Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

Pull crypto update from Herbert Xu:
 "Here is the crypto update for 4.6:

  API:
   - Convert remaining crypto_hash users to shash or ahash, also convert
     blkcipher/ablkcipher users to skcipher.
   - Remove crypto_hash interface.
   - Remove crypto_pcomp interface.
   - Add crypto engine for async cipher drivers.
   - Add akcipher documentation.
   - Add skcipher documentation.

  Algorithms:
   - Rename crypto/crc32 to avoid name clash with lib/crc32.
   - Fix bug in keywrap where we zero the wrong pointer.

  Drivers:
   - Support T5/M5, T7/M7 SPARC CPUs in n2 hwrng driver.
   - Add PIC32 hwrng driver.
   - Support BCM6368 in bcm63xx hwrng driver.
   - Pack structs for 32-bit compat users in qat.
   - Use crypto engine in omap-aes.
   - Add support for sama5d2x SoCs in atmel-sha.
   - Make atmel-sha available again.
   - Make sahara hashing available again.
   - Make ccp hashing available again.
   - Make sha1-mb available again.
   - Add support for multiple devices in ccp.
   - Improve DMA performance in caam.
   - Add hashing support to rockchip"

* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (116 commits)
  crypto: qat - remove redundant arbiter configuration
  crypto: ux500 - fix checks of error code returned by devm_ioremap_resource()
  crypto: atmel - fix checks of error code returned by devm_ioremap_resource()
  crypto: qat - Change the definition of icp_qat_uof_regtype
  hwrng: exynos - use __maybe_unused to hide pm functions
  crypto: ccp - Add abstraction for device-specific calls
  crypto: ccp - CCP versioning support
  crypto: ccp - Support for multiple CCPs
  crypto: ccp - Remove check for x86 family and model
  crypto: ccp - memset request context to zero during import
  lib/mpi: use "static inline" instead of "extern inline"
  lib/mpi: avoid assembler warning
  hwrng: bcm63xx - fix non device tree compatibility
  crypto: testmgr - allow rfc3686 aes-ctr variants in fips mode.
  crypto: qat - The AE id should be less than the maximal AE number
  lib/mpi: Endianness fix
  crypto: rockchip - add hash support for crypto engine in rk3288
  crypto: xts - fix compile errors
  crypto: doc - add skcipher API documentation
  crypto: doc - update AEAD AD handling
  ...

19 files changed, 238 insertions, 504 deletions

diff --git a/include/crypto/aead.h b/include/crypto/aead.h
index 84d13b11ad7b..957bb8763219 100644
--- a/include/crypto/aead.h
+++ b/include/crypto/aead.h
@@ -31,10 +31,10 @@
  *
  * For example: authenc(hmac(sha256), cbc(aes))
  *
- * The example code provided for the asynchronous block cipher operation
- * applies here as well. Naturally all *ablkcipher* symbols must be exchanged
+ * The example code provided for the symmetric key cipher operation
+ * applies here as well. Naturally all *skcipher* symbols must be exchanged
  * the *aead* pendants discussed in the following. In addition, for the AEAD
- * operation, the aead_request_set_assoc function must be used to set the
+ * operation, the aead_request_set_ad function must be used to set the
  * pointer to the associated data memory location before performing the
  * encryption or decryption operation. In case of an encryption, the associated
  * data memory is filled during the encryption operation. For decryption, the
diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h
index 354de15cea6b..c37cc59e9bf2 100644
--- a/include/crypto/akcipher.h
+++ b/include/crypto/akcipher.h
@@ -114,7 +114,7 @@ struct akcipher_alg {
  */
 
 /**
- * crypto_alloc_akcipher() -- allocate AKCIPHER tfm handle
+ * crypto_alloc_akcipher() - allocate AKCIPHER tfm handle
  * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
  *            public key algorithm e.g. "rsa"
  * @type: specifies the type of the algorithm
@@ -171,7 +171,7 @@ static inline struct crypto_akcipher *crypto_akcipher_reqtfm(
 }
 
 /**
- * crypto_free_akcipher() -- free AKCIPHER tfm handle
+ * crypto_free_akcipher() - free AKCIPHER tfm handle
  *
  * @tfm: AKCIPHER tfm handle allocated with crypto_alloc_akcipher()
  */
@@ -181,7 +181,7 @@ static inline void crypto_free_akcipher(struct crypto_akcipher *tfm)
 }
 
 /**
- * akcipher_request_alloc() -- allocates public key request
+ * akcipher_request_alloc() - allocates public key request
  *
  * @tfm:        AKCIPHER tfm handle allocated with crypto_alloc_akcipher()
  * @gfp:        allocation flags
@@ -201,7 +201,7 @@ static inline struct akcipher_request *akcipher_request_alloc(
 }
 
 /**
- * akcipher_request_free() -- zeroize and free public key request
+ * akcipher_request_free() - zeroize and free public key request
  *
  * @req:        request to free
  */
@@ -211,14 +211,14 @@ static inline void akcipher_request_free(struct akcipher_request *req)
 }
 
 /**
- * akcipher_request_set_callback() -- Sets an asynchronous callback.
+ * akcipher_request_set_callback() - Sets an asynchronous callback.
  *
  * Callback will be called when an asynchronous operation on a given
  * request is finished.
  *
  * @req:        request that the callback will be set for
  * @flgs:       specify for instance if the operation may backlog
- * @cmlp:       callback which will be called
+ * @cmpl:       callback which will be called
  * @data:       private data used by the caller
  */
 static inline void akcipher_request_set_callback(struct akcipher_request *req,
@@ -232,7 +232,7 @@ static inline void akcipher_request_set_callback(struct akcipher_request *req,
 }
 
 /**
- * akcipher_request_set_crypt() -- Sets request parameters
+ * akcipher_request_set_crypt() - Sets request parameters
  *
  * Sets parameters required by crypto operation
  *
@@ -255,7 +255,7 @@ static inline void akcipher_request_set_crypt(struct akcipher_request *req,
 }
 
 /**
- * crypto_akcipher_maxsize() -- Get len for output buffer
+ * crypto_akcipher_maxsize() - Get len for output buffer
  *
  * Function returns the dest buffer size required for a given key
  *
@@ -271,7 +271,7 @@ static inline int crypto_akcipher_maxsize(struct crypto_akcipher *tfm)
 }
 
 /**
- * crypto_akcipher_encrypt() -- Invoke public key encrypt operation
+ * crypto_akcipher_encrypt() - Invoke public key encrypt operation
  *
  * Function invokes the specific public key encrypt operation for a given
  * public key algorithm
@@ -289,7 +289,7 @@ static inline int crypto_akcipher_encrypt(struct akcipher_request *req)
 }
 
