€•ïmŒsphinx.addnodes”Œdocument”“”)”}”(Œ rawsource”Œ”Œchildren”]”(Œ translations”Œ LanguagesNode”“”)”}”(hhh]”(hŒ pending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ refdomain”Œstd”Œreftype”Œdoc”Œ reftarget”Œ$/translations/zh_CN/crypto/libcrypto”Œmodname”NŒ classname”NŒ refexplicit”ˆuŒtagname”hhh ubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ$/translations/zh_TW/crypto/libcrypto”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ$/translations/it_IT/crypto/libcrypto”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ$/translations/ja_JP/crypto/libcrypto”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ$/translations/ko_KR/crypto/libcrypto”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒPortuguese (Brazilian)”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ$/translations/pt_BR/crypto/libcrypto”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒSpanish”…””}”hh–sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ$/translations/sp_SP/crypto/libcrypto”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h hhŒ _document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ)SPDX-License-Identifier: GPL-2.0-or-later”h]”hŒ)SPDX-License-Identifier: GPL-2.0-or-later”…””}”hh·sbah}”(h]”h ]”h"]”h$]”h&]”Œ xml:space”Œpreserve”uh1hµhhh²hh³Œ>/var/lib/git/docbuild/linux/Documentation/crypto/libcrypto.rst”h´KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒCrypto library”h]”hŒCrypto library”…””}”(hhÏh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhhÊh²hh³hÇh´KubhŒ paragraph”“”)”}”(hŒn``lib/crypto/`` provides faster and easier access to cryptographic algorithms than the traditional crypto API.”h]”(hŒliteral”“”)”}”(hŒ``lib/crypto/``”h]”hŒ lib/crypto/”…””}”(hhåh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhhßubhŒ_ provides faster and easier access to cryptographic algorithms than the traditional crypto API.”…””}”(hhßh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KhhÊh²hubhÞ)”}”(hŒ„Each cryptographic algorithm is supported via a set of dedicated functions. "Crypto agility", where needed, is left to calling code.”h]”hŒˆEach cryptographic algorithm is supported via a set of dedicated functions. “Crypto agilityâ€, where needed, is left to calling code.”…””}”(hhýh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K hhÊh²hubhÞ)”}”(hŒìThe crypto library functions are intended to be boring and straightforward, and to follow familiar conventions. Their primary documentation is their (fairly extensive) kernel-doc. This page just provides some extra high-level context.”h]”hŒìThe crypto library functions are intended to be boring and straightforward, and to follow familiar conventions. Their primary documentation is their (fairly extensive) kernel-doc. This page just provides some extra high-level context.”…””}”(hj h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K hhÊh²hubhÞ)”}”(hXNote that the crypto library isn't entirely new. ``lib/`` has contained some crypto functions since 2005. Rather, it's just an approach that's been expanded over time as it's been found to work well. It also largely just matches how the kernel already does things elsewhere.”h]”(hŒ4Note that the crypto library isn’t entirely new. ”…””}”(hjh²hh³Nh´Nubhä)”}”(hŒ``lib/``”h]”hŒlib/”…””}”(hj!h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjubhŒá has contained some crypto functions since 2005. Rather, it’s just an approach that’s been expanded over time as it’s been found to work well. It also largely just matches how the kernel already does things elsewhere.”…””}”(hjh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KhhÊh²hubhÉ)”}”(hhh]”(hÎ)”}”(hŒScope and intended audience”h]”hŒScope and intended audience”…””}”(hj<h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhj9h²hh³hÇh´KubhÞ)”}”(hX(The crypto library documentation is primarily meant for kernel developers who need to use a particular cryptographic algorithm(s) in kernel code. For example, "I just need to compute a SHA-256 hash." A secondary audience is developers working on the crypto algorithm implementations themselves.”h]”hX,The crypto library documentation is primarily meant for kernel developers who need to use a particular cryptographic algorithm(s) in kernel code. For example, “I just need to compute a SHA-256 hash.†A secondary audience is developers working on the crypto algorithm implementations themselves.”