[PATCH 0/35] Converting ahash to new style

[PATCH 0/35] Converting ahash to new style

[Herbert Xu]

Hi:

This series of patches converts ahash to the new algorithm format
just like shash.  Note that I've incorporated a couple of the
previously posted patches (notably the padlock/hmac conversion)
into it.

At this point all implementations are either shash or ahash.  So
we can now move forward to convert users such as authenc over to
ahash.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[PATCH 1/35] crypto: shash - Export/import hash state only

[Herbert Xu]

crypto: shash - Export/import hash state only

This patch replaces the full descriptor export with an export of
the partial hash state.  This allows the use of a consistent export
format across all implementations of a given algorithm.

This is useful because a number of cases require the use of the
partial hash state, e.g., PadLock can use the SHA1 hash state
to get around the fact that it can only hash contiguous data
chunks.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 crypto/shash.c        |   25 ++++++++++++++-----------
 include/crypto/hash.h |   18 ++++++++++++++----
 2 files changed, 28 insertions(+), 15 deletions(-)

diff --git a/crypto/shash.c b/crypto/shash.c
index 23e05a1..14a3b70 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -172,19 +172,15 @@ int crypto_shash_digest(struct shash_desc *desc, const u8 *data,
 }
 EXPORT_SYMBOL_GPL(crypto_shash_digest);
 
-int crypto_shash_import(struct shash_desc *desc, const u8 *in)
+static int shash_no_export(struct shash_desc *desc, void *out)
 {
-	struct crypto_shash *tfm = desc->tfm;
-	struct shash_alg *alg = crypto_shash_alg(tfm);
-
-	memcpy(shash_desc_ctx(desc), in, crypto_shash_descsize(tfm));
-
-	if (alg->reinit)
-		return alg->reinit(desc);
+	return -ENOSYS;
+}
 
-	return 0;
+static int shash_no_import(struct shash_desc *desc, const void *in)
+{
+	return -ENOSYS;
 }
-EXPORT_SYMBOL_GPL(crypto_shash_import);
 
 static int shash_async_setkey(struct crypto_ahash *tfm, const u8 *key,
 			      unsigned int keylen)
@@ -484,12 +480,19 @@ static int shash_prepare_alg(struct shash_alg *alg)
 	struct crypto_alg *base = &alg->base;
 
 	if (alg->digestsize > PAGE_SIZE / 8 ||
-	    alg->descsize > PAGE_SIZE / 8)
+	    alg->descsize > PAGE_SIZE / 8 ||
+	    alg->statesize > PAGE_SIZE / 8)
 		return -EINVAL;
 
 	base->cra_type = &crypto_shash_type;
 	base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK;
 	base->cra_flags |= CRYPTO_ALG_TYPE_SHASH;
+
+	if (!alg->import)
+		alg->import = shash_no_import;
+	if (!alg->export)
+		alg->export = shash_no_export;
+
 	return 0;
 }
 
diff --git a/include/crypto/hash.h b/include/crypto/hash.h
index d56bb71..3c4cce6 100644
--- a/include/crypto/hash.h
+++ b/include/crypto/hash.h
@@ -24,7 +24,6 @@ struct shash_desc {
 
 struct shash_alg {
 	int (*init)(struct shash_desc *desc);
-	int (*reinit)(struct shash_desc *desc);
 	int (*update)(struct shash_desc *desc, const u8 *data,
 		      unsigned int len);
 	int (*final)(struct shash_desc *desc, u8 *out);
@@ -32,11 +31,14 @@ struct shash_alg {
 		     unsigned int len, u8 *out);
 	int (*digest)(struct shash_desc *desc, const u8 *data,
 		      unsigned int len, u8 *out);
+	int (*export)(struct shash_desc *desc, void *out);
+	int (*import)(struct shash_desc *desc, const void *in);
 	int (*setkey)(struct crypto_shash *tfm, const u8 *key,
 		      unsigned int keylen);
 
 	unsigned int descsize;
 	unsigned int digestsize;
+	unsigned int statesize;
 
 	struct crypto_alg base;
 };
@@ -251,6 +253,11 @@ static inline unsigned int crypto_shash_digestsize(struct crypto_shash *tfm)
 	return crypto_shash_alg(tfm)->digestsize;
 }
 
+static inline unsigned int crypto_shash_statesize(struct crypto_shash *tfm)
+{
+	return crypto_shash_alg(tfm)->statesize;
+}
+
 static inline u32 crypto_shash_get_flags(struct crypto_shash *tfm)
 {
 	return crypto_tfm_get_flags(crypto_shash_tfm(tfm));
@@ -281,12 +288,15 @@ int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key,
 int crypto_shash_digest(struct shash_desc *desc, const u8 *data,
 			unsigned int len, u8 *out);
 
-static inline void crypto_shash_export(struct shash_desc *desc, u8 *out)
+static inline int crypto_shash_export(struct shash_desc *desc, void *out)
 {
-	memcpy(out, shash_desc_ctx(desc), crypto_shash_descsize(desc->tfm));
+	return crypto_shash_alg(desc->tfm)->export(desc, out);
 }
 
-int crypto_shash_import(struct shash_desc *desc, const u8 *in);
+static inline int crypto_shash_import(struct shash_desc *desc, const void *in)
+{
+	return crypto_shash_alg(desc->tfm)->import(desc, in);
+}
 
 static inline int crypto_shash_init(struct shash_desc *desc)
 {

[PATCH 2/35] crypto: shash - Move finup/digest null checks to registration time

[Herbert Xu]

crypto: shash - Move finup/digest null checks to registration time

This patch moves the run-time null finup/digest checks to the
shash_prepare_alg function which is run at registration time.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 crypto/shash.c |   10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/crypto/shash.c b/crypto/shash.c
index 14a3b70..f7fcc65 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -142,8 +142,7 @@ int crypto_shash_finup(struct shash_desc *desc, const u8 *data,
 	struct shash_alg *shash = crypto_shash_alg(tfm);
 	unsigned long alignmask = crypto_shash_alignmask(tfm);
 