 /**
- * crypto_akcipher_decrypt() -- Invoke public key decrypt operation
+ * crypto_akcipher_decrypt() - Invoke public key decrypt operation
  *
  * Function invokes the specific public key decrypt operation for a given
  * public key algorithm
@@ -307,7 +307,7 @@ static inline int crypto_akcipher_decrypt(struct akcipher_request *req)
 }
 
 /**
- * crypto_akcipher_sign() -- Invoke public key sign operation
+ * crypto_akcipher_sign() - Invoke public key sign operation
  *
  * Function invokes the specific public key sign operation for a given
  * public key algorithm
@@ -325,7 +325,7 @@ static inline int crypto_akcipher_sign(struct akcipher_request *req)
 }
 
 /**
- * crypto_akcipher_verify() -- Invoke public key verify operation
+ * crypto_akcipher_verify() - Invoke public key verify operation
  *
  * Function invokes the specific public key verify operation for a given
  * public key algorithm
@@ -343,7 +343,7 @@ static inline int crypto_akcipher_verify(struct akcipher_request *req)
 }
 
 /**
- * crypto_akcipher_set_pub_key() -- Invoke set public key operation
+ * crypto_akcipher_set_pub_key() - Invoke set public key operation
  *
  * Function invokes the algorithm specific set key function, which knows
  * how to decode and interpret the encoded key
@@ -364,7 +364,7 @@ static inline int crypto_akcipher_set_pub_key(struct crypto_akcipher *tfm,
 }
 
 /**
- * crypto_akcipher_set_priv_key() -- Invoke set private key operation
+ * crypto_akcipher_set_priv_key() - Invoke set private key operation
  *
  * Function invokes the algorithm specific set key function, which knows
  * how to decode and interpret the encoded key
diff --git a/include/crypto/algapi.h b/include/crypto/algapi.h
index c9fe145f7dd3..eeafd21afb44 100644
--- a/include/crypto/algapi.h
+++ b/include/crypto/algapi.h
@@ -15,6 +15,7 @@
 #include <linux/crypto.h>
 #include <linux/list.h>
 #include <linux/kernel.h>
+#include <linux/kthread.h>
 #include <linux/skbuff.h>
 
 struct crypto_aead;
@@ -128,6 +129,75 @@ struct ablkcipher_walk {
         unsigned int            blocksize;
 };
 
+#define ENGINE_NAME_LEN 30
+/*
+ * struct crypto_engine - crypto hardware engine
+ * @name: the engine name
+ * @idling: the engine is entering idle state
+ * @busy: request pump is busy
+ * @running: the engine is on working
+ * @cur_req_prepared: current request is prepared
+ * @list: link with the global crypto engine list
+ * @queue_lock: spinlock to syncronise access to request queue
+ * @queue: the crypto queue of the engine
+ * @rt: whether this queue is set to run as a realtime task
+ * @prepare_crypt_hardware: a request will soon arrive from the queue
+ * so the subsystem requests the driver to prepare the hardware
+ * by issuing this call
+ * @unprepare_crypt_hardware: there are currently no more requests on the
+ * queue so the subsystem notifies the driver that it may relax the
+ * hardware by issuing this call
+ * @prepare_request: do some prepare if need before handle the current request
+ * @unprepare_request: undo any work done by prepare_message()
+ * @crypt_one_request: do encryption for current request
+ * @kworker: thread struct for request pump
+ * @kworker_task: pointer to task for request pump kworker thread
+ * @pump_requests: work struct for scheduling work to the request pump
+ * @priv_data: the engine private data
+ * @cur_req: the current request which is on processing
+ */
+struct crypto_engine {
+        char                    name[ENGINE_NAME_LEN];
+        bool                    idling;
+        bool                    busy;
+        bool                    running;
+        bool                    cur_req_prepared;
+
+        struct list_head        list;
+        spinlock_t              queue_lock;
+        struct crypto_queue     queue;
+
+        bool                    rt;
+
+        int (*prepare_crypt_hardware)(struct crypto_engine *engine);
+        int (*unprepare_crypt_hardware)(struct crypto_engine *engine);
+
+        int (*prepare_request)(struct crypto_engine *engine,
+                               struct ablkcipher_request *req);
+        int (*unprepare_request)(struct crypto_engine *engine,
+                                 struct ablkcipher_request *req);
+        int (*crypt_one_request)(struct crypto_engine *engine,
+                                 struct ablkcipher_request *req);
+
+        struct kthread_worker           kworker;
+        struct task_struct              *kworker_task;
+        struct kthread_work             pump_requests;
+
+        void                            *priv_data;
+        struct ablkcipher_request       *cur_req;
+};
+
+int crypto_transfer_request(struct crypto_engine *engine,
+                            struct ablkcipher_request *req, bool need_pump);
+int crypto_transfer_request_to_engine(struct crypto_engine *engine,
+                                      struct ablkcipher_request *req);
+void crypto_finalize_request(struct crypto_engine *engine,
+                             struct ablkcipher_request *req, int err);
+int crypto_engine_start(struct crypto_engine *engine);
+int crypto_engine_stop(struct crypto_engine *engine);
+struct crypto_engine *crypto_engine_alloc_init(struct device *dev, bool rt);
+int crypto_engine_exit(struct crypto_engine *engine);
+
 extern const struct crypto_type crypto_ablkcipher_type;
 extern const struct crypto_type crypto_blkcipher_type;
 
@@ -184,6 +254,10 @@ int crypto_enqueue_request(struct crypto_queue *queue,
                            struct crypto_async_request *request);
 struct crypto_async_request *crypto_dequeue_request(struct crypto_queue *queue);
 int crypto_tfm_in_queue(struct crypto_queue *queue, struct crypto_tfm *tfm);
+static inline unsigned int crypto_queue_len(struct crypto_queue *queue)
+{
+        return queue->qlen;
+}
 
 /* These functions require the input/output to be aligned as u32. */
 void crypto_inc(u8 *a, unsigned int size);
@@ -275,24 +349,6 @@ static inline struct cipher_alg *crypto_cipher_alg(struct crypto_cipher *tfm)
         return &crypto_cipher_tfm(tfm)->__crt_alg->cra_cipher;
 }
 
