From fcff71fd888dce1533a3975e68fc80824ff69ef9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= Date: Fri, 2 Jan 2026 08:32:03 +0100 Subject: [PATCH 1/4] lib/crypto: tests: polyval_kunit: Increase iterations for preparekey in IRQs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On my development machine the generic, memcpy()-only implementation of polyval_preparekey() is too fast for the IRQ workers to actually fire. The test fails. Increase the iterations to make the test more robust. The test will run for a maximum of one second in any case. [EB: This failure was already fixed by commit c31f4aa8fed0 ("kunit: Enforce task execution in {soft,hard}irq contexts"). I'm still applying this patch too, since the iteration count in this test made its running time much shorter than the other similar ones.] Fixes: b3aed551b3fc ("lib/crypto: tests: Add KUnit tests for POLYVAL") Signed-off-by: Thomas Weißschuh Link: https://lore.kernel.org/r/20260102-kunit-polyval-fix-v1-1-5313b5a65f35@linutronix.de Signed-off-by: Eric Biggers --- lib/crypto/tests/polyval_kunit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/crypto/tests/polyval_kunit.c b/lib/crypto/tests/polyval_kunit.c index e59f598c1572..f47f41a39a41 100644 --- a/lib/crypto/tests/polyval_kunit.c +++ b/lib/crypto/tests/polyval_kunit.c @@ -183,7 +183,7 @@ static void test_polyval_preparekey_in_irqs(struct kunit *test) rand_bytes(state.raw_key, sizeof(state.raw_key)); polyval_preparekey(&state.expected_key, state.raw_key); - kunit_run_irq_test(test, polyval_irq_test_func, 20000, &state); + kunit_run_irq_test(test, polyval_irq_test_func, 200000, &state); } static int polyval_suite_init(struct kunit_suite *suite) From 0f42c2a52d8a7535088895c3104150ac9019afd8 Mon Sep 17 00:00:00 2001 From: Jie Zhan Date: Wed, 7 Jan 2026 09:58:29 +0800 Subject: [PATCH 2/4] lib/crypto: tests: Fix syntax error for old python versions 'make binrpm-pkg' throws me this error, with Python 3.9: *** Error compiling '.../gen-hash-testvecs.py'... File ".../scripts/crypto/gen-hash-testvecs.py", line 121 return f'{alg.upper().replace('-', '_')}_DIGEST_SIZE' ^ SyntaxError: f-string: unmatched '(' Old python versions, presumably <= 3.11, can't resolve these quotes. Fix it with double quotes for compatibility. Fixes: 15c64c47e484 ("lib/crypto: tests: Add SHA3 kunit tests") Signed-off-by: Jie Zhan Link: https://lore.kernel.org/r/20260107015829.2000699-1-zhanjie9@hisilicon.com Signed-off-by: Eric Biggers --- scripts/crypto/gen-hash-testvecs.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/crypto/gen-hash-testvecs.py b/scripts/crypto/gen-hash-testvecs.py index c1d0517140bd..c773294fba64 100755 --- a/scripts/crypto/gen-hash-testvecs.py +++ b/scripts/crypto/gen-hash-testvecs.py @@ -118,7 +118,7 @@ def print_c_struct_u8_array_field(name, value): def alg_digest_size_const(alg): if alg.startswith('blake2'): return f'{alg.upper()}_HASH_SIZE' - return f'{alg.upper().replace('-', '_')}_DIGEST_SIZE' + return f"{alg.upper().replace('-', '_')}_DIGEST_SIZE" def gen_unkeyed_testvecs(alg): print('') From 2eb57ca7cc373404aa1399a9d926dea8479eb728 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 6 Jan 2026 19:39:48 -0800 Subject: [PATCH 3/4] MAINTAINERS: add test vector generation scripts to "CRYPTO LIBRARY" The scripts in scripts/crypto/ are used to generate files in lib/crypto/, so they should be included in "CRYPTO LIBRARY". Acked-by: Ard Biesheuvel Link: https://lore.kernel.org/r/20260107033948.29368-1-ebiggers@kernel.org Signed-off-by: Eric Biggers --- MAINTAINERS | 1 + 1 file changed, 1 insertion(+) diff --git a/MAINTAINERS b/MAINTAINERS index 765ad2daa218..87d97df65959 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -6705,6 +6705,7 @@ S: Maintained T: git https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git libcrypto-next T: git https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git libcrypto-fixes F: lib/crypto/ +F: scripts/crypto/ CRYPTO SPEED TEST COMPARE M: Wang Jinchao From 74d74bb78aeccc9edc10db216d6be121cf7ec176 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 6 Jan 2026 21:20:23 -0800 Subject: [PATCH 4/4] lib/crypto: aes: Fix missing MMU protection for AES S-box __cacheline_aligned puts the data in the ".data..cacheline_aligned" section, which isn't marked read-only i.e. it doesn't receive MMU protection. Replace it with ____cacheline_aligned which does the right thing and just aligns the data while keeping it in ".rodata". Fixes: b5e0b032b6c3 ("crypto: aes - add generic time invariant AES cipher") Cc: stable@vger.kernel.org Reported-by: Qingfang Deng Closes: https://lore.kernel.org/r/20260105074712.498-1-dqfext@gmail.com/ Acked-by: Ard Biesheuvel Link: https://lore.kernel.org/r/20260107052023.174620-1-ebiggers@kernel.org Signed-off-by: Eric Biggers --- lib/crypto/aes.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/crypto/aes.c b/lib/crypto/aes.c index b57fda3460f1..102aaa76bc8d 100644 --- a/lib/crypto/aes.c +++ b/lib/crypto/aes.c @@ -13,7 +13,7 @@ * Emit the sbox as volatile const to prevent the compiler from doing * constant folding on sbox references involving fixed indexes. */ -static volatile const u8 __cacheline_aligned aes_sbox[] = { +static volatile const u8 ____cacheline_aligned aes_sbox[] = { 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, @@ -48,7 +48,7 @@ static volatile const u8 __cacheline_aligned aes_sbox[] = { 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16, }; -static volatile const u8 __cacheline_aligned aes_inv_sbox[] = { +static volatile const u8 ____cacheline_aligned aes_inv_sbox[] = { 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,