu_to_be32(lo); ror56(hi, lo, 11);
- ctx->sched[0xf] = cpu_to_be32(lo);
- return 0;
-#endif
-}
-
-static struct crypto_alg fcrypt_alg = {
- .cra_name = "fcrypt",
- .cra_driver_name = "fcrypt-generic",
- .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
- .cra_blocksize = 8,
- .cra_ctxsize = sizeof(struct fcrypt_ctx),
- .cra_module = THIS_MODULE,
- .cra_u = { .cipher = {
- .cia_min_keysize = 8,
- .cia_max_keysize = 8,
- .cia_setkey = fcrypt_setkey,
- .cia_encrypt = fcrypt_encrypt,
- .cia_decrypt = fcrypt_decrypt } }
-};
-
-static int __init fcrypt_mod_init(void)
-{
- return crypto_register_alg(&fcrypt_alg);
-}
-
-static void __exit fcrypt_mod_fini(void)
-{
- crypto_unregister_alg(&fcrypt_alg);
-}
-
-module_init(fcrypt_mod_init);
-module_exit(fcrypt_mod_fini);
-
-MODULE_LICENSE("Dual BSD/GPL");
-MODULE_DESCRIPTION("FCrypt Cipher Algorithm");
-MODULE_AUTHOR("David Howells <dhowells@redhat.com>");
-MODULE_ALIAS_CRYPTO("fcrypt");
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index e54517605f5f..61a2501bfe9b 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -1598,14 +1598,10 @@ static int do_test(const char *alg, u32 type, u32 mask, int m, u32 num_mb)
case 30:
ret = min(ret, tcrypt_test("ecb(xeta)"));
break;
- case 31:
- ret = min(ret, tcrypt_test("pcbc(fcrypt)"));
- break;
-
case 32:
ret = min(ret, tcrypt_test("ecb(camellia)"));
ret = min(ret, tcrypt_test("cbc(camellia)"));
ret = min(ret, tcrypt_test("ctr(camellia)"));
ret = min(ret, tcrypt_test("lrw(camellia)"));
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 4d86efae65b2..f392d97fc469 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -4825,19 +4825,10 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "ecb(des3_ede)",
.test = alg_test_skcipher,
.suite = {
.cipher = __VECS(des3_ede_tv_template)
}
- }, {
- .alg = "ecb(fcrypt)",
- .test = alg_test_skcipher,
- .suite = {
- .cipher = {
- .vecs = fcrypt_pcbc_tv_template,
- .count = 1
- }
- }
}, {
.alg = "ecb(khazad)",
.test = alg_test_skcipher,
.suite = {
.cipher = __VECS(khazad_tv_template)
@@ -5252,16 +5243,10 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "p1363(ecdsa-nist-p521)",
.test = alg_test_null,
.fips_allowed = 1,
}, {
- .alg = "pcbc(fcrypt)",
- .test = alg_test_skcipher,
- .suite = {
- .cipher = __VECS(fcrypt_pcbc_tv_template)
- }
- }, {
#if IS_ENABLED(CONFIG_CRYPTO_PHMAC_S390)
.alg = "phmac(sha224)",
.test = alg_test_hash,
.fips_allowed = 1,
.suite = {
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 9b4d7e11c9fd..3f0600bd9c05 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -25066,55 +25066,10 @@ static const struct cipher_testvec xeta_tv_template[] = {
"\xea\xa5\x6a\x85\xd1\xf4\xa8\xa5",
.len = 32,
}
};
-/*
- * FCrypt test vectors
- */
-static const struct cipher_testvec fcrypt_pcbc_tv_template[] = {
- { /* http://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html */
- .key = "\x00\x00\x00\x00\x00\x00\x00\x00",
- .klen = 8,
- .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
- .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00",
- .ctext = "\x0E\x09\x00\xC7\x3E\xF7\xED\x41",
- .len = 8,
- }, {
- .key = "\x11\x44\x77\xAA\xDD\x00\x33\x66",
- .klen = 8,
- .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
- .ptext = "\x12\x34\x56\x78\x9A\xBC\xDE\xF0",
- .ctext = "\xD8\xED\x78\x74\x77\xEC\x06\x80",
- .len = 8,
- }, { /* From Arla */
- .key = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87",
- .klen = 8,
- .iv = "\xfe\xdc\xba\x98\x76\x54\x32\x10",
- .ptext = "The quick brown fox jumps over the lazy dogs.\0\0",
- .ctext = "\x00\xf0\x0e\x11\x75\xe6\x23\x82"
- "\xee\xac\x98\x62\x44\x51\xe4\x84"
- "\xc3\x59\xd8\xaa\x64\x60\xae\xf7"
- "\xd2\xd9\x13\x79\x72\xa3\x45\x03"
- "\x23\xb5\x62\xd7\x0c\xf5\x27\xd1"
- "\xf8\x91\x3c\xac\x44\x22\x92\xef",
- .len = 48,
- }, {
- .key = "\xfe\xdc\xba\x98\x76\x54\x32\x10",
- .klen = 8,
- .iv = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87",
- .ptext = "The quick brown fox jumps over the lazy dogs.\0\0",
- .ctext = "\xca\x90\xf5\x9d\xcb\xd4\xd2\x3c"
- "\x01\x88\x7f\x3e\x31\x6e\x62\x9d"
- "\xd8\xe0\x57\xa3\x06\x3a\x42\x58"
- "\x2a\x28\xfe\x72\x52\x2f\xdd\xe0"
- "\x19\x89\x09\x1c\x2a\x8e\x8c\x94"
- "\xfc\xc7\x68\xe4\x88\xaa\xde\x0f",
- .len = 48,
- }
-};
-
/*
* CAMELLIA test vectors.
*/
static const struct hash_testvec camellia_cmac128_tv_template[] = {
{ /* From draft-kato-ipsec-camellia-cmac96and128-01 */
--
2.54.0
^ permalink raw reply related
* [PATCH net-next v2 3/5] net/rxrpc: Reimplement DES-PCBC using DES library
From: Eric Biggers @ 2026-05-22 5:07 UTC (permalink / raw)
To: netdev, linux-afs
Cc: David Howells, Marc Dionne, linux-crypto, linux-kernel,
David S . Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
Simon Horman, Eric Biggers
In-Reply-To: <20260522050740.84561-1-ebiggers@kernel.org>
Since the use of "pcbc(des)" in rxkad_decrypt_ticket() is the only
remaining user of the crypto API "pcbc" template, just implement
DES-PCBC by locally implementing PCBC mode on top of the DES library.
Note that only the decryption direction is needed.
This will allow support for the obsolete PCBC mode to be removed from
the crypto API.
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
net/rxrpc/Kconfig | 5 +--
net/rxrpc/ar-internal.h | 5 +++
net/rxrpc/key.c | 1 -
net/rxrpc/rxkad.c | 76 +++++++++++++++++++----------------
net/rxrpc/server_key.c | 1 -
net/rxrpc/tests/rxrpc_kunit.c | 31 ++++++++++++++
6 files changed, 79 insertions(+), 40 deletions(-)
diff --git a/net/rxrpc/Kconfig b/net/rxrpc/Kconfig
index de19c67dc965..2cebb666dc07 100644
--- a/net/rxrpc/Kconfig
+++ b/net/rxrpc/Kconfig
@@ -5,10 +5,11 @@
config AF_RXRPC
tristate "RxRPC session sockets"
depends on INET
select CRYPTO
+ select CRYPTO_LIB_DES if RXKAD
select KEYS
select NET_UDP_TUNNEL
help
Say Y or M here to include support for RxRPC session sockets (just
the transport part, not the presentation part: (un)marshalling is
@@ -54,14 +55,10 @@ config AF_RXRPC_DEBUG
See Documentation/networking/rxrpc.rst.
config RXKAD
bool "RxRPC Kerberos security"
- select CRYPTO
- select CRYPTO_MANAGER
- select CRYPTO_SKCIPHER
- select CRYPTO_PCBC
help
Provide kerberos 4 and AFS kaserver security handling for AF_RXRPC
through the use of the key retention service.
See Documentation/networking/rxrpc.rst.
diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index 29d32aa4ecc7..5802f6f78723 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -34,10 +34,15 @@ void fcrypt_pcbc_encrypt(const struct fcrypt_key *key,
const u8 iv[FCRYPT_BSIZE], const void *src, void *dst,
size_t nblocks);
void fcrypt_pcbc_decrypt(const struct fcrypt_key *key,
const u8 iv[FCRYPT_BSIZE], const void *src, void *dst,
size_t nblocks);
+#if IS_ENABLED(CONFIG_KUNIT)
+struct des_ctx;
+void des_pcbc_decrypt_inplace(const struct des_ctx *key, __le64 iv, u8 *data,
+ size_t len);
+#endif
#define rxrpc_queue_work(WS) queue_work(rxrpc_workqueue, (WS))
#define rxrpc_queue_delayed_work(WS,D) \
queue_delayed_work(rxrpc_workqueue, (WS), (D))
diff --git a/net/rxrpc/key.c b/net/rxrpc/key.c
index 3ec3d89fdf14..a0aa78d89289 100644
--- a/net/rxrpc/key.c
+++ b/net/rxrpc/key.c
@@ -8,11 +8,10 @@
* "afs@example.com"
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
-#include <crypto/skcipher.h>
#include <linux/module.h>
#include <linux/net.h>
#include <linux/overflow.h>
#include <linux/skbuff.h>
#include <linux/key-type.h>
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index d8bc5ecbfc3d..ca9f0e82cb9a 100644
--- a/net/rxrpc/rxkad.c
+++ b/net/rxrpc/rxkad.c
@@ -5,20 +5,22 @@
* Written by David Howells (dhowells@redhat.com)
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
-#include <crypto/skcipher.h>
+#include <crypto/des.h>
+#include <kunit/visibility.h>
+#include <linux/export.h>
#include <linux/fips.h>
#include <linux/module.h>
#include <linux/net.h>
#include <linux/skbuff.h>
#include <linux/udp.h>
-#include <linux/scatterlist.h>
#include <linux/ctype.h>
#include <linux/slab.h>
#include <linux/key-type.h>
+#include <linux/unaligned.h>
#include <net/sock.h>
#include <net/af_rxrpc.h>
#include <keys/rxrpc-type.h>
#include "ar-internal.h"
@@ -50,44 +52,45 @@ static void rxkad_prime_packet_security(struct rxrpc_connection *conn,
*
* The data should be the 8-byte secret key.
