From 51d8d6d0f4bedb6a4e9afb20857bb592424de144 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Fri, 19 May 2023 16:28:35 +0800 Subject: crypto: cipher - Add crypto_clone_cipher Allow simple ciphers to be cloned, if they don't have a cra_init function. This basically rules out those ciphers that require a fallback. In future simple ciphers will be eliminated, and replaced with a linear skcipher interface. When that happens this restriction will disappear. Signed-off-by: Herbert Xu Acked-by: Ard Biesheuvel Signed-off-by: Herbert Xu --- crypto/cipher.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'crypto/cipher.c') diff --git a/crypto/cipher.c b/crypto/cipher.c index b47141ed4a9f..d39ef5f72ab8 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c @@ -90,3 +90,26 @@ void crypto_cipher_decrypt_one(struct crypto_cipher *tfm, cipher_crypt_one(tfm, dst, src, false); } EXPORT_SYMBOL_NS_GPL(crypto_cipher_decrypt_one, CRYPTO_INTERNAL); + +struct crypto_cipher *crypto_clone_cipher(struct crypto_cipher *cipher) +{ + struct crypto_tfm *tfm = crypto_cipher_tfm(cipher); + struct crypto_alg *alg = tfm->__crt_alg; + struct crypto_cipher *ncipher; + struct crypto_tfm *ntfm; + + if (alg->cra_init) + return ERR_PTR(-ENOSYS); + + ntfm = __crypto_alloc_tfm(alg, CRYPTO_ALG_TYPE_CIPHER, + CRYPTO_ALG_TYPE_MASK); + if (IS_ERR(ntfm)) + return ERR_CAST(ntfm); + + ntfm->crt_flags = tfm->crt_flags; + + ncipher = __crypto_cipher_cast(ntfm); + + return ncipher; +} +EXPORT_SYMBOL_GPL(crypto_clone_cipher); -- cgit v1.2.3 From fa3b3565f3ac5a468e3efebca00e10db5db3d6bb Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 15 Jun 2023 17:00:51 +0800 Subject: crypto: api - Add __crypto_alloc_tfmgfp Use it straight away in crypto_clone_cipher(), as that is not meant to sleep. Fixes: 51d8d6d0f4be ("crypto: cipher - Add crypto_clone_cipher") Signed-off-by: Dmitry Safonov Signed-off-by: Herbert Xu --- crypto/api.c | 13 ++++++++++--- crypto/cipher.c | 4 ++-- crypto/internal.h | 2 ++ 3 files changed, 14 insertions(+), 5 deletions(-) (limited to 'crypto/cipher.c') diff --git a/crypto/api.c b/crypto/api.c index a94bd0695719..b9cc0c906efe 100644 --- a/crypto/api.c +++ b/crypto/api.c @@ -386,15 +386,15 @@ void crypto_shoot_alg(struct crypto_alg *alg) } EXPORT_SYMBOL_GPL(crypto_shoot_alg); -struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type, - u32 mask) +struct crypto_tfm *__crypto_alloc_tfmgfp(struct crypto_alg *alg, u32 type, + u32 mask, gfp_t gfp) { struct crypto_tfm *tfm = NULL; unsigned int tfm_size; int err = -ENOMEM; tfm_size = sizeof(*tfm) + crypto_ctxsize(alg, type, mask); - tfm = kzalloc(tfm_size, GFP_KERNEL); + tfm = kzalloc(tfm_size, gfp); if (tfm == NULL) goto out_err; @@ -416,6 +416,13 @@ out_err: out: return tfm; } +EXPORT_SYMBOL_GPL(__crypto_alloc_tfmgfp); + +struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type, + u32 mask) +{ + return __crypto_alloc_tfmgfp(alg, type, mask, GFP_KERNEL); +} EXPORT_SYMBOL_GPL(__crypto_alloc_tfm); /* diff --git a/crypto/cipher.c b/crypto/cipher.c index d39ef5f72ab8..a5a88038f0d6 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c @@ -101,8 +101,8 @@ struct crypto_cipher *crypto_clone_cipher(struct crypto_cipher *cipher) if (alg->cra_init) return ERR_PTR(-ENOSYS); - ntfm = __crypto_alloc_tfm(alg, CRYPTO_ALG_TYPE_CIPHER, - CRYPTO_ALG_TYPE_MASK); + ntfm = __crypto_alloc_tfmgfp(alg, CRYPTO_ALG_TYPE_CIPHER, + CRYPTO_ALG_TYPE_MASK, GFP_ATOMIC); if (IS_ERR(ntfm)) return ERR_CAST(ntfm); diff --git a/crypto/internal.h b/crypto/internal.h index 8dd746b1130b..e8c3aad71aa9 100644 --- a/crypto/internal.h +++ b/crypto/internal.h @@ -102,6 +102,8 @@ void crypto_remove_spawns(struct crypto_alg *alg, struct list_head *list, struct crypto_alg *nalg); void crypto_remove_final(struct list_head *list); void crypto_shoot_alg(struct crypto_alg *alg); +struct crypto_tfm *__crypto_alloc_tfmgfp(struct crypto_alg *alg, u32 type, + u32 mask, gfp_t gfp); struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type, u32 mask); void *crypto_create_tfm_node(struct crypto_alg *alg, -- cgit v1.2.3 From 9979c6e55d2b54ed6e0ce69b6f7faa7889549402 Mon Sep 17 00:00:00 2001 From: Dmitry Safonov Date: Wed, 14 Jun 2023 18:46:43 +0100 Subject: crypto: cipher - On clone do crypto_mod_get() The refcounter of underlying algorithm should be incremented, otherwise it'll be destroyed with the cloned cipher, wrecking the original cipher. Signed-off-by: Dmitry Safonov Signed-off-by: Herbert Xu --- crypto/cipher.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'crypto/cipher.c') diff --git a/crypto/cipher.c b/crypto/cipher.c index a5a88038f0d6..47c77a3e5978 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c @@ -101,10 +101,15 @@ struct crypto_cipher *crypto_clone_cipher(struct crypto_cipher *cipher) if (alg->cra_init) return ERR_PTR(-ENOSYS); + if (unlikely(!crypto_mod_get(alg))) + return ERR_PTR(-ESTALE); + ntfm = __crypto_alloc_tfmgfp(alg, CRYPTO_ALG_TYPE_CIPHER, CRYPTO_ALG_TYPE_MASK, GFP_ATOMIC); - if (IS_ERR(ntfm)) + if (IS_ERR(ntfm)) { + crypto_mod_put(alg); return ERR_CAST(ntfm); + } ntfm->crt_flags = tfm->crt_flags; -- cgit v1.2.3