Commit 055906d1 authored by Herbert Xu's avatar Herbert Xu

crypto: eseqiv - Offer normal cipher functionality without RNG

The RNG may not be available during early boot, e.g., the relevant
modules may not be included in the initramfs.  As the RNG Is only
needed for IPsec, we should not let this prevent use of ciphers
without IV generators, e.g., for disk encryption.

This patch postpones the RNG allocation to the init function so
that one failure during early boot does not make the RNG unavailable
for all subsequent users of the same cipher.

More importantly, it lets the cipher live even if RNG allocation
fails.  Of course we no longer offer IV generation and which will
fail with an error if invoked.  But all other cipher capabilities
will function as usual.
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 341476d6
...@@ -152,6 +152,7 @@ static int eseqiv_init(struct crypto_tfm *tfm) ...@@ -152,6 +152,7 @@ static int eseqiv_init(struct crypto_tfm *tfm)
struct eseqiv_ctx *ctx = crypto_ablkcipher_ctx(geniv); struct eseqiv_ctx *ctx = crypto_ablkcipher_ctx(geniv);
unsigned long alignmask; unsigned long alignmask;
unsigned int reqsize; unsigned int reqsize;
int err;
spin_lock_init(&ctx->lock); spin_lock_init(&ctx->lock);
...@@ -175,9 +176,15 @@ static int eseqiv_init(struct crypto_tfm *tfm) ...@@ -175,9 +176,15 @@ static int eseqiv_init(struct crypto_tfm *tfm)
tfm->crt_ablkcipher.reqsize = reqsize + tfm->crt_ablkcipher.reqsize = reqsize +
sizeof(struct ablkcipher_request); sizeof(struct ablkcipher_request);
return crypto_rng_get_bytes(crypto_default_rng, ctx->salt, err = 0;
crypto_ablkcipher_ivsize(geniv)) ?: if (!crypto_get_default_rng()) {
skcipher_geniv_init(tfm); crypto_ablkcipher_crt(geniv)->givencrypt = eseqiv_givencrypt;
err = crypto_rng_get_bytes(crypto_default_rng, ctx->salt,
crypto_ablkcipher_ivsize(geniv));
crypto_put_default_rng();
}
return err ?: skcipher_geniv_init(tfm);
} }
static struct crypto_template eseqiv_tmpl; static struct crypto_template eseqiv_tmpl;
...@@ -187,20 +194,14 @@ static struct crypto_instance *eseqiv_alloc(struct rtattr **tb) ...@@ -187,20 +194,14 @@ static struct crypto_instance *eseqiv_alloc(struct rtattr **tb)
struct crypto_instance *inst; struct crypto_instance *inst;
int err; int err;
err = crypto_get_default_rng();
if (err)
return ERR_PTR(err);
inst = skcipher_geniv_alloc(&eseqiv_tmpl, tb, 0, 0); inst = skcipher_geniv_alloc(&eseqiv_tmpl, tb, 0, 0);
if (IS_ERR(inst)) if (IS_ERR(inst))
goto put_rng; goto out;
err = -EINVAL; err = -EINVAL;
if (inst->alg.cra_ablkcipher.ivsize != inst->alg.cra_blocksize) if (inst->alg.cra_ablkcipher.ivsize != inst->alg.cra_blocksize)
goto free_inst; goto free_inst;
inst->alg.cra_ablkcipher.givencrypt = eseqiv_givencrypt;
inst->alg.cra_init = eseqiv_init; inst->alg.cra_init = eseqiv_init;
inst->alg.cra_exit = skcipher_geniv_exit; inst->alg.cra_exit = skcipher_geniv_exit;
...@@ -213,21 +214,13 @@ static struct crypto_instance *eseqiv_alloc(struct rtattr **tb) ...@@ -213,21 +214,13 @@ static struct crypto_instance *eseqiv_alloc(struct rtattr **tb)
free_inst: free_inst:
skcipher_geniv_free(inst); skcipher_geniv_free(inst);
inst = ERR_PTR(err); inst = ERR_PTR(err);
put_rng:
crypto_put_default_rng();
goto out; goto out;
} }
static void eseqiv_free(struct crypto_instance *inst)
{
skcipher_geniv_free(inst);
crypto_put_default_rng();
}
static struct crypto_template eseqiv_tmpl = { static struct crypto_template eseqiv_tmpl = {
.name = "eseqiv", .name = "eseqiv",
.alloc = eseqiv_alloc, .alloc = eseqiv_alloc,
.free = eseqiv_free, .free = skcipher_geniv_free,
.module = THIS_MODULE, .module = THIS_MODULE,
}; };
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment