diff options
| author | Herbert Xu <herbert@gondor.apana.org.au> | 2015-06-03 02:49:24 -0400 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2015-06-04 03:05:00 -0400 |
| commit | f261c5fbe7121fd88198f3ee4be4e34a5a268120 (patch) | |
| tree | ef272ae6ffb019516533dd87bfe254005fbbb19d /crypto/echainiv.c | |
| parent | 65fe6740d472aee158275fd1103586dee2ffc5cb (diff) | |
crypto: echainiv - Move IV seeding into init function
We currently do the IV seeding on the first givencrypt call in
order to conserve entropy. However, this does not work with
DRBG which cannot be called from interrupt context. In fact,
with DRBG we don't need to conserve entropy anyway. So this
patch moves the seeding into the init function.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/echainiv.c')
| -rw-r--r-- | crypto/echainiv.c | 30 |
1 files changed, 6 insertions, 24 deletions
diff --git a/crypto/echainiv.c b/crypto/echainiv.c index 62a817faec8c..08d33367801d 100644 --- a/crypto/echainiv.c +++ b/crypto/echainiv.c | |||
| @@ -187,29 +187,6 @@ static int echainiv_decrypt(struct aead_request *req) | |||
| 187 | return crypto_aead_decrypt(subreq); | 187 | return crypto_aead_decrypt(subreq); |
| 188 | } | 188 | } |
| 189 | 189 | ||
| 190 | static int echainiv_encrypt_first(struct aead_request *req) | ||
| 191 | { | ||
| 192 | struct crypto_aead *geniv = crypto_aead_reqtfm(req); | ||
| 193 | struct echainiv_ctx *ctx = crypto_aead_ctx(geniv); | ||
| 194 | int err = 0; | ||
| 195 | |||
| 196 | spin_lock_bh(&ctx->geniv.lock); | ||
| 197 | if (geniv->encrypt != echainiv_encrypt_first) | ||
| 198 | goto unlock; | ||
| 199 | |||
| 200 | geniv->encrypt = echainiv_encrypt; | ||
| 201 | err = crypto_rng_get_bytes(crypto_default_rng, ctx->salt, | ||
| 202 | crypto_aead_ivsize(geniv)); | ||
| 203 | |||
| 204 | unlock: | ||
| 205 | spin_unlock_bh(&ctx->geniv.lock); | ||
| 206 | |||
| 207 | if (err) | ||
| 208 | return err; | ||
| 209 | |||
| 210 | return echainiv_encrypt(req); | ||
| 211 | } | ||
| 212 | |||
| 213 | static int echainiv_init(struct crypto_tfm *tfm) | 190 | static int echainiv_init(struct crypto_tfm *tfm) |
| 214 | { | 191 | { |
| 215 | struct crypto_aead *geniv = __crypto_aead_cast(tfm); | 192 | struct crypto_aead *geniv = __crypto_aead_cast(tfm); |
| @@ -220,6 +197,11 @@ static int echainiv_init(struct crypto_tfm *tfm) | |||
| 220 | 197 | ||
| 221 | crypto_aead_set_reqsize(geniv, sizeof(struct aead_request)); | 198 | crypto_aead_set_reqsize(geniv, sizeof(struct aead_request)); |
| 222 | 199 | ||
| 200 | err = crypto_rng_get_bytes(crypto_default_rng, ctx->salt, | ||
| 201 | crypto_aead_ivsize(geniv)); | ||
| 202 | if (err) | ||
| 203 | goto out; | ||
| 204 | |||
| 223 | ctx->null = crypto_get_default_null_skcipher(); | 205 | ctx->null = crypto_get_default_null_skcipher(); |
| 224 | err = PTR_ERR(ctx->null); | 206 | err = PTR_ERR(ctx->null); |
| 225 | if (IS_ERR(ctx->null)) | 207 | if (IS_ERR(ctx->null)) |
| @@ -272,7 +254,7 @@ static int echainiv_aead_create(struct crypto_template *tmpl, | |||
| 272 | inst->alg.ivsize > MAX_IV_SIZE) | 254 | inst->alg.ivsize > MAX_IV_SIZE) |
| 273 | goto free_inst; | 255 | goto free_inst; |
| 274 | 256 | ||
| 275 | inst->alg.encrypt = echainiv_encrypt_first; | 257 | inst->alg.encrypt = echainiv_encrypt; |
| 276 | inst->alg.decrypt = echainiv_decrypt; | 258 | inst->alg.decrypt = echainiv_decrypt; |
| 277 | 259 | ||
| 278 | inst->alg.base.cra_init = echainiv_init; | 260 | inst->alg.base.cra_init = echainiv_init; |