From nobody Fri Jan 9 11:49:45 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 983A532ED3C; Mon, 5 Jan 2026 05:15:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767590113; cv=none; b=mJqG0iJ/ZOIQzz0tVfvLN8c0qQkd9vzYQ5iNaM4hOpX36aAJIKNnE0IBWFhJH6zvHz9D4g9lkd5cyY1UU75DkM52zLMazYCTIzRzDXZ9MPg6z1VP1whsGRfxdPA/S4Yd3+d+wvQhFYqQmuwPX9pj5m/l5hiZbNXT1riX/DlZkII= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767590113; c=relaxed/simple; bh=ZEZ/lY7ZIO891sPEBRd1dtmoAwyoQ6T6NHQ246zb3/o=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=VAoESBme1IZAcvCKQuVB6eaU5VKVQZwNuDDZenJ6tlKueTEz0OKdlbg2h9zovAtm18F7jPT2uHHwAAPpOUiReFq8Yl8z0A/bLznITNAfMN3LRElJfFiJ31W0+yB6t5yjp41Iws9UfAWRrMp6RQbuQPieQMukkpsvvohsxpue3vs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=apeAvzoF; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="apeAvzoF" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8B139C2BC86; Mon, 5 Jan 2026 05:15:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1767590113; bh=ZEZ/lY7ZIO891sPEBRd1dtmoAwyoQ6T6NHQ246zb3/o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=apeAvzoFhCmf28cauH2AK1P6lYgUC26vcBsw43BItwp24FqiMj05XhvRtwpsz/QN/ b72Lju9LymvdFnhX7WykF3DvmMLydGXaxY5YTX7FLVoSaGvrAxQyEIC9p9lETETlnY X0AeM7Qtv39qrQzjYAqmt2szo0QoZ4zymLYQje68HgXloV75XsfDnZiC7lRzOwjSST xBRMsKgeTX5BzVfUKnd+8/Ec3jZ0RXnX8Khcbm4RlYYAFkf0qhnv81sZbfsuLGS2rh dmb1lXlxyH1lWkoX5IitelaskMSoZm1RIUAWSg+A2NUS2uDzFqL4Cv00hUQm9s7rAl FjMPUvYxijPzA== From: Eric Biggers To: linux-crypto@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , "Jason A . Donenfeld" , Herbert Xu , linux-arm-kernel@lists.infradead.org, linuxppc-dev@lists.ozlabs.org, linux-riscv@lists.infradead.org, linux-s390@vger.kernel.org, sparclinux@vger.kernel.org, x86@kernel.org, Holger Dengler , Harald Freudenberger , Eric Biggers Subject: [PATCH 34/36] lib/crypto: aes: Remove old AES en/decryption functions Date: Sun, 4 Jan 2026 21:13:07 -0800 Message-ID: <20260105051311.1607207-35-ebiggers@kernel.org> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260105051311.1607207-1-ebiggers@kernel.org> References: <20260105051311.1607207-1-ebiggers@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Now that no callers of the original aes_encrypt() and aes_decrypt() remain, remove them. This frees up their names for aes_encrypt_new() and aes_decrypt_new() to be renamed to. Signed-off-by: Eric Biggers --- include/crypto/aes.h | 16 ------ lib/crypto/aes.c | 118 ------------------------------------------- 2 files changed, 134 deletions(-) diff --git a/include/crypto/aes.h b/include/crypto/aes.h index 18a5f518e914..4ce710209da8 100644 --- a/include/crypto/aes.h +++ b/include/crypto/aes.h @@ -293,26 +293,10 @@ int aes_preparekey(struct aes_key *key, const u8 *in_= key, size_t key_len); * Context: Any context. */ int aes_prepareenckey(struct aes_enckey *enc_key, const u8 *in_key, size_t key_len); =20 -/** - * aes_encrypt - Encrypt a single AES block - * @ctx: Context struct containing the key schedule - * @out: Buffer to store the ciphertext - * @in: Buffer containing the plaintext - */ -void aes_encrypt(const struct crypto_aes_ctx *ctx, u8 *out, const u8 *in); - -/** - * aes_decrypt - Decrypt