*/
static int rxkad_preparse_server_key(struct key_preparsed_payload *prep)
{
- struct crypto_skcipher *ci;
+ struct des_ctx *des_key;
+ int err;
if (prep->datalen != 8)
return -EINVAL;
memcpy(&prep->payload.data[2], prep->data, 8);
- ci = crypto_alloc_skcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC);
- if (IS_ERR(ci)) {
- _leave(" = %ld", PTR_ERR(ci));
- return PTR_ERR(ci);
+ des_key = kmalloc_obj(*des_key);
+ if (!des_key) {
+ _leave(" = -ENOMEM");
+ return -ENOMEM;
}
- if (crypto_skcipher_setkey(ci, prep->data, 8) < 0)
- BUG();
+ err = des_expand_key(des_key, prep->data, 8);
+ if (err) {
+ kfree_sensitive(des_key);
+ _leave(" = %d", err);
+ return err;
+ }
- prep->payload.data[0] = ci;
+ prep->payload.data[0] = des_key;
_leave(" = 0");
return 0;
}
static void rxkad_free_preparse_server_key(struct key_preparsed_payload *prep)
{
-
- if (prep->payload.data[0])
- crypto_free_skcipher(prep->payload.data[0]);
+ kfree_sensitive(prep->payload.data[0]);
}
static void rxkad_destroy_server_key(struct key *key)
{
- if (key->payload.data[0]) {
- crypto_free_skcipher(key->payload.data[0]);
- key->payload.data[0] = NULL;
- }
+ kfree_sensitive(key->payload.data[0]);
+ key->payload.data[0] = NULL;
}
/*
* initialise connection security
*/
@@ -769,51 +772,56 @@ int rxkad_kernel_respond_to_challenge(struct sk_buff *challenge)
return rxkad_respond_to_challenge(csp->chall.conn, challenge);
}
EXPORT_SYMBOL(rxkad_kernel_respond_to_challenge);
+/* Decrypt data in-place using DES-PCBC. @len must be a multiple of 8. */
+VISIBLE_IF_KUNIT void des_pcbc_decrypt_inplace(const struct des_ctx *key,
+ __le64 iv, u8 *data, size_t len)
+{
+ for (size_t i = 0; i < len; i += DES_BLOCK_SIZE) {
+ __le64 ctext, ptext;
+
+ ctext = get_unaligned((const __le64 *)&data[i]);
+ des_decrypt(key, (u8 *)&ptext, (const u8 *)&ctext);
+ ptext ^= iv;
+ put_unaligned(ptext, (__le64 *)&data[i]);
+ iv = ptext ^ ctext;
+ }
+}
+EXPORT_SYMBOL_IF_KUNIT(des_pcbc_decrypt_inplace);
+
/*
* decrypt the kerberos IV ticket in the response
*/
static int rxkad_decrypt_ticket(struct rxrpc_connection *conn,
struct key *server_key,
struct sk_buff *skb,
void *ticket, size_t ticket_len,
struct rxrpc_crypt *_session_key,
time64_t *_expiry)
{
- struct skcipher_request *req;
- struct rxrpc_crypt iv, key;
- struct scatterlist sg[1];
+ struct rxrpc_crypt key;
struct in_addr addr;
unsigned int life;
time64_t issue, now;
- int ret;
bool little_endian;
u8 *p, *q, *name, *end;
_enter("{%d},{%x}", conn->debug_id, key_serial(server_key));
*_expiry = 0;
ASSERT(server_key->payload.data[0] != NULL);
- memcpy(&iv, &server_key->payload.data[2], sizeof(iv));
-
- req = skcipher_request_alloc(server_key->payload.data[0], GFP_NOFS);
- if (!req)
- return -ENOMEM;
-
- sg_init_one(&sg[0], ticket, ticket_len);
- skcipher_request_set_callback(req, 0, NULL, NULL);
- skcipher_request_set_crypt(req, sg, sg, ticket_len, iv.x);
- ret = crypto_skcipher_decrypt(req);
- skcipher_request_free(req);
- if (ret < 0)
+ if (ticket_len % DES_BLOCK_SIZE != 0)
return rxrpc_abort_conn(conn, skb, RXKADBADTICKET, -EPROTO,
rxkad_abort_resp_tkt_short);
-
+ des_pcbc_decrypt_inplace(
+ server_key->payload.data[0],
+ get_unaligned((const __le64 *)&server_key->payload.data[2]),
+ ticket, ticket_len);
p = ticket;
end = p + ticket_len;
#define Z(field, fieldl) \
({ \
diff --git a/net/rxrpc/server_key.c b/net/rxrpc/server_key.c
index 27491f1e1273..3efe104b1930 100644
--- a/net/rxrpc/server_key.c
+++ b/net/rxrpc/server_key.c
@@ -8,11 +8,10 @@
* "afs@CAMBRIDGE.REDHAT.COM>
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
-#include <crypto/skcipher.h>
#include <linux/module.h>
#include <linux/net.h>
#include <linux/skbuff.h>
#include <linux/key-type.h>
#include <linux/ctype.h>
diff --git a/net/rxrpc/tests/rxrpc_kunit.c b/net/rxrpc/tests/rxrpc_kunit.c
index 85a9859fae44..95fd05a07d17 100644
--- a/net/rxrpc/tests/rxrpc_kunit.c
+++ b/net/rxrpc/tests/rxrpc_kunit.c
@@ -3,10 +3,11 @@
* Unit tests for RxRPC crypto functions
*
* Copyright 2026 Google LLC
*/
#include "../ar-internal.h"
+#include <crypto/des.h>
#include <kunit/test.h>
struct fcrypt_pcbc_testvec {
u8 key[FCRYPT_BSIZE];
u8 iv[FCRYPT_BSIZE];
@@ -91,12 +92,42 @@ static void test_fcrypt_pcbc(struct kunit *test)
fcrypt_pcbc_decrypt(&key, tv->iv, data, data, nblocks);
KUNIT_ASSERT_MEMEQ(test, tv->ptext, data, len);
}
}
+static void test_des_pcbc(struct kunit *test)
+{
+ /* This was generated from the original pcbc(des) crypto API code. */
+ static const u8 expected_ptext[24] =
+ "\xc8\xe2\x3c\xdf\x80\x61\x8a\xad\xa5\x52\xb4\x20"
+ "\x74\x32\x1f\xe4\x2c\x15\x7d\x21\x57\xda\x3f\x31";
+ u8 key[8];
+ union {
+ __le64 w;
+ u8 b[8];
+ } iv;
+ u8 data[24];
+ struct des_ctx ctx;
+ int err;
+
+ for (int i = 0; i < 8; i++) {
+ key[i] = i;
+ iv.b[i] = 255 - i;
+ }
+ for (int i = 0; i < sizeof(data); i++)
+ data[i] = i;
+
+ err = des_expand_key(&ctx, key, sizeof(key));
+ KUNIT_ASSERT_EQ(test, 0, err);
+
+ des_pcbc_decrypt_inplace(&ctx, iv.w, data, sizeof(data));
+ KUNIT_ASSERT_MEMEQ(test, expected_ptext, data, sizeof(data));
+}
+
static struct kunit_case rxrpc_test_cases[] = {
KUNIT_CASE(test_fcrypt_pcbc),
+ KUNIT_CASE(test_des_pcbc),
{},
};
static struct kunit_suite rxrpc_test_suite = {
.name = "rxrpc",
--
2.54.0
^ permalink raw reply related
* [PATCH net-next v2 2/5] net/rxrpc: Use local FCrypt-PCBC implementation
From: Eric Biggers @ 2026-05-22 5:07 UTC (permalink / raw)
To: netdev, linux-afs
Cc: David Howells, Marc Dionne, linux-crypto, linux-kernel,
David S . Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
Simon Horman, Eric Biggers
In-Reply-To: <20260522050740.84561-1-ebiggers@kernel.org>
Use the local implementation of FCrypt-PCBC instead of the crypto API
one. This will allow the crypto API one to be removed. It also
simplifies the code quite a bit.
The local FCrypt-PCBC implementation is also significantly faster than
the crypto API one, since the crypto API one had a lot of overhead. For
example, benchmarking on an x86_64 CPU, I see that FCrypt-PCBC
decryption throughput improved from 83 MB/s to 157 MB/s.
(Meanwhile, AES-256-GCM decryption is 8064 MB/s on the same CPU.
Clearly, anyone looking for good performance, or anything that is
actually secure for that matter, needs to look elsewhere anyway.)
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
net/rxrpc/Kconfig | 1 -
net/rxrpc/ar-internal.h | 2 +-
net/rxrpc/rxkad.c | 353 +++++++++-------------------------------
3 files changed, 76 insertions(+), 280 deletions(-)
diff --git a/net/rxrpc/Kconfig b/net/rxrpc/Kconfig
index e2bb795cdf0c..de19c67dc965 100644
--- a/net/rxrpc/Kconfig
+++ b/net/rxrpc/Kconfig
@@ -58,11 +58,10 @@ config RXKAD
bool "RxRPC Kerberos security"
select CRYPTO
select CRYPTO_MANAGER
select CRYPTO_SKCIPHER
select CRYPTO_PCBC
- select CRYPTO_FCRYPT
help
Provide kerberos 4 and AFS kaserver security handling for AF_RXRPC
through the use of the key retention service.
See Documentation/networking/rxrpc.rst.
diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index 30aaf69b4c7c..29d32aa4ecc7 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -575,11 +575,11 @@ struct rxrpc_connection {
struct mutex security_lock; /* Lock for security management */
const struct rxrpc_security *security; /* applied security module */
union {
struct {
- struct crypto_sync_skcipher *cipher; /* encryption handle */
+ struct fcrypt_key *cipher; /* encryption key */
struct rxrpc_crypt csum_iv; /* packet checksum base */
u32 nonce; /* response re-use preventer */
} rxkad;
struct {
struct rxgk_context *keys[4]; /* (Re-)keying buffer */
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index 6fbd883401ac..d8bc5ecbfc3d 100644
--- a/net/rxrpc/rxkad.c
+++ b/net/rxrpc/rxkad.c
@@ -6,10 +6,11 @@
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <crypto/skcipher.h>
+#include <linux/fips.h>
#include <linux/module.h>
#include <linux/net.h>
#include <linux/skbuff.h>
#include <linux/udp.h>
#include <linux/scatterlist.h>
@@ -28,30 +29,23 @@
#define INST_SZ 40 /* size of principal's instance */
#define REALM_SZ 40 /* size of principal's auth domain */
#define SNAME_SZ 40 /* size of service name */
#define RXKAD_ALIGN 8
+static const u8 zero_iv[FCRYPT_BSIZE];
+
struct rxkad_level1_hdr {
__be32 data_size; /* true data size (excluding padding) */
};
struct rxkad_level2_hdr {
__be32 data_size; /* true data size (excluding padding) */
__be32 checksum; /* decrypted data checksum */
};
-static int rxkad_prime_packet_security(struct rxrpc_connection *conn,
- struct crypto_sync_skcipher *ci);
-
-/*
- * this holds a pinned cipher so that keventd doesn't get called by the cipher
- * alloc routine, but since we have it to hand, we use it to decrypt RESPONSE
- * packets
- */
-static struct crypto_sync_skcipher *rxkad_ci;
-static struct skcipher_request *rxkad_ci_req;
-static DEFINE_MUTEX(rxkad_ci_mutex);
+static void rxkad_prime_packet_security(struct rxrpc_connection *conn,
+ const struct fcrypt_key *cipher);
/*
* Parse the information from a server key
*
* The data should be the 8-byte secret key.
@@ -98,47 +92,41 @@ static void rxkad_destroy_server_key(struct key *key)
* initialise connection security
*/
static int rxkad_init_connection_security(struct rxrpc_connection *conn,
struct rxrpc_key_token *token)
{
- struct crypto_sync_skcipher *ci;
+ struct fcrypt_key *ci;
int ret;
_enter("{%d},{%x}", conn->debug_id, key_serial(conn->key));
conn->security_ix = token->security_index;
- ci = crypto_alloc_sync_skcipher("pcbc(fcrypt)", 0, 0);
- if (IS_ERR(ci)) {
- _debug("no cipher");
- ret = PTR_ERR(ci);
+ ci = kmalloc_obj(*ci);
+ if (!ci) {
+ ret = -ENOMEM;
goto error;
}
-
- if (crypto_sync_skcipher_setkey(ci, token->kad->session_key,
- sizeof(token->kad->session_key)) < 0)
- BUG();
+ fcrypt_preparekey(ci, token->kad->session_key);
switch (conn->security_level) {
case RXRPC_SECURITY_PLAIN:
case RXRPC_SECURITY_AUTH:
case RXRPC_SECURITY_ENCRYPT:
break;
default:
ret = -EKEYREJECTED;
- goto error;
+ goto error_ci;
}
- ret = rxkad_prime_packet_security(conn, ci);
- if (ret < 0)
- goto error_ci;
+ rxkad_prime_packet_security(conn, ci);
conn->rxkad.cipher = ci;
return 0;
error_ci:
- crypto_free_sync_skcipher(ci);
+ kfree_sensitive(ci);
error:
_leave(" = %d", ret);
return ret;
}
@@ -186,66 +174,32 @@ static struct rxrpc_txbuf *rxkad_alloc_txbuf(struct rxrpc_call *call, size_t rem
/*
* prime the encryption state with the invariant parts of a connection's
* description
*/
-static int rxkad_prime_packet_security(struct rxrpc_connection *conn,
- struct crypto_sync_skcipher *ci)
+static void rxkad_prime_packet_security(struct rxrpc_connection *conn,
+ const struct fcrypt_key *cipher)
{
- struct skcipher_request *req;
struct rxrpc_key_token *token;
- struct scatterlist sg;
- struct rxrpc_crypt iv;
- __be32 *tmpbuf;
- size_t tmpsize = 4 * sizeof(__be32);
- int ret;
+ __be32 tmpbuf[4];
_enter("");
if (!conn->key)
- return 0;
-
- tmpbuf = kmalloc(tmpsize, GFP_KERNEL);
- if (!tmpbuf)
- return -ENOMEM;
-
- req = skcipher_request_alloc(&ci->base, GFP_NOFS);
- if (!req) {
- kfree(tmpbuf);
- return -ENOMEM;
- }
-
+ return;
token = conn->key->payload.data[0];
- memcpy(&iv, token->kad->session_key, sizeof(iv));
tmpbuf[0] = htonl(conn->proto.epoch);
tmpbuf[1] = htonl(conn->proto.cid);
tmpbuf[2] = 0;
tmpbuf[3] = htonl(conn->security_ix);
- sg_init_one(&sg, tmpbuf, tmpsize);
- skcipher_request_set_sync_tfm(req, ci);
- skcipher_request_set_callback(req, 0, NULL, NULL);
- skcipher_request_set_crypt(req, &sg, &sg, tmpsize, iv.x);
- ret = crypto_skcipher_encrypt(req);
- skcipher_request_free(req);
-
- memcpy(&conn->rxkad.csum_iv, tmpbuf + 2, sizeof(conn->rxkad.csum_iv));
- kfree(tmpbuf);
- _leave(" = %d", ret);
- return ret;
-}
-
-/*
- * Allocate and prepare the crypto request on a call. For any particular call,
- * this is called serially for the packets, so no lock should be necessary.
- */
-static struct skcipher_request *rxkad_get_call_crypto(struct rxrpc_call *call)
-{
- struct crypto_skcipher *tfm = &call->conn->rxkad.cipher->base;
-
- return skcipher_request_alloc(tfm, GFP_NOFS);
+ static_assert(sizeof(tmpbuf) % FCRYPT_BSIZE == 0);
+ fcrypt_pcbc_encrypt(cipher, /* iv= */ token->kad->session_key, tmpbuf,
+ tmpbuf, sizeof(tmpbuf) / FCRYPT_BSIZE);
+ memcpy(&conn->rxkad.csum_iv, &tmpbuf[2], sizeof(conn->rxkad.csum_iv));
+ _leave("");
}
/*
* Clean up the crypto on a call.
