Merge tag 'libcrypto-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux

	  - blake2b-384

	  - blake2b-512

	  Used by the btrfs filesystem.

	  See https://blake2.net for further information.

config CRYPTO_CMAC

	  10118-3), including HMAC support.

	  This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP).

	  Used by the btrfs filesystem, Ceph, NFS, and SMB.

config CRYPTO_SHA512

	tristate "SHA-384 and SHA-512"

	  Extremely fast, working at speeds close to RAM limits.

	  Used by the btrfs filesystem.

endmenu

menu "CRCs (cyclic redundancy checks)"

	  on Communications, Vol. 41, No. 6, June 1993, selected for use with

	  iSCSI.

	  Used by btrfs, ext4, jbd2, NVMeoF/TCP, and iSCSI.

config CRYPTO_CRC32

	tristate "CRC32"

	select CRYPTO_HASH

	help

	  CRC32 CRC algorithm (IEEE 802.3)

	  Used by RoCEv2 and f2fs.

endmenu

menu "Compression"

		.fips_allowed = 1,

	}, {

		.alg = "authenc(hmac(sha224),cbc(aes))",

		.generic_driver = "authenc(hmac-sha224-lib,cbc(aes-generic))",

		.generic_driver = "authenc(hmac-sha224-lib,cbc(aes-lib))",

		.test = alg_test_aead,

		.suite = {

			.aead = __VECS(hmac_sha224_aes_cbc_tv_temp)

		.fips_allowed = 1,

	}, {

		.alg = "authenc(hmac(sha384),cbc(aes))",

		.generic_driver = "authenc(hmac-sha384-lib,cbc(aes-generic))",

		.generic_driver = "authenc(hmac-sha384-lib,cbc(aes-lib))",

		.test = alg_test_aead,

		.suite = {

			.aead = __VECS(hmac_sha384_aes_cbc_tv_temp)

#include <linux/hrtimer.h>

#include <linux/workqueue.h>

#define KUNIT_IRQ_TEST_HRTIMER_INTERVAL us_to_ktime(5)

struct kunit_irq_test_state {

	bool (*func)(void *test_specific_state);

	void *test_specific_state;

	bool task_func_reported_failure;

	bool hardirq_func_reported_failure;

	bool softirq_func_reported_failure;

	atomic_t task_func_calls;

	atomic_t hardirq_func_calls;

	atomic_t softirq_func_calls;

	ktime_t interval;

	struct hrtimer timer;

	struct work_struct bh_work;

};

{

	struct kunit_irq_test_state *state =

		container_of(timer, typeof(*state), timer);

	int task_calls, hardirq_calls, softirq_calls;

	WARN_ON_ONCE(!in_hardirq());

	atomic_inc(&state->hardirq_func_calls);

	task_calls = atomic_read(&state->task_func_calls);

	hardirq_calls = atomic_inc_return(&state->hardirq_func_calls);

	softirq_calls = atomic_read(&state->softirq_func_calls);

	/*

	 * If the timer is firing too often for the softirq or task to ever have

	 * a chance to run, increase the timer interval.  This is needed on very

	 * slow systems.

	 */

	if (hardirq_calls >= 20 && (softirq_calls == 0 || task_calls == 0))

		state->interval = ktime_add_ns(state->interval, 250);

	if (!state->func(state->test_specific_state))

		state->hardirq_func_reported_failure = true;

	hrtimer_forward_now(&state->timer, KUNIT_IRQ_TEST_HRTIMER_INTERVAL);

	hrtimer_forward_now(&state->timer, state->interval);

	queue_work(system_bh_wq, &state->bh_work);

	return HRTIMER_RESTART;

}

	struct kunit_irq_test_state state = {

		.func = func,

		.test_specific_state = test_specific_state,

		/*

		 * Start with a 5us timer interval.  If the system can't keep

		 * up, kunit_irq_test_timer_func() will increase it.

		 */

		.interval = us_to_ktime(5),

	};

	unsigned long end_jiffies;

	int hardirq_calls, softirq_calls;

	bool allctx = false;

	int task_calls, hardirq_calls, softirq_calls;

	/*

	 * Set up a hrtimer (the way we access hardirq context) and a work

	 * and hardirq), or 1 second, whichever comes first.

	 */

	end_jiffies = jiffies + HZ;

	hrtimer_start(&state.timer, KUNIT_IRQ_TEST_HRTIMER_INTERVAL,

		      HRTIMER_MODE_REL_HARD);

	for (int task_calls = 0, calls = 0;

	     ((calls < max_iterations) || !allctx) &&

	     !time_after(jiffies, end_jiffies);

	     task_calls++) {

	hrtimer_start(&state.timer, state.interval, HRTIMER_MODE_REL_HARD);

	do {

		if (!func(test_specific_state))

			state.task_func_reported_failure = true;

		task_calls = atomic_inc_return(&state.task_func_calls);

		hardirq_calls = atomic_read(&state.hardirq_func_calls);

		softirq_calls = atomic_read(&state.softirq_func_calls);

		calls = task_calls + hardirq_calls + softirq_calls;

		allctx = (task_calls > 0) && (hardirq_calls > 0) &&

			 (softirq_calls > 0);

	}

	} while ((task_calls + hardirq_calls + softirq_calls < max_iterations ||

		  (task_calls == 0 || hardirq_calls == 0 ||

		   softirq_calls == 0)) &&

		 !time_after(jiffies, end_jiffies));

	/* Cancel the timer and work. */

	hrtimer_cancel(&state.timer);

CONFIG_KUNIT=y

# These kconfig options select all the CONFIG_CRYPTO_LIB_* symbols that have a

# corresponding KUnit test.  Those symbols cannot be directly enabled here,

# since they are hidden symbols.

CONFIG_CRYPTO=y

CONFIG_CRYPTO_ADIANTUM=y

CONFIG_CRYPTO_BLAKE2B=y

CONFIG_CRYPTO_CHACHA20POLY1305=y

CONFIG_CRYPTO_HCTR2=y

CONFIG_CRYPTO_MD5=y

CONFIG_CRYPTO_MLDSA=y

CONFIG_CRYPTO_SHA1=y

CONFIG_CRYPTO_SHA256=y

CONFIG_CRYPTO_SHA512=y

CONFIG_CRYPTO_SHA3=y

CONFIG_INET=y

CONFIG_IPV6=y

CONFIG_NET=y

CONFIG_NETDEVICES=y

CONFIG_WIREGUARD=y

CONFIG_CRYPTO_LIB_BLAKE2B_KUNIT_TEST=y

CONFIG_CRYPTO_LIB_BLAKE2S_KUNIT_TEST=y

CONFIG_CRYPTO_LIB_CURVE25519_KUNIT_TEST=y

CONFIG_CRYPTO_LIB_MD5_KUNIT_TEST=y

CONFIG_CRYPTO_LIB_MLDSA_KUNIT_TEST=y

CONFIG_CRYPTO_LIB_NH_KUNIT_TEST=y

CONFIG_CRYPTO_LIB_POLY1305_KUNIT_TEST=y

CONFIG_CRYPTO_LIB_POLYVAL_KUNIT_TEST=y

CONFIG_CRYPTO_LIB_SHA1_KUNIT_TEST=y

CONFIG_CRYPTO_LIB_SHA256_KUNIT_TEST=y

CONFIG_CRYPTO_LIB_SHA512_KUNIT_TEST=y

CONFIG_CRYPTO_LIB_SHA3_KUNIT_TEST=y

config CRYPTO_LIB_BLAKE2B_KUNIT_TEST

	tristate "KUnit tests for BLAKE2b" if !KUNIT_ALL_TESTS

	depends on KUNIT

	depends on KUNIT && CRYPTO_LIB_BLAKE2B

	default KUNIT_ALL_TESTS || CRYPTO_SELFTESTS

	select CRYPTO_LIB_BENCHMARK_VISIBLE

	select CRYPTO_LIB_BLAKE2B

	help

	  KUnit tests for the BLAKE2b cryptographic hash function.

	depends on KUNIT

	default KUNIT_ALL_TESTS || CRYPTO_SELFTESTS

	select CRYPTO_LIB_BENCHMARK_VISIBLE

	# No need to select CRYPTO_LIB_BLAKE2S here, as that option doesn't

	# No need to depend on CRYPTO_LIB_BLAKE2S here, as that option doesn't

	# exist; the BLAKE2s code is always built-in for the /dev/random driver.

	help

	  KUnit tests for the BLAKE2s cryptographic hash function.

config CRYPTO_LIB_CURVE25519_KUNIT_TEST

	tristate "KUnit tests for Curve25519" if !KUNIT_ALL_TESTS

	depends on KUNIT

	depends on KUNIT && CRYPTO_LIB_CURVE25519

	default KUNIT_ALL_TESTS || CRYPTO_SELFTESTS

	select CRYPTO_LIB_BENCHMARK_VISIBLE

	select CRYPTO_LIB_CURVE25519

	help

	  KUnit tests for the Curve25519 Diffie-Hellman function.

