tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: gcm - Use GHASH library instead of crypto_ahash

Make the "gcm" template access GHASH using the library API instead of
crypto_ahash. This is much simpler and more efficient, especially given
that all GHASH implementations are synchronous and CPU-based anyway.

Note that this allows "ghash" to be removed from the crypto_ahash (and
crypto_shash) API, which a later commit will do.

This mirrors the similar cleanup that was done with POLYVAL.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20260319061723.1140720-16-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>

Eric Biggers 9f4e9553 3e79c8ec

+92 -349
+1 -1
crypto/Kconfig
··· 794 794 tristate "GCM (Galois/Counter Mode) and GMAC (GCM MAC)" 795 795 select CRYPTO_CTR 796 796 select CRYPTO_AEAD 797 - select CRYPTO_GHASH 797 + select CRYPTO_LIB_GF128HASH 798 798 select CRYPTO_MANAGER 799 799 help 800 800 GCM (Galois/Counter Mode) authenticated encryption mode and GMAC
+85 -342
crypto/gcm.c
··· 5 5 * Copyright (c) 2007 Nokia Siemens Networks - Mikko Herranen <mh1@iki.fi> 6 6 */ 7 7 8 - #include <crypto/gf128mul.h> 9 8 #include <crypto/internal/aead.h> 10 9 #include <crypto/internal/skcipher.h> 11 - #include <crypto/internal/hash.h> 12 10 #include <crypto/scatterwalk.h> 13 11 #include <crypto/gcm.h> 14 - #include <crypto/hash.h> 12 + #include <crypto/gf128hash.h> 15 13 #include <linux/err.h> 16 14 #include <linux/init.h> 17 15 #include <linux/kernel.h> ··· 18 20 19 21 struct gcm_instance_ctx { 20 22 struct crypto_skcipher_spawn ctr; 21 - struct crypto_ahash_spawn ghash; 22 23 }; 23 24 24 25 struct crypto_gcm_ctx { 25 26 struct crypto_skcipher *ctr; 26 - struct crypto_ahash *ghash; 27 + struct ghash_key ghash; 27 28 }; 28 29 29 30 struct crypto_rfc4106_ctx { ··· 49 52 struct aead_request subreq; 50 53 }; 51 54 52 - struct crypto_gcm_ghash_ctx { 53 - unsigned int cryptlen; 54 - struct scatterlist *src; 55 - int (*complete)(struct aead_request *req, u32 flags); 56 - }; 57 - 58 55 struct crypto_gcm_req_priv_ctx { 59 56 u8 iv[16]; 60 57 u8 auth_tag[16]; 61 58 u8 iauth_tag[16]; 62 59 struct scatterlist src[3]; 63 60 struct scatterlist dst[3]; 64 - struct scatterlist sg; 65 - struct crypto_gcm_ghash_ctx ghash_ctx; 66 - union { 67 - struct ahash_request ahreq; 68 - struct skcipher_request skreq; 69 - } u; 61 + struct skcipher_request skreq; /* Must be last */ 70 62 }; 71 - 72 - static struct { 73 - u8 buf[16]; 74 - struct scatterlist sg; 75 - } *gcm_zeroes; 76 63 77 64 static inline struct crypto_gcm_req_priv_ctx *crypto_gcm_reqctx( 78 65 struct aead_request *req) ··· 70 89 unsigned int keylen) 71 90 { 72 91 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(aead); 73 - struct crypto_ahash *ghash = ctx->ghash; 74 92 struct crypto_skcipher *ctr = ctx->ctr; 75 93 struct { 76 - be128 hash; 94 + u8 h[GHASH_BLOCK_SIZE]; 77 95 u8 iv[16]; 78 96 79 97 struct crypto_wait wait; ··· 95 115 return -ENOMEM; 96 116 97 117 crypto_init_wait(&data->wait); 98 - sg_init_one(data->sg, &data->hash, sizeof(data->hash)); 118 + sg_init_one(data->sg, data->h, sizeof(data->h)); 99 119 skcipher_request_set_tfm(&data->req, ctr); 100 120 skcipher_request_set_callback(&data->req, CRYPTO_TFM_REQ_MAY_SLEEP | 101 121 