From 26739535206e819946b0740347c09c94c4e48ba9 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 23 Apr 2015 16:34:47 +0800 Subject: crypto: skcipher - Fix corner case in crypto_lookup_skcipher When the user explicitly states that they don't care whether the algorithm has been tested (type = CRYPTO_ALG_TESTED and mask = 0), there is a corner case where we may erroneously return ENOENT. This patch fixes it by correcting the logic in the test. Signed-off-by: Herbert Xu --- crypto/ablkcipher.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'crypto/ablkcipher.c') diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c index db201bca..b3dded4 100644 --- a/crypto/ablkcipher.c +++ b/crypto/ablkcipher.c @@ -636,7 +636,7 @@ struct crypto_alg *crypto_lookup_skcipher(const char *name, u32 type, u32 mask) if ((alg->cra_flags & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_GIVCIPHER) { - if ((alg->cra_flags ^ type ^ ~mask) & CRYPTO_ALG_TESTED) { + if (~alg->cra_flags & (type ^ ~mask) & CRYPTO_ALG_TESTED) { crypto_mod_put(alg); alg = ERR_PTR(-ENOENT); } -- cgit v1.1 From 56e34378bbbb7af21cf73d98a92c0411386e091c Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Sat, 23 May 2015 15:41:48 +0800 Subject: crypto: skcipher - Use tmpl->create Newer templates use tmpl->create and have a NULL tmpl->alloc. So we must use tmpl->create if it is set. Signed-off-by: Herbert Xu --- crypto/ablkcipher.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'crypto/ablkcipher.c') diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c index b3dded4..b15d797 100644 --- a/crypto/ablkcipher.c +++ b/crypto/ablkcipher.c @@ -586,6 +586,13 @@ static int crypto_givcipher_default(struct crypto_alg *alg, u32 type, u32 mask) if (!tmpl) goto kill_larval; + if (tmpl->create) { + err = tmpl->create(tmpl, tb); + if (err) + goto put_tmpl; + goto ok; + } + inst = tmpl->alloc(tb); err = PTR_ERR(inst); if (IS_ERR(inst)) @@ -597,6 +604,7 @@ static int crypto_givcipher_default(struct crypto_alg *alg, u32 type, u32 mask) goto put_tmpl; } +ok: /* Redo the lookup to use the instance we just registered. */ err = -EAGAIN; -- cgit v1.1 From 21dbd96f2287a49219d35a0e916cf3f2bcaab9d0 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Sun, 21 Jun 2015 19:11:41 +0800 Subject: crypto: skcipher - Allow givencrypt to be NULL Currently for skcipher IV generators they must provide givencrypt as that is the whole point. We are currently replacing skcipher IV generators with explicit IV generators. In order to maintain backwards compatibility, we need to allow the IV generators to still function as a normal skcipher when the RNG Is not present (e.g., in the initramfs during boot). IOW everything but givencrypt and givdecrypt will still work but those two will fail. Therefore this patch assigns a default givencrypt that simply returns an error should it be NULL. Signed-off-by: Herbert Xu --- crypto/ablkcipher.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'crypto/ablkcipher.c') diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c index b15d797..b788f16 100644 --- a/crypto/ablkcipher.c +++ b/crypto/ablkcipher.c @@ -454,7 +454,7 @@ static int crypto_init_givcipher_ops(struct crypto_tfm *tfm, u32 type, alg->setkey : setkey; crt->encrypt = alg->encrypt; crt->decrypt = alg->decrypt; - crt->givencrypt = alg->givencrypt; + crt->givencrypt = alg->givencrypt ?: no_givdecrypt; crt->givdecrypt = alg->givdecrypt ?: no_givdecrypt; crt->base = __crypto_ablkcipher_cast(tfm); crt->ivsize = alg->ivsize; -- cgit v1.1