a single AES block - * @ctx: Context struct containing the key schedule - * @out: Buffer to store the plaintext - * @in: Buffer containing the ciphertext - */ -void aes_decrypt(const struct crypto_aes_ctx *ctx, u8 *out, const u8 *in); - typedef union { const struct aes_enckey *enc_key; const struct aes_key *full_key; } aes_encrypt_arg __attribute__ ((__transparent_union__)); =20 diff --git a/lib/crypto/aes.c b/lib/crypto/aes.c index 57b6d68fd378..f8c67206b850 100644 --- a/lib/crypto/aes.c +++ b/lib/crypto/aes.c @@ -249,26 +249,10 @@ static u32 inv_mix_columns(u32 x) u32 y =3D mul_by_x2(x); =20 return mix_columns(x ^ y ^ ror32(y, 16)); } =20 -static __always_inline u32 subshift(u32 in[], int pos) -{ - return (aes_sbox[in[pos] & 0xff]) ^ - (aes_sbox[(in[(pos + 1) % 4] >> 8) & 0xff] << 8) ^ - (aes_sbox[(in[(pos + 2) % 4] >> 16) & 0xff] << 16) ^ - (aes_sbox[(in[(pos + 3) % 4] >> 24) & 0xff] << 24); -} - -static __always_inline u32 inv_subshift(u32 in[], int pos) -{ - return (aes_inv_sbox[in[pos] & 0xff]) ^ - (aes_inv_sbox[(in[(pos + 3) % 4] >> 8) & 0xff] << 8) ^ - (aes_inv_sbox[(in[(pos + 2) % 4] >> 16) & 0xff] << 16) ^ - (aes_inv_sbox[(in[(pos + 1) % 4] >> 24) & 0xff] << 24); -} - static u32 subw(u32 in) { return (aes_sbox[in & 0xff]) ^ (aes_sbox[(in >> 8) & 0xff] << 8) ^ (aes_sbox[(in >> 16) & 0xff] << 16) ^ @@ -343,61 +327,10 @@ int aes_expandkey(struct crypto_aes_ctx *ctx, const u= 8 *in_key, aes_expandkey_generic(ctx->key_enc, ctx->key_dec, in_key, key_len); return 0; } EXPORT_SYMBOL(aes_expandkey); =20 -/** - * aes_encrypt - Encrypt a single AES block - * @ctx: Context struct containing the key schedule - * @out: Buffer to store the ciphertext - * @in: Buffer containing the plaintext - */ -void aes_encrypt(const struct crypto_aes_ctx *ctx, u8 *out, const u8 *in) -{ - const u32 *rkp =3D ctx->key_enc + 4; - int rounds =3D 6 + ctx->key_length / 4; - u32 st0[4], st1[4]; - int round; - - st0[0] =3D ctx->key_enc[0] ^ get_unaligned_le32(in); - st0[1] =3D ctx->key_enc[1] ^ get_unaligned_le32(in + 4); - st0[2] =3D ctx->key_enc[2] ^ get_unaligned_le32(in + 8); - st0[3] =3D ctx->key_enc[3] ^ get_unaligned_le32(in + 12); - - /* - * Force the compiler to emit data independent Sbox references, - * by xoring the input with Sbox values that are known to add up - * to zero. This pulls the entire Sbox into the D-cache before any - * data dependent lookups are done. - */ - st0[0] ^=3D aes_sbox[ 0] ^ aes_sbox[ 64] ^ aes_sbox[134] ^ aes_sbox[195]; - st0[1] ^=3D aes_sbox[16] ^ aes_sbox[ 82] ^ aes_sbox[158] ^ aes_sbox[221]; - st0[2] ^=3D aes_sbox[32] ^ aes_sbox[ 96] ^ aes_sbox[160] ^ aes_sbox[234]; - st0[3] ^=3D aes_sbox[48] ^ aes_sbox[112] ^ aes_sbox[186] ^ aes_sbox[241]; - - for (round =3D 0;; round +=3D 2, rkp +=3D 8) { - st1[0] =3D mix_columns(subshift(st0, 0)) ^ rkp[0]; - st1[1] =3D mix_columns(subshift(st0, 1)) ^ rkp[1]; - st1[2] =3D mix_columns(subshift(st0, 2)) ^ rkp[2]; - st1[3] =3D mix_columns(subshift(st0, 3)) ^ rkp[3]; - - if (round =3D=3D rounds - 2) - break; - - st0[0] =3D mix_columns(subshift(st1, 0)) ^ rkp[4]; - st0[1] =3D mix_columns(subshift(st1, 1)) ^ rkp[5]; - st0[2] =3D mix_columns(subshift(st1, 2)) ^ rkp[6]; - st0[3] =3D