This series is also available at:

    git fetch https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git sha256-lib-cleanup-v2

This series improves the SHA-224 and SHA-256 library code to be
consistent with what I did for SHA-384 and SHA-512.  This includes:

- Use stronger typing in the SHA-224 and SHA-256 functions.

- Add support for HMAC-SHA224 and HMAC-SHA256.  (I'll send a separate
  patch with KUnit test cases for this.)

- Make the old-school crypto API's support for sha224 and sha256 just
  use the actual library API, instead of unsafe low-level functions.

- Consolidate the CPU-based SHA-224 and SHA-256 code into a single
  module, with better inlining and dead code elimination.

- Properly document the SHA-224 and SHA-256 functions.

- Other changes to synchronize the code with SHA-384 and SHA-512.

Changed in v2:
- Dropped sha224_kunit.c changes; it will be added later in the history
- Dropped some patches that I folded into the SHA-512 series
- Removed redundant checks of IS_ENABLED(CONFIG_KERNEL_MODE_NEON)
- Removed obsolete setting of -DARCH for sha256.o
- Fixed a commit title to mention sha256 instead of sha512
- Excluded HMAC-SHA{224,256} code from purgatory, where it isn't needed

Eric Biggers (14):
  libceph: Rename hmac_sha256() to ceph_hmac_sha256()
  cxl/test: Simplify fw_buf_checksum_show()
  lib/crypto: sha256: Reorder some code
  lib/crypto: sha256: Remove sha256_blocks_simd()
  lib/crypto: sha256: Add sha224() and sha224_update()
  lib/crypto: sha256: Make library API use strongly-typed contexts
  lib/crypto: sha256: Propagate sha256_block_state type to
    implementations
  lib/crypto: sha256: Add HMAC-SHA224 and HMAC-SHA256 support
  crypto: sha256 - Wrap library and add HMAC support
  crypto: sha256 - Use same state format as legacy drivers
  lib/crypto: sha256: Remove sha256_is_arch_optimized()
  lib/crypto: sha256: Consolidate into single module
  lib/crypto: sha256: Sync sha256_update() with sha512_update()
  lib/crypto: sha256: Document the SHA-224 and SHA-256 API