-static inline struct crypto_hash *crypto_spawn_hash(struct crypto_spawn *spawn)
-{
-        u32 type = CRYPTO_ALG_TYPE_HASH;
-        u32 mask = CRYPTO_ALG_TYPE_HASH_MASK;
-
-        return __crypto_hash_cast(crypto_spawn_tfm(spawn, type, mask));
-}
-
-static inline void *crypto_hash_ctx(struct crypto_hash *tfm)
-{
-        return crypto_tfm_ctx(&tfm->base);
-}
-
-static inline void *crypto_hash_ctx_aligned(struct crypto_hash *tfm)
-{
-        return crypto_tfm_ctx_aligned(&tfm->base);
-}
-
 static inline void blkcipher_walk_init(struct blkcipher_walk *walk,
                                        struct scatterlist *dst,
                                        struct scatterlist *src,
diff --git a/include/crypto/compress.h b/include/crypto/compress.h
deleted file mode 100644
index 5b67af834d83..000000000000
--- a/include/crypto/compress.h
+++ /dev/null
@@ -1,145 +0,0 @@
-/*
- * Compress: Compression algorithms under the cryptographic API.
- *
- * Copyright 2008 Sony Corporation
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; version 2 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.
- * If not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef _CRYPTO_COMPRESS_H
-#define _CRYPTO_COMPRESS_H
-
-#include <linux/crypto.h>
-
-
-struct comp_request {
-        const void *next_in;            /* next input byte */
-        void *next_out;                 /* next output byte */
-        unsigned int avail_in;          /* bytes available at next_in */
-        unsigned int avail_out;         /* bytes available at next_out */
-};
-
-enum zlib_comp_params {
-        ZLIB_COMP_LEVEL = 1,            /* e.g. Z_DEFAULT_COMPRESSION */
-        ZLIB_COMP_METHOD,               /* e.g. Z_DEFLATED */
-        ZLIB_COMP_WINDOWBITS,           /* e.g. MAX_WBITS */
-        ZLIB_COMP_MEMLEVEL,             /* e.g. DEF_MEM_LEVEL */
-        ZLIB_COMP_STRATEGY,             /* e.g. Z_DEFAULT_STRATEGY */
-        __ZLIB_COMP_MAX,
-};
-
-#define ZLIB_COMP_MAX   (__ZLIB_COMP_MAX - 1)
-
-
-enum zlib_decomp_params {
-        ZLIB_DECOMP_WINDOWBITS = 1,     /* e.g. DEF_WBITS */
-        __ZLIB_DECOMP_MAX,
-};
-
-#define ZLIB_DECOMP_MAX (__ZLIB_DECOMP_MAX - 1)
-
-
-struct crypto_pcomp {
-        struct crypto_tfm base;
-};
-
-struct pcomp_alg {
-        int (*compress_setup)(struct crypto_pcomp *tfm, const void *params,
-                              unsigned int len);
-        int (*compress_init)(struct crypto_pcomp *tfm);
-        int (*compress_update)(struct crypto_pcomp *tfm,
-                               struct comp_request *req);
-        int (*compress_final)(struct crypto_pcomp *tfm,
-                              struct comp_request *req);
-        int (*decompress_setup)(struct crypto_pcomp *tfm, const void *params,
-                                unsigned int len);
-        int (*decompress_init)(struct crypto_pcomp *tfm);
-        int (*decompress_update)(struct crypto_pcomp *tfm,
-                                 struct comp_request *req);
-        int (*decompress_final)(struct crypto_pcomp *tfm,
-                                struct comp_request *req);
-
-        struct crypto_alg base;
-};
-
-extern struct crypto_pcomp *crypto_alloc_pcomp(const char *alg_name, u32 type,
-                                               u32 mask);
-
-static inline struct crypto_tfm *crypto_pcomp_tfm(struct crypto_pcomp *tfm)
-{
-        return &tfm->base;
-}
-
-static inline void crypto_free_pcomp(struct crypto_pcomp *tfm)
-{
-        crypto_destroy_tfm(tfm, crypto_pcomp_tfm(tfm));
-}
-
-static inline struct pcomp_alg *__crypto_pcomp_alg(struct crypto_alg *alg)
-{
-        return container_of(alg, struct pcomp_alg, base);
-}
-
-static inline struct pcomp_alg *crypto_pcomp_alg(struct crypto_pcomp *tfm)
-{
-        return __crypto_pcomp_alg(crypto_pcomp_tfm(tfm)->__crt_alg);
-}
-
-static inline int crypto_compress_setup(struct crypto_pcomp *tfm,
-                                        const void *params, unsigned int len)
-{
-        return crypto_pcomp_alg(tfm)->compress_setup(tfm, params, len);
-}
-
-static inline int crypto_compress_init(struct crypto_pcomp *tfm)
-{
-        return crypto_pcomp_alg(tfm)->compress_init(tfm);
-}
-
-static inline int crypto_compress_update(struct crypto_pcomp *tfm,
-                                         struct comp_request *req)
-{
-        return crypto_pcomp_alg(tfm)->compress_update(tfm, req);
-}
-
-static inline int crypto_compress_final(struct crypto_pcomp *tfm,
-                                        struct comp_request *req)
-{
-        return crypto_pcomp_alg(tfm)->compress_final(tfm, req);
-}
-
-static inline int crypto_decompress_setup(struct crypto_pcomp *tfm,
-                                          const void *params, unsigned int len)
-{
-        return crypto_pcomp_alg(tfm)->decompress_setup(tfm, params, len);
-}
-
-static inline int crypto_decompress_init(struct crypto_pcomp *tfm)
-{
-        return crypto_pcomp_alg(tfm)->decompress_init(tfm);
-}
-
-static inline int crypto_decompress_update(struct crypto_pcomp *tfm,
-                                           struct comp_request *req)
-{
-        return crypto_pcomp_alg(tfm)->decompress_update(tfm, req);
-}
-
-static inline int crypto_decompress_final(struct crypto_pcomp *tfm,
-                                          struct comp_request *req)
-{
-        return crypto_pcomp_alg(tfm)->decompress_final(tfm, req);
-}
-
-#endif  /* _CRYPTO_COMPRESS_H */
diff --git a/include/crypto/drbg.h b/include/crypto/drbg.h
index 9756c70899d8..d961b2b16f55 100644
--- a/include/crypto/drbg.h
+++ b/include/crypto/drbg.h
@@ -117,10 +117,6 @@ struct drbg_state {
         void *priv_data;        /* Cipher handle */
         bool seeded;            /* DRBG fully seeded? */
         bool pr;                /* Prediction resistance enabled? */
-#ifdef CONFIG_CRYPTO_FIPS
-        bool fips_primed;       /* Continuous test primed? */
-        unsigned char *prev;    /* FIPS 140-2 continuous test value */
-#endif
         struct work_struct seed_work;   /* asynchronous seeding support */
         struct crypto_rng *jent;
         const struct drbg_state_ops *d_ops;
diff --git a/include/crypto/hash.h b/include/crypto/hash.h
index 6361892ea737..1969f1416658 100644
--- a/include/crypto/hash.h
+++ b/include/crypto/hash.h
@@ -14,6 +14,7 @@
 #define _CRYPTO_HASH_H
 