*/
@@ -254,20 +208,16 @@ static void rxkad_free_call_crypto(struct rxrpc_call *call)
}
/*
* partially encrypt a packet (level 1 security)
*/
-static int rxkad_secure_packet_auth(const struct rxrpc_call *call,
- struct rxrpc_txbuf *txb,
- struct skcipher_request *req)
+static void rxkad_secure_packet_auth(const struct rxrpc_call *call,
+ struct rxrpc_txbuf *txb)
{
struct rxkad_level1_hdr *hdr = txb->data;
- struct rxrpc_crypt iv;
- struct scatterlist sg;
size_t pad;
u16 check;
- int ret;
_enter("");
check = txb->seq ^ call->call_id;
hdr->data_size = htonl((u32)check << 16 | txb->len);
@@ -280,72 +230,52 @@ static int rxkad_secure_packet_auth(const struct rxrpc_call *call,
memset(txb->data + txb->offset, 0, pad);
txb->pkt_len += pad;
}
/* start the encryption afresh */
- memset(&iv, 0, sizeof(iv));
-
- sg_init_one(&sg, hdr, 8);
- skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);
- skcipher_request_set_callback(req, 0, NULL, NULL);
- skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x);
- ret = crypto_skcipher_encrypt(req);
- skcipher_request_zero(req);
-
- _leave(" = %d", ret);
- return ret;
+ fcrypt_pcbc_encrypt(call->conn->rxkad.cipher, zero_iv, hdr, hdr, 1);
+ _leave("");
}
/*
* wholly encrypt a packet (level 2 security)
*/
-static int rxkad_secure_packet_encrypt(const struct rxrpc_call *call,
- struct rxrpc_txbuf *txb,
- struct skcipher_request *req)
+static void rxkad_secure_packet_encrypt(const struct rxrpc_call *call,
+ struct rxrpc_txbuf *txb)
{
const struct rxrpc_key_token *token;
struct rxkad_level2_hdr *rxkhdr = txb->data;
- struct rxrpc_crypt iv;
- struct scatterlist sg;
size_t content, pad;
u16 check;
- int ret;
_enter("");
check = txb->seq ^ call->call_id;
rxkhdr->data_size = htonl(txb->len | (u32)check << 16);
rxkhdr->checksum = 0;
content = sizeof(struct rxkad_level2_hdr) + txb->len;
+ static_assert(RXKAD_ALIGN == FCRYPT_BSIZE);
txb->pkt_len = round_up(content, RXKAD_ALIGN);
pad = txb->pkt_len - content;
if (pad)
memset(txb->data + txb->offset, 0, pad);
+ /* Now txb->pkt_len % FCRYPT_BSIZE == 0. */
/* encrypt from the session key */
token = call->conn->key->payload.data[0];
- memcpy(&iv, token->kad->session_key, sizeof(iv));
-
- sg_init_one(&sg, rxkhdr, txb->pkt_len);
- skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);
- skcipher_request_set_callback(req, 0, NULL, NULL);
- skcipher_request_set_crypt(req, &sg, &sg, txb->pkt_len, iv.x);
- ret = crypto_skcipher_encrypt(req);
- skcipher_request_zero(req);
- return ret;
+ fcrypt_pcbc_encrypt(call->conn->rxkad.cipher, token->kad->session_key,
+ rxkhdr, rxkhdr, txb->pkt_len / FCRYPT_BSIZE);
+ _leave("");
}
/*
* checksum an RxRPC packet header
*/
static int rxkad_secure_packet(struct rxrpc_call *call, struct rxrpc_txbuf *txb)
{
- struct skcipher_request *req;
- struct rxrpc_crypt iv;
- struct scatterlist sg;
union {
__be32 buf[2];
} crypto __aligned(8);
u32 x, y = 0;
int ret;
@@ -359,31 +289,20 @@ static int rxkad_secure_packet(struct rxrpc_call *call, struct rxrpc_txbuf *txb)
ret = key_validate(call->conn->key);
if (ret < 0)
return ret;
- req = rxkad_get_call_crypto(call);
- if (!req)
- return -ENOMEM;
-
- /* continue encrypting from where we left off */
- memcpy(&iv, call->conn->rxkad.csum_iv.x, sizeof(iv));
-
/* calculate the security checksum */
x = (call->cid & RXRPC_CHANNELMASK) << (32 - RXRPC_CIDSHIFT);
x |= txb->seq & 0x3fffffff;
crypto.buf[0] = htonl(call->call_id);
crypto.buf[1] = htonl(x);
- sg_init_one(&sg, crypto.buf, 8);
- skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);
- skcipher_request_set_callback(req, 0, NULL, NULL);
- skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x);
- ret = crypto_skcipher_encrypt(req);
- skcipher_request_zero(req);
- if (ret < 0)
- goto out;
+ /* continue encrypting from where we left off */
+ fcrypt_pcbc_encrypt(call->conn->rxkad.cipher,
+ call->conn->rxkad.csum_iv.x, crypto.buf, crypto.buf,
+ 1);
y = ntohl(crypto.buf[1]);
y = (y >> 16) & 0xffff;
if (y == 0)
y = 1; /* zero checksums are not permitted */
@@ -393,18 +312,20 @@ static int rxkad_secure_packet(struct rxrpc_call *call, struct rxrpc_txbuf *txb)
case RXRPC_SECURITY_PLAIN:
txb->pkt_len = txb->len;
ret = 0;
break;
case RXRPC_SECURITY_AUTH:
- ret = rxkad_secure_packet_auth(call, txb, req);
+ rxkad_secure_packet_auth(call, txb);
if (txb->alloc_size == RXRPC_JUMBO_DATALEN)
txb->jumboable = true;
+ ret = 0;
break;
case RXRPC_SECURITY_ENCRYPT:
- ret = rxkad_secure_packet_encrypt(call, txb, req);
+ rxkad_secure_packet_encrypt(call, txb);
if (txb->alloc_size == RXRPC_JUMBO_DATALEN)
txb->jumboable = true;
+ ret = 0;
break;
default:
ret = -EPERM;
break;
}
@@ -415,53 +336,34 @@ static int rxkad_secure_packet(struct rxrpc_call *call, struct rxrpc_txbuf *txb)
void *p = txb->data;
memset(p + txb->pkt_len, 0, gap);
}
-out:
- skcipher_request_free(req);
_leave(" = %d [set %x]", ret, y);
return ret;
}
/*
* decrypt partial encryption on a packet (level 1 security)
*/
static int rxkad_verify_packet_1(struct rxrpc_call *call, struct sk_buff *skb,
- rxrpc_seq_t seq,
- struct skcipher_request *req)
+ rxrpc_seq_t seq)
{
struct rxkad_level1_hdr *sechdr;
struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
- struct rxrpc_crypt iv;
- struct scatterlist sg[1];
void *data = call->rx_dec_buffer;
u32 len = sp->len, data_size, buf;
u16 check;
- int ret;
_enter("");
if (len < 8)
return rxrpc_abort_eproto(call, skb, RXKADSEALEDINCON,
rxkad_abort_1_short_header);
- /* Decrypt the skbuff in-place. TODO: We really want to decrypt
- * directly into the target buffer.
- */
- sg_init_one(sg, data, len);
-
- /* start the decryption afresh */
- memset(&iv, 0, sizeof(iv));
-
- skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);
- skcipher_request_set_callback(req, 0, NULL, NULL);
- skcipher_request_set_crypt(req, sg, sg, 8, iv.x);
- ret = crypto_skcipher_decrypt(req);
- skcipher_request_zero(req);
- if (ret < 0)
- return ret;
+ /* Decrypt the first 8-byte block of the packet, using the zero IV. */
+ fcrypt_pcbc_decrypt(call->conn->rxkad.cipher, zero_iv, data, data, 1);
/* Extract the decrypted packet length */
sechdr = data;
call->rx_dec_offset = sizeof(*sechdr);
len -= sizeof(*sechdr);
@@ -486,52 +388,32 @@ static int rxkad_verify_packet_1(struct rxrpc_call *call, struct sk_buff *skb,
/*
* wholly decrypt a packet (level 2 security)
*/
static int rxkad_verify_packet_2(struct rxrpc_call *call, struct sk_buff *skb,
- rxrpc_seq_t seq,
- struct skcipher_request *req)
+ rxrpc_seq_t seq)
{
const struct rxrpc_key_token *token;
struct rxkad_level2_hdr *sechdr;
struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
- struct rxrpc_crypt iv;
- struct scatterlist sg[1];
void *data = call->rx_dec_buffer;
u32 len = sp->len, data_size, buf;
u16 check;
- int ret;
_enter(",{%d}", len);
if (len < 8)
return rxrpc_abort_eproto(call, skb, RXKADSEALEDINCON,
rxkad_abort_2_short_header);
/* Don't let the crypto algo see a misaligned length. */
len = round_down(len, 8);
- /* Decrypt in place in the call's decryption buffer. TODO: We really
- * want to decrypt directly into the target buffer.
- */
- sg_init_one(sg, data, len);
-
/* decrypt from the session key */
token = call->conn->key->payload.data[0];
- memcpy(&iv, token->kad->session_key, sizeof(iv));
-
- skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);
- skcipher_request_set_callback(req, 0, NULL, NULL);
- skcipher_request_set_crypt(req, sg, sg, len, iv.x);
- ret = crypto_skcipher_decrypt(req);
- skcipher_request_zero(req);
- if (ret < 0) {
- if (ret == -ENOMEM)
- return ret;
- return rxrpc_abort_eproto(call, skb, RXKADSEALEDINCON,
- rxkad_abort_2_crypto_unaligned);
- }
+ fcrypt_pcbc_decrypt(call->conn->rxkad.cipher, token->kad->session_key,
+ data, data, len / FCRYPT_BSIZE);
/* Extract the decrypted packet length */
sechdr = data;
call->rx_dec_offset = sizeof(*sechdr);
len -= sizeof(*sechdr);
@@ -560,13 +442,10 @@ static int rxkad_verify_packet_2(struct rxrpc_call *call, struct sk_buff *skb,
* modifying (e.g. decrypting), it must be copied.
*/
static int rxkad_verify_packet(struct rxrpc_call *call, struct sk_buff *skb)
{
struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
- struct skcipher_request *req;
- struct rxrpc_crypt iv;
- struct scatterlist sg;
union {
__be32 buf[2];
} crypto __aligned(8);
rxrpc_seq_t seq = sp->hdr.seq;
int ret;
@@ -577,31 +456,20 @@ static int rxkad_verify_packet(struct rxrpc_call *call, struct sk_buff *skb)
call->debug_id, key_serial(call->conn->key), seq);
if (!call->conn->rxkad.cipher)
return 0;
- req = rxkad_get_call_crypto(call);
- if (!req)
- return -ENOMEM;
-
- /* continue encrypting from where we left off */
- memcpy(&iv, call->conn->rxkad.csum_iv.x, sizeof(iv));
-
/* validate the security checksum */
x = (call->cid & RXRPC_CHANNELMASK) << (32 - RXRPC_CIDSHIFT);
x |= seq & 0x3fffffff;
crypto.buf[0] = htonl(call->call_id);
crypto.buf[1] = htonl(x);
- sg_init_one(&sg, crypto.buf, 8);
- skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);
- skcipher_request_set_callback(req, 0, NULL, NULL);
- skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x);
- ret = crypto_skcipher_encrypt(req);
- skcipher_request_zero(req);
- if (ret < 0)
- goto out;
+ /* continue encrypting from where we left off */
+ fcrypt_pcbc_encrypt(call->conn->rxkad.cipher,
+ call->conn->rxkad.csum_iv.x, crypto.buf, crypto.buf,
+ 1);
y = ntohl(crypto.buf[1]);
cksum = (y >> 16) & 0xffff;
if (cksum == 0)
cksum = 1; /* zero checksums are not permitted */
@@ -615,22 +483,20 @@ static int rxkad_verify_packet(struct rxrpc_call *call, struct sk_buff *skb)
switch (call->conn->security_level) {
case RXRPC_SECURITY_PLAIN:
ret = 0;
break;
case RXRPC_SECURITY_AUTH:
- ret = rxkad_verify_packet_1(call, skb, seq, req);
+ ret = rxkad_verify_packet_1(call, skb, seq);
break;
case RXRPC_SECURITY_ENCRYPT:
- ret = rxkad_verify_packet_2(call, skb, seq, req);
+ ret = rxkad_verify_packet_2(call, skb, seq);
break;
default:
ret = -ENOANO;
break;
}
-
out:
- skcipher_request_free(req);
return ret;
}
/*
* issue a challenge
@@ -710,45 +576,10 @@ static void rxkad_calc_response_checksum(struct rxkad_response *response)
csum = csum * 0x10204081 + *p++;
response->encrypted.checksum = htonl(csum);
}
-/*
- * encrypt the response packet
- */
-static int rxkad_encrypt_response(struct rxrpc_connection *conn,
- struct sk_buff *response,
- const struct rxkad_key *s2)
-{
- struct skcipher_request *req;
- struct rxrpc_crypt iv;
- struct scatterlist sg[1];
- size_t encsize = sizeof(((struct rxkad_response *)0)->encrypted);
- int ret;
-
- sg_init_table(sg, ARRAY_SIZE(sg));
- ret = skb_to_sgvec(response, sg,
- sizeof(struct rxrpc_wire_header) +
- offsetof(struct rxkad_response, encrypted), encsize);
- if (ret < 0)
- return ret;
-
- req = skcipher_request_alloc(&conn->rxkad.cipher->base, GFP_NOFS);
- if (!req)
- return -ENOMEM;
-
- /* continue encrypting from where we left off */
- memcpy(&iv, s2->session_key, sizeof(iv));
-
- skcipher_request_set_sync_tfm(req, conn->rxkad.cipher);
- skcipher_request_set_callback(req, 0, NULL, NULL);
- skcipher_request_set_crypt(req, sg, sg, encsize, iv.x);
- ret = crypto_skcipher_encrypt(req);
- skcipher_request_free(req);
- return ret;
-}
-
/*
* Validate a challenge packet.