 arch/mips/cavium-octeon/Kconfig               |   6 -
 arch/mips/cavium-octeon/crypto/Makefile       |   1 -
 arch/riscv/purgatory/purgatory.c              |   8 +-
 arch/s390/purgatory/purgatory.c               |   2 +-
 arch/x86/purgatory/purgatory.c                |   2 +-
 crypto/Kconfig                                |   4 +-
 crypto/Makefile                               |   1 -
 crypto/sha256.c                               | 371 +++++++++-------
 crypto/testmgr.c                              |  12 +
 drivers/char/tpm/tpm2-sessions.c              |  12 +-
 drivers/crypto/img-hash.c                     |   4 +-
 drivers/crypto/starfive/jh7110-hash.c         |   8 +-
 include/crypto/internal/sha2.h                |  66 ---
 include/crypto/sha2.h                         | 390 +++++++++++++++--
 kernel/kexec_file.c                           |  10 +-
 lib/crypto/Kconfig                            |  34 +-
 lib/crypto/Makefile                           |  39 +-
 lib/crypto/arm/Kconfig                        |   7 -
 lib/crypto/arm/Makefile                       |   8 +-
 lib/crypto/arm/sha256-armv4.pl                |  20 +-
 lib/crypto/arm/sha256-ce.S                    |   2 +-
 lib/crypto/arm/sha256.c                       |  64 ---
 lib/crypto/arm/sha256.h                       |  46 ++
 lib/crypto/arm64/Kconfig                      |   6 -
 lib/crypto/arm64/Makefile                     |   9 +-
 lib/crypto/arm64/sha2-armv8.pl                |   2 +-
 lib/crypto/arm64/sha256-ce.S                  |   2 +-
 lib/crypto/arm64/sha256.c                     |  75 ----
 lib/crypto/arm64/sha256.h                     |  57 +++
 lib/crypto/arm64/sha512.h                     |   6 +-
 .../crypto/mips/sha256.h                      |  20 +-
 lib/crypto/powerpc/Kconfig                    |   6 -
 lib/crypto/powerpc/Makefile                   |   3 -
 lib/crypto/powerpc/{sha256.c => sha256.h}     |  19 +-
 lib/crypto/riscv/Kconfig                      |   8 -
 lib/crypto/riscv/Makefile                     |   3 -
 .../sha256-riscv64-zvknha_or_zvknhb-zvkb.S    |   2 +-
 lib/crypto/riscv/sha256.c                     |  67 ---
 lib/crypto/riscv/sha256.h                     |  42 ++
 lib/crypto/s390/Kconfig                       |   6 -
 lib/crypto/s390/Makefile                      |   3 -
 lib/crypto/s390/sha256.c                      |  47 --
 lib/crypto/s390/sha256.h                      |  28 ++
 lib/crypto/sha256-generic.c                   | 138 ------
 lib/crypto/sha256.c                           | 413 ++++++++++++++++--
 lib/crypto/sparc/Kconfig                      |   8 -
 lib/crypto/sparc/Makefile                     |   4 -
 lib/crypto/sparc/{sha256.c => sha256.h}       |  37 +-
 lib/crypto/x86/Kconfig                        |   8 -
 lib/crypto/x86/Makefile                       |   3 -
 lib/crypto/x86/sha256-avx-asm.S               |   2 +-
 lib/crypto/x86/sha256-avx2-asm.S              |   2 +-
 lib/crypto/x86/sha256-ni-asm.S                |   2 +-
 lib/crypto/x86/sha256-ssse3-asm.S             |   2 +-
 lib/crypto/x86/sha256.c                       |  80 ----
 lib/crypto/x86/sha256.h                       |  55 +++
 net/ceph/messenger_v2.c                       |  12 +-
 tools/testing/cxl/test/mem.c                  |  21 +-
 58 files changed, 1307 insertions(+), 1008 deletions(-)
 delete mode 100644 include/crypto/internal/sha2.h
 delete mode 100644 lib/crypto/arm/sha256.c
 create mode 100644 lib/crypto/arm/sha256.h
 delete mode 100644 lib/crypto/arm64/sha256.c
 create mode 100644 lib/crypto/arm64/sha256.h
 rename arch/mips/cavium-octeon/crypto/octeon-sha256.c => lib/crypto/mips/sha256.h (76%)
 rename lib/crypto/powerpc/{sha256.c => sha256.h} (76%)
 delete mode 100644 lib/crypto/riscv/sha256.c
 create mode 100644 lib/crypto/riscv/sha256.h
 delete mode 100644 lib/crypto/s390/sha256.c
 create mode 100644 lib/crypto/s390/sha256.h
 delete mode 100644 lib/crypto/sha256-generic.c
 delete mode 100644 lib/crypto/sparc/Kconfig
 delete mode 100644 lib/crypto/sparc/Makefile
 rename lib/crypto/sparc/{sha256.c => sha256.h} (53%)
 delete mode 100644 lib/crypto/x86/sha256.c
 create mode 100644 lib/crypto/x86/sha256.h

-- 
2.50.0

On Mon, Jun 30, 2025 at 09:06:31AM -0700, Eric Biggers wrote:
> This series is also available at:
> 
>     git fetch https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git sha256-lib-cleanup-v2
> 
> This series improves the SHA-224 and SHA-256 library code to be
> consistent with what I did for SHA-384 and SHA-512.  This includes:
> 
> - Use stronger typing in the SHA-224 and SHA-256 functions.
> 
> - Add support for HMAC-SHA224 and HMAC-SHA256.  (I'll send a separate
>   patch with KUnit test cases for this.)
> 
> - Make the old-school crypto API's support for sha224 and sha256 just
>   use the actual library API, instead of unsafe low-level functions.
> 
> - Consolidate the CPU-based SHA-224 and SHA-256 code into a single
>   module, with better inlining and dead code elimination.
> 
> - Properly document the SHA-224 and SHA-256 functions.
> 
> - Other changes to synchronize the code with SHA-384 and SHA-512.
> 
> Changed in v2:
> - Dropped sha224_kunit.c changes; it will be added later in the history
> - Dropped some patches that I folded into the SHA-512 series
> - Removed redundant checks of IS_ENABLED(CONFIG_KERNEL_MODE_NEON)
> - Removed obsolete setting of -DARCH for sha256.o
> - Fixed a commit title to mention sha256 instead of sha512
> - Excluded HMAC-SHA{224,256} code from purgatory, where it isn't needed
> 
> Eric Biggers (14):
>   libceph: Rename hmac_sha256() to ceph_hmac_sha256()
>   cxl/test: Simplify fw_buf_checksum_show()
>   lib/crypto: sha256: Reorder some code
>   lib/crypto: sha256: Remove sha256_blocks_simd()
>   lib/crypto: sha256: Add sha224() and sha224_update()
>   lib/crypto: sha256: Make library API use strongly-typed contexts
>   lib/crypto: sha256: Propagate sha256_block_state type to
>     implementations
>   lib/crypto: sha256: Add HMAC-SHA224 and HMAC-SHA256 support
>   crypto: sha256 - Wrap library and add HMAC support
>   crypto: sha256 - Use same state format as legacy drivers
>   lib/crypto: sha256: Remove sha256_is_arch_optimized()
>   lib/crypto: sha256: Consolidate into single module
>   lib/crypto: sha256: Sync sha256_update() with sha512_update()
>   lib/crypto: sha256: Document the SHA-224 and SHA-256 API

FYI, applied to libcrypto-next.  Reviews and acks would be greatly appreciated,
though!