…””}”(hjJh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Khj9h²hubhÞ)”}”(hXÅIf you're looking for more general information about cryptography, like the differences between the different crypto algorithms or how to select an appropriate algorithm, you should refer to external sources which cover that type of information much more comprehensively. If you need help selecting algorithms for a new kernel feature that doesn't already have its algorithms predefined, please reach out to ``linux-crypto@vger.kernel.org`` for advice.”h]”(hXIf you’re looking for more general information about cryptography, like the differences between the different crypto algorithms or how to select an appropriate algorithm, you should refer to external sources which cover that type of information much more comprehensively. If you need help selecting algorithms for a new kernel feature that doesn’t already have its algorithms predefined, please reach out to ”…””}”(hjXh²hh³Nh´Nubhä)”}”(hŒ ``linux-crypto@vger.kernel.org``”h]”hŒlinux-crypto@vger.kernel.org”…””}”(hj`h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjXubhŒ for advice.”…””}”(hjXh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Khj9h²hubeh}”(h]”Œscope-and-intended-audience”ah ]”h"]”Œscope and intended audience”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´KubhÉ)”}”(hhh]”(hÎ)”}”(hŒCode organization”h]”hŒCode organization”…””}”(hjƒh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhj€h²hh³hÇh´K&ubhŒ bullet_list”“”)”}”(hhh]”(hŒ list_item”“”)”}”(hŒ9``lib/crypto/*.c``: the crypto algorithm implementations ”h]”hÞ)”}”(hŒ8``lib/crypto/*.c``: the crypto algorithm implementations”h]”(hä)”}”(hŒ``lib/crypto/*.c``”h]”hŒlib/crypto/*.c”…””}”(hj h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjœubhŒ&: the crypto algorithm implementations”…””}”(hjœh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K(hj˜ubah}”(h]”h ]”h"]”h$]”h&]”uh1j–hj“h²hh³hÇh´Nubj—)”}”(hX#``lib/crypto/$(SRCARCH)/``: architecture-specific code for crypto algorithms. It is here rather than somewhere in ``arch/`` partly because this allows generic and architecture-optimized code to be easily built into a single loadable module (when the algorithm is set to 'm' in the kconfig). ”h]”hÞ)”}”(hX"``lib/crypto/$(SRCARCH)/``: architecture-specific code for crypto algorithms. It is here rather than somewhere in ``arch/`` partly because this allows generic and architecture-optimized code to be easily built into a single loadable module (when the algorithm is set to 'm' in the kconfig).”h]”(hä)”}”(hŒ``lib/crypto/$(SRCARCH)/``”h]”hŒlib/crypto/$(SRCARCH)/”…””}”(hjÆh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjÂubhŒX: architecture-specific code for crypto algorithms. It is here rather than somewhere in ”…””}”(hjÂh²hh³Nh´Nubhä)”}”(hŒ ``arch/``”h]”hŒarch/”…””}”(hjØh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjÂubhŒ« partly because this allows generic and architecture-optimized code to be easily built into a single loadable module (when the algorithm is set to ‘m’ in the kconfig).”…””}”(hjÂh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K*hj¾ubah}”(h]”h ]”h"]”h$]”h&]”uh1j–hj“h²hh³hÇh´Nubj—)”}”(hŒ=``lib/crypto/tests/``: KUnit tests for the crypto algorithms ”h]”hÞ)”}”(hŒ<``lib/crypto/tests/``: KUnit tests for the crypto algorithms”h]”(hä)”}”(hŒ``lib/crypto/tests/``”h]”hŒlib/crypto/tests/”…””}”(hjþh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjúubhŒ': KUnit tests for the crypto algorithms”…””}”(hjúh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K/hjöubah}”(h]”h ]”h"]”h$]”h&]”uh1j–hj“h²hh³hÇh´Nubj—)”}”(hŒ```include/crypto/``: crypto headers, for both the crypto library and the traditional crypto API ”h]”hÞ)”}”(hŒ_``include/crypto/``: crypto headers, for both the crypto library and the traditional crypto API”h]”(hä)”}”(hŒ``include/crypto/``”h]”hŒinclude/crypto/”…””}”(hj$h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj ubhŒL: crypto headers, for both the crypto library and the traditional crypto API”…””}”(hj h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K1hjubah}”(h]”h ]”h"]”h$]”h&]”uh1j–hj“h²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ-”uh1j‘h³hÇh´K(hj€h²hubhÞ)”}”(hŒâGenerally, there is one kernel module per algorithm. Sometimes related algorithms are grouped into one module. There is intentionally no common framework, though there are some utility functions that multiple algorithms use.”h]”hŒâGenerally, there is one kernel module per algorithm. Sometimes related algorithms are grouped into one module. There is intentionally no common framework, though there are some utility functions that multiple algorithms use.”