Commit 35058687912aa2f0b4554383cc10be4e0683b9a4
1 parent
dc64ddf491
Exists in
master
and in
7 other branches
[CRYPTO] users: Use crypto_hash interface instead of crypto_digest
This patch converts all remaining crypto_digest users to use the new crypto_hash interface. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Showing 6 changed files with 97 additions and 69 deletions Side-by-side Diff
drivers/md/dm-crypt.c
| ... | ... | @@ -122,7 +122,8 @@ |
| 122 | 122 | const char *opts) |
| 123 | 123 | { |
| 124 | 124 | struct crypto_cipher *essiv_tfm; |
| 125 | - struct crypto_tfm *hash_tfm; | |
| 125 | + struct crypto_hash *hash_tfm; | |
| 126 | + struct hash_desc desc; | |
| 126 | 127 | struct scatterlist sg; |
| 127 | 128 | unsigned int saltsize; |
| 128 | 129 | u8 *salt; |
| 129 | 130 | |
| 130 | 131 | |
| 131 | 132 | |
| 132 | 133 | |
| ... | ... | @@ -134,29 +135,30 @@ |
| 134 | 135 | } |
| 135 | 136 | |
| 136 | 137 | /* Hash the cipher key with the given hash algorithm */ |
| 137 | - hash_tfm = crypto_alloc_tfm(opts, CRYPTO_TFM_REQ_MAY_SLEEP); | |
| 138 | - if (hash_tfm == NULL) { | |
| 138 | + hash_tfm = crypto_alloc_hash(opts, 0, CRYPTO_ALG_ASYNC); | |
| 139 | + if (IS_ERR(hash_tfm)) { | |
| 139 | 140 | ti->error = "Error initializing ESSIV hash"; |
| 140 | - return -EINVAL; | |
| 141 | + return PTR_ERR(hash_tfm); | |
| 141 | 142 | } |
| 142 | 143 | |
| 143 | - if (crypto_tfm_alg_type(hash_tfm) != CRYPTO_ALG_TYPE_DIGEST) { | |
| 144 | - ti->error = "Expected digest algorithm for ESSIV hash"; | |
| 145 | - crypto_free_tfm(hash_tfm); | |
| 146 | - return -EINVAL; | |
| 147 | - } | |
| 148 | - | |
| 149 | - saltsize = crypto_tfm_alg_digestsize(hash_tfm); | |
| 144 | + saltsize = crypto_hash_digestsize(hash_tfm); | |
| 150 | 145 | salt = kmalloc(saltsize, GFP_KERNEL); |
| 151 | 146 | if (salt == NULL) { |
| 152 | 147 | ti->error = "Error kmallocing salt storage in ESSIV"; |
| 153 | - crypto_free_tfm(hash_tfm); | |
| 148 | + crypto_free_hash(hash_tfm); | |
| 154 | 149 | return -ENOMEM; |
| 155 | 150 | } |
| 156 | 151 | |
| 157 | 152 | sg_set_buf(&sg, cc->key, cc->key_size); |
| 158 | - crypto_digest_digest(hash_tfm, &sg, 1, salt); | |
| 159 | - crypto_free_tfm(hash_tfm); | |
| 153 | + desc.tfm = hash_tfm; | |
| 154 | + desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; | |
| 155 | + err = crypto_hash_digest(&desc, &sg, cc->key_size, salt); | |
| 156 | + crypto_free_hash(hash_tfm); | |
| 157 | + | |
| 158 | + if (err) { | |
| 159 | + ti->error = "Error calculating hash in ESSIV"; | |
| 160 | + return err; | |
| 161 | + } | |
| 160 | 162 | |
| 161 | 163 | /* Setup the essiv_tfm with the given salt */ |
| 162 | 164 | essiv_tfm = crypto_alloc_cipher(cc->cipher, 0, CRYPTO_ALG_ASYNC); |
drivers/net/ppp_mppe.c