*/
static bool rxkad_validate_challenge(struct rxrpc_connection *conn,
struct sk_buff *skb)
@@ -844,10 +675,16 @@ int rxkad_insert_response_header(struct rxrpc_connection *conn,
h.resp.kvno = htonl(token->kad->kvno);
h.resp.ticket_len = htonl(token->kad->ticket_len);
rxkad_calc_response_checksum(&h.resp);
+ /* encrypt the response packet */
+ static_assert(sizeof(h.resp.encrypted) % FCRYPT_BSIZE == 0);
+ fcrypt_pcbc_encrypt(conn->rxkad.cipher, token->kad->session_key,
+ &h.resp.encrypted, &h.resp.encrypted,
+ sizeof(h.resp.encrypted) / FCRYPT_BSIZE);
+
ret = skb_store_bits(response, *offset, &h, sizeof(h));
*offset += sizeof(h);
return ret;
}
@@ -888,14 +725,10 @@ static int rxkad_respond_to_challenge(struct rxrpc_connection *conn,
ret = rxkad_insert_response_header(conn, token, challenge, response,
&offset);
if (ret < 0)
goto error;
- ret = rxkad_encrypt_response(conn, response, token->kad);
- if (ret < 0)
- goto error;
-
ret = skb_store_bits(response, offset, token->kad->ticket,
token->kad->ticket_len);
if (ret < 0)
goto error;
@@ -1070,43 +903,26 @@ static int rxkad_decrypt_ticket(struct rxrpc_connection *conn,
}
/*
* decrypt the response packet
*/
-static int rxkad_decrypt_response(struct rxrpc_connection *conn,
- struct rxkad_response *resp,
- const struct rxrpc_crypt *session_key)
+static void rxkad_decrypt_response(struct rxrpc_connection *conn,
+ struct rxkad_response *resp,
+ const struct rxrpc_crypt *session_key)
{
- struct skcipher_request *req = rxkad_ci_req;
- struct scatterlist sg[1];
- struct rxrpc_crypt iv;
- int ret;
+ struct fcrypt_key cipher;
_enter(",,%08x%08x",
ntohl(session_key->n[0]), ntohl(session_key->n[1]));
- mutex_lock(&rxkad_ci_mutex);
- ret = crypto_sync_skcipher_setkey(rxkad_ci, session_key->x,
- sizeof(*session_key));
- if (ret < 0)
- goto unlock;
-
- memcpy(&iv, session_key, sizeof(iv));
-
- sg_init_table(sg, 1);
- sg_set_buf(sg, &resp->encrypted, sizeof(resp->encrypted));
- skcipher_request_set_sync_tfm(req, rxkad_ci);
- skcipher_request_set_callback(req, 0, NULL, NULL);
- skcipher_request_set_crypt(req, sg, sg, sizeof(resp->encrypted), iv.x);
- ret = crypto_skcipher_decrypt(req);
- skcipher_request_zero(req);
-
-unlock:
- mutex_unlock(&rxkad_ci_mutex);
+ fcrypt_preparekey(&cipher, session_key->x);
+ static_assert(sizeof(resp->encrypted) % FCRYPT_BSIZE == 0);
+ fcrypt_pcbc_decrypt(&cipher, session_key->x, &resp->encrypted,
+ &resp->encrypted,
+ sizeof(resp->encrypted) / FCRYPT_BSIZE);
_leave("");
- return ret;
}
/*
* verify a response
*/
@@ -1189,13 +1005,11 @@ static int rxkad_verify_response(struct rxrpc_connection *conn,
if (ret < 0)
goto error;
/* use the session key from inside the ticket to decrypt the
* response */
- ret = rxkad_decrypt_response(conn, response, &session_key);
- if (ret < 0)
- goto error;
+ rxkad_decrypt_response(conn, response, &session_key);
if (ntohl(response->encrypted.epoch) != conn->proto.epoch ||
ntohl(response->encrypted.cid) != conn->proto.cid ||
ntohl(response->encrypted.securityIndex) != conn->security_ix) {
ret = rxrpc_abort_conn(conn, skb, RXKADSEALEDINCON, -EPROTO,
@@ -1268,48 +1082,31 @@ static int rxkad_verify_response(struct rxrpc_connection *conn,
*/
static void rxkad_clear(struct rxrpc_connection *conn)
{
_enter("");
- if (conn->rxkad.cipher)
- crypto_free_sync_skcipher(conn->rxkad.cipher);
+ kfree_sensitive(conn->rxkad.cipher);
+ conn->rxkad.cipher = NULL;
}
/*
* Initialise the rxkad security service.
*/
static int rxkad_init(void)
{
- struct crypto_sync_skcipher *tfm;
- struct skcipher_request *req;
-
- /* pin the cipher we need so that the crypto layer doesn't invoke
- * keventd to go get it */
- tfm = crypto_alloc_sync_skcipher("pcbc(fcrypt)", 0, 0);
- if (IS_ERR(tfm))
- return PTR_ERR(tfm);
-
- req = skcipher_request_alloc(&tfm->base, GFP_KERNEL);
- if (!req)
- goto nomem_tfm;
-
- rxkad_ci_req = req;
- rxkad_ci = tfm;
+ if (fips_enabled) {
+ pr_warn("rxkad support is disabled due to FIPS\n");
+ return -ENOENT;
+ }
return 0;
-
-nomem_tfm:
- crypto_free_sync_skcipher(tfm);
- return -ENOMEM;
}
/*
* Clean up the rxkad security service.
*/
static void rxkad_exit(void)
{
- crypto_free_sync_skcipher(rxkad_ci);
- skcipher_request_free(rxkad_ci_req);
}
/*
* RxRPC Kerberos-based security
*/
--
2.54.0
^ permalink raw reply related
* [PATCH net-next v2 1/5] net/rxrpc: Add local FCrypt-PCBC implementation
From: Eric Biggers @ 2026-05-22 5:07 UTC (permalink / raw)
To: netdev, linux-afs
Cc: David Howells, Marc Dionne, linux-crypto, linux-kernel,
David S . Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
Simon Horman, Eric Biggers
In-Reply-To: <20260522050740.84561-1-ebiggers@kernel.org>
Add a local implementation of FCrypt-PCBC encryption and decryption.
This will be used instead of the crypto API one, allowing the crypto API
one to be removed. It will also simplify rxkad.c quite a bit.
A KUnit test is included. The FCrypt-PCBC test vectors are borrowed
from the existing ones in crypto/testmgr.h. Note that this adds the
first KUnit test for net/rxrpc/, which previously had no KUnit tests.
The FCrypt code is based on crypto/fcrypt.c, but I simplified it a bit.
The PCBC part is straightforward and I just wrote it from scratch.
Tested with:
kunit.py run --kunitconfig net/rxrpc/
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
net/rxrpc/.kunitconfig | 6 +
net/rxrpc/Kconfig | 7 +
net/rxrpc/Makefile | 3 +-
net/rxrpc/ar-internal.h | 14 ++
net/rxrpc/fcrypt.c | 352 ++++++++++++++++++++++++++++++++++
net/rxrpc/tests/Makefile | 3 +
net/rxrpc/tests/rxrpc_kunit.c | 109 +++++++++++
7 files changed, 493 insertions(+), 1 deletion(-)
create mode 100644 net/rxrpc/.kunitconfig
create mode 100644 net/rxrpc/fcrypt.c
create mode 100644 net/rxrpc/tests/Makefile
create mode 100644 net/rxrpc/tests/rxrpc_kunit.c
diff --git a/net/rxrpc/.kunitconfig b/net/rxrpc/.kunitconfig
new file mode 100644
index 000000000000..44e4a909ff07
--- /dev/null
+++ b/net/rxrpc/.kunitconfig
@@ -0,0 +1,6 @@
+CONFIG_KUNIT=y
+CONFIG_NET=y
+CONFIG_INET=y
+CONFIG_AF_RXRPC=y
+CONFIG_RXKAD=y
+CONFIG_AF_RXRPC_KUNIT_TEST=y
diff --git a/net/rxrpc/Kconfig b/net/rxrpc/Kconfig
index 43416b3026fb..e2bb795cdf0c 100644
--- a/net/rxrpc/Kconfig
+++ b/net/rxrpc/Kconfig
@@ -95,6 +95,13 @@ config RXPERF
help
Provide an rxperf service tester. This listens on UDP port 7009 for
incoming calls from the rxperf program (an example of which can be
found in OpenAFS).
+config AF_RXRPC_KUNIT_TEST
+ tristate "RxRPC crypto KUnit test" if !KUNIT_ALL_TESTS
+ depends on KUNIT && RXKAD
+ default KUNIT_ALL_TESTS
+ help
+ Enable the KUnit test suite for RxRPC's crypto routines.
+
endif
diff --git a/net/rxrpc/Makefile b/net/rxrpc/Makefile
index c0542bae719e..f994f9f30a29 100644
--- a/net/rxrpc/Makefile
+++ b/net/rxrpc/Makefile
@@ -36,13 +36,14 @@ rxrpc-y := \
skbuff.o \
txbuf.o \
utils.o
rxrpc-$(CONFIG_PROC_FS) += proc.o
-rxrpc-$(CONFIG_RXKAD) += rxkad.o
+rxrpc-$(CONFIG_RXKAD) += rxkad.o fcrypt.o
rxrpc-$(CONFIG_SYSCTL) += sysctl.o
rxrpc-$(CONFIG_RXGK) += \
rxgk.o \
rxgk_app.o \
rxgk_kdf.o
obj-$(CONFIG_RXPERF) += rxperf.o
+obj-$(CONFIG_KUNIT) += tests/
diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index 98f2165159d7..30aaf69b4c7c 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -13,18 +13,32 @@
#include <net/sock.h>
#include <net/af_rxrpc.h>
#include <keys/rxrpc-type.h>
#include "protocol.h"
+#define FCRYPT_ROUNDS 16
+
+struct fcrypt_key {
+ __be32 sched[FCRYPT_ROUNDS];
+};
+
#define FCRYPT_BSIZE 8
struct rxrpc_crypt {
union {
u8 x[FCRYPT_BSIZE];
__be32 n[2];
};
} __attribute__((aligned(8)));
