sctp: Use shash
authorHerbert Xu <herbert@gondor.apana.org.au>
Sun, 24 Jan 2016 13:20:12 +0000 (21:20 +0800)
committerHerbert Xu <herbert@gondor.apana.org.au>
Wed, 27 Jan 2016 12:36:15 +0000 (20:36 +0800)
This patch replaces uses of the long obsolete hash interface with
shash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: David S. Miller <davem@davemloft.net>
include/net/sctp/auth.h
include/net/sctp/structs.h
net/sctp/auth.c
net/sctp/endpointola.c
net/sctp/sm_make_chunk.c
net/sctp/socket.c

index f2d58aa37a6fef8438d0ea0ea1ebce870a2a31bb..9b9fb122b31f6b78884a0392081a3afceb49337d 100644 (file)
 #define __sctp_auth_h__
 
 #include <linux/list.h>
-#include <linux/crypto.h>
 
 struct sctp_endpoint;
 struct sctp_association;
 struct sctp_authkey;
 struct sctp_hmacalgo;
+struct crypto_shash;
 
 /*
  * Define a generic struct that will hold all the info
@@ -90,7 +90,7 @@ int sctp_auth_asoc_copy_shkeys(const struct sctp_endpoint *ep,
                                struct sctp_association *asoc,
                                gfp_t gfp);
 int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp);
-void sctp_auth_destroy_hmacs(struct crypto_hash *auth_hmacs[]);
+void sctp_auth_destroy_hmacs(struct crypto_shash *auth_hmacs[]);
 struct sctp_hmac *sctp_auth_get_hmac(__u16 hmac_id);
 struct sctp_hmac *sctp_auth_asoc_get_hmac(const struct sctp_association *asoc);
 void sctp_auth_asoc_set_default_hmac(struct sctp_association *asoc,
index 20e72129be1ce0063eeafcbaadcee1f37e0c614c..6b1e3838667edc18d4ea08ec9cfdc8b73dc5c924 100644 (file)
@@ -82,7 +82,7 @@ struct sctp_bind_addr;
 struct sctp_ulpq;
 struct sctp_ep_common;
 struct sctp_ssnmap;
-struct crypto_hash;
+struct crypto_shash;
 
 
 #include <net/sctp/tsnmap.h>
@@ -166,7 +166,7 @@ struct sctp_sock {
        struct sctp_pf *pf;
 
        /* Access to HMAC transform. */
-       struct crypto_hash *hmac;
+       struct crypto_shash *hmac;
        char *sctp_hmac_alg;
 
        /* What is our base endpointer? */
@@ -1235,7 +1235,7 @@ struct sctp_endpoint {
        /* SCTP AUTH: array of the HMACs that will be allocated
         * we need this per association so that we don't serialize
         */
-       struct crypto_hash **auth_hmacs;
+       struct crypto_shash **auth_hmacs;
 
        /* SCTP-AUTH: hmacs for the endpoint encoded into parameter */
         struct sctp_hmac_algo_param *auth_hmacs_list;
index 1543e39f47c33f6662abd80b5846a845d3760fdc..912eb1685a5d99110c66d0dc4c7b35eac7f37c00 100644 (file)
@@ -27,9 +27,9 @@
  *   Vlad Yasevich     <vladislav.yasevich@hp.com>
  */
 
+#include <crypto/hash.h>
 #include <linux/slab.h>
 #include <linux/types.h>
-#include <linux/crypto.h>
 #include <linux/scatterlist.h>
 #include <net/sctp/sctp.h>
 #include <net/sctp/auth.h>
@@ -448,7 +448,7 @@ struct sctp_shared_key *sctp_auth_get_shkey(
  */
 int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp)
 {
-       struct crypto_hash *tfm = NULL;
+       struct crypto_shash *tfm = NULL;
        __u16   id;
 
        /* If AUTH extension is disabled, we are done */
@@ -462,9 +462,8 @@ int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp)
                return 0;
 
        /* Allocated the array of pointers to transorms */
-       ep->auth_hmacs = kzalloc(
-                           sizeof(struct crypto_hash *) * SCTP_AUTH_NUM_HMACS,
-                           gfp);
+       ep->auth_hmacs = kzalloc(sizeof(struct crypto_shash *) *
+                                SCTP_AUTH_NUM_HMACS, gfp);
        if (!ep->auth_hmacs)
                return -ENOMEM;
 
@@ -483,8 +482,7 @@ int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp)
                        continue;
 