| ... | ... | @@ -65,12 +65,13 @@ |
| 65 | 65 | MODULE_ALIAS("ppp-compress-" __stringify(CI_MPPE)); |
| 66 | 66 | MODULE_VERSION("1.0.2"); |
| 67 | 67 | |
| 68 | -static void | |
| 68 | +static unsigned int | |
| 69 | 69 | setup_sg(struct scatterlist *sg, const void *address, unsigned int length) |
| 70 | 70 | { |
| 71 | 71 | sg[0].page = virt_to_page(address); |
| 72 | 72 | sg[0].offset = offset_in_page(address); |
| 73 | 73 | sg[0].length = length; |
| 74 | + return length; | |
| 74 | 75 | } |
| 75 | 76 | |
| 76 | 77 | #define SHA1_PAD_SIZE 40 |
| ... | ... | @@ -97,7 +98,7 @@ |
| 97 | 98 | */ |
| 98 | 99 | struct ppp_mppe_state { |
| 99 | 100 | struct crypto_blkcipher *arc4; |
| 100 | - struct crypto_tfm *sha1; | |
| 101 | + struct crypto_hash *sha1; | |
| 101 | 102 | unsigned char *sha1_digest; |
| 102 | 103 | unsigned char master_key[MPPE_MAX_KEY_LEN]; |
| 103 | 104 | unsigned char session_key[MPPE_MAX_KEY_LEN]; |
| 104 | 105 | |
| 105 | 106 | |
| 106 | 107 | |
| 107 | 108 | |
| ... | ... | @@ -137,15 +138,22 @@ |
| 137 | 138 | */ |
| 138 | 139 | static void get_new_key_from_sha(struct ppp_mppe_state * state, unsigned char *InterimKey) |
| 139 | 140 | { |
| 141 | + struct hash_desc desc; | |
| 140 | 142 | struct scatterlist sg[4]; |
| 143 | + unsigned int nbytes; | |
| 141 | 144 | |
| 142 | - setup_sg(&sg[0], state->master_key, state->keylen); | |
| 143 | - setup_sg(&sg[1], sha_pad->sha_pad1, sizeof(sha_pad->sha_pad1)); | |
| 144 | - setup_sg(&sg[2], state->session_key, state->keylen); | |
| 145 | - setup_sg(&sg[3], sha_pad->sha_pad2, sizeof(sha_pad->sha_pad2)); | |
| 145 | + nbytes = setup_sg(&sg[0], state->master_key, state->keylen); | |
| 146 | + nbytes += setup_sg(&sg[1], sha_pad->sha_pad1, | |
| 147 | + sizeof(sha_pad->sha_pad1)); | |
| 148 | + nbytes += setup_sg(&sg[2], state->session_key, state->keylen); | |
| 149 | + nbytes += setup_sg(&sg[3], sha_pad->sha_pad2, | |
| 150 | + sizeof(sha_pad->sha_pad2)); | |
| 146 | 151 | |
| 147 | - crypto_digest_digest (state->sha1, sg, 4, state->sha1_digest); | |
| 152 | + desc.tfm = state->sha1; | |
| 153 | + desc.flags = 0; | |
| 148 | 154 | |
| 155 | + crypto_hash_digest(&desc, sg, nbytes, state->sha1_digest); | |
| 156 | + | |
| 149 | 157 | memcpy(InterimKey, state->sha1_digest, state->keylen); |
| 150 | 158 | } |
| 151 | 159 | |
| 152 | 160 | |
| 153 | 161 | |
| ... | ... | @@ -204,11 +212,13 @@ |
| 204 | 212 | goto out_free; |
| 205 | 213 | } |
| 206 | 214 | |
| 207 | - state->sha1 = crypto_alloc_tfm("sha1", 0); | |
| 208 | - if (!state->sha1) | |
| 215 | + state->sha1 = crypto_alloc_hash("sha1", 0, CRYPTO_ALG_ASYNC); | |
| 216 | + if (IS_ERR(state->sha1)) { | |
| 217 | + state->sha1 = NULL; | |
| 209 | 218 | goto out_free; |
| 219 | + } | |
| 210 | 220 | |