…””}”(hjJh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K4hj€h²hubhÞ)”}”(hXEach algorithm module is controlled by a tristate kconfig symbol ``CRYPTO_LIB_$(ALGORITHM)``. As is the norm for library functions in the kernel, these are hidden symbols which don't show up in the kconfig menu. Instead, they are just selected by all the kconfig symbols that need them.”h]”(hŒAEach algorithm module is controlled by a tristate kconfig symbol ”…””}”(hjXh²hh³Nh´Nubhä)”}”(hŒ``CRYPTO_LIB_$(ALGORITHM)``”h]”hŒCRYPTO_LIB_$(ALGORITHM)”…””}”(hj`h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjXubhŒÅ. As is the norm for library functions in the kernel, these are hidden symbols which don’t show up in the kconfig menu. Instead, they are just selected by all the kconfig symbols that need them.”…””}”(hjXh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K8hj€h²hubhÞ)”}”(hXMany of the algorithms have multiple implementations: a generic implementation and architecture-optimized implementation(s). Each module initialization function, or initcall in the built-in case, automatically enables the best implementation based on the available CPU features.”h]”hXMany of the algorithms have multiple implementations: a generic implementation and architecture-optimized implementation(s). Each module initialization function, or initcall in the built-in case, automatically enables the best implementation based on the available CPU features.”…””}”(hjxh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K=hj€h²hubhÞ)”}”(hXNote that the crypto library doesn't use the ``crypto/``, ``arch/$(SRCARCH)/crypto/``, or ``drivers/crypto/`` directories. These directories are used by the traditional crypto API. When possible, algorithms in the traditional crypto API are implemented by calls into the library.”h]”(hŒ/Note that the crypto library doesn’t use the ”…””}”(hj†h²hh³Nh´Nubhä)”}”(hŒ ``crypto/``”h]”hŒcrypto/”…””}”(hjŽh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj†ubhŒ, ”…””}”(hj†h²hh³Nh´Nubhä)”}”(hŒ``arch/$(SRCARCH)/crypto/``”h]”hŒarch/$(SRCARCH)/crypto/”…””}”(hj h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj†ubhŒ, or ”…””}”(hj†h²hh³Nh´Nubhä)”}”(hŒ``drivers/crypto/``”h]”hŒdrivers/crypto/”…””}”(hj²h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj†ubhŒ¬ directories. These directories are used by the traditional crypto API. When possible, algorithms in the traditional crypto API are implemented by calls into the library.”…””}”(hj†h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KBhj€h²hubeh}”(h]”Œcode-organization”ah ]”h"]”Œcode organization”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´K&ubhÉ)”}”(hhh]”(hÎ)”}”(hŒ Advantages”h]”hŒ Advantages”…””}”(hjÕh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhjÒh²hh³hÇh´KHubhÞ)”}”(hŒJSome of the advantages of the library over the traditional crypto API are:”h]”hŒJSome of the advantages of the library over the traditional crypto API are:”…””}”(hjãh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KJhjÒh²hubj’)”}”(hhh]”(j—)”}”(hXqThe library functions tend to be much easier to use. For example, a hash value can be computed using only a single function call. Most of the library functions always succeed and return void, eliminating the need to write error-handling code. Most also accept standard virtual addresses, rather than scatterlists which are difficult and less efficient to work with. ”h]”hÞ)”}”(hXpThe library functions tend to be much easier to use. For example, a hash value can be computed using only a single function call. Most of the library functions always succeed and return void, eliminating the need to write error-handling code. Most also accept standard virtual addresses, rather than scatterlists which are difficult and less efficient to work with.”h]”hXpThe library functions tend to be much easier to use. For example, a hash value can be computed using only a single function call. Most of the library functions always succeed and return void, eliminating the need to write error-handling code. Most also accept standard virtual addresses, rather than scatterlists which are difficult and less efficient to work with.”