mix_columns(subshift(st1, 3)) ^ rkp[7]; - } - - put_unaligned_le32(subshift(st1, 0) ^ rkp[4], out); - put_unaligned_le32(subshift(st1, 1) ^ rkp[5], out + 4); - put_unaligned_le32(subshift(st1, 2) ^ rkp[6], out + 8); - put_unaligned_le32(subshift(st1, 3) ^ rkp[7], out + 12); -} -EXPORT_SYMBOL(aes_encrypt); - static __always_inline u32 enc_quarterround(const u32 w[4], int i, u32 rk) { return rk ^ aes_enc_tab[(u8)w[i]] ^ rol32(aes_enc_tab[(u8)(w[(i + 1) % 4] >> 8)], 8) ^ rol32(aes_enc_tab[(u8)(w[(i + 2) % 4] >> 16)], 16) ^ @@ -502,61 +435,10 @@ static void __maybe_unused aes_decrypt_generic(const = u32 inv_rndkeys[], put_unaligned_le32(declast_quarterround(w, 1, *rkp++), &out[4]); put_unaligned_le32(declast_quarterround(w, 2, *rkp++), &out[8]); put_unaligned_le32(declast_quarterround(w, 3, *rkp++), &out[12]); } =20 -/** - * aes_decrypt - Decrypt a single AES block - * @ctx: Context struct containing the key schedule - * @out: Buffer to store the plaintext - * @in: Buffer containing the ciphertext - */ -void aes_decrypt(const struct crypto_aes_ctx *ctx, u8 *out, const u8 *in) -{ - const u32 *rkp =3D ctx->key_dec + 4; - int rounds =3D 6 + ctx->key_length / 4; - u32 st0[4], st1[4]; - int round; - - st0[0] =3D ctx->key_dec[0] ^ get_unaligned_le32(in); - st0[1] =3D ctx->key_dec[1] ^ get_unaligned_le32(in + 4); - st0[2] =3D ctx->key_dec[2] ^ get_unaligned_le32(in + 8); - st0[3] =3D ctx->key_dec[3] ^ get_unaligned_le32(in + 12); - - /* - * Force the compiler to emit data independent Sbox references, - * by xoring the input with Sbox values that are known to add up - * to zero. This pulls the entire Sbox into the D-cache before any - * data dependent lookups are done. - */ - st0[0] ^=3D aes_inv_sbox[ 0] ^ aes_inv_sbox[ 64] ^ aes_inv_sbox[129] ^ ae= s_inv_sbox[200]; - st0[1] ^=3D aes_inv_sbox[16] ^ aes_inv_sbox[ 83] ^ aes_inv_sbox[150] ^ ae= s_inv_sbox[212]; - st0[2] ^=3D aes_inv_sbox[32] ^ aes_inv_sbox[ 96] ^ aes_inv_sbox[160] ^ ae= s_inv_sbox[236]; - st0[3] ^=3D aes_inv_sbox[48] ^ aes_inv_sbox[112] ^ aes_inv_sbox[187] ^ ae= s_inv_sbox[247]; - - for (round =3D 0;; round +=3D 2, rkp +=3D 8) { - st1[0] =3D inv_mix_columns(inv_subshift(st0, 0)) ^ rkp[0]; - st1[1] =3D inv_mix_columns(inv_subshift(st0, 1)) ^ rkp[1]; - st1[2] =3D inv_mix_columns(inv_subshift(st0, 2)) ^ rkp[2]; - st1[3] =3D inv_mix_columns(inv_subshift(st0, 3)) ^ rkp[3]; - - if (round =3D=3D rounds - 2) - break; - - st0[0] =3D inv_mix_columns(inv_subshift(st1, 0)) ^ rkp[4]; - st0[1] =3D inv_mix_columns(inv_subshift(st1, 1)) ^ rkp[5]; - st0[2] =3D inv_mix_columns(inv_subshift(st1, 2)) ^ rkp[6]; - st0[3] =3D inv_mix_columns(inv_subshift(st1, 3)) ^ rkp[7]; - } - - put_unaligned_le32(inv_subshift(st1, 0) ^ rkp[4], out); - put_unaligned_le32(inv_subshift(st1, 1) ^ rkp[5], out + 4); - put_unaligned_le32(inv_subshift(st1, 2) ^ rkp[6], out + 8); - put_unaligned_le32(inv_subshift(st1, 3) ^ rkp[7], out + 12); -} -EXPORT_SYMBOL(aes_decrypt); - /* * Note: the aes_prepare*key_* names reflect the fact that the implementat= ion * might not actually expand the key. (The s390 code for example doesn't.) * Where the key is expanded we use the more specific names aes_expandkey_= *. * --=20 2.52.0