-	if (((unsigned long)data | (unsigned long)out) & alignmask ||
-	    !shash->finup)
+	if (((unsigned long)data | (unsigned long)out) & alignmask)
 		return shash_finup_unaligned(desc, data, len, out);
 
 	return shash->finup(desc, data, len, out);
@@ -164,8 +163,7 @@ int crypto_shash_digest(struct shash_desc *desc, const u8 *data,
 	struct shash_alg *shash = crypto_shash_alg(tfm);
 	unsigned long alignmask = crypto_shash_alignmask(tfm);
 
-	if (((unsigned long)data | (unsigned long)out) & alignmask ||
-	    !shash->digest)
+	if (((unsigned long)data | (unsigned long)out) & alignmask)
 		return shash_digest_unaligned(desc, data, len, out);
 
 	return shash->digest(desc, data, len, out);
@@ -488,6 +486,10 @@ static int shash_prepare_alg(struct shash_alg *alg)
 	base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK;
 	base->cra_flags |= CRYPTO_ALG_TYPE_SHASH;
 
+	if (!alg->finup)
+		alg->finup = shash_finup_unaligned;
+	if (!alg->digest)
+		alg->digest = shash_digest_unaligned;
 	if (!alg->import)
 		alg->import = shash_no_import;
 	if (!alg->export)

[PATCH 3/35] crypto: sha1_generic - Add export/import support

[Herbert Xu]

crypto: sha1_generic - Add export/import support

This patch adds export/import support to sha1_generic.  The exported
type is defined by struct sha1_state, which is basically the entire
descriptor state of sha1_generic.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 crypto/sha1_generic.c |   41 +++++++++++++++++++++++++----------------
 include/crypto/sha.h  |    8 ++++++++
 2 files changed, 33 insertions(+), 16 deletions(-)

diff --git a/crypto/sha1_generic.c b/crypto/sha1_generic.c
index 9efef20..0416091 100644
--- a/crypto/sha1_generic.c
+++ b/crypto/sha1_generic.c
@@ -25,31 +25,21 @@
 #include <crypto/sha.h>
 #include <asm/byteorder.h>
 
-struct sha1_ctx {
-        u64 count;
-        u32 state[5];
-        u8 buffer[64];
-};
-
 static int sha1_init(struct shash_desc *desc)
 {
-	struct sha1_ctx *sctx = shash_desc_ctx(desc);
+	struct sha1_state *sctx = shash_desc_ctx(desc);
 
-	static const struct sha1_ctx initstate = {
-	  0,
-	  { SHA1_H0, SHA1_H1, SHA1_H2, SHA1_H3, SHA1_H4 },
-	  { 0, }
+	*sctx = (struct sha1_state){
+		.state = { SHA1_H0, SHA1_H1, SHA1_H2, SHA1_H3, SHA1_H4 },
 	};
 
-	*sctx = initstate;
-
 	return 0;
 }
 
 static int sha1_update(struct shash_desc *desc, const u8 *data,
 			unsigned int len)
 {
-	struct sha1_ctx *sctx = shash_desc_ctx(desc);
+	struct sha1_state *sctx = shash_desc_ctx(desc);
 	unsigned int partial, done;
 	const u8 *src;
 
@@ -85,7 +75,7 @@ static int sha1_update(struct shash_desc *desc, const u8 *data,
 /* Add padding and return the message digest. */
 static int sha1_final(struct shash_desc *desc, u8 *out)
 {
-	struct sha1_ctx *sctx = shash_desc_ctx(desc);
+	struct sha1_state *sctx = shash_desc_ctx(desc);
 	__be32 *dst = (__be32 *)out;
 	u32 i, index, padlen;
 	__be64 bits;
@@ -111,12 +101,31 @@ static int sha1_final(struct shash_desc *desc, u8 *out)
 	return 0;
 }
 
+static int sha1_export(struct shash_desc *desc, void *out)
+{
+	struct sha1_state *sctx = shash_desc_ctx(desc);
+
+	memcpy(out, sctx, sizeof(*sctx));
+	return 0;
+}
+
+static int sha1_import(struct shash_desc *desc, const void *in)
+{
+	struct sha1_state *sctx = shash_desc_ctx(desc);
+
+	memcpy(sctx, in, sizeof(*sctx));
+	return 0;
+}
+
 static struct shash_alg alg = {
 	.digestsize	=	SHA1_DIGEST_SIZE,
 	.init		=	sha1_init,
 	.update		=	sha1_update,
 	.final		=	sha1_final,
-	.descsize	=	sizeof(struct sha1_ctx),
+	.export		=	sha1_export,
+	.import		=	sha1_import,
+	.descsize	=	sizeof(struct sha1_state),
+	.statesize	=	sizeof(struct sha1_state),
 	.base		=	{
 		.cra_name	=	"sha1",
 		.cra_driver_name=	"sha1-generic",
diff --git a/include/crypto/sha.h b/include/crypto/sha.h
index c0ccc2b..922a248 100644
--- a/include/crypto/sha.h
+++ b/include/crypto/sha.h
@@ -5,6 +5,8 @@
 #ifndef _CRYPTO_SHA_H
 #define _CRYPTO_SHA_H
 
+#include <linux/types.h>
+
 #define SHA1_DIGEST_SIZE        20
 #define SHA1_BLOCK_SIZE         64
 
@@ -62,4 +64,10 @@
 #define SHA512_H6	0x1f83d9abfb41bd6bULL
 #define SHA512_H7	0x5be0cd19137e2179ULL
 
+struct sha1_state {
+	u64 count;
+	u32 state[SHA1_DIGEST_SIZE / 4];
+	u8 buffer[SHA1_BLOCK_SIZE];
+};
+
 #endif