To fix https://lore.kernel.org/r/202507010837.ERX7aWw7-lkp@intel.com/
I applied the following fixup to
"lib/crypto: sha256: Propagate sha256_block_state type to implementations".

diff --git a/lib/crypto/powerpc/sha256.c b/lib/crypto/powerpc/sha256.c
index c3f844ae0aceb..55f42403d572a 100644
--- a/lib/crypto/powerpc/sha256.c
+++ b/lib/crypto/powerpc/sha256.c
@@ -26,7 +26,8 @@
  */
 #define MAX_BYTES 1024
 
-extern void ppc_spe_sha256_transform(u32 *state, const u8 *src, u32 blocks);
+extern void ppc_spe_sha256_transform(struct sha256_block_state *state,
+				     const u8 *src, u32 blocks);
 
 static void spe_begin(void)
 {

On Mon, 30 Jun 2025 at 18:09, Eric Biggers <ebiggers@kernel.org> wrote:
>
> This series is also available at:
>
>     git fetch https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git sha256-lib-cleanup-v2
>
> This series improves the SHA-224 and SHA-256 library code to be
> consistent with what I did for SHA-384 and SHA-512.  This includes:
>
> - Use stronger typing in the SHA-224 and SHA-256 functions.
>
> - Add support for HMAC-SHA224 and HMAC-SHA256.  (I'll send a separate
>   patch with KUnit test cases for this.)
>
> - Make the old-school crypto API's support for sha224 and sha256 just
>   use the actual library API, instead of unsafe low-level functions.
>
> - Consolidate the CPU-based SHA-224 and SHA-256 code into a single
>   module, with better inlining and dead code elimination.
>
> - Properly document the SHA-224 and SHA-256 functions.
>
> - Other changes to synchronize the code with SHA-384 and SHA-512.
>
> Changed in v2:
> - Dropped sha224_kunit.c changes; it will be added later in the history
> - Dropped some patches that I folded into the SHA-512 series
> - Removed redundant checks of IS_ENABLED(CONFIG_KERNEL_MODE_NEON)
> - Removed obsolete setting of -DARCH for sha256.o
> - Fixed a commit title to mention sha256 instead of sha512
> - Excluded HMAC-SHA{224,256} code from purgatory, where it isn't needed
>
> Eric Biggers (14):
>   libceph: Rename hmac_sha256() to ceph_hmac_sha256()
>   cxl/test: Simplify fw_buf_checksum_show()
>   lib/crypto: sha256: Reorder some code
>   lib/crypto: sha256: Remove sha256_blocks_simd()
>   lib/crypto: sha256: Add sha224() and sha224_update()
>   lib/crypto: sha256: Make library API use strongly-typed contexts
>   lib/crypto: sha256: Propagate sha256_block_state type to
>     implementations
>   lib/crypto: sha256: Add HMAC-SHA224 and HMAC-SHA256 support
>   crypto: sha256 - Wrap library and add HMAC support
>   crypto: sha256 - Use same state format as legacy drivers
>   lib/crypto: sha256: Remove sha256_is_arch_optimized()
>   lib/crypto: sha256: Consolidate into single module
>   lib/crypto: sha256: Sync sha256_update() with sha512_update()
>   lib/crypto: sha256: Document the SHA-224 and SHA-256 API
>

