6 files changed, 97 insertions, 69 deletions
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 91d4081cb00e..73f8be837a45 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -122,7 +122,8 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti,
                              const char *opts)
 {
        struct crypto_cipher *essiv_tfm;
-        struct crypto_tfm *hash_tfm;
+        struct crypto_hash *hash_tfm;
+        struct hash_desc desc;
        struct scatterlist sg;
        unsigned int saltsize;
        u8 *salt;
@@ -134,29 +135,30 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti,
        }
        /* Hash the cipher key with the given hash algorithm */
-        hash_tfm = crypto_alloc_tfm(opts, CRYPTO_TFM_REQ_MAY_SLEEP);
+        hash_tfm = crypto_alloc_hash(opts, 0, CRYPTO_ALG_ASYNC);
-        if (hash_tfm == NULL) {
+        if (IS_ERR(hash_tfm)) {
                ti->error = "Error initializing ESSIV hash";
-                return -EINVAL;
+                return PTR_ERR(hash_tfm);
-        }
-        if (crypto_tfm_alg_type(hash_tfm) != CRYPTO_ALG_TYPE_DIGEST) {
-                ti->error = "Expected digest algorithm for ESSIV hash";
-                crypto_free_tfm(hash_tfm);
-                return -EINVAL;
        }
-        saltsize = crypto_tfm_alg_digestsize(hash_tfm);
+        saltsize = crypto_hash_digestsize(hash_tfm);
        salt = kmalloc(saltsize, GFP_KERNEL);
        if (salt == NULL) {
                ti->error = "Error kmallocing salt storage in ESSIV";
-                crypto_free_tfm(hash_tfm);
+                crypto_free_hash(hash_tfm);
                return -ENOMEM;
        }
        sg_set_buf(&sg, cc->key, cc->key_size);
-        crypto_digest_digest(hash_tfm, &sg, 1, salt);
+        desc.tfm = hash_tfm;
-        crypto_free_tfm(hash_tfm);
+        desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
+        err = crypto_hash_digest(&desc, &sg, cc->key_size, salt);
+        crypto_free_hash(hash_tfm);
+        if (err) {
+                ti->error = "Error calculating hash in ESSIV";
+                return err;
+        }
        /* Setup the essiv_tfm with the given salt */
        essiv_tfm = crypto_alloc_cipher(cc->cipher, 0, CRYPTO_ALG_ASYNC);
diff --git a/drivers/net/ppp_mppe.c b/drivers/net/ppp_mppe.c
index 495d8667419a..e7a0eb4fca60 100644
--- a/drivers/net/ppp_mppe.c
+++ b/drivers/net/ppp_mppe.c
@@ -65,12 +65,13 @@ MODULE_LICENSE("Dual BSD/GPL");
 MODULE_ALIAS("ppp-compress-" __stringify(CI_MPPE));
 MODULE_VERSION("1.0.2");
-static void
+static unsigned int
 setup_sg(struct scatterlist *sg, const void *address, unsigned int length)
 {
        sg[0].page = virt_to_page(address);
        sg[0].offset = offset_in_page(address);
        sg[0].length = length;
+        return length;
 }
 #define SHA1_PAD_SIZE 40
@@ -97,7 +98,7 @@ static inline void sha_pad_init(struct sha_pad *shapad)
 */
 struct ppp_mppe_state {
        struct crypto_blkcipher *arc4;
-        struct crypto_tfm *sha1;
+        struct crypto_hash *sha1;
        unsigned char *sha1_digest;
        unsigned char master_key[MPPE_MAX_KEY_LEN];
        unsigned char session_key[MPPE_MAX_KEY_LEN];
@@ -137,14 +138,21 @@ struct ppp_mppe_state {
 */
 static void get_new_key_from_sha(struct ppp_mppe_state * state, unsigned char *InterimKey)
 {
+        struct hash_desc desc;
        struct scatterlist sg[4];
+        unsigned int nbytes;
-        setup_sg(&sg[0], state->master_key, state->keylen);
+        nbytes = setup_sg(&sg[0], state->master_key, state->keylen);
-        setup_sg(&sg[1], sha_pad->sha_pad1, sizeof(sha_pad->sha_pad1));
+        nbytes += setup_sg(&sg[1], sha_pad->sha_pad1,
-        setup_sg(&sg[2], state->session_key, state->keylen);
+                           sizeof(sha_pad->sha_pad1));
-        setup_sg(&sg[3], sha_pad->sha_pad2, sizeof(sha_pad->sha_pad2));
+        nbytes += setup_sg(&sg[2], state->session_key, state->keylen);
+        nbytes += setup_sg(&sg[3], sha_pad->sha_pad2,
+                           sizeof(sha_pad->sha_pad2));
-        crypto_digest_digest (state->sha1, sg, 4, state->sha1_digest);
+        desc.tfm = state->sha1;
+        desc.flags = 0;
+        crypto_hash_digest(&desc, sg, nbytes, state->sha1_digest);
        memcpy(InterimKey, state->sha1_digest, state->keylen);
 }
@@ -204,11 +212,13 @@ static void *mppe_alloc(unsigned char *options, int optlen)
                goto out_free;
        }
-        state->sha1 = crypto_alloc_tfm("sha1", 0);
+        state->sha1 = crypto_alloc_hash("sha1", 0, CRYPTO_ALG_ASYNC);