…””}”(hjøh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KLhjôubah}”(h]”h ]”h"]”h$]”h&]”uh1j–hjñh²hh³hÇh´Nubj—)”}”(hX3The library functions are usually faster, especially for short inputs. They call the crypto algorithms directly without inefficient indirect calls, memory allocations, string parsing, lookups in an algorithm registry, and other unnecessary API overhead. Architecture-optimized code is enabled by default. ”h]”hÞ)”}”(hX2The library functions are usually faster, especially for short inputs. They call the crypto algorithms directly without inefficient indirect calls, memory allocations, string parsing, lookups in an algorithm registry, and other unnecessary API overhead. Architecture-optimized code is enabled by default.”h]”hX2The library functions are usually faster, especially for short inputs. They call the crypto algorithms directly without inefficient indirect calls, memory allocations, string parsing, lookups in an algorithm registry, and other unnecessary API overhead. Architecture-optimized code is enabled by default.”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KRhj ubah}”(h]”h ]”h"]”h$]”h&]”uh1j–hjñh²hh³hÇh´Nubj—)”}”(hŒÙThe library functions use standard link-time dependencies instead of error-prone dynamic loading by name. There's no need for workarounds such as forcing algorithms to be built-in or adding module soft dependencies. ”h]”hÞ)”}”(hŒØThe library functions use standard link-time dependencies instead of error-prone dynamic loading by name. There's no need for workarounds such as forcing algorithms to be built-in or adding module soft dependencies.”h]”hŒÚThe library functions use standard link-time dependencies instead of error-prone dynamic loading by name. There’s no need for workarounds such as forcing algorithms to be built-in or adding module soft dependencies.”…””}”(hj(h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KWhj$ubah}”(h]”h ]”h"]”h$]”h&]”uh1j–hjñh²hh³hÇh´Nubj—)”}”(hŒÖThe library focuses on the approach that works the best on the vast majority of systems: CPU-based implementations of the crypto algorithms, utilizing on-CPU acceleration (such as AES instructions) when available. ”h]”hÞ)”}”(hŒÕThe library focuses on the approach that works the best on the vast majority of systems: CPU-based implementations of the crypto algorithms, utilizing on-CPU acceleration (such as AES instructions) when available.”h]”hŒÕThe library focuses on the approach that works the best on the vast majority of systems: CPU-based implementations of the crypto algorithms, utilizing on-CPU acceleration (such as AES instructions) when available.”…””}”(hj@h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K[hj<ubah}”(h]”h ]”h"]”h$]”h&]”uh1j–hjñh²hh³hÇh´Nubj—)”}”(hŒHThe library uses standard KUnit tests, rather than custom ad-hoc tests. ”h]”hÞ)”}”(hŒGThe library uses standard KUnit tests, rather than custom ad-hoc tests.”h]”hŒGThe library uses standard KUnit tests, rather than custom ad-hoc tests.”…””}”(hjXh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K_hjTubah}”(h]”h ]”h"]”h$]”h&]”uh1j–hjñh²hh³hÇh´Nubj—)”}”(hŒµThe library tends to have higher assurance implementations of the crypto algorithms. This is both due to its simpler design and because more of its code is being regularly tested. ”h]”hÞ)”}”(hŒ´The library tends to have higher assurance implementations of the crypto algorithms. This is both due to its simpler design and because more of its code is being regularly tested.”h]”hŒ´The library tends to have higher assurance implementations of the crypto algorithms. This is both due to its simpler design and because more of its code is being regularly tested.”…””}”(hjph²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Kahjlubah}”(h]”h ]”h"]”h$]”h&]”uh1j–hjñh²hh³hÇh´Nubj—)”}”(hŒThe library supports features that don't fit into the rigid framework of the traditional crypto API, for example interleaved hashing and XOFs. ”h]”hÞ)”}”(hŒŽThe library supports features that don't fit into the rigid framework of the traditional crypto API, for example interleaved hashing and XOFs.”h]”hŒThe library supports features that don’t fit into the rigid framework of the traditional crypto API, for example interleaved hashing and XOFs.”