 #include <linux/crypto.h>
+#include <linux/string.h>
 
 struct crypto_ahash;
 
@@ -259,6 +260,28 @@ static inline void crypto_free_ahash(struct crypto_ahash *tfm)
         crypto_destroy_tfm(tfm, crypto_ahash_tfm(tfm));
 }
 
+/**
+ * crypto_has_ahash() - Search for the availability of an ahash.
+ * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
+ *            ahash
+ * @type: specifies the type of the ahash
+ * @mask: specifies the mask for the ahash
+ *
+ * Return: true when the ahash is known to the kernel crypto API; false
+ *         otherwise
+ */
+int crypto_has_ahash(const char *alg_name, u32 type, u32 mask);
+
+static inline const char *crypto_ahash_alg_name(struct crypto_ahash *tfm)
+{
+        return crypto_tfm_alg_name(crypto_ahash_tfm(tfm));
+}
+
+static inline const char *crypto_ahash_driver_name(struct crypto_ahash *tfm)
+{
+        return crypto_tfm_alg_driver_name(crypto_ahash_tfm(tfm));
+}
+
 static inline unsigned int crypto_ahash_alignmask(
         struct crypto_ahash *tfm)
 {
@@ -550,6 +573,12 @@ static inline void ahash_request_free(struct ahash_request *req)
         kzfree(req);
 }
 
+static inline void ahash_request_zero(struct ahash_request *req)
+{
+        memzero_explicit(req, sizeof(*req) +
+                              crypto_ahash_reqsize(crypto_ahash_reqtfm(req)));
+}
+
 static inline struct ahash_request *ahash_request_cast(
         struct crypto_async_request *req)
 {
@@ -657,6 +686,16 @@ static inline void crypto_free_shash(struct crypto_shash *tfm)
         crypto_destroy_tfm(tfm, crypto_shash_tfm(tfm));
 }
 
+static inline const char *crypto_shash_alg_name(struct crypto_shash *tfm)
+{
+        return crypto_tfm_alg_name(crypto_shash_tfm(tfm));
+}
+
+static inline const char *crypto_shash_driver_name(struct crypto_shash *tfm)
+{
+        return crypto_tfm_alg_driver_name(crypto_shash_tfm(tfm));
+}
+
 static inline unsigned int crypto_shash_alignmask(
         struct crypto_shash *tfm)
 {
@@ -872,4 +911,10 @@ int crypto_shash_final(struct shash_desc *desc, u8 *out);
 int crypto_shash_finup(struct shash_desc *desc, const u8 *data,
                        unsigned int len, u8 *out);
 
+static inline void shash_desc_zero(struct shash_desc *desc)
+{
+        memzero_explicit(desc,
+                         sizeof(*desc) + crypto_shash_descsize(desc->tfm));
+}
+
 #endif  /* _CRYPTO_HASH_H */
diff --git a/include/crypto/internal/aead.h b/include/crypto/internal/aead.h
index 5554cdd8d6c1..da3864991d4c 100644
--- a/include/crypto/internal/aead.h
+++ b/include/crypto/internal/aead.h
@@ -80,6 +80,12 @@ static inline u32 aead_request_flags(struct aead_request *req)
         return req->base.flags;
 }
 
+static inline struct aead_request *aead_request_cast(
+        struct crypto_async_request *req)
+{
+        return container_of(req, struct aead_request, base);
+}
+
 static inline void crypto_set_aead_spawn(
         struct crypto_aead_spawn *spawn, struct crypto_instance *inst)
 {
diff --git a/include/crypto/internal/compress.h b/include/crypto/internal/compress.h
deleted file mode 100644
index 178a888d1d93..000000000000
--- a/include/crypto/internal/compress.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Compress: Compression algorithms under the cryptographic API.
- *
- * Copyright 2008 Sony Corporation
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; version 2 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.
- * If not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef _CRYPTO_INTERNAL_COMPRESS_H
-#define _CRYPTO_INTERNAL_COMPRESS_H
-
-#include <crypto/compress.h>
-
-extern int crypto_register_pcomp(struct pcomp_alg *alg);
-extern int crypto_unregister_pcomp(struct pcomp_alg *alg);
-
-#endif  /* _CRYPTO_INTERNAL_COMPRESS_H */
diff --git a/include/crypto/internal/hash.h b/include/crypto/internal/hash.h
index 3b4af1d7c7e9..49dae16f8929 100644
--- a/include/crypto/internal/hash.h
+++ b/include/crypto/internal/hash.h
@@ -57,9 +57,6 @@ int crypto_hash_walk_first(struct ahash_request *req,
                            struct crypto_hash_walk *walk);
 int crypto_ahash_walk_first(struct ahash_request *req,
                            struct crypto_hash_walk *walk);
-int crypto_hash_walk_first_compat(struct hash_desc *hdesc,
-                                  struct crypto_hash_walk *walk,
-                                  struct scatterlist *sg, unsigned int len);
 
 static inline int crypto_ahash_walk_done(struct crypto_hash_walk *walk,
                                          int err)
diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h
index fd8742a40ff3..905490c1da89 100644
--- a/include/crypto/skcipher.h
+++ b/include/crypto/skcipher.h
@@ -60,8 +60,7 @@ struct crypto_skcipher {
 
         unsigned int ivsize;
         unsigned int reqsize;
-
-        bool has_setkey;
+        unsigned int keysize;
 
         struct crypto_tfm base;
 };
@@ -232,6 +231,12 @@ static inline int crypto_has_skcipher(const char *alg_name, u32 type,
                               crypto_skcipher_mask(mask));
 }
 
+static inline const char *crypto_skcipher_driver_name(
+        struct crypto_skcipher *tfm)
+{
+        return crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
+}
+
 /**
  * crypto_skcipher_ivsize() - obtain IV size
  * @tfm: cipher handle
@@ -309,7 +314,13 @@ static inline int crypto_skcipher_setkey(struct crypto_skcipher *tfm,
 
 static inline bool crypto_skcipher_has_setkey(struct crypto_skcipher *tfm)
 {
-        return tfm->has_setkey;
+        return tfm->keysize;
+}
+
+static inline unsigned int crypto_skcipher_default_keysize(
+        struct crypto_skcipher *tfm)
+{
+        return tfm->keysize;
 }
 