| 211 | - digestsize = crypto_tfm_alg_digestsize(state->sha1); | |
| 221 | + digestsize = crypto_hash_digestsize(state->sha1); | |
| 212 | 222 | if (digestsize < MPPE_MAX_KEY_LEN) |
| 213 | 223 | goto out_free; |
| 214 | 224 | |
| ... | ... | @@ -233,7 +243,7 @@ |
| 233 | 243 | if (state->sha1_digest) |
| 234 | 244 | kfree(state->sha1_digest); |
| 235 | 245 | if (state->sha1) |
| 236 | - crypto_free_tfm(state->sha1); | |
| 246 | + crypto_free_hash(state->sha1); | |
| 237 | 247 | if (state->arc4) |
| 238 | 248 | crypto_free_blkcipher(state->arc4); |
| 239 | 249 | kfree(state); |
| ... | ... | @@ -251,7 +261,7 @@ |
| 251 | 261 | if (state->sha1_digest) |
| 252 | 262 | kfree(state->sha1_digest); |
| 253 | 263 | if (state->sha1) |
| 254 | - crypto_free_tfm(state->sha1); | |
| 264 | + crypto_free_hash(state->sha1); | |
| 255 | 265 | if (state->arc4) |
| 256 | 266 | crypto_free_blkcipher(state->arc4); |
| 257 | 267 | kfree(state); |
fs/nfsd/nfs4recover.c
| ... | ... | @@ -33,7 +33,7 @@ |
| 33 | 33 | * |
| 34 | 34 | */ |
| 35 | 35 | |
| 36 | - | |
| 36 | +#include <linux/err.h> | |
| 37 | 37 | #include <linux/sunrpc/svc.h> |
| 38 | 38 | #include <linux/nfsd/nfsd.h> |
| 39 | 39 | #include <linux/nfs4.h> |
| 40 | 40 | |
| 41 | 41 | |
| 42 | 42 | |
| 43 | 43 | |
| ... | ... | @@ -87,34 +87,35 @@ |
| 87 | 87 | nfs4_make_rec_clidname(char *dname, struct xdr_netobj *clname) |
| 88 | 88 | { |
| 89 | 89 | struct xdr_netobj cksum; |
| 90 | - struct crypto_tfm *tfm; | |
| 90 | + struct hash_desc desc; | |
| 91 | 91 | struct scatterlist sg[1]; |
| 92 | 92 | int status = nfserr_resource; |
| 93 | 93 | |
| 94 | 94 | dprintk("NFSD: nfs4_make_rec_clidname for %.*s\n", |
| 95 | 95 | clname->len, clname->data); |
| 96 | - tfm = crypto_alloc_tfm("md5", CRYPTO_TFM_REQ_MAY_SLEEP); | |
| 97 | - if (tfm == NULL) | |
| 98 | - goto out; | |
| 99 | - cksum.len = crypto_tfm_alg_digestsize(tfm); | |
| 96 | + desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; | |
| 97 | + desc.tfm = crypto_alloc_hash("md5", 0, CRYPTO_ALG_ASYNC); | |
| 98 | + if (IS_ERR(desc.tfm)) | |
| 99 | + goto out_no_tfm; | |
| 100 | + cksum.len = crypto_hash_digestsize(desc.tfm); | |
| 100 | 101 | cksum.data = kmalloc(cksum.len, GFP_KERNEL); |
| 101 | 102 | if (cksum.data == NULL) |
| 102 | 103 | goto out; |
| 103 | - crypto_digest_init(tfm); | |
| 104 | 104 | |
| 105 | 105 | sg[0].page = virt_to_page(clname->data); |
| 106 | 106 | sg[0].offset = offset_in_page(clname->data); |
| 107 | 107 | sg[0].length = clname->len; |
| 108 | 108 | |
| 109 | - crypto_digest_update(tfm, sg, 1); | |
| 110 | - crypto_digest_final(tfm, cksum.data); | |
| 109 | + if (crypto_hash_digest(&desc, sg, sg->length, cksum.data)) | |
| 110 | + goto out; | |
| 111 | 111 | |