[PATCH 4/35] crypto: sha256_generic - Use 64-bit counter like sha1

[Herbert Xu]

crypto: sha256_generic - Use 64-bit counter like sha1

This patch replaces the two 32-bit counter code in sha256_generic
with the simpler 64-bit counter code from sha1.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 crypto/sha256_generic.c |   65 ++++++++++++++++++++++--------------------------
 1 file changed, 30 insertions(+), 35 deletions(-)

diff --git a/crypto/sha256_generic.c b/crypto/sha256_generic.c
index 6349d83..e58c71b 100644
--- a/crypto/sha256_generic.c
+++ b/crypto/sha256_generic.c
@@ -26,7 +26,7 @@
 #include <asm/byteorder.h>
 
 struct sha256_ctx {
-	u32 count[2];
+	u64 count;
 	u32 state[8];
 	u8 buf[128];
 };
@@ -231,8 +231,7 @@ static int sha224_init(struct shash_desc *desc)
 	sctx->state[5] = SHA224_H5;
 	sctx->state[6] = SHA224_H6;
 	sctx->state[7] = SHA224_H7;
-	sctx->count[0] = 0;
-	sctx->count[1] = 0;
+	sctx->count = 0;
 
 	return 0;
 }
@@ -248,7 +247,7 @@ static int sha256_init(struct shash_desc *desc)
 	sctx->state[5] = SHA256_H5;
 	sctx->state[6] = SHA256_H6;
 	sctx->state[7] = SHA256_H7;
-	sctx->count[0] = sctx->count[1] = 0;
+	sctx->count = 0;
 
 	return 0;
 }
@@ -257,33 +256,30 @@ static int sha256_update(struct shash_desc *desc, const u8 *data,
 			  unsigned int len)
 {
 	struct sha256_ctx *sctx = shash_desc_ctx(desc);
-	unsigned int i, index, part_len;
-
-	/* Compute number of bytes mod 128 */
-	index = (unsigned int)((sctx->count[0] >> 3) & 0x3f);
-
-	/* Update number of bits */
-	if ((sctx->count[0] += (len << 3)) < (len << 3)) {
-		sctx->count[1]++;
-		sctx->count[1] += (len >> 29);
+	unsigned int partial, done;
+	const u8 *src;
+
+	partial = sctx->count & 0x3f;
+	sctx->count += len;
+	done = 0;
+	src = data;
+
+	if ((partial + len) > 63) {
+		if (partial) {
+			done = -partial;
+			memcpy(sctx->buf + partial, data, done + 64);
+			src = sctx->buf;
+		}
+
+		do {
+			sha256_transform(sctx->state, src);
+			done += 64;
+			src = data + done;
+		} while (done + 63 < len);
+
+		partial = 0;
 	}
-
-	part_len = 64 - index;
-
-	/* Transform as many times as possible. */
-	if (len >= part_len) {
-		memcpy(&sctx->buf[index], data, part_len);
-		sha256_transform(sctx->state, sctx->buf);
-
-		for (i = part_len; i + 63 < len; i += 64)
-			sha256_transform(sctx->state, &data[i]);
-		index = 0;
-	} else {
-		i = 0;
-	}
-
-	/* Buffer remaining input */
-	memcpy(&sctx->buf[index], &data[i], len-i);
+	memcpy(sctx->buf + partial, src, len - done);
 
 	return 0;
 }
@@ -292,22 +288,21 @@ static int sha256_final(struct shash_desc *desc, u8 *out)
 {
 	struct sha256_ctx *sctx = shash_desc_ctx(desc);
 	__be32 *dst = (__be32 *)out;
-	__be32 bits[2];
+	__be64 bits;
 	unsigned int index, pad_len;
 	int i;
 	static const u8 padding[64] = { 0x80, };
 
 	/* Save number of bits */
-	bits[1] = cpu_to_be32(sctx->count[0]);
-	bits[0] = cpu_to_be32(sctx->count[1]);
+	bits = cpu_to_be64(sctx->count << 3);
 
 	/* Pad out to 56 mod 64. */
-	index = (sctx->count[0] >> 3) & 0x3f;
+	index = sctx->count & 0x3f;
 	pad_len = (index < 56) ? (56 - index) : ((64+56) - index);
 	sha256_update(desc, padding, pad_len);
 
 	/* Append length (before padding) */
-	sha256_update(desc, (const u8 *)bits, sizeof(bits));
+	sha256_update(desc, (const u8 *)&bits, sizeof(bits));
 
 	/* Store state in digest */
 	for (i = 0; i < 8; i++)

[PATCH 5/35] crypto: sha256_generic - Add export/import support

[Herbert Xu]

crypto: sha256_generic - Add export/import support

This patch adds export/import support to sha256_generic.  The exported
type is defined by struct sha256_state, which is basically the entire
descriptor state of sha256_generic.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 crypto/sha256_generic.c |   37 +++++++++++++++++++++++++------------
 include/crypto/sha.h    |    6 ++++++
 2 files changed, 31 insertions(+), 12 deletions(-)

diff --git a/crypto/sha256_generic.c b/crypto/sha256_generic.c
index e58c71b..c48459e 100644
--- a/crypto/sha256_generic.c
+++ b/crypto/sha256_generic.c
@@ -25,12 +25,6 @@
 #include <crypto/sha.h>
 #include <asm/byteorder.h>
 
-struct sha256_ctx {
-	u64 count;
-	u32 state[8];
-	u8 buf[128];
-};
-
 static inline u32 Ch(u32 x, u32 y, u32 z)
 {
 	return z ^ (x & (y ^ z));
@@ -222,7 +216,7 @@ static void sha256_transform(u32 *state, const u8 *input)
 
 static int sha224_init(struct shash_desc *desc)
 {
-	struct sha256_ctx *sctx = shash_desc_ctx(desc);
+	struct sha256_state *sctx = shash_desc_ctx(desc);
 	sctx->state[0] = SHA224_H0;
 	sctx->state[1] = SHA224_H1;
 	sctx->state[2] = SHA224_H2;
@@ -238,7 +232,7 @@ static int sha224_init(struct shash_desc *desc)
 
 static int sha256_init(struct shash_desc *desc)
 {
-	struct sha256_ctx *sctx = shash_desc_ctx(desc);
+	struct sha256_state *sctx = shash_desc_ctx(desc);
 	sctx->state[0] = SHA256_H0;
 	sctx->state[1] = SHA256_H1;
 	sctx->state[2] = SHA256_H2;
@@ -255,7 +249,7 @@ static int sha256_init(struct shash_desc *desc)
 static int sha256_update(struct shash_desc *desc, const u8 *data,
 			  unsigned int len)
 {
-	struct sha256_ctx *sctx = shash_desc_ctx(desc);
+	struct sha256_state *sctx = shash_desc_ctx(desc);
 	unsigned int partial, done;
 	const u8 *src;
 