 /**
@@ -440,6 +451,13 @@ static inline void skcipher_request_free(struct skcipher_request *req)
         kzfree(req);
 }
 
+static inline void skcipher_request_zero(struct skcipher_request *req)
+{
+        struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+
+        memzero_explicit(req, sizeof(*req) + crypto_skcipher_reqsize(tfm));
+}
+
 /**
  * skcipher_request_set_callback() - set asynchronous callback function
  * @req: request handle
diff --git a/include/crypto/xts.h b/include/crypto/xts.h
index 72c09eb56437..ede6b97b24cc 100644
--- a/include/crypto/xts.h
+++ b/include/crypto/xts.h
@@ -2,6 +2,9 @@
 #define _CRYPTO_XTS_H
 
 #include <crypto/b128ops.h>
+#include <linux/crypto.h>
+#include <crypto/algapi.h>
+#include <linux/fips.h>
 
 struct scatterlist;
 struct blkcipher_desc;
@@ -24,4 +27,28 @@ int xts_crypt(struct blkcipher_desc *desc, struct scatterlist *dst,
               struct scatterlist *src, unsigned int nbytes,
               struct xts_crypt_req *req);
 
+static inline int xts_check_key(struct crypto_tfm *tfm,
+                                const u8 *key, unsigned int keylen)
+{
+        u32 *flags = &tfm->crt_flags;
+
+        /*
+         * key consists of keys of equal size concatenated, therefore
+         * the length must be even.
+         */
+        if (keylen % 2) {
+                *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
+                return -EINVAL;
+        }
+
+        /* ensure that the AES and tweak key are not identical */
+        if (fips_enabled &&
+            !crypto_memneq(key, key + (keylen / 2), keylen / 2)) {
+                *flags |= CRYPTO_TFM_RES_WEAK_KEY;
+                return -EINVAL;
+        }
+
+        return 0;
+}
+
 #endif  /* _CRYPTO_XTS_H */
diff --git a/include/linux/ccp.h b/include/linux/ccp.h
index 7f437036baa4..915af3095b39 100644
--- a/include/linux/ccp.h
+++ b/include/linux/ccp.h
@@ -33,6 +33,18 @@ struct ccp_cmd;
  */
 int ccp_present(void);
 
+#define CCP_VSIZE 16
+#define CCP_VMASK               ((unsigned int)((1 << CCP_VSIZE) - 1))
+#define CCP_VERSION(v, r)       ((unsigned int)((v << CCP_VSIZE) \
+                                               | (r & CCP_VMASK)))
+
+/**
+ * ccp_version - get the version of the CCP
+ *
+ * Returns a positive version number, or zero if no CCP
+ */
+unsigned int ccp_version(void);
+
 /**
  * ccp_enqueue_cmd - queue an operation for processing by the CCP
  *
@@ -65,6 +77,11 @@ static inline int ccp_present(void)
         return -ENODEV;
 }
 
+static inline unsigned int ccp_version(void)
+{
+        return 0;
+}
+
 static inline int ccp_enqueue_cmd(struct ccp_cmd *cmd)
 {
         return -ENODEV;
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
index e71cb70a1ac2..99c94899ad0f 100644
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
@@ -54,7 +54,6 @@
 #define CRYPTO_ALG_TYPE_AHASH           0x0000000a
 #define CRYPTO_ALG_TYPE_RNG             0x0000000c
 #define CRYPTO_ALG_TYPE_AKCIPHER        0x0000000d
-#define CRYPTO_ALG_TYPE_PCOMPRESS       0x0000000f
 
 #define CRYPTO_ALG_TYPE_HASH_MASK       0x0000000e
 #define CRYPTO_ALG_TYPE_AHASH_MASK      0x0000000c
@@ -137,7 +136,6 @@ struct scatterlist;
 struct crypto_ablkcipher;
 struct crypto_async_request;
 struct crypto_blkcipher;
-struct crypto_hash;
 struct crypto_tfm;
 struct crypto_type;
 struct skcipher_givcrypt_request;
@@ -187,11 +185,6 @@ struct cipher_desc {
         void *info;
 };
 
-struct hash_desc {
-        struct crypto_hash *tfm;
-        u32 flags;
-};
-
 /**
  * DOC: Block Cipher Algorithm Definitions
  *
@@ -519,18 +512,6 @@ struct cipher_tfm {
         void (*cit_decrypt_one)(struct crypto_tfm *tfm, u8 *dst, const u8 *src);
 };
 
-struct hash_tfm {
-        int (*init)(struct hash_desc *desc);
-        int (*update)(struct hash_desc *desc,
-                      struct scatterlist *sg, unsigned int nsg);
-        int (*final)(struct hash_desc *desc, u8 *out);
-        int (*digest)(struct hash_desc *desc, struct scatterlist *sg,
-                      unsigned int nsg, u8 *out);
-        int (*setkey)(struct crypto_hash *tfm, const u8 *key,
-                      unsigned int keylen);
-        unsigned int digestsize;
-};
-
 struct compress_tfm {
         int (*cot_compress)(struct crypto_tfm *tfm,
                             const u8 *src, unsigned int slen,
@@ -543,7 +524,6 @@ struct compress_tfm {
 #define crt_ablkcipher  crt_u.ablkcipher
 #define crt_blkcipher   crt_u.blkcipher
 #define crt_cipher      crt_u.cipher
-#define crt_hash        crt_u.hash
 #define crt_compress    crt_u.compress
 
 struct crypto_tfm {
@@ -554,7 +534,6 @@ struct crypto_tfm {
                 struct ablkcipher_tfm ablkcipher;
                 struct blkcipher_tfm blkcipher;
                 struct cipher_tfm cipher;
-                struct hash_tfm hash;
                 struct compress_tfm compress;
         } crt_u;
 
@@ -581,10 +560,6 @@ struct crypto_comp {
         struct crypto_tfm base;
 };
 
-struct crypto_hash {
-        struct crypto_tfm base;
-};
-
 enum {
         CRYPTOA_UNSPEC,
         CRYPTOA_ALG,
@@ -1577,233 +1552,6 @@ static inline void crypto_cipher_decrypt_one(struct crypto_cipher *tfm,
                                                 dst, src);
 }
 