CRYPTO_TFM_REQ_MAY_BACKLOG, 102 122 crypto_req_done, 103 123 &data->wait); 104 124 skcipher_request_set_crypt(&data->req, data->sg, data->sg, 105 - sizeof(data->hash), data->iv); 125 + sizeof(data->h), data->iv); 106 126 107 127 err = crypto_wait_req(crypto_skcipher_encrypt(&data->req), 108 128 &data->wait); ··· 110 130 if (err) 111 131 goto out; 112 132 113 - crypto_ahash_clear_flags(ghash, CRYPTO_TFM_REQ_MASK); 114 - crypto_ahash_set_flags(ghash, crypto_aead_get_flags(aead) & 115 - CRYPTO_TFM_REQ_MASK); 116 - err = crypto_ahash_setkey(ghash, (u8 *)&data->hash, sizeof(be128)); 133 + ghash_preparekey(&ctx->ghash, data->h); 117 134 out: 118 135 kfree_sensitive(data); 119 136 return err; ··· 153 176 struct crypto_aead *aead = crypto_aead_reqtfm(req); 154 177 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(aead); 155 178 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 156 - struct skcipher_request *skreq = &pctx->u.skreq; 179 + struct skcipher_request *skreq = &pctx->skreq; 157 180 struct scatterlist *dst; 158 181 159 182 dst = req->src == req->dst ? pctx->src : pctx->dst; ··· 164 187 pctx->iv); 165 188 } 166 189 167 - static inline unsigned int gcm_remain(unsigned int len) 190 + static void ghash_update_sg_and_pad(struct ghash_ctx *ghash, 191 + struct scatterlist *sg, unsigned int len) 168 192 { 169 - len &= 0xfU; 170 - return len ? 16 - len : 0; 193 + static const u8 zeroes[GHASH_BLOCK_SIZE]; 194 + 195 + if (len) { 196 + unsigned int pad_len = -len % GHASH_BLOCK_SIZE; 197 + struct scatter_walk walk; 198 + 199 + scatterwalk_start(&walk, sg); 200 + do { 201 + unsigned int n = scatterwalk_next(&walk, len); 202 + 203 + ghash_update(ghash, walk.addr, n); 204 + scatterwalk_done_src(&walk, n); 205 + len -= n; 206 + } while (len); 207 + 208 + if (pad_len) 209 + ghash_update(ghash, zeroes, pad_len); 210 + } 171 211 } 172 212 173 - static void gcm_hash_len_done(void *data, int err); 174 - 175 - static int gcm_hash_update(struct aead_request *req, 176 - crypto_completion_t compl, 177 - struct scatterlist *src, 178 - unsigned int len, u32 flags) 213 + static void gcm_hash(struct aead_request *req, struct scatterlist *ctext, 214 + unsigned int datalen, u8 out[GHASH_BLOCK_SIZE]) 179 215 { 180 - struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 181 - struct ahash_request *ahreq = &pctx->u.ahreq; 216 + const struct crypto_gcm_ctx *ctx = 217 + crypto_aead_ctx(crypto_aead_reqtfm(req)); 218 + __be64 lengths[2] = { 219 + cpu_to_be64(8 * (u64)req->assoclen), 220 + cpu_to_be64(8 * (u64)datalen), 221 + }; 222 + struct ghash_ctx ghash; 182 223 183 - ahash_request_set_callback(ahreq, flags, compl, req); 184 - ahash_request_set_crypt(ahreq, src, NULL, len); 224 + ghash_init(&ghash, &ctx->ghash); 185 225 186 - return crypto_ahash_update(ahreq); 226 + /* Associated data, then zero-padding to the next 16-byte boundary */ 227 + ghash_update_sg_and_pad(&ghash, req->src, req->assoclen); 228 + 229 + /* Ciphertext, then zero-padding to the next 16-byte boundary */ 230 + ghash_update_sg_and_pad(&ghash, ctext, datalen); 231 + 232 + /* Lengths block */ 233 + ghash_update(&ghash, (const u8 *)lengths, sizeof(lengths)); 234 + 235 + ghash_final(&ghash, out); 187 236 } 188 237 189 - static int gcm_hash_remain(struct aead_request *req, 190 - unsigned int remain, 191 - crypto_completion_t compl, u32 flags) 238 + static int gcm_add_auth_tag(struct aead_request *req) 192 239 { 193 - return gcm_hash_update(req, compl, &gcm_zeroes->sg, remain, flags); 194 - } 195 - 196 - static int gcm_hash_len(struct aead_request *req, u32 flags) 197 - { 198 - struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 199 - struct ahash_request *ahreq = &pctx->u.ahreq; 200 - struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 201 - be128 lengths; 202 - 203 - lengths.a = cpu_to_be64(req->assoclen * 8); 204 - lengths.b = cpu_to_be64(gctx->cryptlen * 8); 205 - memcpy(pctx->iauth_tag, &lengths, 16); 206 - sg_init_one(&pctx->sg, pctx->iauth_tag, 16); 207 - ahash_request_set_callback(ahreq, flags, gcm_hash_len_done, req); 208 - ahash_request_set_crypt(ahreq, &pctx->sg, 209 - pctx->iauth_tag, sizeof(lengths)); 210 - 211 - return crypto_ahash_finup(ahreq); 212 - } 213 - 214 - static int gcm_hash_len_continue(struct aead_request *req, u32 flags) 215 - { 216 - struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 217 - struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 218 - 219 - return gctx->complete(req, flags); 220 - } 221 - 222 - static void gcm_hash_len_done(void *data, int err) 223 - { 224 - struct aead_request *req = data; 225 - 226 - if (err) 227 - goto out; 228 - 229 - err = gcm_hash_len_continue(req, 0); 230 - if (err == -EINPROGRESS) 231 - return; 232 - 233 - out: 234 - aead_request_complete(req, err); 235 - } 236 - 237 - static int gcm_hash_crypt_remain_continue(struct aead_request *req, u32 flags) 238 - { 239 - return gcm_hash_len(req, flags) ?: 240 - gcm_hash_len_continue(req, flags); 241 - } 242 - 243 - static void gcm_hash_crypt_remain_done(void *data, int err) 244 - { 245 - struct aead_request *req = data; 246 - 247 - if (err) 248 - goto out; 249 - 250 - err = gcm_hash_crypt_remain_continue(req, 0); 251 - if (err == -EINPROGRESS) 252 - return; 253 - 254 - out: 255 - aead_request_complete(req, err); 256 - } 257 - 258 - static int gcm_hash_crypt_continue(struct aead_request *req, u32 flags) 259 - { 260 - struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 261 - struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 262 - unsigned int remain; 263 - 264 - remain = gcm_remain(gctx->cryptlen); 265 - if (remain) 266 - return gcm_hash_remain(req, remain, 267 - gcm_hash_crypt_remain_done, flags) ?: 268 - gcm_hash_crypt_remain_continue(req, flags); 269 - 270 - return gcm_hash_crypt_remain_continue(req, flags); 271 - } 272 - 273 - static void gcm_hash_crypt_done(void *data, int err) 274 - { 275 - struct aead_request *req = data; 276 - 277 - if (err) 278 - goto out; 279 - 280 - err = gcm_hash_crypt_continue(req, 0); 281 - if (err == -EINPROGRESS) 282 - return; 283 - 284 - out: 285 - aead_request_complete(req, err); 286 - } 287 - 288 - static int gcm_hash_assoc_remain_continue(struct aead_request *req, u32 flags) 289 - { 290 - struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 291 - struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 292 - 293 - if (gctx->cryptlen) 294 - return gcm_hash_update(req, gcm_hash_crypt_done, 295 - gctx->src, gctx->cryptlen, flags) ?: 296 - gcm_hash_crypt_continue(req, flags); 297 - 298 - return gcm_hash_crypt_remain_continue(req, flags); 299 - } 300 - 301 - static void gcm_hash_assoc_remain_done(void *data, int err) 302 - { 303 - struct aead_request *req = data; 304 - 305 - if (err) 306 - goto out; 307 - 308 - err = gcm_hash_assoc_remain_continue(req, 0); 309 - if (err == -EINPROGRESS) 310 - return; 311 - 312 - out: 313 - aead_request_complete(req, err); 314 - } 315 - 316 - static int gcm_hash_assoc_continue(struct aead_request *req, u32 flags) 317 - { 318 - unsigned int remain; 319 - 320 - remain = gcm_remain(req->assoclen); 321 - if (remain) 322 - return gcm_hash_remain(req, remain, 323 - gcm_hash_assoc_remain_done, flags) ?: 324 - gcm_hash_assoc_remain_continue(req, flags); 325 - 326 - return gcm_hash_assoc_remain_continue(req, flags); 327 - } 328 - 329 - static void gcm_hash_assoc_done(void *data, int err) 330 - { 331 - struct aead_request *req = data; 332 - 333 - if (err) 334 - goto out; 335 - 336 - err = gcm_hash_assoc_continue(req, 0); 337 - if (err == -EINPROGRESS) 338 - return; 339 - 340 - out: 341 - aead_request_complete(req, err); 342 - } 343 - 344 - static int gcm_hash_init_continue(struct aead_request *req, u32 flags) 345 - { 346 - if (req->assoclen) 347 - return gcm_hash_update(req, gcm_hash_assoc_done, 348 - req->src, req->assoclen, flags) ?: 349 - gcm_hash_assoc_continue(req, flags); 350 - 351 - return gcm_hash_assoc_remain_continue(req, flags); 352 - } 353 - 354 - static void gcm_hash_init_done(void *data, int err) 355 - { 356 - struct aead_request *req = data; 357 - 358 - if (err) 359 - goto out; 360 - 361 - err = gcm_hash_init_continue(req, 0); 362 - if (err == -EINPROGRESS) 363 - return; 364 - 365 - out: 366 - aead_request_complete(req, err); 367 - } 368 - 369 - static int gcm_hash(struct aead_request *req, u32 flags) 370 - { 371 - struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 372 - struct ahash_request *ahreq = &pctx->u.ahreq; 373 - struct crypto_gcm_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req)); 374 - 375 - ahash_request_set_tfm(ahreq, ctx->ghash); 376 - 377 - ahash_request_set_callback(ahreq, flags, gcm_hash_init_done, req); 378 - return crypto_ahash_init(ahreq) ?: 379 - gcm_hash_init_continue(req, flags); 380 - } 381 - 382 - static int gcm_enc_copy_hash(struct aead_request *req, u32 flags) 383 - { 384 - struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 385 240 struct crypto_aead *aead = crypto_aead_reqtfm(req); 386 - u8 *auth_tag = pctx->auth_tag; 387 - 388 - crypto_xor(auth_tag, pctx->iauth_tag, 16); 389 - scatterwalk_map_and_copy(auth_tag, req->dst, 390 - req->assoclen + req->cryptlen, 391 - crypto_aead_authsize(aead), 1); 392 - return 0; 393 - } 394 - 395 - static int gcm_encrypt_continue(struct aead_request *req, u32 flags) 396 - { 397 241 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 398 - struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 399 242 400 - gctx->src = sg_next(req->src == req->dst ? pctx->src : pctx->dst); 401 - gctx->cryptlen = req->cryptlen; 402 - gctx->complete = gcm_enc_copy_hash; 403 - 404 - return gcm_hash(req, flags); 243 + gcm_hash(req, sg_next(req->src == req->dst ? pctx->src : pctx->dst), 244 + req->cryptlen, pctx->iauth_tag); 245 + crypto_xor(pctx->auth_tag, pctx->iauth_tag, 16); 246 + memcpy_to_sglist(req->dst, req->assoclen + req->cryptlen, 247 + pctx->auth_tag, crypto_aead_authsize(aead)); 248 + return 0; 405 249 } 406 250 407 251 static void gcm_encrypt_done(void *data, int err) ··· 232 434 if (err) 233 435 goto out; 234 436 235 - err = gcm_encrypt_continue(req, 0); 236 - if (err == -EINPROGRESS) 237 - return; 437 + err = gcm_add_auth_tag(req); 238 438 239 439 out: 240 440 aead_request_complete(req, err); ··· 241 445 static int crypto_gcm_encrypt(struct aead_request *req) 242 446 { 243 447 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 244 - struct skcipher_request *skreq = &pctx->u.skreq; 448 + struct skcipher_request *skreq = &pctx->skreq; 245 449 u32 flags = aead_request_flags(req); 246 450 247 451 crypto_gcm_init_common(req); 248 452 crypto_gcm_init_crypt(req, req->cryptlen); 249 453 skcipher_request_set_callback(skreq, flags, gcm_encrypt_done, req); 250 454 251 - return crypto_skcipher_encrypt(skreq) ?: 252 - gcm_encrypt_continue(req, flags); 455 + return crypto_skcipher_encrypt(skreq) ?: gcm_add_auth_tag(req); 253 456 } 254 457 255 458 static int crypto_gcm_verify(struct aead_request *req) ··· 276 481 aead_request_complete(req, err); 277 482 } 278 483 279 - static int gcm_dec_hash_continue(struct aead_request *req, u32 flags) 280 - { 281 - struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 282 - struct skcipher_request *skreq = &pctx->u.skreq; 283 - struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 284 - 285 - crypto_gcm_init_crypt(req, gctx->cryptlen); 286 - skcipher_request_set_callback(skreq, flags, gcm_decrypt_done, req); 287 - return crypto_skcipher_decrypt(skreq) ?: crypto_gcm_verify(req); 288 - } 289 - 290 484 static int crypto_gcm_decrypt(struct aead_request *req) 291 485 { 292 486 struct crypto_aead *aead = crypto_aead_reqtfm(req); 293 487 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 294 - struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 295 - unsigned int authsize = crypto_aead_authsize(aead); 296 - unsigned int cryptlen = req->cryptlen; 297 - u32 flags = aead_request_flags(req); 298 - 299 - cryptlen -= authsize; 488 + struct skcipher_request *skreq = &pctx->skreq; 489 + unsigned int datalen = req->cryptlen - crypto_aead_authsize(aead); 300 490 301 491 crypto_gcm_init_common(req); 302 492 303 - gctx->src = sg_next(pctx->src); 304 - gctx->cryptlen = cryptlen; 305 - gctx->complete = gcm_dec_hash_continue; 493 + gcm_hash(req, sg_next(pctx->src), datalen, pctx->iauth_tag); 306 494 307 - return gcm_hash(req, flags); 495 + crypto_gcm_init_crypt(req, datalen); 496 + skcipher_request_set_callback(skreq, aead_request_flags(req), 497 + gcm_decrypt_done, req); 498 + return crypto_skcipher_decrypt(skreq) ?: crypto_gcm_verify(req); 308 499 } 309 500 310 501 static int crypto_gcm_init_tfm(struct crypto_aead *tfm) ··· 299 518 struct gcm_instance_ctx *ictx = aead_instance_ctx(inst); 300 519 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(tfm); 301 520 struct crypto_skcipher *ctr; 302 - struct crypto_ahash *ghash; 303 521 unsigned long align; 304 - int err; 305 - 306 - ghash = crypto_spawn_ahash(&ictx->ghash); 307 - if (IS_ERR(ghash)) 308 - return PTR_ERR(ghash); 309 522 310 523 