| 112 | 112 | md5_to_hex(dname, cksum.data); |
| 113 | 113 | |
| 114 | 114 | kfree(cksum.data); |
| 115 | 115 | status = nfs_ok; |
| 116 | 116 | out: |
| 117 | - crypto_free_tfm(tfm); | |
| 117 | + crypto_free_hash(desc.tfm); | |
| 118 | +out_no_tfm: | |
| 118 | 119 | return status; |
| 119 | 120 | } |
| 120 | 121 |
net/ieee80211/ieee80211_crypt_tkip.c
| ... | ... | @@ -54,7 +54,7 @@ |
| 54 | 54 | int key_idx; |
| 55 | 55 | |
| 56 | 56 | struct crypto_blkcipher *tfm_arc4; |
| 57 | - struct crypto_tfm *tfm_michael; | |
| 57 | + struct crypto_hash *tfm_michael; | |
| 58 | 58 | |
| 59 | 59 | /* scratch buffers for virt_to_page() (crypto API) */ |
| 60 | 60 | u8 rx_hdr[16], tx_hdr[16]; |
| 61 | 61 | |
| ... | ... | @@ -95,10 +95,12 @@ |
| 95 | 95 | goto fail; |
| 96 | 96 | } |
| 97 | 97 | |
| 98 | - priv->tfm_michael = crypto_alloc_tfm("michael_mic", 0); | |
| 99 | - if (priv->tfm_michael == NULL) { | |
| 98 | + priv->tfm_michael = crypto_alloc_hash("michael_mic", 0, | |
| 99 | + CRYPTO_ALG_ASYNC); | |
| 100 | + if (IS_ERR(priv->tfm_michael)) { | |
| 100 | 101 | printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate " |
| 101 | 102 | "crypto API michael_mic\n"); |
| 103 | + priv->tfm_michael = NULL; | |
| 102 | 104 | goto fail; |
| 103 | 105 | } |
| 104 | 106 | |
| ... | ... | @@ -107,7 +109,7 @@ |
| 107 | 109 | fail: |
| 108 | 110 | if (priv) { |
| 109 | 111 | if (priv->tfm_michael) |
| 110 | - crypto_free_tfm(priv->tfm_michael); | |
| 112 | + crypto_free_hash(priv->tfm_michael); | |
| 111 | 113 | if (priv->tfm_arc4) |
| 112 | 114 | crypto_free_blkcipher(priv->tfm_arc4); |
| 113 | 115 | kfree(priv); |
| ... | ... | @@ -120,7 +122,7 @@ |
| 120 | 122 | { |
| 121 | 123 | struct ieee80211_tkip_data *_priv = priv; |
| 122 | 124 | if (_priv && _priv->tfm_michael) |
| 123 | - crypto_free_tfm(_priv->tfm_michael); | |
| 125 | + crypto_free_hash(_priv->tfm_michael); | |
| 124 | 126 | if (_priv && _priv->tfm_arc4) |
| 125 | 127 | crypto_free_blkcipher(_priv->tfm_arc4); |
| 126 | 128 | kfree(priv); |
| ... | ... | @@ -485,6 +487,7 @@ |
| 485 | 487 | static int michael_mic(struct ieee80211_tkip_data *tkey, u8 * key, u8 * hdr, |
| 486 | 488 | u8 * data, size_t data_len, u8 * mic) |
| 487 | 489 | { |
| 490 | + struct hash_desc desc; | |
| 488 | 491 | struct scatterlist sg[2]; |
| 489 | 492 | |
| 490 | 493 | if (tkey->tfm_michael == NULL) { |
| 491 | 494 | |
| ... | ... | @@ -499,12 +502,12 @@ |
| 499 | 502 | sg[1].offset = offset_in_page(data); |
| 500 | 503 | sg[1].length = data_len; |
| 501 | 504 | |
| 502 | - crypto_digest_init(tkey->tfm_michael); | |
| 503 | - crypto_digest_setkey(tkey->tfm_michael, key, 8); | |
| 504 | - crypto_digest_update(tkey->tfm_michael, sg, 2); | |
| 505 | - crypto_digest_final(tkey->tfm_michael, mic); | |