-/**
- * DOC: Synchronous Message Digest API
- *
- * The synchronous message digest API is used with the ciphers of type
- * CRYPTO_ALG_TYPE_HASH (listed as type "hash" in /proc/crypto)
- */
-
-static inline struct crypto_hash *__crypto_hash_cast(struct crypto_tfm *tfm)
-{
-        return (struct crypto_hash *)tfm;
-}
-
-static inline struct crypto_hash *crypto_hash_cast(struct crypto_tfm *tfm)
-{
-        BUG_ON((crypto_tfm_alg_type(tfm) ^ CRYPTO_ALG_TYPE_HASH) &
-               CRYPTO_ALG_TYPE_HASH_MASK);
-        return __crypto_hash_cast(tfm);
-}
-
-/**
- * crypto_alloc_hash() - allocate synchronous message digest handle
- * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
- *            message digest cipher
- * @type: specifies the type of the cipher
- * @mask: specifies the mask for the cipher
- *
- * Allocate a cipher handle for a message digest. The returned struct
- * crypto_hash is the cipher handle that is required for any subsequent
- * API invocation for that message digest.
- *
- * Return: allocated cipher handle in case of success; IS_ERR() is true in case
- * of an error, PTR_ERR() returns the error code.
- */
-static inline struct crypto_hash *crypto_alloc_hash(const char *alg_name,
-                                                    u32 type, u32 mask)
-{
-        type &= ~CRYPTO_ALG_TYPE_MASK;
-        mask &= ~CRYPTO_ALG_TYPE_MASK;
-        type |= CRYPTO_ALG_TYPE_HASH;
-        mask |= CRYPTO_ALG_TYPE_HASH_MASK;
-
-        return __crypto_hash_cast(crypto_alloc_base(alg_name, type, mask));
-}
-
-static inline struct crypto_tfm *crypto_hash_tfm(struct crypto_hash *tfm)
-{
-        return &tfm->base;
-}
-
-/**
- * crypto_free_hash() - zeroize and free message digest handle
- * @tfm: cipher handle to be freed
- */
-static inline void crypto_free_hash(struct crypto_hash *tfm)
-{
-        crypto_free_tfm(crypto_hash_tfm(tfm));
-}
-
-/**
- * crypto_has_hash() - Search for the availability of a message digest
- * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
- *            message digest cipher
- * @type: specifies the type of the cipher
- * @mask: specifies the mask for the cipher
- *
- * Return: true when the message digest cipher is known to the kernel crypto
- *         API; false otherwise
- */
-static inline int crypto_has_hash(const char *alg_name, u32 type, u32 mask)
-{
-        type &= ~CRYPTO_ALG_TYPE_MASK;
-        mask &= ~CRYPTO_ALG_TYPE_MASK;
-        type |= CRYPTO_ALG_TYPE_HASH;
-        mask |= CRYPTO_ALG_TYPE_HASH_MASK;
-
-        return crypto_has_alg(alg_name, type, mask);
-}
-
-static inline struct hash_tfm *crypto_hash_crt(struct crypto_hash *tfm)
-{
-        return &crypto_hash_tfm(tfm)->crt_hash;
-}
-
-/**
- * crypto_hash_blocksize() - obtain block size for message digest
- * @tfm: cipher handle
- *
- * The block size for the message digest cipher referenced with the cipher
- * handle is returned.
- *
- * Return: block size of cipher
- */
-static inline unsigned int crypto_hash_blocksize(struct crypto_hash *tfm)
-{
-        return crypto_tfm_alg_blocksize(crypto_hash_tfm(tfm));
-}
-
-static inline unsigned int crypto_hash_alignmask(struct crypto_hash *tfm)
-{
-        return crypto_tfm_alg_alignmask(crypto_hash_tfm(tfm));
-}
-
-/**
- * crypto_hash_digestsize() - obtain message digest size
- * @tfm: cipher handle
- *
- * The size for the message digest created by the message digest cipher
- * referenced with the cipher handle is returned.
- *
- * Return: message digest size
- */
-static inline unsigned int crypto_hash_digestsize(struct crypto_hash *tfm)
-{
-        return crypto_hash_crt(tfm)->digestsize;
-}
-
-static inline u32 crypto_hash_get_flags(struct crypto_hash *tfm)
-{
-        return crypto_tfm_get_flags(crypto_hash_tfm(tfm));
-}
-
-static inline void crypto_hash_set_flags(struct crypto_hash *tfm, u32 flags)
-{
-        crypto_tfm_set_flags(crypto_hash_tfm(tfm), flags);
-}
-
-static inline void crypto_hash_clear_flags(struct crypto_hash *tfm, u32 flags)
-{
-        crypto_tfm_clear_flags(crypto_hash_tfm(tfm), flags);
-}
-
-/**
- * crypto_hash_init() - (re)initialize message digest handle
- * @desc: cipher request handle that to be filled by caller --
- *        desc.tfm is filled with the hash cipher handle;
- *        desc.flags is filled with either CRYPTO_TFM_REQ_MAY_SLEEP or 0.
- *
- * The call (re-)initializes the message digest referenced by the hash cipher
- * request handle. Any potentially existing state created by previous
- * operations is discarded.
- *
- * Return: 0 if the message digest initialization was successful; < 0 if an
- *         error occurred
- */
-static inline int crypto_hash_init(struct hash_desc *desc)
-{
-        return crypto_hash_crt(desc->tfm)->init(desc);
-}
-
-/**
- * crypto_hash_update() - add data to message digest for processing
- * @desc: cipher request handle
- * @sg: scatter / gather list pointing to the data to be added to the message
- *      digest
- * @nbytes: number of bytes to be processed from @sg
- *
- * Updates the message digest state of the cipher handle pointed to by the
- * hash cipher request handle with the input data pointed to by the
- * scatter/gather list.
- *
- * Return: 0 if the message digest update was successful; < 0 if an error
- *         occurred
- */
-static inline int crypto_hash_update(struct hash_desc *desc,
-                                     struct scatterlist *sg,
-                                     unsigned int nbytes)
-{
-        return crypto_hash_crt(desc->tfm)->update(desc, sg, nbytes);
-}
-
-/**
- * crypto_hash_final() - calculate message digest
- * @desc: cipher request handle
- * @out: message digest output buffer -- The caller must ensure that the out
- *       buffer has a sufficient size (e.g. by using the crypto_hash_digestsize
- *       function).
- *
- * Finalize the message digest operation and create the message digest
- * based on all data added to the cipher handle. The message digest is placed
- * into the output buffer.
- *
- * Return: 0 if the message digest creation was successful; < 0 if an error
- *         occurred
- */
-static inline int crypto_hash_final(struct hash_desc *desc, u8 *out)
-{
-        return crypto_hash_crt(desc->tfm)->final(desc, out);
-}
-
-/**
- * crypto_hash_digest() - calculate message digest for a buffer
- * @desc: see crypto_hash_final()
- * @sg: see crypto_hash_update()
- * @nbytes:  see crypto_hash_update()
- * @out: see crypto_hash_final()
- *
- * This function is a "short-hand" for the function calls of crypto_hash_init,
- * crypto_hash_update and crypto_hash_final. The parameters have the same
- * meaning as discussed for those separate three functions.
- *
- * Return: 0 if the message digest creation was successful; < 0 if an error
- *         occurred
- */
-static inline int crypto_hash_digest(struct hash_desc *desc,
-                                     struct scatterlist *sg,
-                                     unsigned int nbytes, u8 *out)
-{
-        return crypto_hash_crt(desc->tfm)->digest(desc, sg, nbytes, out);
-}
-
-/**
- * crypto_hash_setkey() - set key for message digest
- * @hash: cipher handle
- * @key: buffer holding the key
- * @keylen: length of the key in bytes
- *
- * The caller provided key is set for the message digest cipher. The cipher
- * handle must point to a keyed hash in order for this function to succeed.
- *
- * Return: 0 if the setting of the key was successful; < 0 if an error occurred
- */
-static inline int crypto_hash_setkey(struct crypto_hash *hash,
-                                     const u8 *key, unsigned int keylen)
-{
-        return crypto_hash_crt(hash)->setkey(hash, key, keylen);
-}
-
 static inline struct crypto_comp *__crypto_comp_cast(struct crypto_tfm *tfm)
 {
         return (struct crypto_comp *)tfm;
diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h
index df02a4188487..7df625d41e35 100644
--- a/include/linux/sunrpc/gss_krb5.h
+++ b/include/linux/sunrpc/gss_krb5.h
@@ -36,7 +36,7 @@
  *
  */
 