@@ -286,7 +280,7 @@ static int sha256_update(struct shash_desc *desc, const u8 *data,
 
 static int sha256_final(struct shash_desc *desc, u8 *out)
 {
-	struct sha256_ctx *sctx = shash_desc_ctx(desc);
+	struct sha256_state *sctx = shash_desc_ctx(desc);
 	__be32 *dst = (__be32 *)out;
 	__be64 bits;
 	unsigned int index, pad_len;
@@ -326,12 +320,31 @@ static int sha224_final(struct shash_desc *desc, u8 *hash)
 	return 0;
 }
 
+static int sha256_export(struct shash_desc *desc, void *out)
+{
+	struct sha256_state *sctx = shash_desc_ctx(desc);
+
+	memcpy(out, sctx, sizeof(*sctx));
+	return 0;
+}
+
+static int sha256_import(struct shash_desc *desc, const void *in)
+{
+	struct sha256_state *sctx = shash_desc_ctx(desc);
+
+	memcpy(sctx, in, sizeof(*sctx));
+	return 0;
+}
+
 static struct shash_alg sha256 = {
 	.digestsize	=	SHA256_DIGEST_SIZE,
 	.init		=	sha256_init,
 	.update		=	sha256_update,
 	.final		=	sha256_final,
-	.descsize	=	sizeof(struct sha256_ctx),
+	.export		=	sha256_export,
+	.import		=	sha256_import,
+	.descsize	=	sizeof(struct sha256_state),
+	.statesize	=	sizeof(struct sha256_state),
 	.base		=	{
 		.cra_name	=	"sha256",
 		.cra_driver_name=	"sha256-generic",
@@ -346,7 +359,7 @@ static struct shash_alg sha224 = {
 	.init		=	sha224_init,
 	.update		=	sha256_update,
 	.final		=	sha224_final,
-	.descsize	=	sizeof(struct sha256_ctx),
+	.descsize	=	sizeof(struct sha256_state),
 	.base		=	{
 		.cra_name	=	"sha224",
 		.cra_driver_name=	"sha224-generic",
diff --git a/include/crypto/sha.h b/include/crypto/sha.h
index 922a248..88ef5eb 100644
--- a/include/crypto/sha.h
+++ b/include/crypto/sha.h
@@ -70,4 +70,10 @@ struct sha1_state {
 	u8 buffer[SHA1_BLOCK_SIZE];
 };
 
+struct sha256_state {
+	u64 count;
+	u32 state[SHA256_DIGEST_SIZE / 4];
+	u8 buf[SHA256_BLOCK_SIZE];
+};
+
 #endif

[PATCH 6/35] crypto: sha1-s390 - Add export/import support

[Herbert Xu]

crypto: sha1-s390 - Add export/import support

This patch adds export/import support to sha1-s390.  The exported
type is defined by struct sha1_state, which is basically the entire
descriptor state of sha1_generic.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 arch/s390/crypto/sha1_s390.c |   26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/arch/s390/crypto/sha1_s390.c b/arch/s390/crypto/sha1_s390.c
index e85ba34..2c5ec79 100644
--- a/arch/s390/crypto/sha1_s390.c
+++ b/arch/s390/crypto/sha1_s390.c
@@ -46,12 +46,38 @@ static int sha1_init(struct shash_desc *desc)
 	return 0;
 }
 
+static int sha1_export(struct shash_desc *desc, void *out)
+{
+	struct s390_sha_ctx *sctx = shash_desc_ctx(desc);
+	struct sha1_state *octx = out;
+
+	octx->count = sctx->count;
+	memcpy(octx->state, sctx->state, sizeof(octx->state));
+	memcpy(octx->buffer, sctx->buf, sizeof(octx->buffer));
+	return 0;
+}
+
+static int sha1_import(struct shash_desc *desc, const u8 *in)
+{
+	struct sha1_state *sctx = shash_desc_ctx(desc);
+	struct sha1_state *ictx = in;
+
+	sctx->count = ictx->count;
+	memcpy(sctx->state, ictx->state, sizeof(ictx->state));
+	memcpy(sctx->buf, ictx->buffer, sizeof(ictx->buffer));
+	sctx->func = KIMD_SHA_1;
+	return 0;
+}
+
 static struct shash_alg alg = {
 	.digestsize	=	SHA1_DIGEST_SIZE,
 	.init		=	sha1_init,
 	.update		=	s390_sha_update,
 	.final		=	s390_sha_final,
+	.export		=	sha1_export,
+	.import		=	sha1_import,
 	.descsize	=	sizeof(struct s390_sha_ctx),
+	.statesize	=	sizeof(struct sha1_state),
 	.base		=	{
 		.cra_name	=	"sha1",
 		.cra_driver_name=	"sha1-s390",

[PATCH 7/35] crypto: sha256-s390 - Add export/import support

[Herbert Xu]

crypto: sha256-s390 - Add export/import support

This patch adds export/import support to sha256-s390.  The exported
type is defined by struct sha256_state, which is basically the entire
descriptor state of sha256_generic.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 arch/s390/crypto/sha256_s390.c |   26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/arch/s390/crypto/sha256_s390.c b/arch/s390/crypto/sha256_s390.c
index f9fefc5..943a669 100644
--- a/arch/s390/crypto/sha256_s390.c
+++ b/arch/s390/crypto/sha256_s390.c
@@ -42,12 +42,38 @@ static int sha256_init(struct shash_desc *desc)
 	return 0;
 }
 
+static int sha256_export(struct shash_desc *desc, void *out)
+{
+	struct s390_sha_ctx *sctx = shash_desc_ctx(desc);
+	struct sha256_state *octx = out;
+
+	octx->count = sctx->count;
+	memcpy(octx->state, sctx->state, sizeof(octx->state));
+	memcpy(octx->buf, sctx->buf, sizeof(octx->buf));
+	return 0;
+}
+
+static int sha256_import(struct shash_desc *desc, const u8 *in)
+{
+	struct sha256_state *sctx = shash_desc_ctx(desc);
+	struct sha256_state *ictx = in;
+
+	sctx->count = ictx->count;
+	memcpy(sctx->state, ictx->state, sizeof(ictx->state));
+	memcpy(sctx->buf, ictx->buf, sizeof(ictx->buf));
+	sctx->func = KIMD_SHA_256;
+	return 0;
+}
+
 static struct shash_alg alg = {
 	.digestsize	=	SHA256_DIGEST_SIZE,
 	.init		=	sha256_init,
 	.update		=	s390_sha_update,
 	.final		=	s390_sha_final,
+	.export		=	sha256_export,
+	.import		=	sha256_import,
 	.descsize	=	sizeof(struct s390_sha_ctx),
+	.statesize	=	sizeof(struct sha256_state),
 	.base		=	{
 		.cra_name	=	"sha256",
 		.cra_driver_name=	"sha256-s390",

