{"id":2183204,"url":"http://patchwork.ozlabs.org/api/patches/2183204/?format=json","web_url":"http://patchwork.ozlabs.org/project/linuxppc-dev/patch/20260112192035.10427-30-ebiggers@kernel.org/","project":{"id":2,"url":"http://patchwork.ozlabs.org/api/projects/2/?format=json","name":"Linux PPC development","link_name":"linuxppc-dev","list_id":"linuxppc-dev.lists.ozlabs.org","list_email":"linuxppc-dev@lists.ozlabs.org","web_url":"https://github.com/linuxppc/wiki/wiki","scm_url":"https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git","webscm_url":"https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/","list_archive_url":"https://lore.kernel.org/linuxppc-dev/","list_archive_url_format":"https://lore.kernel.org/linuxppc-dev/{}/","commit_url_format":"https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?id={}"},"msgid":"<20260112192035.10427-30-ebiggers@kernel.org>","list_archive_url":"https://lore.kernel.org/linuxppc-dev/20260112192035.10427-30-ebiggers@kernel.org/","date":"2026-01-12T19:20:27","name":"[v2,29/35] crypto: drbg - Use new AES library API","commit_ref":null,"pull_url":null,"state":"handled-elsewhere","archived":false,"hash":"905d68b22b1898657617ee0f1adf22ac4f3ad5db","submitter":{"id":74690,"url":"http://patchwork.ozlabs.org/api/people/74690/?format=json","name":"Eric Biggers","email":"ebiggers@kernel.org"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/linuxppc-dev/patch/20260112192035.10427-30-ebiggers@kernel.org/mbox/","series":[{"id":488089,"url":"http://patchwork.ozlabs.org/api/series/488089/?format=json","web_url":"http://patchwork.ozlabs.org/project/linuxppc-dev/list/?series=488089","date":"2026-01-12T19:19:58","name":"AES library improvements","version":2,"mbox":"http://patchwork.ozlabs.org/series/488089/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2183204/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2183204/checks/","tags":{},"related":[],"headers":{"Return-Path":"\n ","X-Original-To":["incoming@patchwork.ozlabs.org","linuxppc-dev@lists.ozlabs.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=X+MPGuKb;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org\n (client-ip=2404:9400:21b9:f100::1; helo=lists.ozlabs.org;\n envelope-from=linuxppc-dev+bounces-15570-incoming=patchwork.ozlabs.org@lists.ozlabs.org;\n receiver=patchwork.ozlabs.org)","lists.ozlabs.org;\n arc=none smtp.remote-ip=172.234.252.31","lists.ozlabs.org;\n dmarc=pass (p=quarantine dis=none) header.from=kernel.org","lists.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=X+MPGuKb;\n\tdkim-atps=neutral","lists.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=kernel.org\n (client-ip=172.234.252.31; helo=sea.source.kernel.org;\n envelope-from=ebiggers@kernel.org; receiver=lists.ozlabs.org)"],"Received":["from lists.ozlabs.org (lists.ozlabs.org\n [IPv6:2404:9400:21b9:f100::1])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4dqj5R5Y6Yz1xpY\n\tfor ; Tue, 13 Jan 2026 06:25:31 +1100 (AEDT)","from boromir.ozlabs.org (localhost [127.0.0.1])\n\tby lists.ozlabs.org (Postfix) with ESMTP id 4dqj3D5tymz30WT;\n\tTue, 13 Jan 2026 06:23:36 +1100 (AEDT)","from sea.source.kernel.org (sea.source.kernel.org [172.234.252.31])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby lists.ozlabs.org (Postfix) with ESMTPS id 4dqj3C4Hs3z30V1\n\tfor ; Tue, 13 Jan 2026 06:23:35 +1100 (AEDT)","from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58])\n\tby sea.source.kernel.org (Postfix) with ESMTP id 0DE3C44403;\n\tMon, 12 Jan 2026 19:23:34 +0000 (UTC)","by smtp.kernel.org (Postfix) with ESMTPSA id 7ED5EC19425;\n\tMon, 12 Jan 2026 19:23:33 +0000 (UTC)"],"ARC-Seal":"i=1; a=rsa-sha256; d=lists.ozlabs.org; s=201707; t=1768245816;\n\tcv=none;\n b=lBqLQWGyaVsyW+M0UFOqhep5njeswM4ttCFjNWiK5FZzK0OAnL5THJ2MLhbGxS+Llr4Rz7oKmKTROtTO7vIEwXnfGQYH69HYoxz729c0+4RpLhJvkGMT+sTahXQT8oibWZCCnHm/0jEJOwv6oEpqBCS5gA5V/6Fetb0lEjsuERElujqa/d18Y8v+XEZQdcB54UJ59fD7tdsqeS3JoYFHJ9ezJNNzOxOUC81UlXA0HXA502VkzFqfxU19FGk0yZQ6qwaroz22m/uZLtHFCS9PB2cR/y81ES1XXqKrKRnWzbGsSZ6M0IBurskw55yrYUCZqJue8ATOBlI0L3SJXCAXIw==","ARC-Message-Signature":"i=1; a=rsa-sha256; d=lists.ozlabs.org; s=201707;\n\tt=1768245816; c=relaxed/relaxed;\n\tbh=KpIe2rpQpLZfztXdTuzMDMMPDAEpP3pXswaNe/cBIQE=;\n\th=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version;\n b=Ghti6LW622i6KgQ2T1c0lyqsl4pk7o+VIeFWOs87yTHUTuT8+a8gF4muNfoe/ZJW+nxCi7LcUJTurT2N3eb/6VL1ZH4nZ1WIeqx69utG7DBKDvwwXNYU0hRwpyO4KaLZKN7M4H5KPVDTCQmvrFVUplVDaoezfFw6zLDwxQBtJIEkhe3W6rQih0fbIpBOGzIZ9v/cx0RtdmUGQ2u8j1DjyEWCc0ZY/633/Jopg7F7+WaQMY+wOdU2alBa2Pib392MLvVgtNCrYId11+Qb+dT5kVSLJvzfO7GI2VMi/54BNlKzNd87xIPcU08IAuTHIhJGsv+yR1n460wzdaNTsoX4hA==","ARC-Authentication-Results":"i=1; lists.ozlabs.org;\n dmarc=pass (p=quarantine dis=none) header.from=kernel.org;\n dkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=X+MPGuKb; dkim-atps=neutral;\n spf=pass (client-ip=172.234.252.31; helo=sea.source.kernel.org;\n envelope-from=ebiggers@kernel.org;\n receiver=lists.ozlabs.org) smtp.mailfrom=kernel.org","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;\n\ts=k20201202; t=1768245813;\n\tbh=BBKB65xS0OpZpUhmAej3YWy5tO0vX+fEXhT2Dx9/+hQ=;\n\th=From:To:Cc:Subject:Date:In-Reply-To:References:From;\n\tb=X+MPGuKbhpS7/FgOBDKBzcyb8WMNKxVDlbJDnBswswVQjNTyepUQk3tSVY14vE2zG\n\t UX57SThhUr6Rv+zmecFVUL2A4P+qu9QTjUEyKTZav5Gh2dKxYHvAMSCcQhXmTNnuwP\n\t tLQMKrNcAajFMfItPOX1wSFsknV6Co/uCfzKLKNTgNifbkU7gxwh/q3sATLoURCx2z\n\t gr0Tqh7T9MZCcuPbyEwXmKyevYKB/i8+EKi0FtQ3ug05KV0iq0dR7aeHRx+JyVWpzE\n\t sIlhv3742IeqSPA8e9lIewSPkEJz1LGVfF+7jYw296kTbwivG2Ax+nyMLnnTsZwvdg\n\t lrCYmNH+jyOcg==","From":"Eric Biggers ","To":"linux-crypto@vger.kernel.org","Cc":"linux-kernel@vger.kernel.org,\n\tArd Biesheuvel ,\n\t\"Jason A . Donenfeld\" ,\n\tHerbert Xu ,\n\tlinux-arm-kernel@lists.infradead.org,\n\tlinuxppc-dev@lists.ozlabs.org,\n\tlinux-riscv@lists.infradead.org,\n\tlinux-s390@vger.kernel.org,\n\tsparclinux@vger.kernel.org,\n\tx86@kernel.org,\n\tHolger Dengler ,\n\tHarald Freudenberger ,\n\tEric Biggers ","Subject":"[PATCH v2 29/35] crypto: drbg - Use new AES library API","Date":"Mon, 12 Jan 2026 11:20:27 -0800","Message-ID":"<20260112192035.10427-30-ebiggers@kernel.org>","X-Mailer":"git-send-email 2.52.0","In-Reply-To":"<20260112192035.10427-1-ebiggers@kernel.org>","References":"<20260112192035.10427-1-ebiggers@kernel.org>","X-Mailing-List":"linuxppc-dev@lists.ozlabs.org","List-Id":"","List-Help":"","List-Owner":"","List-Post":"","List-Archive":",\n ","List-Subscribe":",\n ,\n ","List-Unsubscribe":"","Precedence":"list","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","X-Spam-Status":"No, score=-0.2 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,\n\tDKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS\n\tautolearn=disabled version=4.0.1 OzLabs 8","X-Spam-Checker-Version":"SpamAssassin 4.0.1 (2024-03-25) on lists.ozlabs.org"},"content":"Switch from the old AES library functions (which use struct\ncrypto_aes_ctx) to the new ones (which use struct aes_enckey). This\neliminates the unnecessary computation and caching of the decryption\nround keys. The new AES en/decryption functions are also much faster\nand use AES instructions when supported by the CPU.\n\nNote that in addition to the change in the key preparation function and\nthe key struct type itself, the change in the type of the key struct\nresults in aes_encrypt() (which is temporarily a type-generic macro)\ncalling the new encryption function rather than the old one.\n\nAcked-by: Ard Biesheuvel \nSigned-off-by: Eric Biggers \n---\n crypto/df_sp80090a.c | 30 ++++++++++-------------------\n crypto/drbg.c | 12 ++++++------\n drivers/crypto/xilinx/xilinx-trng.c | 8 ++++----\n include/crypto/df_sp80090a.h | 2 +-\n 4 files changed, 21 insertions(+), 31 deletions(-)","diff":"diff --git a/crypto/df_sp80090a.c b/crypto/df_sp80090a.c\nindex dc63b31a93fc..b8134be6f7ad 100644\n--- a/crypto/df_sp80090a.c\n+++ b/crypto/df_sp80090a.c\n@@ -12,31 +12,21 @@\n #include \n #include \n #include \n #include \n \n-static void drbg_kcapi_symsetkey(struct crypto_aes_ctx *aesctx,\n-\t\t\t\t const unsigned char *key,\n-\t\t\t\t u8 keylen);\n-static void drbg_kcapi_symsetkey(struct crypto_aes_ctx *aesctx,\n-\t\t\t\t const unsigned char *key, u8 keylen)\n-{\n-\taes_expandkey(aesctx, key, keylen);\n-}\n-\n-static void drbg_kcapi_sym(struct crypto_aes_ctx *aesctx,\n-\t\t\t unsigned char *outval,\n+static void drbg_kcapi_sym(struct aes_enckey *aeskey, unsigned char *outval,\n \t\t\t const struct drbg_string *in, u8 blocklen_bytes)\n {\n \t/* there is only component in *in */\n \tBUG_ON(in->len < blocklen_bytes);\n-\taes_encrypt(aesctx, outval, in->buf);\n+\taes_encrypt(aeskey, outval, in->buf);\n }\n \n /* BCC function for CTR DRBG as defined in 10.4.3 */\n \n-static void drbg_ctr_bcc(struct crypto_aes_ctx *aesctx,\n+static void drbg_ctr_bcc(struct aes_enckey *aeskey,\n \t\t\t unsigned char *out, const unsigned char *key,\n \t\t\t struct list_head *in,\n \t\t\t u8 blocklen_bytes,\n \t\t\t u8 keylen)\n {\n@@ -45,30 +35,30 @@ static void drbg_ctr_bcc(struct crypto_aes_ctx *aesctx,\n \tshort cnt = 0;\n \n \tdrbg_string_fill(&data, out, blocklen_bytes);\n \n \t/* 10.4.3 step 2 / 4 */\n-\tdrbg_kcapi_symsetkey(aesctx, key, keylen);\n+\taes_prepareenckey(aeskey, key, keylen);\n \tlist_for_each_entry(curr, in, list) {\n \t\tconst unsigned char *pos = curr->buf;\n \t\tsize_t len = curr->len;\n \t\t/* 10.4.3 step 4.1 */\n \t\twhile (len) {\n \t\t\t/* 10.4.3 step 4.2 */\n \t\t\tif (blocklen_bytes == cnt) {\n \t\t\t\tcnt = 0;\n-\t\t\t\tdrbg_kcapi_sym(aesctx, out, &data, blocklen_bytes);\n+\t\t\t\tdrbg_kcapi_sym(aeskey, out, &data, blocklen_bytes);\n \t\t\t}\n \t\t\tout[cnt] ^= *pos;\n \t\t\tpos++;\n \t\t\tcnt++;\n \t\t\tlen--;\n \t\t}\n \t}\n \t/* 10.4.3 step 4.2 for last block */\n \tif (cnt)\n-\t\tdrbg_kcapi_sym(aesctx, out, &data, blocklen_bytes);\n+\t\tdrbg_kcapi_sym(aeskey, out, &data, blocklen_bytes);\n }\n \n /*\n * scratchpad usage: drbg_ctr_update is interlinked with crypto_drbg_ctr_df\n * (and drbg_ctr_bcc, but this function does not need any temporary buffers),\n@@ -108,11 +98,11 @@ static void drbg_ctr_bcc(struct crypto_aes_ctx *aesctx,\n *\t\t\tpossibilities.\n * refer to crypto_drbg_ctr_df_datalen() to get required length\n */\n \n /* Derivation Function for CTR DRBG as defined in 10.4.2 */\n-int crypto_drbg_ctr_df(struct crypto_aes_ctx *aesctx,\n+int crypto_drbg_ctr_df(struct aes_enckey *aeskey,\n \t\t unsigned char *df_data, size_t bytes_to_return,\n \t\t struct list_head *seedlist,\n \t\t u8 blocklen_bytes,\n \t\t u8 statelen)\n {\n@@ -185,11 +175,11 @@ int crypto_drbg_ctr_df(struct crypto_aes_ctx *aesctx,\n \t\t * holds zeros after allocation -- even the increment of i\n \t\t * is irrelevant as the increment remains within length of i\n \t\t */\n \t\tdrbg_cpu_to_be32(i, iv);\n \t\t/* 10.4.2 step 9.2 -- BCC and concatenation with temp */\n-\t\tdrbg_ctr_bcc(aesctx, temp + templen, K, &bcc_list,\n+\t\tdrbg_ctr_bcc(aeskey, temp + templen, K, &bcc_list,\n \t\t\t blocklen_bytes, keylen);\n \t\t/* 10.4.2 step 9.3 */\n \t\ti++;\n \t\ttemplen += blocklen_bytes;\n \t}\n@@ -199,19 +189,19 @@ int crypto_drbg_ctr_df(struct crypto_aes_ctx *aesctx,\n \tdrbg_string_fill(&cipherin, X, blocklen_bytes);\n \n \t/* 10.4.2 step 12: overwriting of outval is implemented in next step */\n \n \t/* 10.4.2 step 13 */\n-\tdrbg_kcapi_symsetkey(aesctx, temp, keylen);\n+\taes_prepareenckey(aeskey, temp, keylen);\n \twhile (generated_len < bytes_to_return) {\n \t\tshort blocklen = 0;\n \t\t/*\n \t\t * 10.4.2 step 13.1: the truncation of the key length is\n \t\t * implicit as the key is only drbg_blocklen in size based on\n \t\t * the implementation of the cipher function callback\n \t\t */\n-\t\tdrbg_kcapi_sym(aesctx, X, &cipherin, blocklen_bytes);\n+\t\tdrbg_kcapi_sym(aeskey, X, &cipherin, blocklen_bytes);\n \t\tblocklen = (blocklen_bytes <\n \t\t\t\t(bytes_to_return - generated_len)) ?\n \t\t\t blocklen_bytes :\n \t\t\t\t(bytes_to_return - generated_len);\n \t\t/* 10.4.2 step 13.2 and 14 */\ndiff --git a/crypto/drbg.c b/crypto/drbg.c\nindex 1d433dae9955..85cc4549bd58 100644\n--- a/crypto/drbg.c\n+++ b/crypto/drbg.c\n@@ -1503,13 +1503,13 @@ static int drbg_kcapi_hash(struct drbg_state *drbg, unsigned char *outval,\n #endif /* (CONFIG_CRYPTO_DRBG_HASH || CONFIG_CRYPTO_DRBG_HMAC) */\n \n #ifdef CONFIG_CRYPTO_DRBG_CTR\n static int drbg_fini_sym_kernel(struct drbg_state *drbg)\n {\n-\tstruct crypto_aes_ctx *aesctx =\t(struct crypto_aes_ctx *)drbg->priv_data;\n+\tstruct aes_enckey *aeskey = drbg->priv_data;\n \n-\tkfree(aesctx);\n+\tkfree(aeskey);\n \tdrbg->priv_data = NULL;\n \n \tif (drbg->ctr_handle)\n \t\tcrypto_free_skcipher(drbg->ctr_handle);\n \tdrbg->ctr_handle = NULL;\n@@ -1524,20 +1524,20 @@ static int drbg_fini_sym_kernel(struct drbg_state *drbg)\n \treturn 0;\n }\n \n static int drbg_init_sym_kernel(struct drbg_state *drbg)\n {\n-\tstruct crypto_aes_ctx *aesctx;\n+\tstruct aes_enckey *aeskey;\n \tstruct crypto_skcipher *sk_tfm;\n \tstruct skcipher_request *req;\n \tunsigned int alignmask;\n \tchar ctr_name[CRYPTO_MAX_ALG_NAME];\n \n-\taesctx = kzalloc(sizeof(*aesctx), GFP_KERNEL);\n-\tif (!aesctx)\n+\taeskey = kzalloc(sizeof(*aeskey), GFP_KERNEL);\n+\tif (!aeskey)\n \t\treturn -ENOMEM;\n-\tdrbg->priv_data = aesctx;\n+\tdrbg->priv_data = aeskey;\n \n \tif (snprintf(ctr_name, CRYPTO_MAX_ALG_NAME, \"ctr(%s)\",\n \t drbg->core->backend_cra_name) >= CRYPTO_MAX_ALG_NAME) {\n \t\tdrbg_fini_sym_kernel(drbg);\n \t\treturn -EINVAL;\ndiff --git a/drivers/crypto/xilinx/xilinx-trng.c b/drivers/crypto/xilinx/xilinx-trng.c\nindex db0fbb28ff32..5276ac2d82bb 100644\n--- a/drivers/crypto/xilinx/xilinx-trng.c\n+++ b/drivers/crypto/xilinx/xilinx-trng.c\n@@ -58,11 +58,11 @@\n \n struct xilinx_rng {\n \tvoid __iomem *rng_base;\n \tstruct device *dev;\n \tunsigned char *scratchpadbuf;\n-\tstruct crypto_aes_ctx *aesctx;\n+\tstruct aes_enckey *aeskey;\n \tstruct mutex lock;\t/* Protect access to TRNG device */\n \tstruct hwrng trng;\n };\n \n struct xilinx_rng_ctx {\n@@ -196,11 +196,11 @@ static int xtrng_reseed_internal(struct xilinx_rng *rng)\n \n \t/* collect random data to use it as entropy (input for DF) */\n \tret = xtrng_collect_random_data(rng, entropy, TRNG_SEED_LEN_BYTES, true);\n \tif (ret != TRNG_SEED_LEN_BYTES)\n \t\treturn -EINVAL;\n-\tret = crypto_drbg_ctr_df(rng->aesctx, rng->scratchpadbuf,\n+\tret = crypto_drbg_ctr_df(rng->aeskey, rng->scratchpadbuf,\n \t\t\t\t TRNG_SEED_LEN_BYTES, &seedlist, AES_BLOCK_SIZE,\n \t\t\t\t TRNG_SEED_LEN_BYTES);\n \tif (ret)\n \t\treturn ret;\n \n@@ -347,12 +347,12 @@ static int xtrng_probe(struct platform_device *pdev)\n \tif (IS_ERR(rng->rng_base)) {\n \t\tdev_err(&pdev->dev, \"Failed to map resource %pe\\n\", rng->rng_base);\n \t\treturn PTR_ERR(rng->rng_base);\n \t}\n \n-\trng->aesctx = devm_kzalloc(&pdev->dev, sizeof(*rng->aesctx), GFP_KERNEL);\n-\tif (!rng->aesctx)\n+\trng->aeskey = devm_kzalloc(&pdev->dev, sizeof(*rng->aeskey), GFP_KERNEL);\n+\tif (!rng->aeskey)\n \t\treturn -ENOMEM;\n \n \tsb_size = crypto_drbg_ctr_df_datalen(TRNG_SEED_LEN_BYTES, AES_BLOCK_SIZE);\n \trng->scratchpadbuf = devm_kzalloc(&pdev->dev, sb_size, GFP_KERNEL);\n \tif (!rng->scratchpadbuf) {\ndiff --git a/include/crypto/df_sp80090a.h b/include/crypto/df_sp80090a.h\nindex 6b25305fe611..cb5d6fe15d40 100644\n--- a/include/crypto/df_sp80090a.h\n+++ b/include/crypto/df_sp80090a.h\n@@ -16,11 +16,11 @@ static inline int crypto_drbg_ctr_df_datalen(u8 statelen, u8 blocklen)\n \t\tblocklen + /* pad */\n \t\tblocklen + /* iv */\n \t\tstatelen + blocklen; /* temp */\n }\n \n-int crypto_drbg_ctr_df(struct crypto_aes_ctx *aes,\n+int crypto_drbg_ctr_df(struct aes_enckey *aes,\n \t\t unsigned char *df_data,\n \t\t size_t bytes_to_return,\n \t\t struct list_head *seedlist,\n \t\t u8 blocklen_bytes,\n \t\t u8 statelen);\n","prefixes":["v2","29/35"]}