+void fcrypt_preparekey(struct fcrypt_key *key, const u8 raw_key[FCRYPT_BSIZE]);
+void fcrypt_pcbc_encrypt(const struct fcrypt_key *key,
+ const u8 iv[FCRYPT_BSIZE], const void *src, void *dst,
+ size_t nblocks);
+void fcrypt_pcbc_decrypt(const struct fcrypt_key *key,
+ const u8 iv[FCRYPT_BSIZE], const void *src, void *dst,
+ size_t nblocks);
+
#define rxrpc_queue_work(WS) queue_work(rxrpc_workqueue, (WS))
#define rxrpc_queue_delayed_work(WS,D) \
queue_delayed_work(rxrpc_workqueue, (WS), (D))
struct key_preparsed_payload;
diff --git a/net/rxrpc/fcrypt.c b/net/rxrpc/fcrypt.c
new file mode 100644
index 000000000000..a919e7598765
--- /dev/null
+++ b/net/rxrpc/fcrypt.c
@@ -0,0 +1,352 @@
+/* FCrypt encryption algorithm
+ *
+ * Copyright (C) 2006 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Based on code:
+ *
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <asm/byteorder.h>
+#include <kunit/visibility.h>
+#include <linux/export.h>
+#include <linux/unaligned.h>
+#include "ar-internal.h"
+
+/*
+ * Sboxes for Feistel network derived from
+ * /afs/transarc.com/public/afsps/afs.rel31b.export-src/rxkad/sboxes.h
+ */
+#undef Z
+#define Z(x) cpu_to_be32(x << 3)
+static const __be32 sbox0[256] = {
+ Z(0xea), Z(0x7f), Z(0xb2), Z(0x64), Z(0x9d), Z(0xb0), Z(0xd9), Z(0x11),
+ Z(0xcd), Z(0x86), Z(0x86), Z(0x91), Z(0x0a), Z(0xb2), Z(0x93), Z(0x06),
+ Z(0x0e), Z(0x06), Z(0xd2), Z(0x65), Z(0x73), Z(0xc5), Z(0x28), Z(0x60),
+ Z(0xf2), Z(0x20), Z(0xb5), Z(0x38), Z(0x7e), Z(0xda), Z(0x9f), Z(0xe3),
+ Z(0xd2), Z(0xcf), Z(0xc4), Z(0x3c), Z(0x61), Z(0xff), Z(0x4a), Z(0x4a),
+ Z(0x35), Z(0xac), Z(0xaa), Z(0x5f), Z(0x2b), Z(0xbb), Z(0xbc), Z(0x53),
+ Z(0x4e), Z(0x9d), Z(0x78), Z(0xa3), Z(0xdc), Z(0x09), Z(0x32), Z(0x10),
+ Z(0xc6), Z(0x6f), Z(0x66), Z(0xd6), Z(0xab), Z(0xa9), Z(0xaf), Z(0xfd),
+ Z(0x3b), Z(0x95), Z(0xe8), Z(0x34), Z(0x9a), Z(0x81), Z(0x72), Z(0x80),
+ Z(0x9c), Z(0xf3), Z(0xec), Z(0xda), Z(0x9f), Z(0x26), Z(0x76), Z(0x15),
+ Z(0x3e), Z(0x55), Z(0x4d), Z(0xde), Z(0x84), Z(0xee), Z(0xad), Z(0xc7),
+ Z(0xf1), Z(0x6b), Z(0x3d), Z(0xd3), Z(0x04), Z(0x49), Z(0xaa), Z(0x24),
+ Z(0x0b), Z(0x8a), Z(0x83), Z(0xba), Z(0xfa), Z(0x85), Z(0xa0), Z(0xa8),
+ Z(0xb1), Z(0xd4), Z(0x01), Z(0xd8), Z(0x70), Z(0x64), Z(0xf0), Z(0x51),
+ Z(0xd2), Z(0xc3), Z(0xa7), Z(0x75), Z(0x8c), Z(0xa5), Z(0x64), Z(0xef),
+ Z(0x10), Z(0x4e), Z(0xb7), Z(0xc6), Z(0x61), Z(0x03), Z(0xeb), Z(0x44),
+ Z(0x3d), Z(0xe5), Z(0xb3), Z(0x5b), Z(0xae), Z(0xd5), Z(0xad), Z(0x1d),
+ Z(0xfa), Z(0x5a), Z(0x1e), Z(0x33), Z(0xab), Z(0x93), Z(0xa2), Z(0xb7),
+ Z(0xe7), Z(0xa8), Z(0x45), Z(0xa4), Z(0xcd), Z(0x29), Z(0x63), Z(0x44),
+ Z(0xb6), Z(0x69), Z(0x7e), Z(0x2e), Z(0x62), Z(0x03), Z(0xc8), Z(0xe0),
+ Z(0x17), Z(0xbb), Z(0xc7), Z(0xf3), Z(0x3f), Z(0x36), Z(0xba), Z(0x71),
+ Z(0x8e), Z(0x97), Z(0x65), Z(0x60), Z(0x69), Z(0xb6), Z(0xf6), Z(0xe6),
+ Z(0x6e), Z(0xe0), Z(0x81), Z(0x59), Z(0xe8), Z(0xaf), Z(0xdd), Z(0x95),
+ Z(0x22), Z(0x99), Z(0xfd), Z(0x63), Z(0x19), Z(0x74), Z(0x61), Z(0xb1),
+ Z(0xb6), Z(0x5b), Z(0xae), Z(0x54), Z(0xb3), Z(0x70), Z(0xff), Z(0xc6),
+ Z(0x3b), Z(0x3e), Z(0xc1), Z(0xd7), Z(0xe1), Z(0x0e), Z(0x76), Z(0xe5),
+ Z(0x36), Z(0x4f), Z(0x59), Z(0xc7), Z(0x08), Z(0x6e), Z(0x82), Z(0xa6),
+ Z(0x93), Z(0xc4), Z(0xaa), Z(0x26), Z(0x49), Z(0xe0), Z(0x21), Z(0x64),
+ Z(0x07), Z(0x9f), Z(0x64), Z(0x81), Z(0x9c), Z(0xbf), Z(0xf9), Z(0xd1),
+ Z(0x43), Z(0xf8), Z(0xb6), Z(0xb9), Z(0xf1), Z(0x24), Z(0x75), Z(0x03),
+ Z(0xe4), Z(0xb0), Z(0x99), Z(0x46), Z(0x3d), Z(0xf5), Z(0xd1), Z(0x39),
+ Z(0x72), Z(0x12), Z(0xf6), Z(0xba), Z(0x0c), Z(0x0d), Z(0x42), Z(0x2e)
+};
+
+#undef Z
+#define Z(x) cpu_to_be32(((x & 0x1f) << 27) | (x >> 5))
+static const __be32 sbox1[256] = {
+ Z(0x77), Z(0x14), Z(0xa6), Z(0xfe), Z(0xb2), Z(0x5e), Z(0x8c), Z(0x3e),
+ Z(0x67), Z(0x6c), Z(0xa1), Z(0x0d), Z(0xc2), Z(0xa2), Z(0xc1), Z(0x85),
+ Z(0x6c), Z(0x7b), Z(0x67), Z(0xc6), Z(0x23), Z(0xe3), Z(0xf2), Z(0x89),
+ Z(0x50), Z(0x9c), Z(0x03), Z(0xb7), Z(0x73), Z(0xe6), Z(0xe1), Z(0x39),
+ Z(0x31), Z(0x2c), Z(0x27), Z(0x9f), Z(0xa5), Z(0x69), Z(0x44), Z(0xd6),
+ Z(0x23), Z(0x83), Z(0x98), Z(0x7d), Z(0x3c), Z(0xb4), Z(0x2d), Z(0x99),
+ Z(0x1c), Z(0x1f), Z(0x8c), Z(0x20), Z(0x03), Z(0x7c), Z(0x5f), Z(0xad),
+ Z(0xf4), Z(0xfa), Z(0x95), Z(0xca), Z(0x76), Z(0x44), Z(0xcd), Z(0xb6),
+ Z(0xb8), Z(0xa1), Z(0xa1), Z(0xbe), Z(0x9e), Z(0x54), Z(0x8f), Z(0x0b),
+ Z(0x16), Z(0x74), Z(0x31), Z(0x8a), Z(0x23), Z(0x17), Z(0x04), Z(0xfa),
+ Z(0x79), Z(0x84), Z(0xb1), Z(0xf5), Z(0x13), Z(0xab), Z(0xb5), Z(0x2e),
+ Z(0xaa), Z(0x0c), Z(0x60), Z(0x6b), Z(0x5b), Z(0xc4), Z(0x4b), Z(0xbc),
+ Z(0xe2), Z(0xaf), Z(0x45), Z(0x73), Z(0xfa), Z(0xc9), Z(0x49), Z(0xcd),
+ Z(0x00), Z(0x92), Z(0x7d), Z(0x97), Z(0x7a), Z(0x18), Z(0x60), Z(0x3d),
+ Z(0xcf), Z(0x5b), Z(0xde), Z(0xc6), Z(0xe2), Z(0xe6), Z(0xbb), Z(0x8b),
+ Z(0x06), Z(0xda), Z(0x08), Z(0x15), Z(0x1b), Z(0x88), Z(0x6a), Z(0x17),
+ Z(0x89), Z(0xd0), Z(0xa9), Z(0xc1), Z(0xc9), Z(0x70), Z(0x6b), Z(0xe5),
+ Z(0x43), Z(0xf4), Z(0x68), Z(0xc8), Z(0xd3), Z(0x84), Z(0x28), Z(0x0a),
+ Z(0x52), Z(0x66), Z(0xa3), Z(0xca), Z(0xf2), Z(0xe3), Z(0x7f), Z(0x7a),
+ Z(0x31), Z(0xf7), Z(0x88), Z(0x94), Z(0x5e), Z(0x9c), Z(0x63), Z(0xd5),
+ Z(0x24), Z(0x66), Z(0xfc), Z(0xb3), Z(0x57), Z(0x25), Z(0xbe), Z(0x89),
+ Z(0x44), Z(0xc4), Z(0xe0), Z(0x8f), Z(0x23), Z(0x3c), Z(0x12), Z(0x52),
+ Z(0xf5), Z(0x1e), Z(0xf4), Z(0xcb), Z(0x18), Z(0x33), Z(0x1f), Z(0xf8),
+ Z(0x69), Z(0x10), Z(0x9d), Z(0xd3), Z(0xf7), Z(0x28), Z(0xf8), Z(0x30),
+ Z(0x05), Z(0x5e), Z(0x32), Z(0xc0), Z(0xd5), Z(0x19), Z(0xbd), Z(0x45),
+ Z(0x8b), Z(0x5b), Z(0xfd), Z(0xbc), Z(0xe2), Z(0x5c), Z(0xa9), Z(0x96),
+ Z(0xef), Z(0x70), Z(0xcf), Z(0xc2), Z(0x2a), Z(0xb3), Z(0x61), Z(0xad),
+ Z(0x80), Z(0x48), Z(0x81), Z(0xb7), Z(0x1d), Z(0x43), Z(0xd9), Z(0xd7),
+ Z(0x45), Z(0xf0), Z(0xd8), Z(0x8a), Z(0x59), Z(0x7c), Z(0x57), Z(0xc1),
+ Z(0x79), Z(0xc7), Z(0x34), Z(0xd6), Z(0x43), Z(0xdf), Z(0xe4), Z(0x78),
+ Z(0x16), Z(0x06), Z(0xda), Z(0x92), Z(0x76), Z(0x51), Z(0xe1), Z(0xd4),
+ Z(0x70), Z(0x03), Z(0xe0), Z(0x2f), Z(0x96), Z(0x91), Z(0x82), Z(0x80)
+};
+
+#undef Z
+#define Z(x) cpu_to_be32(x << 11)
+static const __be32 sbox2[256] = {
+ Z(0xf0), Z(0x37), Z(0x24), Z(0x53), Z(0x2a), Z(0x03), Z(0x83), Z(0x86),
+ Z(0xd1), Z(0xec), Z(0x50), Z(0xf0), Z(0x42), Z(0x78), Z(0x2f), Z(0x6d),
+ Z(0xbf), Z(0x80), Z(0x87), Z(0x27), Z(0x95), Z(0xe2), Z(0xc5), Z(0x5d),
+ Z(0xf9), Z(0x6f), Z(0xdb), Z(0xb4), Z(0x65), Z(0x6e), Z(0xe7), Z(0x24),
+ Z(0xc8), Z(0x1a), Z(0xbb), Z(0x49), Z(0xb5), Z(0x0a), Z(0x7d), Z(0xb9),
+ Z(0xe8), Z(0xdc), Z(0xb7), Z(0xd9), Z(0x45), Z(0x20), Z(0x1b), Z(0xce),
+ Z(0x59), Z(0x9d), Z(0x6b), Z(0xbd), Z(0x0e), Z(0x8f), Z(0xa3), Z(0xa9),
+ Z(0xbc), Z(0x74), Z(0xa6), Z(0xf6), Z(0x7f), Z(0x5f), Z(0xb1), Z(0x68),
+ Z(0x84), Z(0xbc), Z(0xa9), Z(0xfd), Z(0x55), Z(0x50), Z(0xe9), Z(0xb6),
+ Z(0x13), Z(0x5e), Z(0x07), Z(0xb8), Z(0x95), Z(0x02), Z(0xc0), Z(0xd0),
+ Z(0x6a), Z(0x1a), Z(0x85), Z(0xbd), Z(0xb6), Z(0xfd), Z(0xfe), Z(0x17),
+ Z(0x3f), Z(0x09), Z(0xa3), Z(0x8d), Z(0xfb), Z(0xed), Z(0xda), Z(0x1d),
+ Z(0x6d), Z(0x1c), Z(0x6c), Z(0x01), Z(0x5a), Z(0xe5), Z(0x71), Z(0x3e),
+ Z(0x8b), Z(0x6b), Z(0xbe), Z(0x29), Z(0xeb), Z(0x12), Z(0x19), Z(0x34),
+ Z(0xcd), Z(0xb3), Z(0xbd), Z(0x35), Z(0xea), Z(0x4b), Z(0xd5), Z(0xae),
+ Z(0x2a), Z(0x79), Z(0x5a), Z(0xa5), Z(0x32), Z(0x12), Z(0x7b), Z(0xdc),
+ Z(0x2c), Z(0xd0), Z(0x22), Z(0x4b), Z(0xb1), Z(0x85), Z(0x59), Z(0x80),
+ Z(0xc0), Z(0x30), Z(0x9f), Z(0x73), Z(0xd3), Z(0x14), Z(0x48), Z(0x40),
+ Z(0x07), Z(0x2d), Z(0x8f), Z(0x80), Z(0x0f), Z(0xce), Z(0x0b), Z(0x5e),