[PATCH 8/35] crypto: padlock - Use shash fallback for sha

[Herbert Xu]

crypto: padlock - Use shash fallback for sha

This patch changes padlock sha fallback to shash instead of hash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 drivers/crypto/padlock-sha.c |   82 +++++++++++++++++++++++++++----------------
 1 file changed, 52 insertions(+), 30 deletions(-)

diff --git a/drivers/crypto/padlock-sha.c b/drivers/crypto/padlock-sha.c
index a2c8e85..868da54 100644
--- a/drivers/crypto/padlock-sha.c
+++ b/drivers/crypto/padlock-sha.c
@@ -12,28 +12,24 @@
  *
  */
 
-#include <crypto/algapi.h>
+#include <crypto/internal/hash.h>
 #include <crypto/sha.h>
 #include <linux/err.h>
 #include <linux/module.h>
 #include <linux/init.h>
 #include <linux/errno.h>
-#include <linux/cryptohash.h>
 #include <linux/interrupt.h>
 #include <linux/kernel.h>
 #include <linux/scatterlist.h>
 #include <asm/i387.h>
 #include "padlock.h"
 
-#define SHA1_DEFAULT_FALLBACK	"sha1-generic"
-#define SHA256_DEFAULT_FALLBACK "sha256-generic"
-
 struct padlock_sha_ctx {
 	char		*data;
 	size_t		used;
 	int		bypass;
 	void (*f_sha_padlock)(const char *in, char *out, int count);
-	struct hash_desc fallback;
+	struct shash_desc *fallback;
 };
 
 static inline struct padlock_sha_ctx *ctx(struct crypto_tfm *tfm)
@@ -47,21 +43,26 @@ static inline struct padlock_sha_ctx *ctx(struct crypto_tfm *tfm)
 
 static struct crypto_alg sha1_alg, sha256_alg;
 
-static void padlock_sha_bypass(struct crypto_tfm *tfm)
+static int padlock_sha_bypass(struct crypto_tfm *tfm)
 {
+	int err = 0;
+
 	if (ctx(tfm)->bypass)
-		return;
+		goto out;
 
-	crypto_hash_init(&ctx(tfm)->fallback);
-	if (ctx(tfm)->data && ctx(tfm)->used) {
-		struct scatterlist sg;
+	err = crypto_shash_init(ctx(tfm)->fallback);
+	if (err)
+		goto out;
 
-		sg_init_one(&sg, ctx(tfm)->data, ctx(tfm)->used);
-		crypto_hash_update(&ctx(tfm)->fallback, &sg, sg.length);
-	}
+	if (ctx(tfm)->data && ctx(tfm)->used)
+		err = crypto_shash_update(ctx(tfm)->fallback, ctx(tfm)->data,
+					  ctx(tfm)->used);
 
 	ctx(tfm)->used = 0;
 	ctx(tfm)->bypass = 1;
+
+out:
+	return err;
 }
 
 static void padlock_sha_init(struct crypto_tfm *tfm)
@@ -73,15 +74,18 @@ static void padlock_sha_init(struct crypto_tfm *tfm)
 static void padlock_sha_update(struct crypto_tfm *tfm,
 			const uint8_t *data, unsigned int length)
 {
+	int err;
+
 	/* Our buffer is always one page. */
 	if (unlikely(!ctx(tfm)->bypass &&
-		     (ctx(tfm)->used + length > PAGE_SIZE)))
-		padlock_sha_bypass(tfm);
+		     (ctx(tfm)->used + length > PAGE_SIZE))) {
+		err = padlock_sha_bypass(tfm);
+		BUG_ON(err);
+	}
 
 	if (unlikely(ctx(tfm)->bypass)) {
-		struct scatterlist sg;
-		sg_init_one(&sg, (uint8_t *)data, length);
-		crypto_hash_update(&ctx(tfm)->fallback, &sg, length);
+		err = crypto_shash_update(ctx(tfm)->fallback, data, length);
+		BUG_ON(err);
 		return;
 	}
 
@@ -151,8 +155,11 @@ static void padlock_do_sha256(const char *in, char *out, int count)
 
 static void padlock_sha_final(struct crypto_tfm *tfm, uint8_t *out)
 {
+	int err;
+
 	if (unlikely(ctx(tfm)->bypass)) {
-		crypto_hash_final(&ctx(tfm)->fallback, out);
+		err = crypto_shash_final(ctx(tfm)->fallback, out);
+		BUG_ON(err);
 		ctx(tfm)->bypass = 0;
 		return;
 	}
@@ -166,27 +173,41 @@ static void padlock_sha_final(struct crypto_tfm *tfm, uint8_t *out)
 static int padlock_cra_init(struct crypto_tfm *tfm)
 {
 	const char *fallback_driver_name = tfm->__crt_alg->cra_name;
-	struct crypto_hash *fallback_tfm;
+	struct crypto_shash *fallback_tfm;
+	int err = -ENOMEM;
 
 	/* For now we'll allocate one page. This
 	 * could eventually be configurable one day. */
 	ctx(tfm)->data = (char *)__get_free_page(GFP_KERNEL);
 	if (!ctx(tfm)->data)
-		return -ENOMEM;
+		goto out;
 
 	/* Allocate a fallback and abort if it failed. */
-	fallback_tfm = crypto_alloc_hash(fallback_driver_name, 0,
-					 CRYPTO_ALG_ASYNC |
-					 CRYPTO_ALG_NEED_FALLBACK);
+	fallback_tfm = crypto_alloc_shash(fallback_driver_name, 0,
+					  CRYPTO_ALG_NEED_FALLBACK);
 	if (IS_ERR(fallback_tfm)) {
 		printk(KERN_WARNING PFX "Fallback driver '%s' could not be loaded!\n",
 		       fallback_driver_name);
-		free_page((unsigned long)(ctx(tfm)->data));
-		return PTR_ERR(fallback_tfm);
+		err = PTR_ERR(fallback_tfm);
+		goto out_free_page;
 	}
 
-	ctx(tfm)->fallback.tfm = fallback_tfm;
+	ctx(tfm)->fallback = kmalloc(sizeof(struct shash_desc) +
+				     crypto_shash_descsize(fallback_tfm),
+				     GFP_KERNEL);
+	if (!ctx(tfm)->fallback)
+		goto out_free_tfm;
+
+	ctx(tfm)->fallback->tfm = fallback_tfm;
+	ctx(tfm)->fallback->flags = 0;
 	return 0;
+
+out_free_tfm:
+	crypto_free_shash(fallback_tfm);
+out_free_page:
+	free_page((unsigned long)(ctx(tfm)->data));
+out:
+	return err;
 }
 
 static int padlock_sha1_cra_init(struct crypto_tfm *tfm)
@@ -210,8 +231,9 @@ static void padlock_cra_exit(struct crypto_tfm *tfm)
 		ctx(tfm)->data = NULL;
 	}
 
-	crypto_free_hash(ctx(tfm)->fallback.tfm);
-	ctx(tfm)->fallback.tfm = NULL;
+	crypto_free_shash(ctx(tfm)->fallback->tfm);
+
+	kzfree(ctx(tfm)->fallback);
 }
 
 static struct crypto_alg sha1_alg = {

[PATCH 9/35] crypto: shash - Move null setkey check to registration time

[Herbert Xu]

crypto: shash - Move null setkey check to registration time

This patch moves the run-time null setkey check to shash_prepare_alg
just like we did for finup/digest.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 crypto/shash.c |   11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/crypto/shash.c b/crypto/shash.c
index f7fcc65..131e14d 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -22,6 +22,12 @@
 
 static const struct crypto_type crypto_shash_type;
 
+static int shash_no_setkey(struct crypto_shash *tfm, const u8 *key,
+			   unsigned int keylen)
+{
+	return -ENOSYS;
+}
+
 static int shash_setkey_unaligned(struct crypto_shash *tfm, const u8 *key,
 				  unsigned int keylen)
 {
@@ -50,9 +56,6 @@ int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key,
 	struct shash_alg *shash = crypto_shash_alg(tfm);
 	unsigned long alignmask = crypto_shash_alignmask(tfm);
 
-	if (!shash->setkey)
-		return -ENOSYS;

[PATCH 10/35] crypto: async - Use kzfree for requests

[Herbert Xu]

crypto: async - Use kzfree for requests

This patch changes the kfree call to kzfree for async requests.
As the request may contain sensitive data it needs to be zeroed
before it can be reallocated by others.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 include/crypto/hash.h  |    2 +-
 include/linux/crypto.h |    4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/crypto/hash.h b/include/crypto/hash.h
index 3c4cce6..f74214a 100644
--- a/include/crypto/hash.h
+++ b/include/crypto/hash.h
@@ -186,7 +186,7 @@ static inline struct ahash_request *ahash_request_alloc(
 
 static inline void ahash_request_free(struct ahash_request *req)
 {
-	kfree(req);
+	kzfree(req);
 }
 
 static inline struct ahash_request *ahash_request_cast(
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
index ec29fa2..274f9c7 100644
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
@@ -770,7 +770,7 @@ static inline struct ablkcipher_request *ablkcipher_request_alloc(
 
 static inline void ablkcipher_request_free(struct ablkcipher_request *req)
 {
-	kfree(req);
+	kzfree(req);
 }
 
 static inline void ablkcipher_request_set_callback(
@@ -901,7 +901,7 @@ static inline struct aead_request *aead_request_alloc(struct crypto_aead *tfm,
 
 static inline void aead_request_free(struct aead_request *req)
 {
-	kfree(req);
+	kzfree(req);
 }
 
 static inline void aead_request_set_callback(struct aead_request *req,

[PATCH 11/35] crypto: shash - Make descsize a run-time attribute

[Herbert Xu]

crypto: shash - Make descsize a run-time attribute

This patch changes descsize to a run-time attribute so that
implementations can change it in their init functions.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 crypto/shash.c                 |   39 ++++++++++++++++++++++++++++-----------
 include/crypto/hash.h          |    3 ++-
 include/crypto/internal/hash.h |    2 +-
 3 files changed, 31 insertions(+), 13 deletions(-)

diff --git a/crypto/shash.c b/crypto/shash.c
index 131e14d..d8e0f8f 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -300,14 +300,16 @@ static int crypto_init_shash_ops_async(struct crypto_tfm *tfm)
 static int shash_compat_setkey(struct crypto_hash *tfm, const u8 *key,
 			       unsigned int keylen)
 {
-	struct shash_desc *desc = crypto_hash_ctx(tfm);
+	struct shash_desc **descp = crypto_hash_ctx(tfm);
+	struct shash_desc *desc = *descp;
 
 	return crypto_shash_setkey(desc->tfm, key, keylen);
 }
 
 static int shash_compat_init(struct hash_desc *hdesc)
 {
-	struct shash_desc *desc = crypto_hash_ctx(hdesc->tfm);
+	struct shash_desc **descp = crypto_hash_ctx(hdesc->tfm);
+	struct shash_desc *desc = *descp;
 
 	desc->flags = hdesc->flags;
 
@@ -317,7 +319,8 @@ static int shash_compat_init(struct hash_desc *hdesc)
 static int shash_compat_update(struct hash_desc *hdesc, struct scatterlist *sg,
 			       unsigned int len)
 {
-	struct shash_desc *desc = crypto_hash_ctx(hdesc->tfm);
+	struct shash_desc **descp = crypto_hash_ctx(hdesc->tfm);
+	struct shash_desc *desc = *descp;
 	struct crypto_hash_walk walk;
 	int nbytes;
 