Acked-by: Ard Biesheuvel <ardb@kernel.org>


>  arch/mips/cavium-octeon/Kconfig               |   6 -
>  arch/mips/cavium-octeon/crypto/Makefile       |   1 -
>  arch/riscv/purgatory/purgatory.c              |   8 +-
>  arch/s390/purgatory/purgatory.c               |   2 +-
>  arch/x86/purgatory/purgatory.c                |   2 +-
>  crypto/Kconfig                                |   4 +-
>  crypto/Makefile                               |   1 -
>  crypto/sha256.c                               | 371 +++++++++-------
>  crypto/testmgr.c                              |  12 +
>  drivers/char/tpm/tpm2-sessions.c              |  12 +-
>  drivers/crypto/img-hash.c                     |   4 +-
>  drivers/crypto/starfive/jh7110-hash.c         |   8 +-
>  include/crypto/internal/sha2.h                |  66 ---
>  include/crypto/sha2.h                         | 390 +++++++++++++++--
>  kernel/kexec_file.c                           |  10 +-
>  lib/crypto/Kconfig                            |  34 +-
>  lib/crypto/Makefile                           |  39 +-
>  lib/crypto/arm/Kconfig                        |   7 -
>  lib/crypto/arm/Makefile                       |   8 +-
>  lib/crypto/arm/sha256-armv4.pl                |  20 +-
>  lib/crypto/arm/sha256-ce.S                    |   2 +-
>  lib/crypto/arm/sha256.c                       |  64 ---
>  lib/crypto/arm/sha256.h                       |  46 ++
>  lib/crypto/arm64/Kconfig                      |   6 -
>  lib/crypto/arm64/Makefile                     |   9 +-
>  lib/crypto/arm64/sha2-armv8.pl                |   2 +-
>  lib/crypto/arm64/sha256-ce.S                  |   2 +-
>  lib/crypto/arm64/sha256.c                     |  75 ----
>  lib/crypto/arm64/sha256.h                     |  57 +++
>  lib/crypto/arm64/sha512.h                     |   6 +-
>  .../crypto/mips/sha256.h                      |  20 +-
>  lib/crypto/powerpc/Kconfig                    |   6 -
>  lib/crypto/powerpc/Makefile                   |   3 -
>  lib/crypto/powerpc/{sha256.c => sha256.h}     |  19 +-
>  lib/crypto/riscv/Kconfig                      |   8 -
>  lib/crypto/riscv/Makefile                     |   3 -
>  .../sha256-riscv64-zvknha_or_zvknhb-zvkb.S    |   2 +-
>  lib/crypto/riscv/sha256.c                     |  67 ---
>  lib/crypto/riscv/sha256.h                     |  42 ++
>  lib/crypto/s390/Kconfig                       |   6 -
>  lib/crypto/s390/Makefile                      |   3 -
>  lib/crypto/s390/sha256.c                      |  47 --
>  lib/crypto/s390/sha256.h                      |  28 ++
>  lib/crypto/sha256-generic.c                   | 138 ------
>  lib/crypto/sha256.c                           | 413 ++++++++++++++++--
>  lib/crypto/sparc/Kconfig                      |   8 -
>  lib/crypto/sparc/Makefile                     |   4 -
>  lib/crypto/sparc/{sha256.c => sha256.h}       |  37 +-
>  lib/crypto/x86/Kconfig                        |   8 -
>  lib/crypto/x86/Makefile                       |   3 -
>  lib/crypto/x86/sha256-avx-asm.S               |   2 +-
>  lib/crypto/x86/sha256-avx2-asm.S              |   2 +-
>  lib/crypto/x86/sha256-ni-asm.S                |   2 +-
>  lib/crypto/x86/sha256-ssse3-asm.S             |   2 +-
>  lib/crypto/x86/sha256.c                       |  80 ----
>  lib/crypto/x86/sha256.h                       |  55 +++
>  net/ceph/messenger_v2.c                       |  12 +-
>  tools/testing/cxl/test/mem.c                  |  21 +-
>  58 files changed, 1307 insertions(+), 1008 deletions(-)
>  delete mode 100644 include/crypto/internal/sha2.h
>  delete mode 100644 lib/crypto/arm/sha256.c
>  create mode 100644 lib/crypto/arm/sha256.h
>  delete mode 100644 lib/crypto/arm64/sha256.c
>  create mode 100644 lib/crypto/arm64/sha256.h
>  rename arch/mips/cavium-octeon/crypto/octeon-sha256.c => lib/crypto/mips/sha256.h (76%)
>  rename lib/crypto/powerpc/{sha256.c => sha256.h} (76%)
>  delete mode 100644 lib/crypto/riscv/sha256.c
>  create mode 100644 lib/crypto/riscv/sha256.h
>  delete mode 100644 lib/crypto/s390/sha256.c
>  create mode 100644 lib/crypto/s390/sha256.h
>  delete mode 100644 lib/crypto/sha256-generic.c
>  delete mode 100644 lib/crypto/sparc/Kconfig
>  delete mode 100644 lib/crypto/sparc/Makefile
>  rename lib/crypto/sparc/{sha256.c => sha256.h} (53%)
>  delete mode 100644 lib/crypto/x86/sha256.c
>  create mode 100644 lib/crypto/x86/sha256.h
>
> --
> 2.50.0
>