rxrpc: Remove VLA usage of skcipher

In the quest to remove all stack VLA usage from the kernel[1], this replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(), which uses a fixed stack size. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Cc: David Howells <dhowells@redhat.com> Cc: linux-afs@lists.infradead.org Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Kees Cook <keescook@chromium.org> 2018-09-18 22:10:47 -0400
committer: Herbert Xu <herbert@gondor.apana.org.au> 2018-09-28 00:46:07 -0400
commit: 69d826fa5da3c0e4a3dd1645f293efe4942348c1 (patch)
tree: c7c2985c64353761459e29260f967ee661b35ca0 /net/rxrpc
parent: 82633a6f6d84e573b9f43be27ec55fbccc72c9de (diff)
2 files changed, 23 insertions, 23 deletions
diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index c97558710421..41be33c9eecf 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -442,7 +442,7 @@ struct rxrpc_connection {
        struct sk_buff_head     rx_queue;       /* received conn-level packets */
        const struct rxrpc_security *security;  /* applied security module */
        struct key              *server_key;    /* security for this service */
-        struct crypto_skcipher  *cipher;        /* encryption handle */
+        struct crypto_sync_skcipher *cipher;    /* encryption handle */
        struct rxrpc_crypt      csum_iv;        /* packet checksum base */
        unsigned long           flags;
        unsigned long           events;
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index cea16838d588..cbef9ea43dec 100644
--- a/net/rxrpc/rxkad.c
+++ b/net/rxrpc/rxkad.c
@@ -46,7 +46,7 @@ struct rxkad_level2_hdr {
 * alloc routine, but since we have it to hand, we use it to decrypt RESPONSE
 * packets
 */
-static struct crypto_skcipher *rxkad_ci;
+static struct crypto_sync_skcipher *rxkad_ci;
 static DEFINE_MUTEX(rxkad_ci_mutex);
 /*
@@ -54,7 +54,7 @@ static DEFINE_MUTEX(rxkad_ci_mutex);
 */
 static int rxkad_init_connection_security(struct rxrpc_connection *conn)
 {
-        struct crypto_skcipher *ci;
+        struct crypto_sync_skcipher *ci;
        struct rxrpc_key_token *token;
        int ret;
@@ -63,14 +63,14 @@ static int rxkad_init_connection_security(struct rxrpc_connection *conn)
        token = conn->params.key->payload.data[0];
        conn->security_ix = token->security_index;
-        ci = crypto_alloc_skcipher("pcbc(fcrypt)", 0, CRYPTO_ALG_ASYNC);
+        ci = crypto_alloc_sync_skcipher("pcbc(fcrypt)", 0, 0);
        if (IS_ERR(ci)) {
                _debug("no cipher");
                ret = PTR_ERR(ci);
                goto error;
        }
-        if (crypto_skcipher_setkey(ci, token->kad->session_key,
+        if (crypto_sync_skcipher_setkey(ci, token->kad->session_key,
                                   sizeof(token->kad->session_key)) < 0)
                BUG();
@@ -104,7 +104,7 @@ error:
 static int rxkad_prime_packet_security(struct rxrpc_connection *conn)
 {
        struct rxrpc_key_token *token;
-        SKCIPHER_REQUEST_ON_STACK(req, conn->cipher);
+        SYNC_SKCIPHER_REQUEST_ON_STACK(req, conn->cipher);
        struct scatterlist sg;
        struct rxrpc_crypt iv;
        __be32 *tmpbuf;
@@ -128,7 +128,7 @@ static int rxkad_prime_packet_security(struct rxrpc_connection *conn)
        tmpbuf[3] = htonl(conn->security_ix);
        sg_init_one(&sg, tmpbuf, tmpsize);