-        if (!state->sha1)
+        if (IS_ERR(state->sha1)) {
+                state->sha1 = NULL;
                goto out_free;
+        }
-        digestsize = crypto_tfm_alg_digestsize(state->sha1);
+        digestsize = crypto_hash_digestsize(state->sha1);
        if (digestsize < MPPE_MAX_KEY_LEN)
                goto out_free;
@@ -233,7 +243,7 @@ static void *mppe_alloc(unsigned char *options, int optlen)
            if (state->sha1_digest)
                kfree(state->sha1_digest);
            if (state->sha1)
-                crypto_free_tfm(state->sha1);
+                crypto_free_hash(state->sha1);
            if (state->arc4)
                crypto_free_blkcipher(state->arc4);
            kfree(state);
@@ -251,7 +261,7 @@ static void mppe_free(void *arg)
            if (state->sha1_digest)
                kfree(state->sha1_digest);
            if (state->sha1)
-                crypto_free_tfm(state->sha1);
+                crypto_free_hash(state->sha1);
            if (state->arc4)
                crypto_free_blkcipher(state->arc4);
            kfree(state);
diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index 06da7506363c..e35d7e52fdeb 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -33,7 +33,7 @@
 *
 */
+#include <linux/err.h>
 #include <linux/sunrpc/svc.h>
 #include <linux/nfsd/nfsd.h>
 #include <linux/nfs4.h>
@@ -87,34 +87,35 @@ int
 nfs4_make_rec_clidname(char *dname, struct xdr_netobj *clname)
 {
        struct xdr_netobj cksum;
-        struct crypto_tfm *tfm;
+        struct hash_desc desc;
        struct scatterlist sg[1];
        int status = nfserr_resource;
        dprintk("NFSD: nfs4_make_rec_clidname for %.*s\n",
                        clname->len, clname->data);
-        tfm = crypto_alloc_tfm("md5", CRYPTO_TFM_REQ_MAY_SLEEP);
+        desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
-        if (tfm == NULL)
+        desc.tfm = crypto_alloc_hash("md5", 0, CRYPTO_ALG_ASYNC);
-                goto out;
+        if (IS_ERR(desc.tfm))
-        cksum.len = crypto_tfm_alg_digestsize(tfm);
+                goto out_no_tfm;
+        cksum.len = crypto_hash_digestsize(desc.tfm);
        cksum.data = kmalloc(cksum.len, GFP_KERNEL);
        if (cksum.data == NULL)
                goto out;
-        crypto_digest_init(tfm);
        sg[0].page = virt_to_page(clname->data);
        sg[0].offset = offset_in_page(clname->data);
        sg[0].length = clname->len;
-        crypto_digest_update(tfm, sg, 1);
+        if (crypto_hash_digest(&desc, sg, sg->length, cksum.data))
-        crypto_digest_final(tfm, cksum.data);
+                goto out;
        md5_to_hex(dname, cksum.data);
        kfree(cksum.data);
        status = nfs_ok;
 out:
-        crypto_free_tfm(tfm);
+        crypto_free_hash(desc.tfm);
+out_no_tfm:
        return status;
 }
diff --git a/net/ieee80211/ieee80211_crypt_tkip.c b/net/ieee80211/ieee80211_crypt_tkip.c
index d60ce9b49b4f..407a17495b61 100644
--- a/net/ieee80211/ieee80211_crypt_tkip.c
+++ b/net/ieee80211/ieee80211_crypt_tkip.c
@@ -54,7 +54,7 @@ struct ieee80211_tkip_data {
        int key_idx;
        struct crypto_blkcipher *tfm_arc4;
-        struct crypto_tfm *tfm_michael;
+        struct crypto_hash *tfm_michael;
        /* scratch buffers for virt_to_page() (crypto API) */
        u8 rx_hdr[16], tx_hdr[16];
@@ -95,10 +95,12 @@ static void *ieee80211_tkip_init(int key_idx)
                goto fail;
        }
-        priv->tfm_michael = crypto_alloc_tfm("michael_mic", 0);
+        priv->tfm_michael = crypto_alloc_hash("michael_mic", 0,
-        if (priv->tfm_michael == NULL) {
+                                              CRYPTO_ALG_ASYNC);
+        if (IS_ERR(priv->tfm_michael)) {
                printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
                       "crypto API michael_mic\n");
+                priv->tfm_michael = NULL;
                goto fail;
        }
@@ -107,7 +109,7 @@ static void *ieee80211_tkip_init(int key_idx)
      fail:
        if (priv) {
                if (priv->tfm_michael)
-                        crypto_free_tfm(priv->tfm_michael);
+                        crypto_free_hash(priv->tfm_michael);
                if (priv->tfm_arc4)
                        crypto_free_blkcipher(priv->tfm_arc4);
                kfree(priv);
@@ -120,7 +122,7 @@ static void ieee80211_tkip_deinit(void *priv)
 {
        struct ieee80211_tkip_data *_priv = priv;
        if (_priv && _priv->tfm_michael)
-                crypto_free_tfm(_priv->tfm_michael);