                /* Allocate the ID */
-               tfm = crypto_alloc_hash(sctp_hmac_list[id].hmac_name, 0,
-                                       CRYPTO_ALG_ASYNC);
+               tfm = crypto_alloc_shash(sctp_hmac_list[id].hmac_name, 0, 0);
                if (IS_ERR(tfm))
                        goto out_err;
 
@@ -500,7 +498,7 @@ out_err:
 }
 
 /* Destroy the hmac tfm array */
-void sctp_auth_destroy_hmacs(struct crypto_hash *auth_hmacs[])
+void sctp_auth_destroy_hmacs(struct crypto_shash *auth_hmacs[])
 {
        int i;
 
@@ -508,8 +506,7 @@ void sctp_auth_destroy_hmacs(struct crypto_hash *auth_hmacs[])
                return;
 
        for (i = 0; i < SCTP_AUTH_NUM_HMACS; i++) {
-               if (auth_hmacs[i])
-                       crypto_free_hash(auth_hmacs[i]);
+               crypto_free_shash(auth_hmacs[i]);
        }
        kfree(auth_hmacs);
 }
@@ -709,8 +706,7 @@ void sctp_auth_calculate_hmac(const struct sctp_association *asoc,
                              struct sctp_auth_chunk *auth,
                              gfp_t gfp)
 {
-       struct scatterlist sg;
-       struct hash_desc desc;
+       struct crypto_shash *tfm;
        struct sctp_auth_bytes *asoc_key;
        __u16 key_id, hmac_id;
        __u8 *digest;
@@ -742,16 +738,22 @@ void sctp_auth_calculate_hmac(const struct sctp_association *asoc,
 
        /* set up scatter list */
        end = skb_tail_pointer(skb);
-       sg_init_one(&sg, auth, end - (unsigned char *)auth);
 
-       desc.tfm = asoc->ep->auth_hmacs[hmac_id];
-       desc.flags = 0;
+       tfm = asoc->ep->auth_hmacs[hmac_id];
 
        digest = auth->auth_hdr.hmac;
-       if (crypto_hash_setkey(desc.tfm, &asoc_key->data[0], asoc_key->len))
+       if (crypto_shash_setkey(tfm, &asoc_key->data[0], asoc_key->len))
                goto free;
 
-       crypto_hash_digest(&desc, &sg, sg.length, digest);
+       {
+               SHASH_DESC_ON_STACK(desc, tfm);
+
+               desc->tfm = tfm;
+               desc->flags = 0;
+               crypto_shash_digest(desc, (u8 *)auth,
+                                   end - (unsigned char *)auth, digest);
+               shash_desc_zero(desc);
+       }
 
 free:
        if (free_key)
index 2522a61752916b58b4a8f94d61e4d68068232d1b..9d494e35e7f9f84d70e3b747c4c335a40a38044c 100644 (file)
@@ -42,7 +42,6 @@
 #include <linux/slab.h>
 #include <linux/in.h>
 #include <linux/random.h>      /* get_random_bytes() */
-#include <linux/crypto.h>
 #include <net/sock.h>
 #include <net/ipv6.h>
 #include <net/sctp/sctp.h>
index 5d6a03fad3789a12290f5f14c5a7efa69c98f41a..1296e555fe29113e65fd74a3112c7463f224dc25 100644 (file)
@@ -45,6 +45,7 @@
 
 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 
+#include <crypto/hash.h>
 #include <linux/types.h>
 #include <linux/kernel.h>
 #include <linux/ip.h>
@@ -52,7 +53,6 @@
 #include <linux/net.h>
 #include <linux/inet.h>
 #include <linux/scatterlist.h>
-#include <linux/crypto.h>
 #include <linux/slab.h>
 #include <net/sock.h>
 
@@ -1606,7 +1606,6 @@ static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep,
 {
        sctp_cookie_param_t *retval;
        struct sctp_signed_cookie *cookie;
-       struct scatterlist sg;
        int headersize, bodysize;
 
        /* Header size is static data prior to the actual cookie, including
@@ -1663,16 +1662,19 @@ static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep,
               ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len);
 
        if (sctp_sk(ep->base.sk)->hmac) {
-               struct hash_desc desc;
+               SHASH_DESC_ON_STACK(desc, sctp_sk(ep->base.sk)->hmac);
+               int err;
 