+ Z(0xb7), Z(0x5e), Z(0xac), Z(0x24), Z(0x94), Z(0x4a), Z(0x18), Z(0x15),
+ Z(0x05), Z(0xe8), Z(0x02), Z(0x77), Z(0xa9), Z(0xc7), Z(0x40), Z(0x45),
+ Z(0x89), Z(0xd1), Z(0xea), Z(0xde), Z(0x0c), Z(0x79), Z(0x2a), Z(0x99),
+ Z(0x6c), Z(0x3e), Z(0x95), Z(0xdd), Z(0x8c), Z(0x7d), Z(0xad), Z(0x6f),
+ Z(0xdc), Z(0xff), Z(0xfd), Z(0x62), Z(0x47), Z(0xb3), Z(0x21), Z(0x8a),
+ Z(0xec), Z(0x8e), Z(0x19), Z(0x18), Z(0xb4), Z(0x6e), Z(0x3d), Z(0xfd),
+ Z(0x74), Z(0x54), Z(0x1e), Z(0x04), Z(0x85), Z(0xd8), Z(0xbc), Z(0x1f),
+ Z(0x56), Z(0xe7), Z(0x3a), Z(0x56), Z(0x67), Z(0xd6), Z(0xc8), Z(0xa5),
+ Z(0xf3), Z(0x8e), Z(0xde), Z(0xae), Z(0x37), Z(0x49), Z(0xb7), Z(0xfa),
+ Z(0xc8), Z(0xf4), Z(0x1f), Z(0xe0), Z(0x2a), Z(0x9b), Z(0x15), Z(0xd1),
+ Z(0x34), Z(0x0e), Z(0xb5), Z(0xe0), Z(0x44), Z(0x78), Z(0x84), Z(0x59),
+ Z(0x56), Z(0x68), Z(0x77), Z(0xa5), Z(0x14), Z(0x06), Z(0xf5), Z(0x2f),
+ Z(0x8c), Z(0x8a), Z(0x73), Z(0x80), Z(0x76), Z(0xb4), Z(0x10), Z(0x86)
+};
+
+#undef Z
+#define Z(x) cpu_to_be32(x << 19)
+static const __be32 sbox3[256] = {
+ Z(0xa9), Z(0x2a), Z(0x48), Z(0x51), Z(0x84), Z(0x7e), Z(0x49), Z(0xe2),
+ Z(0xb5), Z(0xb7), Z(0x42), Z(0x33), Z(0x7d), Z(0x5d), Z(0xa6), Z(0x12),
+ Z(0x44), Z(0x48), Z(0x6d), Z(0x28), Z(0xaa), Z(0x20), Z(0x6d), Z(0x57),
+ Z(0xd6), Z(0x6b), Z(0x5d), Z(0x72), Z(0xf0), Z(0x92), Z(0x5a), Z(0x1b),
+ Z(0x53), Z(0x80), Z(0x24), Z(0x70), Z(0x9a), Z(0xcc), Z(0xa7), Z(0x66),
+ Z(0xa1), Z(0x01), Z(0xa5), Z(0x41), Z(0x97), Z(0x41), Z(0x31), Z(0x82),
+ Z(0xf1), Z(0x14), Z(0xcf), Z(0x53), Z(0x0d), Z(0xa0), Z(0x10), Z(0xcc),
+ Z(0x2a), Z(0x7d), Z(0xd2), Z(0xbf), Z(0x4b), Z(0x1a), Z(0xdb), Z(0x16),
+ Z(0x47), Z(0xf6), Z(0x51), Z(0x36), Z(0xed), Z(0xf3), Z(0xb9), Z(0x1a),
+ Z(0xa7), Z(0xdf), Z(0x29), Z(0x43), Z(0x01), Z(0x54), Z(0x70), Z(0xa4),
+ Z(0xbf), Z(0xd4), Z(0x0b), Z(0x53), Z(0x44), Z(0x60), Z(0x9e), Z(0x23),
+ Z(0xa1), Z(0x18), Z(0x68), Z(0x4f), Z(0xf0), Z(0x2f), Z(0x82), Z(0xc2),
+ Z(0x2a), Z(0x41), Z(0xb2), Z(0x42), Z(0x0c), Z(0xed), Z(0x0c), Z(0x1d),
+ Z(0x13), Z(0x3a), Z(0x3c), Z(0x6e), Z(0x35), Z(0xdc), Z(0x60), Z(0x65),
+ Z(0x85), Z(0xe9), Z(0x64), Z(0x02), Z(0x9a), Z(0x3f), Z(0x9f), Z(0x87),
+ Z(0x96), Z(0xdf), Z(0xbe), Z(0xf2), Z(0xcb), Z(0xe5), Z(0x6c), Z(0xd4),
+ Z(0x5a), Z(0x83), Z(0xbf), Z(0x92), Z(0x1b), Z(0x94), Z(0x00), Z(0x42),
+ Z(0xcf), Z(0x4b), Z(0x00), Z(0x75), Z(0xba), Z(0x8f), Z(0x76), Z(0x5f),
+ Z(0x5d), Z(0x3a), Z(0x4d), Z(0x09), Z(0x12), Z(0x08), Z(0x38), Z(0x95),
+ Z(0x17), Z(0xe4), Z(0x01), Z(0x1d), Z(0x4c), Z(0xa9), Z(0xcc), Z(0x85),
+ Z(0x82), Z(0x4c), Z(0x9d), Z(0x2f), Z(0x3b), Z(0x66), Z(0xa1), Z(0x34),
+ Z(0x10), Z(0xcd), Z(0x59), Z(0x89), Z(0xa5), Z(0x31), Z(0xcf), Z(0x05),
+ Z(0xc8), Z(0x84), Z(0xfa), Z(0xc7), Z(0xba), Z(0x4e), Z(0x8b), Z(0x1a),
+ Z(0x19), Z(0xf1), Z(0xa1), Z(0x3b), Z(0x18), Z(0x12), Z(0x17), Z(0xb0),
+ Z(0x98), Z(0x8d), Z(0x0b), Z(0x23), Z(0xc3), Z(0x3a), Z(0x2d), Z(0x20),
+ Z(0xdf), Z(0x13), Z(0xa0), Z(0xa8), Z(0x4c), Z(0x0d), Z(0x6c), Z(0x2f),
+ Z(0x47), Z(0x13), Z(0x13), Z(0x52), Z(0x1f), Z(0x2d), Z(0xf5), Z(0x79),
+ Z(0x3d), Z(0xa2), Z(0x54), Z(0xbd), Z(0x69), Z(0xc8), Z(0x6b), Z(0xf3),
+ Z(0x05), Z(0x28), Z(0xf1), Z(0x16), Z(0x46), Z(0x40), Z(0xb0), Z(0x11),
+ Z(0xd3), Z(0xb7), Z(0x95), Z(0x49), Z(0xcf), Z(0xc3), Z(0x1d), Z(0x8f),
+ Z(0xd8), Z(0xe1), Z(0x73), Z(0xdb), Z(0xad), Z(0xc8), Z(0xc9), Z(0xa9),
+ Z(0xa1), Z(0xc2), Z(0xc5), Z(0xe3), Z(0xba), Z(0xfc), Z(0x0e), Z(0x25)
+};
+
+union fcrypt_block {
+ __be64 a;
+ struct {
+ __be32 l, r;
+ };
+};
+
+#define F_ENCRYPT(R, L, sched) \
+ do { \
+ union lc4 { \
+ __be32 l; \
+ u8 c[4]; \
+ } u; \
+ u.l = sched ^ R; \
+ L ^= sbox0[u.c[0]] ^ sbox1[u.c[1]] ^ sbox2[u.c[2]] ^ \
+ sbox3[u.c[3]]; \
+ } while (0)
+
+/* Encrypt one block using FCrypt. */
+static __be64 fcrypt_encrypt(const struct fcrypt_key *key, __be64 ptext)
+{
+ union fcrypt_block X = { .a = ptext };
+
+ /* This is a 16 round Feistel network with permutation F_ENCRYPT. */
+ F_ENCRYPT(X.r, X.l, key->sched[0x0]);
+ F_ENCRYPT(X.l, X.r, key->sched[0x1]);
+ F_ENCRYPT(X.r, X.l, key->sched[0x2]);
+ F_ENCRYPT(X.l, X.r, key->sched[0x3]);
+ F_ENCRYPT(X.r, X.l, key->sched[0x4]);
+ F_ENCRYPT(X.l, X.r, key->sched[0x5]);
+ F_ENCRYPT(X.r, X.l, key->sched[0x6]);
+ F_ENCRYPT(X.l, X.r, key->sched[0x7]);
+ F_ENCRYPT(X.r, X.l, key->sched[0x8]);
+ F_ENCRYPT(X.l, X.r, key->sched[0x9]);
+ F_ENCRYPT(X.r, X.l, key->sched[0xa]);
+ F_ENCRYPT(X.l, X.r, key->sched[0xb]);
+ F_ENCRYPT(X.r, X.l, key->sched[0xc]);
+ F_ENCRYPT(X.l, X.r, key->sched[0xd]);
+ F_ENCRYPT(X.r, X.l, key->sched[0xe]);
+ F_ENCRYPT(X.l, X.r, key->sched[0xf]);
+ return X.a;
+}
+
+/* Decrypt one block using FCrypt. */
+static __be64 fcrypt_decrypt(const struct fcrypt_key *key, __be64 ctext)
+{
+ union fcrypt_block X = { .a = ctext };
+
+ /* This is a 16 round Feistel network with permutation F_ENCRYPT. */
+ F_ENCRYPT(X.l, X.r, key->sched[0xf]);
+ F_ENCRYPT(X.r, X.l, key->sched[0xe]);
+ F_ENCRYPT(X.l, X.r, key->sched[0xd]);
+ F_ENCRYPT(X.r, X.l, key->sched[0xc]);
+ F_ENCRYPT(X.l, X.r, key->sched[0xb]);
+ F_ENCRYPT(X.r, X.l, key->sched[0xa]);
+ F_ENCRYPT(X.l, X.r, key->sched[0x9]);
+ F_ENCRYPT(X.r, X.l, key->sched[0x8]);
+ F_ENCRYPT(X.l, X.r, key->sched[0x7]);
+ F_ENCRYPT(X.r, X.l, key->sched[0x6]);
+ F_ENCRYPT(X.l, X.r, key->sched[0x5]);
+ F_ENCRYPT(X.r, X.l, key->sched[0x4]);
+ F_ENCRYPT(X.l, X.r, key->sched[0x3]);
+ F_ENCRYPT(X.r, X.l, key->sched[0x2]);
+ F_ENCRYPT(X.l, X.r, key->sched[0x1]);
+ F_ENCRYPT(X.r, X.l, key->sched[0x0]);
+ return X.a;
+}
+
+/**
+ * fcrypt_preparekey - Prepare a key for FCrypt encryption and decryption
+ * @key: (out) The prepared key
+ * @raw_key: The raw key as an 8-byte array
+ *
+ * This computes the FCrypt key schedule.
+ */
+void fcrypt_preparekey(struct fcrypt_key *key, const u8 raw_key[FCRYPT_BSIZE])
+{
+ u64 k = 0;
+
+ /* Load the 56 non-parity bits of the key. Discard the parity bits. */
+ for (int i = 0; i < 8; i++)
+ k = (k << 7) | (raw_key[i] >> 1);
+
+ /* Generate the key schedule word for each round. */
+ for (int i = 0; i < FCRYPT_ROUNDS; i++) {
+ key->sched[i] = cpu_to_be32(k);
+ /* Rotate the low 56 bits of 'k' right by 11 bits. */
+ k = (k >> 11) | ((k & ((1 << 11) - 1)) << (56 - 11));
+ }
+}
+EXPORT_SYMBOL_IF_KUNIT(fcrypt_preparekey);
+
+/**
+ * fcrypt_pcbc_encrypt - Encrypt data using FCrypt cipher in PCBC mode
+ * @key: The key
+ * @iv: The 8-byte initialization vector
+ * @src: The source data
+ * @dst: The destination data. Both in-place and out-of-place are supported.
+ * @nblocks: The number of 8-byte blocks to encrypt
+ *
+ * WARNING: This cipher is insecure. Not only is the 56-bit key easily
+ * brute-forced, the cipher itself is cryptographically weak and doesn't even
+ * provide the intended 56-bit security level. It effectively just acts as an
+ * obfuscation algorithm. It is supported only for backwards compatibility.
+ */
+void fcrypt_pcbc_encrypt(const struct fcrypt_key *key,
+ const u8 iv[FCRYPT_BSIZE], const void *src, void *dst,
+ size_t nblocks)
+{
+ __be64 prev = get_unaligned((const __be64 *)iv);
+ const __be64 *src_blocks = src;
+ __be64 *dst_blocks = dst;
+
+ while (nblocks--) {
+ __be64 ptext, ctext;
+
+ ptext = get_unaligned(src_blocks++);
+ ctext = fcrypt_encrypt(key, prev ^ ptext);
+ put_unaligned(ctext, dst_blocks++);
+ prev = ptext ^ ctext;
+ }
+}
+EXPORT_SYMBOL_IF_KUNIT(fcrypt_pcbc_encrypt);
+
+/**
+ * fcrypt_pcbc_decrypt - Decrypt data using FCrypt cipher in PCBC mode
+ * @key: The key
+ * @iv: The 8-byte initialization vector
+ * @src: The source data
+ * @dst: The destination data. Both in-place and out-of-place are supported.