+                crypto_free_hash(_priv->tfm_michael);
        if (_priv && _priv->tfm_arc4)
                crypto_free_blkcipher(_priv->tfm_arc4);
        kfree(priv);
@@ -485,6 +487,7 @@ static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
 static int michael_mic(struct ieee80211_tkip_data *tkey, u8 * key, u8 * hdr,
                       u8 * data, size_t data_len, u8 * mic)
 {
+        struct hash_desc desc;
        struct scatterlist sg[2];
        if (tkey->tfm_michael == NULL) {
@@ -499,12 +502,12 @@ static int michael_mic(struct ieee80211_tkip_data *tkey, u8 * key, u8 * hdr,
        sg[1].offset = offset_in_page(data);
        sg[1].length = data_len;
-        crypto_digest_init(tkey->tfm_michael);
+        if (crypto_hash_setkey(tkey->tfm_michael, key, 8))
-        crypto_digest_setkey(tkey->tfm_michael, key, 8);
+                return -1;
-        crypto_digest_update(tkey->tfm_michael, sg, 2);
-        crypto_digest_final(tkey->tfm_michael, mic);
-        return 0;
+        desc.tfm = tkey->tfm_michael;
+        desc.flags = 0;
+        return crypto_hash_digest(&desc, sg, data_len + 16, mic);
 }
 static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
@@ -628,7 +631,7 @@ static int ieee80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
 {
        struct ieee80211_tkip_data *tkey = priv;
        int keyidx;
-        struct crypto_tfm *tfm = tkey->tfm_michael;
+        struct crypto_hash *tfm = tkey->tfm_michael;
        struct crypto_blkcipher *tfm2 = tkey->tfm_arc4;
        keyidx = tkey->key_idx;
diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c b/net/sunrpc/auth_gss/gss_krb5_crypto.c
index 57192dfe3065..e11a40b25cce 100644
--- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
+++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
@@ -34,6 +34,7 @@
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 */
+#include <linux/err.h>
 #include <linux/types.h>
 #include <linux/mm.h>
 #include <linux/slab.h>
@@ -199,11 +200,9 @@ out:
 static int
 checksummer(struct scatterlist *sg, void *data)
 {
-        struct crypto_tfm *tfm = (struct crypto_tfm *)data;
+        struct hash_desc *desc = data;
-        crypto_digest_update(tfm, sg, 1);
+        return crypto_hash_update(desc, sg, sg->length);
-        return 0;
 }
 /* checksum the plaintext data and hdrlen bytes of the token header */
@@ -212,8 +211,9 @@ make_checksum(s32 cksumtype, char *header, int hdrlen, struct xdr_buf *body,
                   int body_offset, struct xdr_netobj *cksum)
 {
        char                            *cksumname;
-        struct crypto_tfm               *tfm = NULL; /* XXX add to ctx? */
+        struct hash_desc                desc; /* XXX add to ctx? */
        struct scatterlist              sg[1];
+        int err;
        switch (cksumtype) {
                case CKSUMTYPE_RSA_MD5:
@@ -224,18 +224,28 @@ make_checksum(s32 cksumtype, char *header, int hdrlen, struct xdr_buf *body,
                                " unsupported checksum %d", cksumtype);
                        return GSS_S_FAILURE;
        }
-        if (!(tfm = crypto_alloc_tfm(cksumname, CRYPTO_TFM_REQ_MAY_SLEEP)))
+        desc.tfm = crypto_alloc_hash(cksumname, 0, CRYPTO_ALG_ASYNC);
+        if (IS_ERR(desc.tfm))
                return GSS_S_FAILURE;
-        cksum->len = crypto_tfm_alg_digestsize(tfm);
+        cksum->len = crypto_hash_digestsize(desc.tfm);
+        desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
-        crypto_digest_init(tfm);
+        err = crypto_hash_init(&desc);
+        if (err)
+                goto out;
        sg_set_buf(sg, header, hdrlen);
-        crypto_digest_update(tfm, sg, 1);
+        err = crypto_hash_update(&desc, sg, hdrlen);
-        process_xdr_buf(body, body_offset, body->len - body_offset,
+        if (err)
-                        checksummer, tfm);
+                goto out;
-        crypto_digest_final(tfm, cksum->data);
+        err = process_xdr_buf(body, body_offset, body->len - body_offset,
-        crypto_free_tfm(tfm);
+                              checksummer, &desc);
-        return 0;
+        if (err)
+                goto out;
+        err = crypto_hash_final(&desc, cksum->data);
+out:
+        crypto_free_hash(desc.tfm);
+        return err ? GSS_S_FAILURE : 0;
 }
 EXPORT_SYMBOL(make_checksum);
diff --git a/security/seclvl.c b/security/seclvl.c
index c26dd7de0471..8f6291991fbc 100644
--- a/security/seclvl.c
+++ b/security/seclvl.c
@@ -16,6 +16,7 @@
 *      (at your option) any later version.
 */
+#include <linux/err.h>
 #include <linux/module.h>
 #include <linux/moduleparam.h>
 #include <linux/kernel.h>
@@ -197,26 +198,27 @@ static unsigned char hashedPassword[SHA1_DIGEST_SIZE];
 static int
 plaintext_to_sha1(unsigned char *hash, const char *plaintext, unsigned int len)
 {
-        struct crypto_tfm *tfm;
+        struct hash_desc desc;
        struct scatterlist sg;
+        int err;
        if (len > PAGE_SIZE) {
                seclvl_printk(0, KERN_ERR, "Plaintext password too large (%d "
                              "characters).  Largest possible is %lu "
                              "bytes.\n", len, PAGE_SIZE);
                return -EINVAL;
        }
-        tfm = crypto_alloc_tfm("sha1", CRYPTO_TFM_REQ_MAY_SLEEP);
+        desc.tfm = crypto_alloc_hash("sha1", 0, CRYPTO_ALG_ASYNC);
-        if (tfm == NULL) {
+        if (IS_ERR(desc.tfm)) {
                seclvl_printk(0, KERN_ERR,
                              "Failed to load transform for SHA1\n");
                return -EINVAL;
        }
        sg_init_one(&sg, (u8 *)plaintext, len);
-        crypto_digest_init(tfm);
+        desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
-        crypto_digest_update(tfm, &sg, 1);
+        err = crypto_hash_digest(&desc, &sg, len, hash);
-        crypto_digest_final(tfm, hash);
+        crypto_free_hash(desc.tfm);
-        crypto_free_tfm(tfm);
+        return err;
-        return 0;
 }
 /**

diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index 91d4081cb00e..73f8be837a45 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c
@@ -122,7 +122,8 @@ static int crypt_iv_essiv_ctr(struct crypt_config cc, struct dm_target ti,
122	const char *opts)	122	const char *opts)
123	{	123	{
124	struct crypto_cipher *essiv_tfm;	124	struct crypto_cipher *essiv_tfm;
125	struct crypto_tfm *hash_tfm;	125	struct crypto_hash *hash_tfm;
		126	struct hash_desc desc;
126	struct scatterlist sg;	127	struct scatterlist sg;
127	unsigned int saltsize;	128	unsigned int saltsize;
128	u8 *salt;	129	u8 *salt;
@@ -134,29 +135,30 @@ static int crypt_iv_essiv_ctr(struct crypt_config cc, struct dm_target ti,
134	}	135	}
135		136
136	/* Hash the cipher key with the given hash algorithm */	137	/* Hash the cipher key with the given hash algorithm */
137	hash_tfm = crypto_alloc_tfm(opts, CRYPTO_TFM_REQ_MAY_SLEEP);	138	hash_tfm = crypto_alloc_hash(opts, 0, CRYPTO_ALG_ASYNC);
138	if (hash_tfm == NULL) {	139	if (IS_ERR(hash_tfm)) {
139	ti->error = "Error initializing ESSIV hash";	140	ti->error = "Error initializing ESSIV hash";
140	return -EINVAL;	141	return PTR_ERR(hash_tfm);
141	}
142
143	if (crypto_tfm_alg_type(hash_tfm) != CRYPTO_ALG_TYPE_DIGEST) {
144	ti->error = "Expected digest algorithm for ESSIV hash";
145	crypto_free_tfm(hash_tfm);
146	return -EINVAL;
147	}	142	}
148		143
149	saltsize = crypto_tfm_alg_digestsize(hash_tfm);	144	saltsize = crypto_hash_digestsize(hash_tfm);
150	salt = kmalloc(saltsize, GFP_KERNEL);	145	salt = kmalloc(saltsize, GFP_KERNEL);
151	if (salt == NULL) {	146	if (salt == NULL) {
152	ti->error = "Error kmallocing salt storage in ESSIV";	147	ti->error = "Error kmallocing salt storage in ESSIV";
153	crypto_free_tfm(hash_tfm);	148	crypto_free_hash(hash_tfm);
154	return -ENOMEM;	149	return -ENOMEM;
155	}	150	}
156		151
157	sg_set_buf(&sg, cc->key, cc->key_size);	152	sg_set_buf(&sg, cc->key, cc->key_size);
158	crypto_digest_digest(hash_tfm, &sg, 1, salt);	153	desc.tfm = hash_tfm;
159	crypto_free_tfm(hash_tfm);	154	desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
		155	err = crypto_hash_digest(&desc, &sg, cc->key_size, salt);
		156	crypto_free_hash(hash_tfm);
		157
		158	if (err) {
		159	ti->error = "Error calculating hash in ESSIV";
		160	return err;
		161	}
160		162
161	/* Setup the essiv_tfm with the given salt */	163	/* Setup the essiv_tfm with the given salt */
162	essiv_tfm = crypto_alloc_cipher(cc->cipher, 0, CRYPTO_ALG_ASYNC);	164	essiv_tfm = crypto_alloc_cipher(cc->cipher, 0, CRYPTO_ALG_ASYNC);


diff --git a/drivers/net/ppp_mppe.c b/drivers/net/ppp_mppe.c index 495d8667419a..e7a0eb4fca60 100644 --- a/drivers/net/ppp_mppe.c +++ b/drivers/net/ppp_mppe.c
@@ -65,12 +65,13 @@ MODULE_LICENSE("Dual BSD/GPL");
65	MODULE_ALIAS("ppp-compress-" __stringify(CI_MPPE));	65	MODULE_ALIAS("ppp-compress-" __stringify(CI_MPPE));
66	MODULE_VERSION("1.0.2");	66	MODULE_VERSION("1.0.2");
67		67
68	static void	68	static unsigned int
69	setup_sg(struct scatterlist sg, const void address, unsigned int length)	69	setup_sg(struct scatterlist sg, const void address, unsigned int length)
70	{	70	{
71	sg[0].page = virt_to_page(address);	71	sg[0].page = virt_to_page(address);
72	sg[0].offset = offset_in_page(address);	72	sg[0].offset = offset_in_page(address);
73	sg[0].length = length;	73	sg[0].length = length;
		74	return length;
74	}	75	}
75		76
76	#define SHA1_PAD_SIZE 40	77	#define SHA1_PAD_SIZE 40
@@ -97,7 +98,7 @@ static inline void sha_pad_init(struct sha_pad *shapad)
97	*/	98	*/
98	struct ppp_mppe_state {	99	struct ppp_mppe_state {
99	struct crypto_blkcipher *arc4;	100	struct crypto_blkcipher *arc4;
100	struct crypto_tfm *sha1;	101	struct crypto_hash *sha1;
101	unsigned char *sha1_digest;	102	unsigned char *sha1_digest;
102	unsigned char master_key[MPPE_MAX_KEY_LEN];	103	unsigned char master_key[MPPE_MAX_KEY_LEN];
103	unsigned char session_key[MPPE_MAX_KEY_LEN];	104	unsigned char session_key[MPPE_MAX_KEY_LEN];
@@ -137,14 +138,21 @@ struct ppp_mppe_state {
137	*/	138	*/
138	static void get_new_key_from_sha(struct ppp_mppe_state * state, unsigned char *InterimKey)	139	static void get_new_key_from_sha(struct ppp_mppe_state * state, unsigned char *InterimKey)
139	{	140	{
		141	struct hash_desc desc;
140	struct scatterlist sg[4];	142	struct scatterlist sg[4];
		143	unsigned int nbytes;
141		144
142	setup_sg(&sg[0], state->master_key, state->keylen);	145	nbytes = setup_sg(&sg[0], state->master_key, state->keylen);
143	setup_sg(&sg[1], sha_pad->sha_pad1, sizeof(sha_pad->sha_pad1));	146	nbytes += setup_sg(&sg[1], sha_pad->sha_pad1,
144	setup_sg(&sg[2], state->session_key, state->keylen);	147	sizeof(sha_pad->sha_pad1));
145	setup_sg(&sg[3], sha_pad->sha_pad2, sizeof(sha_pad->sha_pad2));	148	nbytes += setup_sg(&sg[2], state->session_key, state->keylen);
		149	nbytes += setup_sg(&sg[3], sha_pad->sha_pad2,
		150	sizeof(sha_pad->sha_pad2));
146		151
147	crypto_digest_digest (state->sha1, sg, 4, state->sha1_digest);	152	desc.tfm = state->sha1;
		153	desc.flags = 0;
		154
		155	crypto_hash_digest(&desc, sg, nbytes, state->sha1_digest);
148		156
149	memcpy(InterimKey, state->sha1_digest, state->keylen);	157	memcpy(InterimKey, state->sha1_digest, state->keylen);
150	}	158	}
@@ -204,11 +212,13 @@ static void mppe_alloc(unsigned char options, int optlen)
204	goto out_free;	212	goto out_free;
205	}	213	}
206		214
207	state->sha1 = crypto_alloc_tfm("sha1", 0);	215	state->sha1 = crypto_alloc_hash("sha1", 0, CRYPTO_ALG_ASYNC);
208	if (!state->sha1)	216	if (IS_ERR(state->sha1)) {
		217	state->sha1 = NULL;
209	goto out_free;	218	goto out_free;
		219	}
210		220
211	digestsize = crypto_tfm_alg_digestsize(state->sha1);	221	digestsize = crypto_hash_digestsize(state->sha1);
212	if (digestsize < MPPE_MAX_KEY_LEN)	222	if (digestsize < MPPE_MAX_KEY_LEN)
213	goto out_free;	223	goto out_free;
214		224
@@ -233,7 +243,7 @@ static void mppe_alloc(unsigned char options, int optlen)
233	if (state->sha1_digest)	243	if (state->sha1_digest)
234	kfree(state->sha1_digest);	244	kfree(state->sha1_digest);
235	if (state->sha1)	245	if (state->sha1)
236	crypto_free_tfm(state->sha1);	246	crypto_free_hash(state->sha1);
237	if (state->arc4)	247	if (state->arc4)
238	crypto_free_blkcipher(state->arc4);	248	crypto_free_blkcipher(state->arc4);
239	kfree(state);	249	kfree(state);
@@ -251,7 +261,7 @@ static void mppe_free(void *arg)
251	if (state->sha1_digest)	261	if (state->sha1_digest)
252	kfree(state->sha1_digest);	262	kfree(state->sha1_digest);
253	if (state->sha1)	263	if (state->sha1)
254	crypto_free_tfm(state->sha1);	264	crypto_free_hash(state->sha1);
255	if (state->arc4)	265	if (state->arc4)
256	crypto_free_blkcipher(state->arc4);	266	crypto_free_blkcipher(state->arc4);
257	kfree(state);	267	kfree(state);


diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c index 06da7506363c..e35d7e52fdeb 100644 --- a/fs/nfsd/nfs4recover.c +++ b/fs/nfsd/nfs4recover.c
@@ -33,7 +33,7 @@
33	*	33	*
34	*/	34	*/
35		35
36		36	#include <linux/err.h>
37	#include <linux/sunrpc/svc.h>	37	#include <linux/sunrpc/svc.h>
38	#include <linux/nfsd/nfsd.h>	38	#include <linux/nfsd/nfsd.h>
39	#include <linux/nfs4.h>	39	#include <linux/nfs4.h>
@@ -87,34 +87,35 @@ int
87	nfs4_make_rec_clidname(char dname, struct xdr_netobj clname)	87	nfs4_make_rec_clidname(char dname, struct xdr_netobj clname)
88	{	88	{
89	struct xdr_netobj cksum;	89	struct xdr_netobj cksum;
90	struct crypto_tfm *tfm;	90	struct hash_desc desc;
91	struct scatterlist sg[1];	91	struct scatterlist sg[1];
92	int status = nfserr_resource;	92	int status = nfserr_resource;
93		93
94	dprintk("NFSD: nfs4_make_rec_clidname for %.*s\n",	94	dprintk("NFSD: nfs4_make_rec_clidname for %.*s\n",
95	clname->len, clname->data);	95	clname->len, clname->data);
96	tfm = crypto_alloc_tfm("md5", CRYPTO_TFM_REQ_MAY_SLEEP);	96	desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
97	if (tfm == NULL)	97	desc.tfm = crypto_alloc_hash("md5", 0, CRYPTO_ALG_ASYNC);
98	goto out;	98	if (IS_ERR(desc.tfm))
99	cksum.len = crypto_tfm_alg_digestsize(tfm);	99	goto out_no_tfm;
		100	cksum.len = crypto_hash_digestsize(desc.tfm);
100	cksum.data = kmalloc(cksum.len, GFP_KERNEL);	101	cksum.data = kmalloc(cksum.len, GFP_KERNEL);
101	if (cksum.data == NULL)	102	if (cksum.data == NULL)
102	goto out;	103	goto out;
103	crypto_digest_init(tfm);
104		104
105	sg[0].page = virt_to_page(clname->data);	105	sg[0].page = virt_to_page(clname->data);
106	sg[0].offset = offset_in_page(clname->data);	106	sg[0].offset = offset_in_page(clname->data);
107	sg[0].length = clname->len;	107	sg[0].length = clname->len;
108		108
109	crypto_digest_update(tfm, sg, 1);	109	if (crypto_hash_digest(&desc, sg, sg->length, cksum.data))
110	crypto_digest_final(tfm, cksum.data);	110	goto out;
111		111
112	md5_to_hex(dname, cksum.data);	112	md5_to_hex(dname, cksum.data);
113		113
114	kfree(cksum.data);	114	kfree(cksum.data);
115	status = nfs_ok;	115	status = nfs_ok;
116	out:	116	out:
117	crypto_free_tfm(tfm);	117	crypto_free_hash(desc.tfm);
		118	out_no_tfm:
118	return status;	119	return status;
119	}	120	}
120		121


diff --git a/net/ieee80211/ieee80211_crypt_tkip.c b/net/ieee80211/ieee80211_crypt_tkip.c index d60ce9b49b4f..407a17495b61 100644 --- a/net/ieee80211/ieee80211_crypt_tkip.c +++ b/net/ieee80211/ieee80211_crypt_tkip.c
@@ -54,7 +54,7 @@ struct ieee80211_tkip_data {
54	int key_idx;	54	int key_idx;
55		55
56	struct crypto_blkcipher *tfm_arc4;	56	struct crypto_blkcipher *tfm_arc4;
57	struct crypto_tfm *tfm_michael;	57	struct crypto_hash *tfm_michael;
58		58
59	/* scratch buffers for virt_to_page() (crypto API) */	59	/* scratch buffers for virt_to_page() (crypto API) */
60	u8 rx_hdr[16], tx_hdr[16];	60	u8 rx_hdr[16], tx_hdr[16];
@@ -95,10 +95,12 @@ static void *ieee80211_tkip_init(int key_idx)
95	goto fail;	95	goto fail;
96	}	96	}
97		97
98	priv->tfm_michael = crypto_alloc_tfm("michael_mic", 0);	98	priv->tfm_michael = crypto_alloc_hash("michael_mic", 0,
99	if (priv->tfm_michael == NULL) {	99	CRYPTO_ALG_ASYNC);
		100	if (IS_ERR(priv->tfm_michael)) {
100	printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "	101	printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
101	"crypto API michael_mic\n");	102	"crypto API michael_mic\n");
		103	priv->tfm_michael = NULL;
102	goto fail;	104	goto fail;
103	}	105	}
104		106
@@ -107,7 +109,7 @@ static void *ieee80211_tkip_init(int key_idx)