@@ -330,7 +333,9 @@ static int shash_compat_update(struct hash_desc *hdesc, struct scatterlist *sg,
 
 static int shash_compat_final(struct hash_desc *hdesc, u8 *out)
 {
-	return crypto_shash_final(crypto_hash_ctx(hdesc->tfm), out);
+	struct shash_desc **descp = crypto_hash_ctx(hdesc->tfm);
+
+	return crypto_shash_final(*descp, out);
 }
 
 static int shash_compat_digest(struct hash_desc *hdesc, struct scatterlist *sg,
@@ -340,7 +345,8 @@ static int shash_compat_digest(struct hash_desc *hdesc, struct scatterlist *sg,
 	int err;
 
 	if (nbytes < min(sg->length, ((unsigned int)(PAGE_SIZE)) - offset)) {
-		struct shash_desc *desc = crypto_hash_ctx(hdesc->tfm);
+		struct shash_desc **descp = crypto_hash_ctx(hdesc->tfm);
+		struct shash_desc *desc = *descp;
 		void *data;
 
 		desc->flags = hdesc->flags;
@@ -368,9 +374,11 @@ out:
 
 static void crypto_exit_shash_ops_compat(struct crypto_tfm *tfm)
 {
-	struct shash_desc *desc= crypto_tfm_ctx(tfm);
+	struct shash_desc **descp = crypto_tfm_ctx(tfm);
+	struct shash_desc *desc = *descp;
 
 	crypto_free_shash(desc->tfm);
+	kzfree(desc);
 }
 
 static int crypto_init_shash_ops_compat(struct crypto_tfm *tfm)
@@ -378,8 +386,9 @@ static int crypto_init_shash_ops_compat(struct crypto_tfm *tfm)
 	struct hash_tfm *crt = &tfm->crt_hash;
 	struct crypto_alg *calg = tfm->__crt_alg;
 	struct shash_alg *alg = __crypto_shash_alg(calg);
-	struct shash_desc *desc = crypto_tfm_ctx(tfm);
+	struct shash_desc **descp = crypto_tfm_ctx(tfm);
 	struct crypto_shash *shash;
+	struct shash_desc *desc;
 
 	if (!crypto_mod_get(calg))
 		return -EAGAIN;
@@ -390,6 +399,14 @@ static int crypto_init_shash_ops_compat(struct crypto_tfm *tfm)
 		return PTR_ERR(shash);
 	}
 
+	desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(shash),
+		       GFP_KERNEL);
+	if (!desc) {
+		crypto_free_shash(shash);
+		return -ENOMEM;
+	}
+
+	*descp = desc;
 	desc->tfm = shash;
 	tfm->exit = crypto_exit_shash_ops_compat;
 
@@ -419,11 +436,9 @@ static int crypto_init_shash_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
 static unsigned int crypto_shash_ctxsize(struct crypto_alg *alg, u32 type,
 					 u32 mask)
 {
-	struct shash_alg *salg = __crypto_shash_alg(alg);
-
 	switch (mask & CRYPTO_ALG_TYPE_MASK) {
 	case CRYPTO_ALG_TYPE_HASH_MASK:
-		return sizeof(struct shash_desc) + salg->descsize;
+		return sizeof(struct shash_desc *);
 	case CRYPTO_ALG_TYPE_AHASH_MASK:
 		return sizeof(struct crypto_shash *);
 	}
@@ -434,6 +449,9 @@ static unsigned int crypto_shash_ctxsize(struct crypto_alg *alg, u32 type,
 static int crypto_shash_init_tfm(struct crypto_tfm *tfm,
 				 const struct crypto_type *frontend)
 {
+	struct crypto_shash *hash = __crypto_shash_cast(tfm);
+
+	hash->descsize = crypto_shash_alg(hash)->descsize;
 	return 0;
 }
 
@@ -452,7 +470,6 @@ static void crypto_shash_show(struct seq_file *m, struct crypto_alg *alg)
 	seq_printf(m, "type         : shash\n");
 	seq_printf(m, "blocksize    : %u\n", alg->cra_blocksize);
 	seq_printf(m, "digestsize   : %u\n", salg->digestsize);
-	seq_printf(m, "descsize     : %u\n", salg->descsize);
 }
 
 static const struct crypto_type crypto_shash_type = {
diff --git a/include/crypto/hash.h b/include/crypto/hash.h
index f74214a..fcc02d9 100644
--- a/include/crypto/hash.h
+++ b/include/crypto/hash.h
@@ -48,6 +48,7 @@ struct crypto_ahash {
 };
 
 struct crypto_shash {
+	unsigned int descsize;
 	struct crypto_tfm base;
 };
 
@@ -275,7 +276,7 @@ static inline void crypto_shash_clear_flags(struct crypto_shash *tfm, u32 flags)
 
 static inline unsigned int crypto_shash_descsize(struct crypto_shash *tfm)
 {
-	return crypto_shash_alg(tfm)->descsize;
+	return tfm->descsize;
 }
 
 static inline void *shash_desc_ctx(struct shash_desc *desc)
diff --git a/include/crypto/internal/hash.h b/include/crypto/internal/hash.h
index 069b93e..2d1b10f 100644
--- a/include/crypto/internal/hash.h
+++ b/include/crypto/internal/hash.h
@@ -135,7 +135,7 @@ static inline void *crypto_shash_ctx_aligned(struct crypto_shash *tfm)
 
 static inline struct crypto_shash *__crypto_shash_cast(struct crypto_tfm *tfm)
 {
-	return (struct crypto_shash *)tfm;
+	return container_of(tfm, struct crypto_shash, base);
 }
 
 #endif	/* _CRYPTO_INTERNAL_HASH_H */

[PATCH 12/35] crypto: padlock - Switch sha to shash

[Herbert Xu]

crypto: padlock - Switch sha to shash

This patch converts the padlock-sha implementation to shash.
In doing so the existing mechanism of storing the data until
final is no longer viable as we do not have a way of allocating
data in crypto_shash_init and then reliably freeing it.

This is just as well because a better way of handling the problem
is to hash everything but the last chunk using normal sha code
and then provide the intermediate result to the padlock device.