-        skcipher_request_set_tfm(req, conn->cipher);
+        skcipher_request_set_sync_tfm(req, conn->cipher);
        skcipher_request_set_callback(req, 0, NULL, NULL);
        skcipher_request_set_crypt(req, &sg, &sg, tmpsize, iv.x);
        crypto_skcipher_encrypt(req);
@@ -167,7 +167,7 @@ static int rxkad_secure_packet_auth(const struct rxrpc_call *call,
        memset(&iv, 0, sizeof(iv));
        sg_init_one(&sg, sechdr, 8);
-        skcipher_request_set_tfm(req, call->conn->cipher);
+        skcipher_request_set_sync_tfm(req, call->conn->cipher);
        skcipher_request_set_callback(req, 0, NULL, NULL);
        skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x);
        crypto_skcipher_encrypt(req);
@@ -212,7 +212,7 @@ static int rxkad_secure_packet_encrypt(const struct rxrpc_call *call,
        memcpy(&iv, token->kad->session_key, sizeof(iv));
        sg_init_one(&sg[0], sechdr, sizeof(rxkhdr));
-        skcipher_request_set_tfm(req, call->conn->cipher);
+        skcipher_request_set_sync_tfm(req, call->conn->cipher);
        skcipher_request_set_callback(req, 0, NULL, NULL);
        skcipher_request_set_crypt(req, &sg[0], &sg[0], sizeof(rxkhdr), iv.x);
        crypto_skcipher_encrypt(req);
@@ -250,7 +250,7 @@ static int rxkad_secure_packet(struct rxrpc_call *call,
                               void *sechdr)
 {
        struct rxrpc_skb_priv *sp;
-        SKCIPHER_REQUEST_ON_STACK(req, call->conn->cipher);
+        SYNC_SKCIPHER_REQUEST_ON_STACK(req, call->conn->cipher);
        struct rxrpc_crypt iv;
        struct scatterlist sg;
        u32 x, y;
@@ -279,7 +279,7 @@ static int rxkad_secure_packet(struct rxrpc_call *call,
        call->crypto_buf[1] = htonl(x);
        sg_init_one(&sg, call->crypto_buf, 8);
-        skcipher_request_set_tfm(req, call->conn->cipher);
+        skcipher_request_set_sync_tfm(req, call->conn->cipher);
        skcipher_request_set_callback(req, 0, NULL, NULL);
        skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x);
        crypto_skcipher_encrypt(req);
@@ -352,7 +352,7 @@ static int rxkad_verify_packet_1(struct rxrpc_call *call, struct sk_buff *skb,
        /* start the decryption afresh */
        memset(&iv, 0, sizeof(iv));
-        skcipher_request_set_tfm(req, call->conn->cipher);
+        skcipher_request_set_sync_tfm(req, call->conn->cipher);
        skcipher_request_set_callback(req, 0, NULL, NULL);
        skcipher_request_set_crypt(req, sg, sg, 8, iv.x);
        crypto_skcipher_decrypt(req);
@@ -450,7 +450,7 @@ static int rxkad_verify_packet_2(struct rxrpc_call *call, struct sk_buff *skb,
        token = call->conn->params.key->payload.data[0];
        memcpy(&iv, token->kad->session_key, sizeof(iv));
-        skcipher_request_set_tfm(req, call->conn->cipher);
+        skcipher_request_set_sync_tfm(req, call->conn->cipher);
        skcipher_request_set_callback(req, 0, NULL, NULL);
        skcipher_request_set_crypt(req, sg, sg, len, iv.x);
        crypto_skcipher_decrypt(req);
@@ -506,7 +506,7 @@ static int rxkad_verify_packet(struct rxrpc_call *call, struct sk_buff *skb,
                               unsigned int offset, unsigned int len,
                               rxrpc_seq_t seq, u16 expected_cksum)
 {
-        SKCIPHER_REQUEST_ON_STACK(req, call->conn->cipher);
+        SYNC_SKCIPHER_REQUEST_ON_STACK(req, call->conn->cipher);