+ * @nblocks: The number of 8-byte blocks to decrypt
+ */
+void fcrypt_pcbc_decrypt(const struct fcrypt_key *key,
+ const u8 iv[FCRYPT_BSIZE], const void *src, void *dst,
+ size_t nblocks)
+{
+ __be64 prev = get_unaligned((const __be64 *)iv);
+ const __be64 *src_blocks = src;
+ __be64 *dst_blocks = dst;
+
+ while (nblocks--) {
+ __be64 ptext, ctext;
+
+ ctext = get_unaligned(src_blocks++);
+ ptext = prev ^ fcrypt_decrypt(key, ctext);
+ put_unaligned(ptext, dst_blocks++);
+ prev = ptext ^ ctext;
+ }
+}
+EXPORT_SYMBOL_IF_KUNIT(fcrypt_pcbc_decrypt);
diff --git a/net/rxrpc/tests/Makefile b/net/rxrpc/tests/Makefile
new file mode 100644
index 000000000000..4f51008800b4
--- /dev/null
+++ b/net/rxrpc/tests/Makefile
@@ -0,0 +1,3 @@
+# SPDX-License-Identifier: GPL-2.0
+
+obj-$(CONFIG_AF_RXRPC_KUNIT_TEST) += rxrpc_kunit.o
diff --git a/net/rxrpc/tests/rxrpc_kunit.c b/net/rxrpc/tests/rxrpc_kunit.c
new file mode 100644
index 000000000000..85a9859fae44
--- /dev/null
+++ b/net/rxrpc/tests/rxrpc_kunit.c
@@ -0,0 +1,109 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Unit tests for RxRPC crypto functions
+ *
+ * Copyright 2026 Google LLC
+ */
+#include "../ar-internal.h"
+#include <kunit/test.h>
+
+struct fcrypt_pcbc_testvec {
+ u8 key[FCRYPT_BSIZE];
+ u8 iv[FCRYPT_BSIZE];
+ const u8 *ptext; /* plaintext */
+ const u8 *ctext; /* ciphertext */
+ size_t nblocks; /* length of ptext and ctext in blocks */
+};
+
+/* FCrypt-PCBC test vectors */
+static const struct fcrypt_pcbc_testvec fcrypt_pcbc_testvecs[] = {
+ {
+ /* http://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html */
+ .key = "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ctext = "\x0E\x09\x00\xC7\x3E\xF7\xED\x41",
+ .nblocks = 1,
+ },
+ {
+ .key = "\x11\x44\x77\xAA\xDD\x00\x33\x66",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x12\x34\x56\x78\x9A\xBC\xDE\xF0",
+ .ctext = "\xD8\xED\x78\x74\x77\xEC\x06\x80",
+ .nblocks = 1,
+ },
+ {
+ /* From Arla */
+ .key = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87",
+ .iv = "\xfe\xdc\xba\x98\x76\x54\x32\x10",
+ .ptext = "The quick brown fox jumps over the lazy dogs.\0\0",
+ .ctext = "\x00\xf0\x0e\x11\x75\xe6\x23\x82"
+ "\xee\xac\x98\x62\x44\x51\xe4\x84"
+ "\xc3\x59\xd8\xaa\x64\x60\xae\xf7"
+ "\xd2\xd9\x13\x79\x72\xa3\x45\x03"
+ "\x23\xb5\x62\xd7\x0c\xf5\x27\xd1"
+ "\xf8\x91\x3c\xac\x44\x22\x92\xef",
+ .nblocks = 6,
+ },
+ {
+ .key = "\xfe\xdc\xba\x98\x76\x54\x32\x10",
+ .iv = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87",
+ .ptext = "The quick brown fox jumps over the lazy dogs.\0\0",
+ .ctext = "\xca\x90\xf5\x9d\xcb\xd4\xd2\x3c"
+ "\x01\x88\x7f\x3e\x31\x6e\x62\x9d"
+ "\xd8\xe0\x57\xa3\x06\x3a\x42\x58"
+ "\x2a\x28\xfe\x72\x52\x2f\xdd\xe0"
+ "\x19\x89\x09\x1c\x2a\x8e\x8c\x94"
+ "\xfc\xc7\x68\xe4\x88\xaa\xde\x0f",
+ .nblocks = 6,
+ }
+};
+
+static void test_fcrypt_pcbc(struct kunit *test)
+{
+ u8 data[48];
+
+ for (size_t i = 0; i < ARRAY_SIZE(fcrypt_pcbc_testvecs); i++) {
+ const struct fcrypt_pcbc_testvec *tv = &fcrypt_pcbc_testvecs[i];
+ const size_t nblocks = tv->nblocks;
+ const size_t len = nblocks * FCRYPT_BSIZE;
+ struct fcrypt_key key;
+
+ KUNIT_ASSERT_GE(test, sizeof(data), len);
+
+ fcrypt_preparekey(&key, tv->key);
+
+ /* out-of-place encryption */
+ fcrypt_pcbc_encrypt(&key, tv->iv, tv->ptext, data, nblocks);
+ KUNIT_ASSERT_MEMEQ(test, tv->ctext, data, len);
+
+ /* in-place encryption */
+ memcpy(data, tv->ptext, len);
+ fcrypt_pcbc_encrypt(&key, tv->iv, data, data, nblocks);
+ KUNIT_ASSERT_MEMEQ(test, tv->ctext, data, len);
+
+ /* out-of-place decryption */
+ fcrypt_pcbc_decrypt(&key, tv->iv, tv->ctext, data, nblocks);
+ KUNIT_ASSERT_MEMEQ(test, tv->ptext, data, len);
+
+ /* in-place decryption */
+ memcpy(data, tv->ctext, len);
+ fcrypt_pcbc_decrypt(&key, tv->iv, data, data, nblocks);
+ KUNIT_ASSERT_MEMEQ(test, tv->ptext, data, len);
+ }
+}
+
+static struct kunit_case rxrpc_test_cases[] = {
+ KUNIT_CASE(test_fcrypt_pcbc),
+ {},
+};
+
+static struct kunit_suite rxrpc_test_suite = {
+ .name = "rxrpc",
+ .test_cases = rxrpc_test_cases,
+};
+kunit_test_suite(rxrpc_test_suite);
+
+MODULE_DESCRIPTION("Unit tests for RxRPC crypto functions");
+MODULE_IMPORT_NS("EXPORTED_FOR_KUNIT_TESTING");
+MODULE_LICENSE("GPL");
--
2.54.0
^ permalink raw reply related
* [PATCH net-next v2 0/5] Consolidate FCrypt and PCBC code into net/rxrpc/
From: Eric Biggers @ 2026-05-22 5:07 UTC (permalink / raw)
To: netdev, linux-afs
Cc: David Howells, Marc Dionne, linux-crypto, linux-kernel,
David S . Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
Simon Horman, Eric Biggers
The FCrypt "block cipher" and the PCBC mode of operation are obsolete
and insecure. Since their only user is net/rxrpc/, they belong there,
not in the crypto API.
Therefore, this series removes these algorithms from the crypto API and
replaces them with local implementations in net/rxrpc/.
The local implementations are simpler too, as they avoid the crypto API
boilerplate.
I don't know how to test all the code in net/rxrpc/, but everything
should still work. I added a KUnit test for the crypto functions.
Changed in v2:
- Added missing export of fcrypt_preparekey().
- Write "RxRPC crypto KUnit test" instead of "RxRPC KUnit test".
- Rebased onto latest net-next where decryption now happens in the
linear buffer rxrpc_call::rx_dec_buffer, simplifying the code.
Eric Biggers (5):
net/rxrpc: Add local FCrypt-PCBC implementation
net/rxrpc: Use local FCrypt-PCBC implementation
net/rxrpc: Reimplement DES-PCBC using DES library
crypto: fcrypt - Remove support for FCrypt block cipher
crypto: pcbc - Remove support for PCBC mode
arch/arm/configs/am200epdkit_defconfig | 1 -
arch/arm/configs/dove_defconfig | 1 -
arch/arm/configs/multi_v5_defconfig | 1 -
arch/arm/configs/mv78xx0_defconfig | 1 -
arch/arm/configs/mvebu_v5_defconfig | 1 -
arch/arm/configs/omap1_defconfig | 1 -
arch/arm/configs/orion5x_defconfig | 1 -
arch/arm/configs/pxa_defconfig | 2 -
arch/arm/configs/wpcm450_defconfig | 1 -
arch/m68k/configs/amiga_defconfig | 2 -
arch/m68k/configs/apollo_defconfig | 2 -
arch/m68k/configs/atari_defconfig | 2 -
arch/m68k/configs/bvme6000_defconfig | 2 -
arch/m68k/configs/hp300_defconfig | 2 -
arch/m68k/configs/mac_defconfig | 2 -
arch/m68k/configs/multi_defconfig | 2 -
arch/m68k/configs/mvme147_defconfig | 2 -
arch/m68k/configs/mvme16x_defconfig | 2 -
arch/m68k/configs/q40_defconfig | 2 -
arch/m68k/configs/sun3_defconfig | 2 -
arch/m68k/configs/sun3x_defconfig | 2 -
arch/mips/configs/bigsur_defconfig | 2 -
arch/mips/configs/decstation_64_defconfig | 2 -
arch/mips/configs/decstation_defconfig | 2 -
arch/mips/configs/decstation_r4k_defconfig | 2 -
arch/mips/configs/fuloong2e_defconfig | 1 -
arch/mips/configs/gpr_defconfig | 1 -
arch/mips/configs/ip22_defconfig | 2 -
arch/mips/configs/ip27_defconfig | 2 -
arch/mips/configs/ip30_defconfig | 2 -
arch/mips/configs/ip32_defconfig | 2 -
arch/mips/configs/lemote2f_defconfig | 2 -
arch/mips/configs/malta_defconfig | 2 -
arch/mips/configs/malta_kvm_defconfig | 2 -
arch/mips/configs/malta_qemu_32r6_defconfig | 1 -
arch/mips/configs/maltaaprp_defconfig | 1 -
arch/mips/configs/maltasmvp_defconfig | 1 -
arch/mips/configs/maltasmvp_eva_defconfig | 1 -
arch/mips/configs/maltaup_defconfig | 1 -
arch/mips/configs/maltaup_xpa_defconfig | 2 -
arch/mips/configs/mtx1_defconfig | 1 -
arch/mips/configs/rm200_defconfig | 2 -
arch/mips/configs/sb1250_swarm_defconfig | 2 -
arch/parisc/configs/generic-64bit_defconfig | 2 -
arch/powerpc/configs/44x/akebono_defconfig | 1 -
arch/powerpc/configs/44x/bamboo_defconfig | 1 -
arch/powerpc/configs/44x/currituck_defconfig | 1 -
arch/powerpc/configs/44x/ebony_defconfig | 1 -
arch/powerpc/configs/44x/eiger_defconfig | 1 -
arch/powerpc/configs/44x/fsp2_defconfig | 1 -
arch/powerpc/configs/44x/icon_defconfig | 1 -
arch/powerpc/configs/44x/iss476-smp_defconfig | 1 -
arch/powerpc/configs/44x/katmai_defconfig | 1 -
arch/powerpc/configs/44x/rainier_defconfig | 1 -
arch/powerpc/configs/44x/redwood_defconfig | 1 -
arch/powerpc/configs/44x/sequoia_defconfig | 1 -
arch/powerpc/configs/44x/taishan_defconfig | 1 -
arch/powerpc/configs/52xx/cm5200_defconfig | 1 -
arch/powerpc/configs/52xx/motionpro_defconfig | 1 -
arch/powerpc/configs/52xx/tqm5200_defconfig | 1 -
arch/powerpc/configs/83xx/asp8347_defconfig | 1 -
.../configs/83xx/mpc8313_rdb_defconfig | 1 -
.../configs/83xx/mpc8315_rdb_defconfig | 1 -
.../configs/83xx/mpc832x_rdb_defconfig | 1 -
.../configs/83xx/mpc834x_itx_defconfig | 1 -
.../configs/83xx/mpc834x_itxgp_defconfig | 1 -
.../configs/83xx/mpc837x_rdb_defconfig | 1 -
arch/powerpc/configs/amigaone_defconfig | 1 -
arch/powerpc/configs/cell_defconfig | 1 -
arch/powerpc/configs/chrp32_defconfig | 1 -
arch/powerpc/configs/ep8248e_defconfig | 1 -
arch/powerpc/configs/fsl-emb-nonhw.config | 1 -
arch/powerpc/configs/g5_defconfig | 1 -
arch/powerpc/configs/linkstation_defconfig | 1 -
arch/powerpc/configs/mgcoge_defconfig | 1 -
arch/powerpc/configs/mpc83xx_defconfig | 1 -
arch/powerpc/configs/mvme5100_defconfig | 1 -
arch/powerpc/configs/pmac32_defconfig | 1 -
arch/powerpc/configs/powernv_defconfig | 1 -
arch/powerpc/configs/ppc44x_defconfig | 1 -
arch/powerpc/configs/ppc64_defconfig | 1 -
arch/powerpc/configs/ppc64e_defconfig | 1 -
arch/powerpc/configs/ppc6xx_defconfig | 2 -
arch/powerpc/configs/ps3_defconfig | 1 -
arch/s390/configs/debug_defconfig | 2 -
arch/s390/configs/defconfig | 2 -
arch/sh/configs/hp6xx_defconfig | 1 -
arch/sh/configs/r7780mp_defconfig | 1 -
arch/sh/configs/r7785rp_defconfig | 1 -
arch/sh/configs/se7712_defconfig | 1 -
arch/sh/configs/sh2007_defconfig | 2 -
arch/sparc/configs/sparc32_defconfig | 1 -
arch/sparc/configs/sparc64_defconfig | 2 -
crypto/Kconfig | 18 -
crypto/Makefile | 2 -
crypto/pcbc.c | 195 --------
crypto/tcrypt.c | 4 -
crypto/testmgr.c | 15 -
crypto/testmgr.h | 45 --
net/rxrpc/.kunitconfig | 6 +
net/rxrpc/Kconfig | 13 +-
net/rxrpc/Makefile | 3 +-
net/rxrpc/ar-internal.h | 21 +-
{crypto => net/rxrpc}/fcrypt.c | 330 ++++++--------
net/rxrpc/key.c | 1 -
net/rxrpc/rxkad.c | 429 +++++-------------
net/rxrpc/server_key.c | 1 -
net/rxrpc/tests/Makefile | 3 +
net/rxrpc/tests/rxrpc_kunit.c | 140 ++++++
109 files changed, 427 insertions(+), 925 deletions(-)
delete mode 100644 crypto/pcbc.c
create mode 100644 net/rxrpc/.kunitconfig
rename {crypto => net/rxrpc}/fcrypt.c (65%)
create mode 100644 net/rxrpc/tests/Makefile
create mode 100644 net/rxrpc/tests/rxrpc_kunit.c
base-commit: 1a1f055318d82e64485a6ff8420e5f70b4267998
--
2.54.0
^ permalink raw reply
* Re: [PATCH] crypto: loongson - Select CRYPTO_RNG
From: Eric Biggers @ 2026-05-22 4:03 UTC (permalink / raw)
To: Qunqin Zhao
Cc: Huacai Chen, linux-crypto, Herbert Xu, linux-kernel, loongarch,
Yinggang Gu, Lee Jones, kernel test robot, stable
In-Reply-To: <d71adfa1-8895-e741-b72f-c5e99d5fb9e6@loongson.cn>
On Fri, May 22, 2026 at 11:41:15AM +0800, Qunqin Zhao wrote:
>
> 在 2026/5/22 上午10:57, Eric Biggers 写道:
> > On Fri, May 22, 2026 at 10:52:42AM +0800, Huacai Chen wrote:
> > > On Fri, May 22, 2026 at 10:26 AM Eric Biggers <ebiggers@kernel.org> wrote:
> > > > This driver registers a rng_alg, so it requires CRYPTO_RNG.