| 505 | + if (crypto_hash_setkey(tkey->tfm_michael, key, 8)) | |
| 506 | + return -1; | |
| 506 | 507 | |
| 507 | - return 0; | |
| 508 | + desc.tfm = tkey->tfm_michael; | |
| 509 | + desc.flags = 0; | |
| 510 | + return crypto_hash_digest(&desc, sg, data_len + 16, mic); | |
| 508 | 511 | } |
| 509 | 512 | |
| 510 | 513 | static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr) |
| ... | ... | @@ -628,7 +631,7 @@ |
| 628 | 631 | { |
| 629 | 632 | struct ieee80211_tkip_data *tkey = priv; |
| 630 | 633 | int keyidx; |
| 631 | - struct crypto_tfm *tfm = tkey->tfm_michael; | |
| 634 | + struct crypto_hash *tfm = tkey->tfm_michael; | |
| 632 | 635 | struct crypto_blkcipher *tfm2 = tkey->tfm_arc4; |
| 633 | 636 | |
| 634 | 637 | keyidx = tkey->key_idx; |
net/sunrpc/auth_gss/gss_krb5_crypto.c
| ... | ... | @@ -34,6 +34,7 @@ |
| 34 | 34 | * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. |
| 35 | 35 | */ |
| 36 | 36 | |
| 37 | +#include <linux/err.h> | |
| 37 | 38 | #include <linux/types.h> |
| 38 | 39 | #include <linux/mm.h> |
| 39 | 40 | #include <linux/slab.h> |
| 40 | 41 | |
| ... | ... | @@ -199,11 +200,9 @@ |
| 199 | 200 | static int |
| 200 | 201 | checksummer(struct scatterlist *sg, void *data) |
| 201 | 202 | { |
| 202 | - struct crypto_tfm *tfm = (struct crypto_tfm *)data; | |
| 203 | + struct hash_desc *desc = data; | |
| 203 | 204 | |
| 204 | - crypto_digest_update(tfm, sg, 1); | |
| 205 | - | |
| 206 | - return 0; | |
| 205 | + return crypto_hash_update(desc, sg, sg->length); | |
| 207 | 206 | } |
| 208 | 207 | |
| 209 | 208 | /* checksum the plaintext data and hdrlen bytes of the token header */ |
| 210 | 209 | |
| ... | ... | @@ -212,8 +211,9 @@ |
| 212 | 211 | int body_offset, struct xdr_netobj *cksum) |
| 213 | 212 | { |
| 214 | 213 | char *cksumname; |
| 215 | - struct crypto_tfm *tfm = NULL; /* XXX add to ctx? */ | |
| 214 | + struct hash_desc desc; /* XXX add to ctx? */ | |
| 216 | 215 | struct scatterlist sg[1]; |
| 216 | + int err; | |
| 217 | 217 | |
| 218 | 218 | switch (cksumtype) { |
| 219 | 219 | case CKSUMTYPE_RSA_MD5: |
| 220 | 220 | |
| 221 | 221 | |
| 222 | 222 | |
| ... | ... | @@ -224,18 +224,28 @@ |
| 224 | 224 | " unsupported checksum %d", cksumtype); |
| 225 | 225 | return GSS_S_FAILURE; |
| 226 | 226 | } |
| 227 | - if (!(tfm = crypto_alloc_tfm(cksumname, CRYPTO_TFM_REQ_MAY_SLEEP))) | |
| 227 | + desc.tfm = crypto_alloc_hash(cksumname, 0, CRYPTO_ALG_ASYNC); | |
| 228 | + if (IS_ERR(desc.tfm)) | |
| 228 | 229 | return GSS_S_FAILURE; |
| 229 | - cksum->len = crypto_tfm_alg_digestsize(tfm); | |
| 230 | + cksum->len = crypto_hash_digestsize(desc.tfm); | |
| 231 | + desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; | |
| 230 | 232 | |
| 231 | - crypto_digest_init(tfm); | |
| 233 | + err = crypto_hash_init(&desc); | |
| 234 | + if (err) | |
| 235 | + goto out; | |
| 232 | 236 | sg_set_buf(sg, header, hdrlen); |
| 233 | - crypto_digest_update(tfm, sg, 1); | |
| 234 | - process_xdr_buf(body, body_offset, body->len - body_offset, | |
| 235 | - checksummer, tfm); | |
| 236 | - crypto_digest_final(tfm, cksum->data); | |
| 237 | - crypto_free_tfm(tfm); | |
| 238 | - return 0; | |
| 237 | + err = crypto_hash_update(&desc, sg, hdrlen); | |
| 238 | + if (err) | |
| 239 | + goto out; | |
| 240 | + err = process_xdr_buf(body, body_offset, body->len - body_offset, | |
| 241 | + checksummer, &desc); | |
| 242 | + if (err) | |
| 243 | + goto out; | |
| 244 | + err = crypto_hash_final(&desc, cksum->data); | |
| 245 | + | |
| 246 | +out: | |
| 247 | + crypto_free_hash(desc.tfm); | |
| 248 | + return err ? GSS_S_FAILURE : 0; | |
| 239 | 249 | } |
| 240 | 250 | |
| 241 | 251 | EXPORT_SYMBOL(make_checksum); |
security/seclvl.c
| ... | ... | @@ -16,6 +16,7 @@ |
| 16 | 16 | * (at your option) any later version. |
| 17 | 17 | */ |
| 18 | 18 | |
| 19 | +#include <linux/err.h> | |
| 19 | 20 | #include <linux/module.h> |
| 20 | 21 | #include <linux/moduleparam.h> |
| 21 | 22 | #include <linux/kernel.h> |
| 22 | 23 | |
| 23 | 24 | |
| 24 | 25 | |
| ... | ... | @@ -197,26 +198,27 @@ |
| 197 | 198 | static int |
| 198 | 199 | plaintext_to_sha1(unsigned char *hash, const char *plaintext, unsigned int len) |
| 199 | 200 | { |
| 200 | - struct crypto_tfm *tfm; | |
| 201 | + struct hash_desc desc; | |
| 201 | 202 | struct scatterlist sg; |
| 203 | + int err; | |
| 204 | + | |
| 202 | 205 | if (len > PAGE_SIZE) { |
| 203 | 206 | seclvl_printk(0, KERN_ERR, "Plaintext password too large (%d " |
| 204 | 207 | "characters). Largest possible is %lu " |
| 205 | 208 | "bytes.\n", len, PAGE_SIZE); |
| 206 | 209 | return -EINVAL; |
| 207 | 210 | } |
| 208 | - tfm = crypto_alloc_tfm("sha1", CRYPTO_TFM_REQ_MAY_SLEEP); | |
| 209 | - if (tfm == NULL) { | |
| 211 | + desc.tfm = crypto_alloc_hash("sha1", 0, CRYPTO_ALG_ASYNC); | |
| 212 | + if (IS_ERR(desc.tfm)) { | |
| 210 | 213 | seclvl_printk(0, KERN_ERR, |
| 211 | 214 | "Failed to load transform for SHA1\n"); |
| 212 | 215 | return -EINVAL; |
| 213 | 216 | } |
| 214 | 217 | sg_init_one(&sg, (u8 *)plaintext, len); |
| 215 | - crypto_digest_init(tfm); | |
| 216 | - crypto_digest_update(tfm, &sg, 1); | |
| 217 | - crypto_digest_final(tfm, hash); | |
| 218 | - crypto_free_tfm(tfm); | |
| 219 | - return 0; | |
| 218 | + desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; | |
| 219 | + err = crypto_hash_digest(&desc, &sg, len, hash); | |
| 220 | + crypto_free_hash(desc.tfm); | |
| 221 | + return err; | |
| 220 | 222 | } |
| 221 | 223 | |
| 222 | 224 | /** |