-#include <linux/crypto.h>
+#include <crypto/skcipher.h>
 #include <linux/sunrpc/auth_gss.h>
 #include <linux/sunrpc/gss_err.h>
 #include <linux/sunrpc/gss_asn1.h>
@@ -71,10 +71,10 @@ struct gss_krb5_enctype {
         const u32               keyed_cksum;    /* is it a keyed cksum? */
         const u32               keybytes;       /* raw key len, in bytes */
         const u32               keylength;      /* final key len, in bytes */
-        u32 (*encrypt) (struct crypto_blkcipher *tfm,
+        u32 (*encrypt) (struct crypto_skcipher *tfm,
                         void *iv, void *in, void *out,
                         int length);            /* encryption function */
-        u32 (*decrypt) (struct crypto_blkcipher *tfm,
+        u32 (*decrypt) (struct crypto_skcipher *tfm,
                         void *iv, void *in, void *out,
                         int length);            /* decryption function */
         u32 (*mk_key) (const struct gss_krb5_enctype *gk5e,
@@ -98,12 +98,12 @@ struct krb5_ctx {
         u32                     enctype;
         u32                     flags;
         const struct gss_krb5_enctype *gk5e; /* enctype-specific info */
-        struct crypto_blkcipher *enc;
-        struct crypto_blkcipher *seq;
-        struct crypto_blkcipher *acceptor_enc;
-        struct crypto_blkcipher *initiator_enc;
-        struct crypto_blkcipher *acceptor_enc_aux;
-        struct crypto_blkcipher *initiator_enc_aux;
+        struct crypto_skcipher  *enc;
+        struct crypto_skcipher  *seq;
+        struct crypto_skcipher *acceptor_enc;
+        struct crypto_skcipher *initiator_enc;
+        struct crypto_skcipher *acceptor_enc_aux;
+        struct crypto_skcipher *initiator_enc_aux;
         u8                      Ksess[GSS_KRB5_MAX_KEYLEN]; /* session key */
         u8                      cksum[GSS_KRB5_MAX_KEYLEN];
         s32                     endtime;
@@ -262,24 +262,24 @@ gss_unwrap_kerberos(struct gss_ctx *ctx_id, int offset,
 
 
 u32
-krb5_encrypt(struct crypto_blkcipher *key,
+krb5_encrypt(struct crypto_skcipher *key,
              void *iv, void *in, void *out, int length);
 
 u32
-krb5_decrypt(struct crypto_blkcipher *key,
+krb5_decrypt(struct crypto_skcipher *key,
              void *iv, void *in, void *out, int length); 
 
 int
-gss_encrypt_xdr_buf(struct crypto_blkcipher *tfm, struct xdr_buf *outbuf,
+gss_encrypt_xdr_buf(struct crypto_skcipher *tfm, struct xdr_buf *outbuf,
                     int offset, struct page **pages);
 
 int
-gss_decrypt_xdr_buf(struct crypto_blkcipher *tfm, struct xdr_buf *inbuf,
+gss_decrypt_xdr_buf(struct crypto_skcipher *tfm, struct xdr_buf *inbuf,
                     int offset);
 
 s32
 krb5_make_seq_num(struct krb5_ctx *kctx,
-                struct crypto_blkcipher *key,
+                struct crypto_skcipher *key,
                 int direction,
                 u32 seqnum, unsigned char *cksum, unsigned char *buf);
 
@@ -320,12 +320,12 @@ gss_krb5_aes_decrypt(struct krb5_ctx *kctx, u32 offset,
 
 int
 krb5_rc4_setup_seq_key(struct krb5_ctx *kctx,
-                       struct crypto_blkcipher *cipher,
+                       struct crypto_skcipher *cipher,
                        unsigned char *cksum);
 
 int
 krb5_rc4_setup_enc_key(struct krb5_ctx *kctx,
-                       struct crypto_blkcipher *cipher,
+                       struct crypto_skcipher *cipher,
                        s32 seqnum);
 void
 gss_krb5_make_confounder(char *p, u32 conflen);
diff --git a/include/net/sctp/auth.h b/include/net/sctp/auth.h
index f2d58aa37a6f..9b9fb122b31f 100644
--- a/include/net/sctp/auth.h
+++ b/include/net/sctp/auth.h
@@ -31,12 +31,12 @@
 #define __sctp_auth_h__
 