107	fail:	109	fail:
108	if (priv) {	110	if (priv) {
109	if (priv->tfm_michael)	111	if (priv->tfm_michael)
110	crypto_free_tfm(priv->tfm_michael);	112	crypto_free_hash(priv->tfm_michael);
111	if (priv->tfm_arc4)	113	if (priv->tfm_arc4)
112	crypto_free_blkcipher(priv->tfm_arc4);	114	crypto_free_blkcipher(priv->tfm_arc4);
113	kfree(priv);	115	kfree(priv);
@@ -120,7 +122,7 @@ static void ieee80211_tkip_deinit(void *priv)
120	{	122	{
121	struct ieee80211_tkip_data *_priv = priv;	123	struct ieee80211_tkip_data *_priv = priv;
122	if (_priv && _priv->tfm_michael)	124	if (_priv && _priv->tfm_michael)
123	crypto_free_tfm(_priv->tfm_michael);	125	crypto_free_hash(_priv->tfm_michael);
124	if (_priv && _priv->tfm_arc4)	126	if (_priv && _priv->tfm_arc4)
125	crypto_free_blkcipher(_priv->tfm_arc4);	127	crypto_free_blkcipher(_priv->tfm_arc4);
126	kfree(priv);	128	kfree(priv);
@@ -485,6 +487,7 @@ static int ieee80211_tkip_decrypt(struct sk_buff skb, int hdr_len, void priv)
485	static int michael_mic(struct ieee80211_tkip_data tkey, u8 key, u8 * hdr,	487	static int michael_mic(struct ieee80211_tkip_data tkey, u8 key, u8 * hdr,
486	u8 * data, size_t data_len, u8 * mic)	488	u8 * data, size_t data_len, u8 * mic)
487	{	489	{
		490	struct hash_desc desc;
488	struct scatterlist sg[2];	491	struct scatterlist sg[2];
489		492
490	if (tkey->tfm_michael == NULL) {	493	if (tkey->tfm_michael == NULL) {
@@ -499,12 +502,12 @@ static int michael_mic(struct ieee80211_tkip_data tkey, u8 key, u8 * hdr,
499	sg[1].offset = offset_in_page(data);	502	sg[1].offset = offset_in_page(data);
500	sg[1].length = data_len;	503	sg[1].length = data_len;
501		504
502	crypto_digest_init(tkey->tfm_michael);	505	if (crypto_hash_setkey(tkey->tfm_michael, key, 8))
503	crypto_digest_setkey(tkey->tfm_michael, key, 8);	506	return -1;
504	crypto_digest_update(tkey->tfm_michael, sg, 2);
505	crypto_digest_final(tkey->tfm_michael, mic);
506		507
507	return 0;	508	desc.tfm = tkey->tfm_michael;
		509	desc.flags = 0;
		510	return crypto_hash_digest(&desc, sg, data_len + 16, mic);
508	}	511	}
509		512
510	static void michael_mic_hdr(struct sk_buff skb, u8 hdr)	513	static void michael_mic_hdr(struct sk_buff skb, u8 hdr)
@@ -628,7 +631,7 @@ static int ieee80211_tkip_set_key(void key, int len, u8 seq, void *priv)
628	{	631	{
629	struct ieee80211_tkip_data *tkey = priv;	632	struct ieee80211_tkip_data *tkey = priv;
630	int keyidx;	633	int keyidx;
631	struct crypto_tfm *tfm = tkey->tfm_michael;	634	struct crypto_hash *tfm = tkey->tfm_michael;
632	struct crypto_blkcipher *tfm2 = tkey->tfm_arc4;	635	struct crypto_blkcipher *tfm2 = tkey->tfm_arc4;
633		636
634	keyidx = tkey->key_idx;	637	keyidx = tkey->key_idx;


diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c b/net/sunrpc/auth_gss/gss_krb5_crypto.c index 57192dfe3065..e11a40b25cce 100644 --- a/net/sunrpc/auth_gss/gss_krb5_crypto.c +++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
@@ -34,6 +34,7 @@
34	* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.	34	* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
35	*/	35	*/
36		36
		37	#include <linux/err.h>
37	#include <linux/types.h>	38	#include <linux/types.h>
38	#include <linux/mm.h>	39	#include <linux/mm.h>
39	#include <linux/slab.h>	40	#include <linux/slab.h>
@@ -199,11 +200,9 @@ out:
199	static int	200	static int
200	checksummer(struct scatterlist sg, void data)	201	checksummer(struct scatterlist sg, void data)
201	{	202	{
202	struct crypto_tfm tfm = (struct crypto_tfm )data;	203	struct hash_desc *desc = data;
203		204
204	crypto_digest_update(tfm, sg, 1);	205	return crypto_hash_update(desc, sg, sg->length);
205
206	return 0;
207	}	206	}
208		207
209	/* checksum the plaintext data and hdrlen bytes of the token header */	208	/* checksum the plaintext data and hdrlen bytes of the token header */
@@ -212,8 +211,9 @@ make_checksum(s32 cksumtype, char header, int hdrlen, struct xdr_buf body,