> > > >
> > > > Fixes: 766b2d724c8d ("crypto: loongson - add Loongson RNG driver support")
> > > > Reported-by: kernel test robot <lkp@intel.com>
> > > > Closes: https://lore.kernel.org/oe-kbuild-all/202605201622.qWOiiZTV-lkp@intel.com/
> > > > Cc: stable@vger.kernel.org
> > > > Signed-off-by: Eric Biggers <ebiggers@kernel.org>
> > > Reviewed-by: Huacai Chen <chenhuacai@loongson.cn>
> > > > ---
> > > > drivers/crypto/loongson/Kconfig | 1 +
> > > > 1 file changed, 1 insertion(+)
> > > >
> > By the way, do any of the loongson people have any comment on what they
> > think the point of this driver is? It's not registered with the actual
>
> To provide an AF_ALG-based random number generation interface for other
> modules and user-space programs.
>
> Thanks,
>
> Qunqin
AF_ALG is a userspace interface; it's not available for in-kernel use.
If you mean using crypto_rng directly, note that no kernel code actually
uses it other than the tests, the implementation of AF_ALG, and the
FIPS-specific code which uses drbg.c specifically.
So, the first half of your justification doesn't make any sense.
As far as the second half: why would a userspace program do that instead
of just using the regular Linux RNG (/dev/urandom)?
AFAIK, the only reason to use a HW RNG directly is for certification
reasons.
However, there's also already an interface for that: /dev/hw_random.
So AF_ALG seems completely redundant for this case.
- Eric
^ permalink raw reply
* Re: [PATCH] crypto: loongson - Select CRYPTO_RNG
From: Qunqin Zhao @ 2026-05-22 3:41 UTC (permalink / raw)
To: Eric Biggers, Huacai Chen
Cc: linux-crypto, Herbert Xu, linux-kernel, loongarch, Yinggang Gu,
Lee Jones, kernel test robot, stable
In-Reply-To: <20260522025722.GD5937@quark>
在 2026/5/22 上午10:57, Eric Biggers 写道:
> On Fri, May 22, 2026 at 10:52:42AM +0800, Huacai Chen wrote:
>> On Fri, May 22, 2026 at 10:26 AM Eric Biggers <ebiggers@kernel.org> wrote:
>>> This driver registers a rng_alg, so it requires CRYPTO_RNG.
>>>
>>> Fixes: 766b2d724c8d ("crypto: loongson - add Loongson RNG driver support")
>>> Reported-by: kernel test robot <lkp@intel.com>
>>> Closes: https://lore.kernel.org/oe-kbuild-all/202605201622.qWOiiZTV-lkp@intel.com/
>>> Cc: stable@vger.kernel.org
>>> Signed-off-by: Eric Biggers <ebiggers@kernel.org>
>> Reviewed-by: Huacai Chen <chenhuacai@loongson.cn>
>>> ---
>>> drivers/crypto/loongson/Kconfig | 1 +
>>> 1 file changed, 1 insertion(+)
>>>
> By the way, do any of the loongson people have any comment on what they
> think the point of this driver is? It's not registered with the actual
To provide an AF_ALG-based random number generation interface for other
modules and user-space programs.
Thanks,
Qunqin
> hwrng subsystem, but rather the pointless crypto_rng system which no one
> uses. So if it was intended to provide entropy for /dev/urandom etc.,
> that isn't what it's doing.
>
> Can we just delete this driver?
>
> - Eric
^ permalink raw reply
* Re: [PATCH] crypto: loongson - Select CRYPTO_RNG
From: Eric Biggers @ 2026-05-22 2:57 UTC (permalink / raw)
To: Huacai Chen
Cc: linux-crypto, Herbert Xu, linux-kernel, loongarch, Qunqin Zhao,
Yinggang Gu, Lee Jones, kernel test robot, stable
In-Reply-To: <CAAhV-H5cDnWKxBobwRErRyvG8671e6VXsBe6w1RkX9rfn7CVFA@mail.gmail.com>
On Fri, May 22, 2026 at 10:52:42AM +0800, Huacai Chen wrote:
> On Fri, May 22, 2026 at 10:26 AM Eric Biggers <ebiggers@kernel.org> wrote:
> >
> > This driver registers a rng_alg, so it requires CRYPTO_RNG.
> >
> > Fixes: 766b2d724c8d ("crypto: loongson - add Loongson RNG driver support")
> > Reported-by: kernel test robot <lkp@intel.com>
> > Closes: https://lore.kernel.org/oe-kbuild-all/202605201622.qWOiiZTV-lkp@intel.com/
> > Cc: stable@vger.kernel.org
> > Signed-off-by: Eric Biggers <ebiggers@kernel.org>
> Reviewed-by: Huacai Chen <chenhuacai@loongson.cn>
> > ---
> > drivers/crypto/loongson/Kconfig | 1 +
> > 1 file changed, 1 insertion(+)
> >
By the way, do any of the loongson people have any comment on what they
think the point of this driver is? It's not registered with the actual
hwrng subsystem, but rather the pointless crypto_rng system which no one
uses. So if it was intended to provide entropy for /dev/urandom etc.,
that isn't what it's doing.
Can we just delete this driver?
- Eric
^ permalink raw reply
* Re: [PATCH] crypto: loongson - Select CRYPTO_RNG
From: Huacai Chen @ 2026-05-22 2:52 UTC (permalink / raw)
To: Eric Biggers
Cc: linux-crypto, Herbert Xu, linux-kernel, loongarch, Qunqin Zhao,
Yinggang Gu, Lee Jones, kernel test robot, stable
In-Reply-To: <20260522022525.12976-1-ebiggers@kernel.org>
On Fri, May 22, 2026 at 10:26 AM Eric Biggers <ebiggers@kernel.org> wrote:
>
> This driver registers a rng_alg, so it requires CRYPTO_RNG.
>
> Fixes: 766b2d724c8d ("crypto: loongson - add Loongson RNG driver support")
> Reported-by: kernel test robot <lkp@intel.com>
> Closes: https://lore.kernel.org/oe-kbuild-all/202605201622.qWOiiZTV-lkp@intel.com/
> Cc: stable@vger.kernel.org
> Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Reviewed-by: Huacai Chen <chenhuacai@loongson.cn>
> ---
> drivers/crypto/loongson/Kconfig | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/crypto/loongson/Kconfig b/drivers/crypto/loongson/Kconfig
> index 15475da8fc11..f4e1544ffbb4 100644
> --- a/drivers/crypto/loongson/Kconfig
> +++ b/drivers/crypto/loongson/Kconfig
> @@ -1,5 +1,6 @@
> config CRYPTO_DEV_LOONGSON_RNG
> tristate "Support for Loongson RNG Driver"
> depends on MFD_LOONGSON_SE
> + select CRYPTO_RNG
> help
> Support for Loongson RNG Driver.
>
> base-commit: 6c9dddeb582fde005360f4fe02c760d45ca05fb5
> --
> 2.54.0
>
^ permalink raw reply
* Re: [PATCH 0/3] Add support for qcrypto on shikra
From: Eric Biggers @ 2026-05-22 2:49 UTC (permalink / raw)
To: Kuldeep Singh
Cc: Thara Gopinath, Herbert Xu, David S. Miller, Rob Herring,
Krzysztof Kozlowski, Conor Dooley, Bjorn Andersson, Konrad Dybcio,
Vinod Koul, Frank Li, Andy Gross, linux-arm-msm, linux-crypto,
devicetree, linux-kernel, dmaengine
In-Reply-To: <d4d35e17-84fa-4c95-9bfb-abfd25ea7f4a@oss.qualcomm.com>
On Thu, May 21, 2026 at 12:21:41PM +0530, Kuldeep Singh wrote:
> On 15-05-2026 01:17, Eric Biggers wrote:
> > On Fri, May 15, 2026 at 12:53:35AM +0530, Kuldeep Singh wrote:
> >> Add qcrypto and cryptobam DT nodes for enabling qcrypto on kaanapali.
> >> Shikra bam dma supports 7 iommus so update dt-bindings accordingly.
> >>
> >> The patchset depends on below. There's recursive dependency so referred
> >> to base DT patch here.
> >> - https://lore.kernel.org/all/20260512-shikra-dt-v1-0-716438330dd0@oss.qualcomm.com/
> >>
> >> Validations:
> >> - make ARCH=arm64 DT_CHECKER_FLAGS=-m DT_SCHEMA_FILES=Documentation/devicetree/bindings/dma/qcom,bam-dma.yaml dt_binding_check
> >> - make ARCH=arm64 qcom/shikra-cqs-evk.dtb CHECK_DTBS=1 DT_SCHEMA_FILES=Documentation/devicetree/bindings/dma/qcom,bam-dma.yaml
> >> - cryptobam and crypto driver probe
> >> - kcapi test
> >>
> >> Signed-off-by: Kuldeep Singh <kuldeep.singh@oss.qualcomm.com>
> >
> > What specific kernel features would this be useful for, and what
> > specific performance improvements are you seeing with those features?
>
> I hope you mean 7 iommu entries.
>
> Please note, shikra is an old platform and differs with latest platforms
> like kaanapali in terms of iommus#.
> Kaanapali is optimised(in terms of iommus#) as same pipe index/sid i.e
> 4/5 can be used for general purpose or for any other usecase like
> DRM/HDCP etc.
> Whereas for shikra, there's dedicated iommu entry for each usecase and
> same pipe index/sid cannot be used for other usecases.
>
> The performance will be be effectively similar.
It sounds like you don't actually have an answer to my questions, then.
Performance tests (e.g.
https://lore.kernel.org/r/20250615031807.GA81869@sol/) have clearly
shown that this driver is an order of magnitude slower than the CPU.
This driver has historically been quite harmful. People were using it
accidentally and encountering very bad performance, as well as bugs such
as crashes and filesystem hangs. We fixed that by lowering its
cra_priority. But for the same reason, even when enabled on a platform,
it's not actually used. Linux would be better without this driver.
We seem to be seeing the usual drivers/crypto/ pattern here: this crypto
offload driver is being pushed by the hardware manufacturer, with no
awareness of the fact that it's actually useless in Linux.
I've had enough of this. Please consider this series:
Nacked-by: Eric Biggers <ebiggers@kernel.org>
FWIW: the approaches that are actually used and work well in Linux are
ICE and the CPU-accelerated crypto.
- Eric
^ permalink raw reply
* [PATCH] crypto: loongson - Select CRYPTO_RNG
From: Eric Biggers @ 2026-05-22 2:25 UTC (permalink / raw)
To: linux-crypto, Herbert Xu
Cc: linux-kernel, loongarch, Huacai Chen, Qunqin Zhao, Yinggang Gu,
Lee Jones, Eric Biggers, kernel test robot, stable
This driver registers a rng_alg, so it requires CRYPTO_RNG.
Fixes: 766b2d724c8d ("crypto: loongson - add Loongson RNG driver support")
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202605201622.qWOiiZTV-lkp@intel.com/
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
drivers/crypto/loongson/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/crypto/loongson/Kconfig b/drivers/crypto/loongson/Kconfig
index 15475da8fc11..f4e1544ffbb4 100644
--- a/drivers/crypto/loongson/Kconfig
+++ b/drivers/crypto/loongson/Kconfig
@@ -1,5 +1,6 @@
config CRYPTO_DEV_LOONGSON_RNG
tristate "Support for Loongson RNG Driver"
depends on MFD_LOONGSON_SE
+ select CRYPTO_RNG
help
Support for Loongson RNG Driver.
base-commit: 6c9dddeb582fde005360f4fe02c760d45ca05fb5
--
2.54.0
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox