crypto: eseqiv - Offer normal cipher functionality without RNG

The RNG may not be available during early boot, e.g., the relevant modules may not be included in the initramfs. As the RNG Is only needed for IPsec, we should not let this prevent use of ciphers without IV generators, e.g., for disk encryption. This patch postpones the RNG allocation to the init function so that one failure during early boot does not make the RNG unavailable for all subsequent users of the same cipher. More importantly, it lets the cipher live even if RNG allocation fails. Of course we no longer offer IV generation and which will fail with an error if invoked. But all other cipher capabilities will function as usual. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Herbert Xu <herbert@gondor.apana.org.au> 2015-06-21 07:11:47 -0400
committer: Herbert Xu <herbert@gondor.apana.org.au> 2015-06-22 03:49:28 -0400
commit: 055906d1e7f94f459a0e80228f15656bf5871311 (patch)
tree: ed684c45b2e32e3e8a2fdeb6ea909bed22a3ecad /crypto
parent: 341476d6cf224f1dea5c439cd70181053629ce15 (diff)
1 files changed, 12 insertions, 19 deletions
diff --git a/crypto/eseqiv.c b/crypto/eseqiv.c
index 78a72645390c..16dda72fc4f8 100644
--- a/crypto/eseqiv.c
+++ b/crypto/eseqiv.c
@@ -152,6 +152,7 @@ static int eseqiv_init(struct crypto_tfm *tfm)
        struct eseqiv_ctx *ctx = crypto_ablkcipher_ctx(geniv);
        unsigned long alignmask;
        unsigned int reqsize;
+        int err;
        spin_lock_init(&ctx->lock);
@@ -175,9 +176,15 @@ static int eseqiv_init(struct crypto_tfm *tfm)
        tfm->crt_ablkcipher.reqsize = reqsize +
                                      sizeof(struct ablkcipher_request);
-        return crypto_rng_get_bytes(crypto_default_rng, ctx->salt,
+        err = 0;
-                                    crypto_ablkcipher_ivsize(geniv)) ?:
+        if (!crypto_get_default_rng()) {
-               skcipher_geniv_init(tfm);
+                crypto_ablkcipher_crt(geniv)->givencrypt = eseqiv_givencrypt;
+                err = crypto_rng_get_bytes(crypto_default_rng, ctx->salt,
+                                           crypto_ablkcipher_ivsize(geniv));
+                crypto_put_default_rng();
+        }
+        return err ?: skcipher_geniv_init(tfm);
 }
 static struct crypto_template eseqiv_tmpl;
@@ -187,20 +194,14 @@ static struct crypto_instance *eseqiv_alloc(struct rtattr **tb)
        struct crypto_instance *inst;
        int err;
-        err = crypto_get_default_rng();
-        if (err)
-                return ERR_PTR(err);
        inst = skcipher_geniv_alloc(&eseqiv_tmpl, tb, 0, 0);
        if (IS_ERR(inst))
-                goto put_rng;
+                goto out;
        err = -EINVAL;
        if (inst->alg.cra_ablkcipher.ivsize != inst->alg.cra_blocksize)
                goto free_inst;
-        inst->alg.cra_ablkcipher.givencrypt = eseqiv_givencrypt;
        inst->alg.cra_init = eseqiv_init;
        inst->alg.cra_exit = skcipher_geniv_exit;
@@ -213,21 +214,13 @@ out:
 free_inst:
        skcipher_geniv_free(inst);
        inst = ERR_PTR(err);
-put_rng:
-        crypto_put_default_rng();
        goto out;
 }
-static void eseqiv_free(struct crypto_instance *inst)
-{
-        skcipher_geniv_free(inst);
-        crypto_put_default_rng();
-}
 static struct crypto_template eseqiv_tmpl = {
        .name = "eseqiv",
        .alloc = eseqiv_alloc,
-        .free = eseqiv_free,
+        .free = skcipher_geniv_free,
        .module = THIS_MODULE,
 };
author	Herbert Xu <herbert@gondor.apana.org.au>	2015-06-21 07:11:47 -0400
committer	Herbert Xu <herbert@gondor.apana.org.au>	2015-06-22 03:49:28 -0400
commit	055906d1e7f94f459a0e80228f15656bf5871311 (patch)
tree	ed684c45b2e32e3e8a2fdeb6ea909bed22a3ecad /crypto
parent	341476d6cf224f1dea5c439cd70181053629ce15 (diff)