        struct rxrpc_crypt iv;
        struct scatterlist sg;
        bool aborted;
@@ -529,7 +529,7 @@ static int rxkad_verify_packet(struct rxrpc_call *call, struct sk_buff *skb,
        call->crypto_buf[1] = htonl(x);
        sg_init_one(&sg, call->crypto_buf, 8);
-        skcipher_request_set_tfm(req, call->conn->cipher);
+        skcipher_request_set_sync_tfm(req, call->conn->cipher);
        skcipher_request_set_callback(req, 0, NULL, NULL);
        skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x);
        crypto_skcipher_encrypt(req);
@@ -755,7 +755,7 @@ static void rxkad_encrypt_response(struct rxrpc_connection *conn,
                                   struct rxkad_response *resp,
                                   const struct rxkad_key *s2)
 {
-        SKCIPHER_REQUEST_ON_STACK(req, conn->cipher);
+        SYNC_SKCIPHER_REQUEST_ON_STACK(req, conn->cipher);
        struct rxrpc_crypt iv;
        struct scatterlist sg[1];
@@ -764,7 +764,7 @@ static void rxkad_encrypt_response(struct rxrpc_connection *conn,
        sg_init_table(sg, 1);
        sg_set_buf(sg, &resp->encrypted, sizeof(resp->encrypted));
-        skcipher_request_set_tfm(req, conn->cipher);
+        skcipher_request_set_sync_tfm(req, conn->cipher);
        skcipher_request_set_callback(req, 0, NULL, NULL);
        skcipher_request_set_crypt(req, sg, sg, sizeof(resp->encrypted), iv.x);
        crypto_skcipher_encrypt(req);
@@ -1021,7 +1021,7 @@ static void rxkad_decrypt_response(struct rxrpc_connection *conn,
                                   struct rxkad_response *resp,
                                   const struct rxrpc_crypt *session_key)
 {
-        SKCIPHER_REQUEST_ON_STACK(req, rxkad_ci);
+        SYNC_SKCIPHER_REQUEST_ON_STACK(req, rxkad_ci);
        struct scatterlist sg[1];
        struct rxrpc_crypt iv;
@@ -1031,7 +1031,7 @@ static void rxkad_decrypt_response(struct rxrpc_connection *conn,
        ASSERT(rxkad_ci != NULL);
        mutex_lock(&rxkad_ci_mutex);
-        if (crypto_skcipher_setkey(rxkad_ci, session_key->x,
+        if (crypto_sync_skcipher_setkey(rxkad_ci, session_key->x,
                                   sizeof(*session_key)) < 0)
                BUG();
@@ -1039,7 +1039,7 @@ static void rxkad_decrypt_response(struct rxrpc_connection *conn,
        sg_init_table(sg, 1);
        sg_set_buf(sg, &resp->encrypted, sizeof(resp->encrypted));
-        skcipher_request_set_tfm(req, rxkad_ci);
+        skcipher_request_set_sync_tfm(req, rxkad_ci);
        skcipher_request_set_callback(req, 0, NULL, NULL);
        skcipher_request_set_crypt(req, sg, sg, sizeof(resp->encrypted), iv.x);
        crypto_skcipher_decrypt(req);
@@ -1218,7 +1218,7 @@ static void rxkad_clear(struct rxrpc_connection *conn)
        _enter("");
        if (conn->cipher)
-                crypto_free_skcipher(conn->cipher);
+                crypto_free_sync_skcipher(conn->cipher);
 }
 /*
@@ -1228,7 +1228,7 @@ static int rxkad_init(void)
 {
        /* pin the cipher we need so that the crypto layer doesn't invoke
         * keventd to go get it */
-        rxkad_ci = crypto_alloc_skcipher("pcbc(fcrypt)", 0, CRYPTO_ALG_ASYNC);
+        rxkad_ci = crypto_alloc_sync_skcipher("pcbc(fcrypt)", 0, 0);
        return PTR_ERR_OR_ZERO(rxkad_ci);
 }
@@ -1238,7 +1238,7 @@ static int rxkad_init(void)
 static void rxkad_exit(void)
 {
        if (rxkad_ci)
-                crypto_free_skcipher(rxkad_ci);
+                crypto_free_sync_skcipher(rxkad_ci);
 }
 /*
author	Kees Cook <keescook@chromium.org>	2018-09-18 22:10:47 -0400
committer	Herbert Xu <herbert@gondor.apana.org.au>	2018-09-28 00:46:07 -0400
commit	69d826fa5da3c0e4a3dd1645f293efe4942348c1 (patch)
tree	c7c2985c64353761459e29260f967ee661b35ca0 /net/rxrpc
parent	82633a6f6d84e573b9f43be27ec55fbccc72c9de (diff)

diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h index c97558710421..41be33c9eecf 100644 --- a/net/rxrpc/ar-internal.h +++ b/net/rxrpc/ar-internal.h
@@ -442,7 +442,7 @@ struct rxrpc_connection {
442	struct sk_buff_head rx_queue; /* received conn-level packets */	442	struct sk_buff_head rx_queue; /* received conn-level packets */
443	const struct rxrpc_security security; / applied security module */	443	const struct rxrpc_security security; / applied security module */
444	struct key server_key; / security for this service */	444	struct key server_key; / security for this service */
445	struct crypto_skcipher cipher; / encryption handle */	445	struct crypto_sync_skcipher cipher; / encryption handle */
446	struct rxrpc_crypt csum_iv; /* packet checksum base */	446	struct rxrpc_crypt csum_iv; /* packet checksum base */
447	unsigned long flags;	447	unsigned long flags;
448	unsigned long events;	448	unsigned long events;


diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c index cea16838d588..cbef9ea43dec 100644 --- a/net/rxrpc/rxkad.c +++ b/net/rxrpc/rxkad.c
@@ -46,7 +46,7 @@ struct rxkad_level2_hdr {
46	* alloc routine, but since we have it to hand, we use it to decrypt RESPONSE	46	* alloc routine, but since we have it to hand, we use it to decrypt RESPONSE
47	* packets	47	* packets
48	*/	48	*/
49	static struct crypto_skcipher *rxkad_ci;	49	static struct crypto_sync_skcipher *rxkad_ci;
50	static DEFINE_MUTEX(rxkad_ci_mutex);	50	static DEFINE_MUTEX(rxkad_ci_mutex);
51		51
52	/*	52	/*
@@ -54,7 +54,7 @@ static DEFINE_MUTEX(rxkad_ci_mutex);
54	*/	54	*/
55	static int rxkad_init_connection_security(struct rxrpc_connection *conn)	55	static int rxkad_init_connection_security(struct rxrpc_connection *conn)
56	{	56	{
57	struct crypto_skcipher *ci;	57	struct crypto_sync_skcipher *ci;
58	struct rxrpc_key_token *token;	58	struct rxrpc_key_token *token;
59	int ret;	59	int ret;
60		60
@@ -63,14 +63,14 @@ static int rxkad_init_connection_security(struct rxrpc_connection *conn)
63	token = conn->params.key->payload.data[0];	63	token = conn->params.key->payload.data[0];
64	conn->security_ix = token->security_index;	64	conn->security_ix = token->security_index;
65		65
66	ci = crypto_alloc_skcipher("pcbc(fcrypt)", 0, CRYPTO_ALG_ASYNC);	66	ci = crypto_alloc_sync_skcipher("pcbc(fcrypt)", 0, 0);
67	if (IS_ERR(ci)) {	67	if (IS_ERR(ci)) {
68	_debug("no cipher");	68	_debug("no cipher");
69	ret = PTR_ERR(ci);	69	ret = PTR_ERR(ci);
70	goto error;	70	goto error;
71	}	71	}
72		72
73	if (crypto_skcipher_setkey(ci, token->kad->session_key,	73	if (crypto_sync_skcipher_setkey(ci, token->kad->session_key,
74	sizeof(token->kad->session_key)) < 0)	74	sizeof(token->kad->session_key)) < 0)
75	BUG();	75	BUG();
76		76
@@ -104,7 +104,7 @@ error:
104	static int rxkad_prime_packet_security(struct rxrpc_connection *conn)	104	static int rxkad_prime_packet_security(struct rxrpc_connection *conn)
105	{	105	{
106	struct rxrpc_key_token *token;	106	struct rxrpc_key_token *token;
107	SKCIPHER_REQUEST_ON_STACK(req, conn->cipher);	107	SYNC_SKCIPHER_REQUEST_ON_STACK(req, conn->cipher);
108	struct scatterlist sg;	108	struct scatterlist sg;
109	struct rxrpc_crypt iv;	109	struct rxrpc_crypt iv;
110	__be32 *tmpbuf;	110	__be32 *tmpbuf;
@@ -128,7 +128,7 @@ static int rxkad_prime_packet_security(struct rxrpc_connection *conn)
128	tmpbuf[3] = htonl(conn->security_ix);	128	tmpbuf[3] = htonl(conn->security_ix);
129		129
130	sg_init_one(&sg, tmpbuf, tmpsize);	130	sg_init_one(&sg, tmpbuf, tmpsize);
131	skcipher_request_set_tfm(req, conn->cipher);	131	skcipher_request_set_sync_tfm(req, conn->cipher);
132	skcipher_request_set_callback(req, 0, NULL, NULL);	132	skcipher_request_set_callback(req, 0, NULL, NULL);
133	skcipher_request_set_crypt(req, &sg, &sg, tmpsize, iv.x);	133	skcipher_request_set_crypt(req, &sg, &sg, tmpsize, iv.x);
134	crypto_skcipher_encrypt(req);	134	crypto_skcipher_encrypt(req);
@@ -167,7 +167,7 @@ static int rxkad_secure_packet_auth(const struct rxrpc_call *call,
167	memset(&iv, 0, sizeof(iv));	167	memset(&iv, 0, sizeof(iv));
168		168
169	sg_init_one(&sg, sechdr, 8);	169	sg_init_one(&sg, sechdr, 8);
170	skcipher_request_set_tfm(req, call->conn->cipher);	170	skcipher_request_set_sync_tfm(req, call->conn->cipher);
171	skcipher_request_set_callback(req, 0, NULL, NULL);	171	skcipher_request_set_callback(req, 0, NULL, NULL);
172	skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x);	172	skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x);
173	crypto_skcipher_encrypt(req);	173	crypto_skcipher_encrypt(req);
@@ -212,7 +212,7 @@ static int rxkad_secure_packet_encrypt(const struct rxrpc_call *call,
212	memcpy(&iv, token->kad->session_key, sizeof(iv));	212	memcpy(&iv, token->kad->session_key, sizeof(iv));
213		213
214	sg_init_one(&sg[0], sechdr, sizeof(rxkhdr));	214	sg_init_one(&sg[0], sechdr, sizeof(rxkhdr));
215	skcipher_request_set_tfm(req, call->conn->cipher);	215	skcipher_request_set_sync_tfm(req, call->conn->cipher);
216	skcipher_request_set_callback(req, 0, NULL, NULL);	216	skcipher_request_set_callback(req, 0, NULL, NULL);
217	skcipher_request_set_crypt(req, &sg[0], &sg[0], sizeof(rxkhdr), iv.x);	217	skcipher_request_set_crypt(req, &sg[0], &sg[0], sizeof(rxkhdr), iv.x);
218	crypto_skcipher_encrypt(req);	218	crypto_skcipher_encrypt(req);
@@ -250,7 +250,7 @@ static int rxkad_secure_packet(struct rxrpc_call *call,
250	void *sechdr)	250	void *sechdr)
251	{	251	{
252	struct rxrpc_skb_priv *sp;	252	struct rxrpc_skb_priv *sp;
253	SKCIPHER_REQUEST_ON_STACK(req, call->conn->cipher);	253	SYNC_SKCIPHER_REQUEST_ON_STACK(req, call->conn->cipher);
254	struct rxrpc_crypt iv;	254	struct rxrpc_crypt iv;
255	struct scatterlist sg;	255	struct scatterlist sg;
256	u32 x, y;	256	u32 x, y;
@@ -279,7 +279,7 @@ static int rxkad_secure_packet(struct rxrpc_call *call,
279	call->crypto_buf[1] = htonl(x);	279	call->crypto_buf[1] = htonl(x);
280		280
281	sg_init_one(&sg, call->crypto_buf, 8);	281	sg_init_one(&sg, call->crypto_buf, 8);
282	skcipher_request_set_tfm(req, call->conn->cipher);	282	skcipher_request_set_sync_tfm(req, call->conn->cipher);
283	skcipher_request_set_callback(req, 0, NULL, NULL);	283	skcipher_request_set_callback(req, 0, NULL, NULL);
284	skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x);	284	skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x);
285	crypto_skcipher_encrypt(req);	285	crypto_skcipher_encrypt(req);
@@ -352,7 +352,7 @@ static int rxkad_verify_packet_1(struct rxrpc_call call, struct sk_buff skb,
352	/* start the decryption afresh */	352	/* start the decryption afresh */
353	memset(&iv, 0, sizeof(iv));	353	memset(&iv, 0, sizeof(iv));
354		354
355	skcipher_request_set_tfm(req, call->conn->cipher);	355	skcipher_request_set_sync_tfm(req, call->conn->cipher);
356	skcipher_request_set_callback(req, 0, NULL, NULL);	356	skcipher_request_set_callback(req, 0, NULL, NULL);
357	skcipher_request_set_crypt(req, sg, sg, 8, iv.x);	357	skcipher_request_set_crypt(req, sg, sg, 8, iv.x);
358	crypto_skcipher_decrypt(req);	358	crypto_skcipher_decrypt(req);
@@ -450,7 +450,7 @@ static int rxkad_verify_packet_2(struct rxrpc_call call, struct sk_buff skb,
450	token = call->conn->params.key->payload.data[0];	450	token = call->conn->params.key->payload.data[0];
451	memcpy(&iv, token->kad->session_key, sizeof(iv));	451	memcpy(&iv, token->kad->session_key, sizeof(iv));
452		452
453	skcipher_request_set_tfm(req, call->conn->cipher);	453	skcipher_request_set_sync_tfm(req, call->conn->cipher);
454	skcipher_request_set_callback(req, 0, NULL, NULL);	454	skcipher_request_set_callback(req, 0, NULL, NULL);
455	skcipher_request_set_crypt(req, sg, sg, len, iv.x);	455	skcipher_request_set_crypt(req, sg, sg, len, iv.x);
456	crypto_skcipher_decrypt(req);	456	crypto_skcipher_decrypt(req);
@@ -506,7 +506,7 @@ static int rxkad_verify_packet(struct rxrpc_call call, struct sk_buff skb,
506	unsigned int offset, unsigned int len,	506	unsigned int offset, unsigned int len,
507	rxrpc_seq_t seq, u16 expected_cksum)	507	rxrpc_seq_t seq, u16 expected_cksum)
508	{	508	{
509	SKCIPHER_REQUEST_ON_STACK(req, call->conn->cipher);	509	SYNC_SKCIPHER_REQUEST_ON_STACK(req, call->conn->cipher);
510	struct rxrpc_crypt iv;	510	struct rxrpc_crypt iv;
511	struct scatterlist sg;	511	struct scatterlist sg;
512	bool aborted;	512	bool aborted;
@@ -529,7 +529,7 @@ static int rxkad_verify_packet(struct rxrpc_call call, struct sk_buff skb,
529	call->crypto_buf[1] = htonl(x);	529	call->crypto_buf[1] = htonl(x);
530		530
531	sg_init_one(&sg, call->crypto_buf, 8);	531	sg_init_one(&sg, call->crypto_buf, 8);
532	skcipher_request_set_tfm(req, call->conn->cipher);	532	skcipher_request_set_sync_tfm(req, call->conn->cipher);
533	skcipher_request_set_callback(req, 0, NULL, NULL);	533	skcipher_request_set_callback(req, 0, NULL, NULL);
534	skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x);	534	skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x);
535	crypto_skcipher_encrypt(req);	535	crypto_skcipher_encrypt(req);
@@ -755,7 +755,7 @@ static void rxkad_encrypt_response(struct rxrpc_connection *conn,
755	struct rxkad_response *resp,	755	struct rxkad_response *resp,
756	const struct rxkad_key *s2)	756	const struct rxkad_key *s2)
757	{	757	{
758	SKCIPHER_REQUEST_ON_STACK(req, conn->cipher);	758	SYNC_SKCIPHER_REQUEST_ON_STACK(req, conn->cipher);
759	struct rxrpc_crypt iv;	759	struct rxrpc_crypt iv;
760	struct scatterlist sg[1];	760	struct scatterlist sg[1];
761		761
@@ -764,7 +764,7 @@ static void rxkad_encrypt_response(struct rxrpc_connection *conn,
764		764
765	sg_init_table(sg, 1);	765	sg_init_table(sg, 1);
766	sg_set_buf(sg, &resp->encrypted, sizeof(resp->encrypted));	766	sg_set_buf(sg, &resp->encrypted, sizeof(resp->encrypted));
767	skcipher_request_set_tfm(req, conn->cipher);	767	skcipher_request_set_sync_tfm(req, conn->cipher);
768	skcipher_request_set_callback(req, 0, NULL, NULL);	768	skcipher_request_set_callback(req, 0, NULL, NULL);
769	skcipher_request_set_crypt(req, sg, sg, sizeof(resp->encrypted), iv.x);	769	skcipher_request_set_crypt(req, sg, sg, sizeof(resp->encrypted), iv.x);
770	crypto_skcipher_encrypt(req);	770	crypto_skcipher_encrypt(req);
@@ -1021,7 +1021,7 @@ static void rxkad_decrypt_response(struct rxrpc_connection *conn,
1021	struct rxkad_response *resp,	1021	struct rxkad_response *resp,
1022	const struct rxrpc_crypt *session_key)	1022	const struct rxrpc_crypt *session_key)
1023	{	1023	{
1024	SKCIPHER_REQUEST_ON_STACK(req, rxkad_ci);	1024	SYNC_SKCIPHER_REQUEST_ON_STACK(req, rxkad_ci);
1025	struct scatterlist sg[1];	1025	struct scatterlist sg[1];
1026	struct rxrpc_crypt iv;	1026	struct rxrpc_crypt iv;
1027		1027
@@ -1031,7 +1031,7 @@ static void rxkad_decrypt_response(struct rxrpc_connection *conn,
1031	ASSERT(rxkad_ci != NULL);	1031	ASSERT(rxkad_ci != NULL);
1032		1032
1033	mutex_lock(&rxkad_ci_mutex);	1033	mutex_lock(&rxkad_ci_mutex);
1034	if (crypto_skcipher_setkey(rxkad_ci, session_key->x,	1034	if (crypto_sync_skcipher_setkey(rxkad_ci, session_key->x,
1035	sizeof(*session_key)) < 0)	1035	sizeof(*session_key)) < 0)
1036	BUG();	1036	BUG();
1037		1037
@@ -1039,7 +1039,7 @@ static void rxkad_decrypt_response(struct rxrpc_connection *conn,
1039		1039
1040	sg_init_table(sg, 1);	1040	sg_init_table(sg, 1);
1041	sg_set_buf(sg, &resp->encrypted, sizeof(resp->encrypted));	1041	sg_set_buf(sg, &resp->encrypted, sizeof(resp->encrypted));
1042	skcipher_request_set_tfm(req, rxkad_ci);	1042	skcipher_request_set_sync_tfm(req, rxkad_ci);
1043	skcipher_request_set_callback(req, 0, NULL, NULL);	1043	skcipher_request_set_callback(req, 0, NULL, NULL);
1044	skcipher_request_set_crypt(req, sg, sg, sizeof(resp->encrypted), iv.x);	1044	skcipher_request_set_crypt(req, sg, sg, sizeof(resp->encrypted), iv.x);
1045	crypto_skcipher_decrypt(req);	1045	crypto_skcipher_decrypt(req);
@@ -1218,7 +1218,7 @@ static void rxkad_clear(struct rxrpc_connection *conn)
1218	_enter("");	1218	_enter("");
1219		1219
1220	if (conn->cipher)	1220	if (conn->cipher)
1221	crypto_free_skcipher(conn->cipher);	1221	crypto_free_sync_skcipher(conn->cipher);
1222	}	1222	}
1223		1223
1224	/*	1224	/*
@@ -1228,7 +1228,7 @@ static int rxkad_init(void)
1228	{	1228	{
1229	/* pin the cipher we need so that the crypto layer doesn't invoke	1229	/* pin the cipher we need so that the crypto layer doesn't invoke
1230	* keventd to go get it */	1230	* keventd to go get it */
1231	rxkad_ci = crypto_alloc_skcipher("pcbc(fcrypt)", 0, CRYPTO_ALG_ASYNC);	1231	rxkad_ci = crypto_alloc_sync_skcipher("pcbc(fcrypt)", 0, 0);
1232	return PTR_ERR_OR_ZERO(rxkad_ci);	1232	return PTR_ERR_OR_ZERO(rxkad_ci);
1233	}	1233	}
1234		1234
@@ -1238,7 +1238,7 @@ static int rxkad_init(void)
1238	static void rxkad_exit(void)	1238	static void rxkad_exit(void)
1239	{	1239	{
1240	if (rxkad_ci)	1240	if (rxkad_ci)
1241	crypto_free_skcipher(rxkad_ci);	1241	crypto_free_sync_skcipher(rxkad_ci);
1242	}	1242	}
1243		1243
1244	/*	1244	/*