…””}”(hjˆh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Kehj„ubah}”(h]”h ]”h"]”h$]”h&]”uh1j–hjñh²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”jHjIuh1j‘h³hÇh´KLhjÒh²hubeh}”(h]”Œ advantages”ah ]”h"]”Œ advantages”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´KHubhÉ)”}”(hhh]”(hÎ)”}”(hŒWhen to use it”h]”hŒWhen to use it”…””}”(hj­h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhjªh²hh³hÇh´KiubhÞ)”}”(hŒÚIn-kernel users should use the library (rather than the traditional crypto API) whenever possible. Many subsystems have already been converted. It usually simplifies their code significantly and improves performance.”h]”hŒÚIn-kernel users should use the library (rather than the traditional crypto API) whenever possible. Many subsystems have already been converted. It usually simplifies their code significantly and improves performance.”…””}”(hj»h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Kkhjªh²hubhÞ)”}”(hŒúSome kernel features allow userspace to provide an arbitrary string that selects an arbitrary algorithm from the traditional crypto API by name. These features generally will have to keep using the traditional crypto API for backwards compatibility.”h]”hŒúSome kernel features allow userspace to provide an arbitrary string that selects an arbitrary algorithm from the traditional crypto API by name. These features generally will have to keep using the traditional crypto API for backwards compatibility.”…””}”(hjÉh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Kohjªh²hubhÞ)”}”(hXqNote: new kernel features shouldn't support every algorithm, but rather make a deliberate choice about what algorithm(s) to support. History has shown that making a deliberate, thoughtful choice greatly simplifies code maintenance, reduces the chance for mistakes (such as using an obsolete, insecure, or inappropriate algorithm), and makes your feature easier to use.”h]”hXsNote: new kernel features shouldn’t support every algorithm, but rather make a deliberate choice about what algorithm(s) to support. History has shown that making a deliberate, thoughtful choice greatly simplifies code maintenance, reduces the chance for mistakes (such as using an obsolete, insecure, or inappropriate algorithm), and makes your feature easier to use.”…””}”(hj×h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Kthjªh²hubeh}”(h]”Œwhen-to-use-it”ah ]”h"]”Œwhen to use it”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´KiubhÉ)”}”(hhh]”(hÎ)”}”(hŒTesting”h]”hŒTesting”…””}”(hjðh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhjíh²hh³hÇh´K{ubhÞ)”}”(hŒÁThe crypto library uses standard KUnit tests. Like many of the kernel's other KUnit tests, they are included in the set of tests that is run by ``tools/testing/kunit/kunit.py run --alltests``.”h]”(hŒ“The crypto library uses standard KUnit tests. Like many of the kernel’s other KUnit tests, they are included in the set of tests that is run by ”…””}”(hjþh²hh³Nh´Nubhä)”}”(hŒ/``tools/testing/kunit/kunit.py run --alltests``”h]”hŒ+tools/testing/kunit/kunit.py run --alltests”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjþubhŒ.”…””}”(hjþh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K}hjíh²hubhÞ)”}”(hŒ†A ``.kunitconfig`` file is also provided to run just the crypto library tests. For example, here's how to run them in user-mode Linux:”h]”(hŒA ”…””}”(hjh²hh³Nh´Nubhä)”}”(hŒ``.kunitconfig``”h]”hŒ .kunitconfig”…””}”(hj&h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjubhŒv file is also provided to run just the crypto library tests. For example, here’s how to run them in user-mode Linux:”…””}”(hjh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Khjíh²hubhŒ literal_block”“”)”}”(hŒ:tools/testing/kunit/kunit.py run --kunitconfig=lib/crypto/”h]”hŒ:tools/testing/kunit/kunit.py run --kunitconfig=lib/crypto/”…””}”hj@sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆŒforce”‰Œlanguage”Œsh”Œhighlight_args”}”uh1j>h³hÇh´K„hjíh²hubhÞ)”}”(hŒàMany of the crypto algorithms have architecture-optimized implementations. Testing those requires building an appropriate kernel and running the tests either in QEMU or on appropriate hardware. Here's one example with QEMU:”h]”hŒâMany of the crypto algorithms have architecture-optimized implementations. Testing those requires building an appropriate kernel and running the tests either in QEMU or on appropriate hardware. Here’s one example with QEMU:”…””}”(hjSh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Kˆhjíh²hubj?)”