config CRYPTO_LIB_MD5_KUNIT_TEST

	tristate "KUnit tests for MD5" if !KUNIT_ALL_TESTS

	depends on KUNIT

	depends on KUNIT && CRYPTO_LIB_MD5

	default KUNIT_ALL_TESTS || CRYPTO_SELFTESTS

	select CRYPTO_LIB_BENCHMARK_VISIBLE

	select CRYPTO_LIB_MD5

	help

	  KUnit tests for the MD5 cryptographic hash function and its

	  corresponding HMAC.

config CRYPTO_LIB_MLDSA_KUNIT_TEST

	tristate "KUnit tests for ML-DSA" if !KUNIT_ALL_TESTS

	depends on KUNIT

	depends on KUNIT && CRYPTO_LIB_MLDSA

	default KUNIT_ALL_TESTS || CRYPTO_SELFTESTS

	select CRYPTO_LIB_BENCHMARK_VISIBLE

	select CRYPTO_LIB_MLDSA

	help

	  KUnit tests for the ML-DSA digital signature algorithm.

config CRYPTO_LIB_NH_KUNIT_TEST

	tristate "KUnit tests for NH" if !KUNIT_ALL_TESTS

	depends on KUNIT

	depends on KUNIT && CRYPTO_LIB_NH

	default KUNIT_ALL_TESTS || CRYPTO_SELFTESTS

	select CRYPTO_LIB_NH

	help

	  KUnit tests for the NH almost-universal hash function.

config CRYPTO_LIB_POLY1305_KUNIT_TEST

	tristate "KUnit tests for Poly1305" if !KUNIT_ALL_TESTS

	depends on KUNIT

	depends on KUNIT && CRYPTO_LIB_POLY1305

	default KUNIT_ALL_TESTS || CRYPTO_SELFTESTS

	select CRYPTO_LIB_BENCHMARK_VISIBLE

	select CRYPTO_LIB_POLY1305

	help

	  KUnit tests for the Poly1305 library functions.

config CRYPTO_LIB_POLYVAL_KUNIT_TEST

	tristate "KUnit tests for POLYVAL" if !KUNIT_ALL_TESTS

	depends on KUNIT

	depends on KUNIT && CRYPTO_LIB_POLYVAL

	default KUNIT_ALL_TESTS || CRYPTO_SELFTESTS

	select CRYPTO_LIB_BENCHMARK_VISIBLE

	select CRYPTO_LIB_POLYVAL

	help

	  KUnit tests for the POLYVAL library functions.

config CRYPTO_LIB_SHA1_KUNIT_TEST

	tristate "KUnit tests for SHA-1" if !KUNIT_ALL_TESTS

	depends on KUNIT

	depends on KUNIT && CRYPTO_LIB_SHA1

	default KUNIT_ALL_TESTS || CRYPTO_SELFTESTS

	select CRYPTO_LIB_BENCHMARK_VISIBLE

	select CRYPTO_LIB_SHA1

	help

	  KUnit tests for the SHA-1 cryptographic hash function and its

	  corresponding HMAC.

# included, for consistency with the naming used elsewhere (e.g. CRYPTO_SHA256).

config CRYPTO_LIB_SHA256_KUNIT_TEST

	tristate "KUnit tests for SHA-224 and SHA-256" if !KUNIT_ALL_TESTS

	depends on KUNIT

	depends on KUNIT && CRYPTO_LIB_SHA256

	default KUNIT_ALL_TESTS || CRYPTO_SELFTESTS

	select CRYPTO_LIB_BENCHMARK_VISIBLE

	select CRYPTO_LIB_SHA256

	help

	  KUnit tests for the SHA-224 and SHA-256 cryptographic hash functions

	  and their corresponding HMACs.

# included, for consistency with the naming used elsewhere (e.g. CRYPTO_SHA512).

config CRYPTO_LIB_SHA512_KUNIT_TEST

	tristate "KUnit tests for SHA-384 and SHA-512" if !KUNIT_ALL_TESTS

	depends on KUNIT

	depends on KUNIT && CRYPTO_LIB_SHA512

	default KUNIT_ALL_TESTS || CRYPTO_SELFTESTS

	select CRYPTO_LIB_BENCHMARK_VISIBLE

	select CRYPTO_LIB_SHA512

	help

	  KUnit tests for the SHA-384 and SHA-512 cryptographic hash functions

	  and their corresponding HMACs.

config CRYPTO_LIB_SHA3_KUNIT_TEST

	tristate "KUnit tests for SHA-3" if !KUNIT_ALL_TESTS

	depends on KUNIT

	depends on KUNIT && CRYPTO_LIB_SHA3

	default KUNIT_ALL_TESTS || CRYPTO_SELFTESTS

	select CRYPTO_LIB_BENCHMARK_VISIBLE

	select CRYPTO_LIB_SHA3

	help

	  KUnit tests for the SHA3 cryptographic hash and XOF functions,

	  including SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128 and