                /* Sign the message.  */
-               sg_init_one(&sg, &cookie->c, bodysize);
-               desc.tfm = sctp_sk(ep->base.sk)->hmac;
-               desc.flags = 0;
-
-               if (crypto_hash_setkey(desc.tfm, ep->secret_key,
-                                      sizeof(ep->secret_key)) ||
-                   crypto_hash_digest(&desc, &sg, bodysize, cookie->signature))
+               desc->tfm = sctp_sk(ep->base.sk)->hmac;
+               desc->flags = 0;
+
+               err = crypto_shash_setkey(desc->tfm, ep->secret_key,
+                                         sizeof(ep->secret_key)) ?:
+                     crypto_shash_digest(desc, (u8 *)&cookie->c, bodysize,
+                                         cookie->signature);
+               shash_desc_zero(desc);
+               if (err)
                        goto free_cookie;
        }
 
@@ -1697,12 +1699,10 @@ struct sctp_association *sctp_unpack_cookie(
        struct sctp_cookie *bear_cookie;
        int headersize, bodysize, fixed_size;
        __u8 *digest = ep->digest;
-       struct scatterlist sg;
        unsigned int len;
        sctp_scope_t scope;
        struct sk_buff *skb = chunk->skb;
        ktime_t kt;
-       struct hash_desc desc;
 
        /* Header size is static data prior to the actual cookie, including
         * any padding.
@@ -1733,16 +1733,23 @@ struct sctp_association *sctp_unpack_cookie(
                goto no_hmac;
 
        /* Check the signature.  */
-       sg_init_one(&sg, bear_cookie, bodysize);
-       desc.tfm = sctp_sk(ep->base.sk)->hmac;
-       desc.flags = 0;
-
-       memset(digest, 0x00, SCTP_SIGNATURE_SIZE);
-       if (crypto_hash_setkey(desc.tfm, ep->secret_key,
-                              sizeof(ep->secret_key)) ||
-           crypto_hash_digest(&desc, &sg, bodysize, digest)) {
-               *error = -SCTP_IERROR_NOMEM;
-               goto fail;
+       {
+               SHASH_DESC_ON_STACK(desc, sctp_sk(ep->base.sk)->hmac);
+               int err;
+
+               desc->tfm = sctp_sk(ep->base.sk)->hmac;
+               desc->flags = 0;
+
+               err = crypto_shash_setkey(desc->tfm, ep->secret_key,
+                                         sizeof(ep->secret_key)) ?:
+                     crypto_shash_digest(desc, (u8 *)bear_cookie, bodysize,
+                                         digest);
+               shash_desc_zero(desc);
+
+               if (err) {
+                       *error = -SCTP_IERROR_NOMEM;
+                       goto fail;
+               }
        }
 
        if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) {
index 9bb80ec4c08ff06f6e629078c5a926c3def3ce23..4101c5b653d040140961ce975fbabfe7f0beac89 100644 (file)
@@ -52,6 +52,7 @@
 
 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 
+#include <crypto/hash.h>
 #include <linux/types.h>
 #include <linux/kernel.h>
 #include <linux/wait.h>
@@ -61,7 +62,6 @@
 #include <linux/fcntl.h>
 #include <linux/poll.h>
 #include <linux/init.h>
-#include <linux/crypto.h>
 #include <linux/slab.h>
 #include <linux/file.h>
 #include <linux/compat.h>
@@ -4160,7 +4160,7 @@ static void sctp_destruct_sock(struct sock *sk)
        struct sctp_sock *sp = sctp_sk(sk);
 
        /* Free up the HMAC transform. */
-       crypto_free_hash(sp->hmac);
+       crypto_free_shash(sp->hmac);
 
        inet_sock_destruct(sk);
 }
@@ -6299,13 +6299,13 @@ static int sctp_listen_start(struct sock *sk, int backlog)
 {
        struct sctp_sock *sp = sctp_sk(sk);
        struct sctp_endpoint *ep = sp->ep;
-       struct crypto_hash *tfm = NULL;
+       struct crypto_shash *tfm = NULL;
        char alg[32];
 
        /* Allocate HMAC for generating cookie. */
        if (!sp->hmac && sp->sctp_hmac_alg) {
                sprintf(alg, "hmac(%s)", sp->sctp_hmac_alg);
-               tfm = crypto_alloc_hash(alg, 0, CRYPTO_ALG_ASYNC);
+               tfm = crypto_alloc_shash(alg, 0, 0);
                if (IS_ERR(tfm)) {
                        net_info_ratelimited("failed to load transform for %s: %ld\n",
                                             sp->sctp_hmac_alg, PTR_ERR(tfm));