}”(hŒ]tools/testing/kunit/kunit.py run --kunitconfig=lib/crypto/ --arch=arm64 --make_options LLVM=1”h]”hŒ]tools/testing/kunit/kunit.py run --kunitconfig=lib/crypto/ --arch=arm64 --make_options LLVM=1”…””}”hjasbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆjN‰jOŒsh”jQ}”uh1j>h³hÇh´KŒhjíh²hubhÞ)”}”(hŒ‹Depending on the code being tested, flags may need to be passed to QEMU to emulate the correct type of hardware for the code to be reached.”h]”hŒ‹Depending on the code being tested, flags may need to be passed to QEMU to emulate the correct type of hardware for the code to be reached.”…””}”(hjqh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Khjíh²hubhÞ)”}”(hŒƒSince correctness is essential in cryptographic code, new architecture-optimized code is accepted only if it can be tested in QEMU.”h]”hŒƒSince correctness is essential in cryptographic code, new architecture-optimized code is accepted only if it can be tested in QEMU.”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K“hjíh²hubhÞ)”}”(hX/Note: the crypto library also includes FIPS 140 self-tests. These are lightweight, are designed specifically to meet FIPS 140 requirements, and exist *only* to meet those requirements. Normal testing done by kernel developers and integrators should use the much more comprehensive KUnit tests instead.”h]”(hŒ—Note: the crypto library also includes FIPS 140 self-tests. These are lightweight, are designed specifically to meet FIPS 140 requirements, and exist ”…””}”(hjh²hh³Nh´NubhŒemphasis”“”)”}”(hŒ*only*”h]”hŒonly”…””}”(hj—h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•hjubhŒ’ to meet those requirements. Normal testing done by kernel developers and integrators should use the much more comprehensive KUnit tests instead.”…””}”(hjh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K–hjíh²hubeh}”(h]”Œtesting”ah ]”h"]”Œtesting”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´K{ubhÉ)”}”(hhh]”(hÎ)”}”(hŒAPI documentation”h]”hŒAPI documentation”…””}”(hjºh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhj·h²hh³hÇh´KœubhŒcompound”“”)”}”(hhh]”hŒtoctree”“”)”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”hŒcrypto/libcrypto”Œentries”]”(NŒcrypto/libcrypto-blockcipher”†”NŒcrypto/libcrypto-hash”†”NŒcrypto/libcrypto-signature”†”NŒcrypto/libcrypto-utils”†”NŒ crypto/sha3”†”eŒ includefiles”]”(jÛjÝjßjájãeŒmaxdepth”KŒcaption”NŒglob”‰Œhidden”‰Œ includehidden”‰Œnumbered”KŒ titlesonly”‰Œ rawentries”]”uh1jÍh³hÇh´KžhjÊubah}”(h]”h ]”Œtoctree-wrapper”ah"]”h$]”h&]”uh1jÈhj·h²hh³hÇh´Nubeh}”(h]”Œapi-documentation”ah ]”h"]”Œapi documentation”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´Kœubeh}”(h]”Œcrypto-library”ah ]”h"]”Œcrypto library”ah$]”h&]”uh1hÈhhh²hh³hÇh´Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”hÇuh1hŒcurrent_source”NŒ current_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(hÍNŒ generator”NŒ datestamp”NŒ source_link”NŒ source_url”NŒ toc_backlinks”Œentry”Œfootnote_backlinks”KŒ sectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒ strip_classes”NŒ report_level”KŒ halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ traceback”ˆŒinput_encoding”Œ utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”j*Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œ language_code”Œen”Œrecord_dependencies”NŒconfig”NŒ id_prefix”hŒauto_id_prefix”Œid”Œ dump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”hÇŒ _destination”NŒ _config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒ raw_enabled”KŒline_length_limit”M'Œpep_references”NŒ pep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒ rfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œ smart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œ docinfo_xform”KŒsectsubtitle_xform”‰Œ image_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(jjj}jzjÏjÌj§j¤jêjçj´j±jüjùuŒ nametypes”}”(j‰j}‰jωj§‰jê‰j´‰jü‰uh}”(jhÊjzj9jÌj€j¤jÒjçjªj±jíjùj·uŒ footnote_refs”}”Œ citation_refs”}”Œ autofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ footnotes”]”Œ citations”]”Œautofootnote_start”KŒsymbol_footnote_start”KŒ id_counter”Œ collections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œ transformer”NŒ include_log”]”Œ decoration”Nh²hub.