ctr = crypto_spawn_skcipher(&ictx->ctr); 311 - err = PTR_ERR(ctr); 312 524 if (IS_ERR(ctr)) 313 - goto err_free_hash; 525 + return PTR_ERR(ctr); 314 526 315 527 ctx->ctr = ctr; 316 - ctx->ghash = ghash; 317 528 318 529 align = crypto_aead_alignmask(tfm); 319 530 align &= ~(crypto_tfm_ctx_alignment() - 1); 320 531 crypto_aead_set_reqsize(tfm, 321 - align + offsetof(struct crypto_gcm_req_priv_ctx, u) + 322 - max(sizeof(struct skcipher_request) + 323 - crypto_skcipher_reqsize(ctr), 324 - sizeof(struct ahash_request) + 325 - crypto_ahash_reqsize(ghash))); 326 - 532 + align + sizeof(struct crypto_gcm_req_priv_ctx) + 533 + crypto_skcipher_reqsize(ctr)); 327 534 return 0; 328 - 329 - err_free_hash: 330 - crypto_free_ahash(ghash); 331 - return err; 332 535 } 333 536 334 537 static void crypto_gcm_exit_tfm(struct crypto_aead *tfm) 335 538 { 336 539 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(tfm); 337 540 338 - crypto_free_ahash(ctx->ghash); 339 541 crypto_free_skcipher(ctx->ctr); 340 542 } 341 543 ··· 327 563 struct gcm_instance_ctx *ctx = aead_instance_ctx(inst); 328 564 329 565 crypto_drop_skcipher(&ctx->ctr); 330 - crypto_drop_ahash(&ctx->ghash); 331 566 kfree(inst); 332 567 } 333 568 334 569 static int crypto_gcm_create_common(struct crypto_template *tmpl, 335 - struct rtattr **tb, 336 - const char *ctr_name, 337 - const char *ghash_name) 570 + struct rtattr **tb, const char *ctr_name) 338 571 { 339 572 struct skcipher_alg_common *ctr; 340 573 u32 mask; 341 574 struct aead_instance *inst; 342 575 struct gcm_instance_ctx *ctx; 343 - struct hash_alg_common *ghash; 344 576 int err; 345 577 346 578 err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_AEAD, &mask); ··· 347 587 if (!inst) 348 588 return -ENOMEM; 349 589 ctx = aead_instance_ctx(inst); 350 - 351 - err = crypto_grab_ahash(&ctx->ghash, aead_crypto_instance(inst), 352 - ghash_name, 0, mask); 353 - if (err) 354 - goto err_free_inst; 355 - ghash = crypto_spawn_ahash_alg(&ctx->ghash); 356 - 357 - err = -EINVAL; 358 - if (strcmp(ghash->base.cra_name, "ghash") != 0 || 359 - ghash->digestsize != 16) 360 - goto err_free_inst; 361 590 362 591 err = crypto_grab_skcipher(&ctx->ctr, aead_crypto_instance(inst), 363 592 ctr_name, 0, mask); ··· 366 617 goto err_free_inst; 367 618 368 619 if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, 369 - "gcm_base(%s,%s)", ctr->base.cra_driver_name, 370 - ghash->base.cra_driver_name) >= 371 - CRYPTO_MAX_ALG_NAME) 620 + "gcm_base(%s,ghash-lib)", 621 + ctr->base.cra_driver_name) >= CRYPTO_MAX_ALG_NAME) 372 622 goto err_free_inst; 373 623 374 - inst->alg.base.cra_priority = (ghash->base.cra_priority + 375 - ctr->base.cra_priority) / 2; 624 + inst->alg.base.cra_priority = ctr->base.cra_priority; 376 625 inst->alg.base.cra_blocksize = 1; 377 626 inst->alg.base.cra_alignmask = ctr->base.cra_alignmask; 378 627 inst->alg.base.cra_ctxsize = sizeof(struct crypto_gcm_ctx); ··· 407 660 CRYPTO_MAX_ALG_NAME) 408 661 return -ENAMETOOLONG; 409 662 410 - return crypto_gcm_create_common(tmpl, tb, ctr_name, "ghash"); 663 + return crypto_gcm_create_common(tmpl, tb, ctr_name); 411 664 } 412 665 413 666 static int crypto_gcm_base_create(struct crypto_template *tmpl, ··· 424 677 if (IS_ERR(ghash_name)) 425 678 