212	int body_offset, struct xdr_netobj *cksum)	211	int body_offset, struct xdr_netobj *cksum)
213	{	212	{
214	char *cksumname;	213	char *cksumname;
215	struct crypto_tfm tfm = NULL; / XXX add to ctx? */	214	struct hash_desc desc; /* XXX add to ctx? */
216	struct scatterlist sg[1];	215	struct scatterlist sg[1];
		216	int err;
217		217
218	switch (cksumtype) {	218	switch (cksumtype) {
219	case CKSUMTYPE_RSA_MD5:	219	case CKSUMTYPE_RSA_MD5:
@@ -224,18 +224,28 @@ make_checksum(s32 cksumtype, char header, int hdrlen, struct xdr_buf body,
224	" unsupported checksum %d", cksumtype);	224	" unsupported checksum %d", cksumtype);
225	return GSS_S_FAILURE;	225	return GSS_S_FAILURE;
226	}	226	}
227	if (!(tfm = crypto_alloc_tfm(cksumname, CRYPTO_TFM_REQ_MAY_SLEEP)))	227	desc.tfm = crypto_alloc_hash(cksumname, 0, CRYPTO_ALG_ASYNC);
		228	if (IS_ERR(desc.tfm))
228	return GSS_S_FAILURE;	229	return GSS_S_FAILURE;
229	cksum->len = crypto_tfm_alg_digestsize(tfm);	230	cksum->len = crypto_hash_digestsize(desc.tfm);
		231	desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
230		232
231	crypto_digest_init(tfm);	233	err = crypto_hash_init(&desc);
		234	if (err)
		235	goto out;
232	sg_set_buf(sg, header, hdrlen);	236	sg_set_buf(sg, header, hdrlen);
233	crypto_digest_update(tfm, sg, 1);	237	err = crypto_hash_update(&desc, sg, hdrlen);
234	process_xdr_buf(body, body_offset, body->len - body_offset,	238	if (err)
235	checksummer, tfm);	239	goto out;
236	crypto_digest_final(tfm, cksum->data);	240	err = process_xdr_buf(body, body_offset, body->len - body_offset,
237	crypto_free_tfm(tfm);	241	checksummer, &desc);
238	return 0;	242	if (err)
		243	goto out;
		244	err = crypto_hash_final(&desc, cksum->data);
		245
		246	out:
		247	crypto_free_hash(desc.tfm);
		248	return err ? GSS_S_FAILURE : 0;
239	}	249	}
240		250
241	EXPORT_SYMBOL(make_checksum);	251	EXPORT_SYMBOL(make_checksum);


diff --git a/security/seclvl.c b/security/seclvl.c index c26dd7de0471..8f6291991fbc 100644 --- a/security/seclvl.c +++ b/security/seclvl.c
@@ -16,6 +16,7 @@
16	* (at your option) any later version.	16	* (at your option) any later version.
17	*/	17	*/
18		18
		19	#include <linux/err.h>
19	#include <linux/module.h>	20	#include <linux/module.h>
20	#include <linux/moduleparam.h>	21	#include <linux/moduleparam.h>
21	#include <linux/kernel.h>	22	#include <linux/kernel.h>
@@ -197,26 +198,27 @@ static unsigned char hashedPassword[SHA1_DIGEST_SIZE];
197	static int	198	static int
198	plaintext_to_sha1(unsigned char hash, const char plaintext, unsigned int len)	199	plaintext_to_sha1(unsigned char hash, const char plaintext, unsigned int len)
199	{	200	{
200	struct crypto_tfm *tfm;	201	struct hash_desc desc;
201	struct scatterlist sg;	202	struct scatterlist sg;
		203	int err;
		204
202	if (len > PAGE_SIZE) {	205	if (len > PAGE_SIZE) {
203	seclvl_printk(0, KERN_ERR, "Plaintext password too large (%d "	206	seclvl_printk(0, KERN_ERR, "Plaintext password too large (%d "
204	"characters). Largest possible is %lu "	207	"characters). Largest possible is %lu "
205	"bytes.\n", len, PAGE_SIZE);	208	"bytes.\n", len, PAGE_SIZE);
206	return -EINVAL;	209	return -EINVAL;
207	}	210	}
208	tfm = crypto_alloc_tfm("sha1", CRYPTO_TFM_REQ_MAY_SLEEP);	211	desc.tfm = crypto_alloc_hash("sha1", 0, CRYPTO_ALG_ASYNC);
209	if (tfm == NULL) {	212	if (IS_ERR(desc.tfm)) {
210	seclvl_printk(0, KERN_ERR,	213	seclvl_printk(0, KERN_ERR,
211	"Failed to load transform for SHA1\n");	214	"Failed to load transform for SHA1\n");
212	return -EINVAL;	215	return -EINVAL;
213	}	216	}
214	sg_init_one(&sg, (u8 *)plaintext, len);	217	sg_init_one(&sg, (u8 *)plaintext, len);
215	crypto_digest_init(tfm);	218	desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
216	crypto_digest_update(tfm, &sg, 1);	219	err = crypto_hash_digest(&desc, &sg, len, hash);
217	crypto_digest_final(tfm, hash);	220	crypto_free_hash(desc.tfm);
218	crypto_free_tfm(tfm);	221	return err;
219	return 0;
220	}	222	}
221		223
222	/**	224	/**