 #include <linux/list.h>
-#include <linux/crypto.h>
 
 struct sctp_endpoint;
 struct sctp_association;
 struct sctp_authkey;
 struct sctp_hmacalgo;
+struct crypto_shash;
 
 /*
  * Define a generic struct that will hold all the info
@@ -90,7 +90,7 @@ int sctp_auth_asoc_copy_shkeys(const struct sctp_endpoint *ep,
                                 struct sctp_association *asoc,
                                 gfp_t gfp);
 int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp);
-void sctp_auth_destroy_hmacs(struct crypto_hash *auth_hmacs[]);
+void sctp_auth_destroy_hmacs(struct crypto_shash *auth_hmacs[]);
 struct sctp_hmac *sctp_auth_get_hmac(__u16 hmac_id);
 struct sctp_hmac *sctp_auth_asoc_get_hmac(const struct sctp_association *asoc);
 void sctp_auth_asoc_set_default_hmac(struct sctp_association *asoc,
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
index 205630bb5010..5a57409da37b 100644
--- a/include/net/sctp/structs.h
+++ b/include/net/sctp/structs.h
@@ -82,7 +82,7 @@ struct sctp_bind_addr;
 struct sctp_ulpq;
 struct sctp_ep_common;
 struct sctp_ssnmap;
-struct crypto_hash;
+struct crypto_shash;
 
 
 #include <net/sctp/tsnmap.h>
@@ -166,7 +166,7 @@ struct sctp_sock {
         struct sctp_pf *pf;
 
         /* Access to HMAC transform. */
-        struct crypto_hash *hmac;
+        struct crypto_shash *hmac;
         char *sctp_hmac_alg;
 
         /* What is our base endpointer? */
@@ -1234,7 +1234,7 @@ struct sctp_endpoint {
         /* SCTP AUTH: array of the HMACs that will be allocated
          * we need this per association so that we don't serialize
          */
-        struct crypto_hash **auth_hmacs;
+        struct crypto_shash **auth_hmacs;
 
         /* SCTP-AUTH: hmacs for the endpoint encoded into parameter */
          struct sctp_hmac_algo_param *auth_hmacs_list;
diff --git a/include/net/tcp.h b/include/net/tcp.h
index ae6468f5c9f3..b04bc989ad6c 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -27,7 +27,6 @@
 #include <linux/cache.h>
 #include <linux/percpu.h>
 #include <linux/skbuff.h>
-#include <linux/crypto.h>
 #include <linux/cryptohash.h>
 #include <linux/kref.h>
 #include <linux/ktime.h>
@@ -1325,9 +1324,6 @@ static inline void tcp_clear_all_retrans_hints(struct tcp_sock *tp)
         tp->retransmit_skb_hint = NULL;
 }
 
-/* MD5 Signature */
-struct crypto_hash;
-
 union tcp_md5_addr {
         struct in_addr  a4;
 #if IS_ENABLED(CONFIG_IPV6)
@@ -1376,7 +1372,7 @@ union tcp_md5sum_block {
 
 /* - pool: digest algorithm, hash description and scratch buffer */
 struct tcp_md5sig_pool {
-        struct hash_desc        md5_desc;
+        struct ahash_request    *md5_req;
         union tcp_md5sum_block  md5_blk;
 };
 
diff --git a/include/scsi/libiscsi_tcp.h b/include/scsi/libiscsi_tcp.h
index 2a7aa75dd009..30520d5ee3d1 100644
--- a/include/scsi/libiscsi_tcp.h
+++ b/include/scsi/libiscsi_tcp.h
@@ -26,7 +26,7 @@
 struct iscsi_tcp_conn;
 struct iscsi_segment;
 struct sk_buff;
-struct hash_desc;
+struct ahash_request;
 
 typedef int iscsi_segment_done_fn_t(struct iscsi_tcp_conn *,
                                     struct iscsi_segment *);
@@ -38,7 +38,7 @@ struct iscsi_segment {
         unsigned int            total_size;
         unsigned int            total_copied;
 
-        struct hash_desc        *hash;
+        struct ahash_request    *hash;
         unsigned char           padbuf[ISCSI_PAD_LEN];
         unsigned char           recv_digest[ISCSI_DIGEST_SIZE];
         unsigned char           digest[ISCSI_DIGEST_SIZE];
@@ -73,7 +73,7 @@ struct iscsi_tcp_conn {
         /* control data */
         struct iscsi_tcp_recv   in;             /* TCP receive context */
         /* CRC32C (Rx) LLD should set this is they do not offload */
-        struct hash_desc        *rx_hash;
+        struct ahash_request    *rx_hash;
 };
 
 struct iscsi_tcp_task {
@@ -111,15 +111,16 @@ extern void iscsi_tcp_segment_unmap(struct iscsi_segment *segment);
 extern void iscsi_segment_init_linear(struct iscsi_segment *segment,
                                       void *data, size_t size,
                                       iscsi_segment_done_fn_t *done,
-                                      struct hash_desc *hash);
+                                      struct ahash_request *hash);
 extern int
 iscsi_segment_seek_sg(struct iscsi_segment *segment,
                       struct scatterlist *sg_list, unsigned int sg_count,
                       unsigned int offset, size_t size,
-                      iscsi_segment_done_fn_t *done, struct hash_desc *hash);
+                      iscsi_segment_done_fn_t *done,
+                      struct ahash_request *hash);
 
 /* digest helpers */
-extern void iscsi_tcp_dgst_header(struct hash_desc *hash, const void *hdr,
+extern void iscsi_tcp_dgst_header(struct ahash_request *hash, const void *hdr,
                                   size_t hdrlen,
                                   unsigned char digest[ISCSI_DIGEST_SIZE]);
 extern struct iscsi_cls_conn *
diff --git a/include/target/iscsi/iscsi_target_core.h b/include/target/iscsi/iscsi_target_core.h
index 373d3342002b..c3371fa548cb 100644
--- a/include/target/iscsi/iscsi_target_core.h
+++ b/include/target/iscsi/iscsi_target_core.h
@@ -570,8 +570,8 @@ struct iscsi_conn {
         spinlock_t              response_queue_lock;
         spinlock_t              state_lock;
         /* libcrypto RX and TX contexts for crc32c */
-        struct hash_desc        conn_rx_hash;
-        struct hash_desc        conn_tx_hash;
+        struct ahash_request    *conn_rx_hash;
+        struct ahash_request    *conn_tx_hash;
         /* Used for scheduling TX and RX connection kthreads */
         cpumask_var_t           conn_cpumask;
         unsigned int            conn_rx_reset_cpumask:1;