return PTR_ERR(ghash_name); 426 679 427 - return crypto_gcm_create_common(tmpl, tb, ctr_name, ghash_name); 680 + /* 681 + * Originally this parameter allowed requesting a specific 682 + * implementation of GHASH. This is no longer supported. Now the best 683 + * implementation of GHASH is just always used. 684 + */ 685 + if (strcmp(ghash_name, "ghash") != 0 && 686 + strcmp(ghash_name, "ghash-lib") != 0) 687 + return -EINVAL; 688 + 689 + return crypto_gcm_create_common(tmpl, tb, ctr_name); 428 690 } 429 691 430 692 static int crypto_rfc4106_setkey(struct crypto_aead *parent, const u8 *key, ··· 852 1096 853 1097 static int __init crypto_gcm_module_init(void) 854 1098 { 855 - int err; 856 - 857 - gcm_zeroes = kzalloc_obj(*gcm_zeroes); 858 - if (!gcm_zeroes) 859 - return -ENOMEM; 860 - 861 - sg_init_one(&gcm_zeroes->sg, gcm_zeroes->buf, sizeof(gcm_zeroes->buf)); 862 - 863 - err = crypto_register_templates(crypto_gcm_tmpls, 864 - ARRAY_SIZE(crypto_gcm_tmpls)); 865 - if (err) 866 - kfree(gcm_zeroes); 867 - 868 - return err; 1099 + return crypto_register_templates(crypto_gcm_tmpls, 1100 + ARRAY_SIZE(crypto_gcm_tmpls)); 869 1101 } 870 1102 871 1103 static void __exit crypto_gcm_module_exit(void) 872 1104 { 873 - kfree(gcm_zeroes); 874 1105 crypto_unregister_templates(crypto_gcm_tmpls, 875 1106 ARRAY_SIZE(crypto_gcm_tmpls)); 876 1107 }
+5 -5
crypto/testmgr.c
··· 4965 4965 }, { 4966 4966 #endif /* CONFIG_CRYPTO_DH_RFC7919_GROUPS */ 4967 4967 .alg = "gcm(aes)", 4968 - .generic_driver = "gcm_base(ctr(aes-lib),ghash-generic)", 4968 + .generic_driver = "gcm_base(ctr(aes-lib),ghash-lib)", 4969 4969 .test = alg_test_aead, 4970 4970 .fips_allowed = 1, 4971 4971 .suite = { ··· 4973 4973 } 4974 4974 }, { 4975 4975 .alg = "gcm(aria)", 4976 - .generic_driver = "gcm_base(ctr(aria-generic),ghash-generic)", 4976 + .generic_driver = "gcm_base(ctr(aria-generic),ghash-lib)", 4977 4977 .test = alg_test_aead, 4978 4978 .suite = { 4979 4979 .aead = __VECS(aria_gcm_tv_template) 4980 4980 } 4981 4981 }, { 4982 4982 .alg = "gcm(sm4)", 4983 - .generic_driver = "gcm_base(ctr(sm4-generic),ghash-generic)", 4983 + .generic_driver = "gcm_base(ctr(sm4-generic),ghash-lib)", 4984 4984 .test = alg_test_aead, 4985 4985 .suite = { 4986 4986 .aead = __VECS(sm4_gcm_tv_template) ··· 5314 5314 } 5315 5315 }, { 5316 5316 .alg = "rfc4106(gcm(aes))", 5317 - .generic_driver = "rfc4106(gcm_base(ctr(aes-lib),ghash-generic))", 5317 + .generic_driver = "rfc4106(gcm_base(ctr(aes-lib),ghash-lib))", 5318 5318 .test = alg_test_aead, 5319 5319 .fips_allowed = 1, 5320 5320 .suite = { ··· 5338 5338 } 5339 5339 }, { 5340 5340 .alg = "rfc4543(gcm(aes))", 5341 - .generic_driver = "rfc4543(gcm_base(ctr(aes-lib),ghash-generic))", 5341 + .generic_driver = "rfc4543(gcm_base(ctr(aes-lib),ghash-lib))", 5342 5342 .test = alg_test_aead, 5343 5343 .suite = { 5344 5344 .aead = {
+1 -1
drivers/crypto/starfive/jh7110-aes.c
··· 1008 1008 1009 1009 static int starfive_aes_gcm_init_tfm(struct crypto_aead *tfm) 1010 1010 { 1011 - return starfive_aes_aead_init_tfm(tfm, "gcm_base(ctr(aes-lib),ghash-generic)"); 1011 + return starfive_aes_aead_init_tfm(tfm, "gcm_base(ctr(aes-lib),ghash-lib)"); 1012 1012 } 1013 1013 1014 1014 static struct skcipher_engine_alg skcipher_algs[] = {