This is good enough because the primary application of padlock-sha
is IPsec and there the data is laid out in the form of an hmac
header followed by the rest of the packet.  In essence we can
provide all the data to the padlock as the hmac header only needs
to be hashed once.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 drivers/crypto/Kconfig       |    2 
 drivers/crypto/padlock-sha.c |  333 ++++++++++++++++++++-----------------------
 2 files changed, 156 insertions(+), 179 deletions(-)

diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig
index 5b27692..1bb4b7f 100644
--- a/drivers/crypto/Kconfig
+++ b/drivers/crypto/Kconfig
@@ -13,7 +13,6 @@ if CRYPTO_HW
 config CRYPTO_DEV_PADLOCK
 	tristate "Support for VIA PadLock ACE"
 	depends on X86 && !UML
-	select CRYPTO_ALGAPI
 	help
 	  Some VIA processors come with an integrated crypto engine
 	  (so called VIA PadLock ACE, Advanced Cryptography Engine)
@@ -39,6 +38,7 @@ config CRYPTO_DEV_PADLOCK_AES
 config CRYPTO_DEV_PADLOCK_SHA
 	tristate "PadLock driver for SHA1 and SHA256 algorithms"
 	depends on CRYPTO_DEV_PADLOCK
+	select CRYPTO_HASH
 	select CRYPTO_SHA1
 	select CRYPTO_SHA256
 	help
diff --git a/drivers/crypto/padlock-sha.c b/drivers/crypto/padlock-sha.c
index 868da54..fb6e6c3 100644
--- a/drivers/crypto/padlock-sha.c
+++ b/drivers/crypto/padlock-sha.c
@@ -24,73 +24,31 @@
 #include <asm/i387.h>
 #include "padlock.h"
 
-struct padlock_sha_ctx {
-	char		*data;
-	size_t		used;
-	int		bypass;
-	void (*f_sha_padlock)(const char *in, char *out, int count);
-	struct shash_desc *fallback;
+struct padlock_sha_desc {
+	struct shash_desc fallback;
 };
 
-static inline struct padlock_sha_ctx *ctx(struct crypto_tfm *tfm)
-{
-	return crypto_tfm_ctx(tfm);
-}
-
-/* We'll need aligned address on the stack */
-#define NEAREST_ALIGNED(ptr) \
-	((void *)ALIGN((size_t)(ptr), PADLOCK_ALIGNMENT))
-
-static struct crypto_alg sha1_alg, sha256_alg;
+struct padlock_sha_ctx {
+	struct crypto_shash *fallback;
+};
 
-static int padlock_sha_bypass(struct crypto_tfm *tfm)
+static int padlock_sha_init(struct shash_desc *desc)
 {
-	int err = 0;
-
-	if (ctx(tfm)->bypass)
-		goto out;
+	struct padlock_sha_desc *dctx = shash_desc_ctx(desc);
+	struct padlock_sha_ctx *ctx = crypto_shash_ctx(desc->tfm);
 
-	err = crypto_shash_init(ctx(tfm)->fallback);
-	if (err)
-		goto out;
-
-	if (ctx(tfm)->data && ctx(tfm)->used)
-		err = crypto_shash_update(ctx(tfm)->fallback, ctx(tfm)->data,
-					  ctx(tfm)->used);
-
-	ctx(tfm)->used = 0;
-	ctx(tfm)->bypass = 1;
-
-out:
-	return err;
+	dctx->fallback.tfm = ctx->fallback;
+	dctx->fallback.flags = desc->flags & CRYPTO_TFM_REQ_MAY_SLEEP;
+	return crypto_shash_init(&dctx->fallback);
 }
 
-static void padlock_sha_init(struct crypto_tfm *tfm)
+static int padlock_sha_update(struct shash_desc *desc,
+			      const u8 *data, unsigned int length)
 {
-	ctx(tfm)->used = 0;
-	ctx(tfm)->bypass = 0;
-}
+	struct padlock_sha_desc *dctx = shash_desc_ctx(desc);
 
-static void padlock_sha_update(struct crypto_tfm *tfm,
-			const uint8_t *data, unsigned int length)
-{
-	int err;
-
-	/* Our buffer is always one page. */
-	if (unlikely(!ctx(tfm)->bypass &&
-		     (ctx(tfm)->used + length > PAGE_SIZE))) {
-		err = padlock_sha_bypass(tfm);
-		BUG_ON(err);
-	}
-
-	if (unlikely(ctx(tfm)->bypass)) {
-		err = crypto_shash_update(ctx(tfm)->fallback, data, length);
-		BUG_ON(err);
-		return;
-	}
-
-	memcpy(ctx(tfm)->data + ctx(tfm)->used, data, length);
-	ctx(tfm)->used += length;
+	dctx->fallback.flags = desc->flags & CRYPTO_TFM_REQ_MAY_SLEEP;
+	return crypto_shash_update(&dctx->fallback, data, length);
 }
 
 static inline void padlock_output_block(uint32_t *src,
@@ -100,88 +58,138 @@ static inline void padlock_output_block(uint32_t *src,
 		*dst++ = swab32(*src++);
 }
 
-static void padlock_do_sha1(const char *in, char *out, int count)
+static int padlock_sha1_finup(struct shash_desc *desc, const u8 *in,
+			      unsigned int count, u8 *out)
 {
 	/* We can't store directly to *out as it may be unaligned. */
 	/* BTW Don't reduce the buffer size below 128 Bytes!
 	 *     PadLock microcode needs it that big. */
-	char buf[128+16];
-	char *result = NEAREST_ALIGNED(buf);
+	char result[128] __attribute__ ((aligned(PADLOCK_ALIGNMENT)));
+	struct padlock_sha_desc *dctx = shash_desc_ctx(desc);
+	struct sha1_state state;
+	unsigned int space;
+	unsigned int leftover;
 	int ts_state;
+	int err;
+
+	dctx->fallback.flags = desc->flags & CRYPTO_TFM_REQ_MAY_SLEEP;
+	err = crypto_shash_export(&dctx->fallback, &state);
+	if (err)
+		goto out;
+
+	if (state.count + count > ULONG_MAX)
+		return crypto_shash_finup(&dctx->fallback, in, count, out);
+
+	leftover = ((state.count - 1) & (SHA1_BLOCK_SIZE - 1)) + 1;
+	space =  SHA1_BLOCK_SIZE - leftover;
+	if (space) {
+		if (count > space) {
+			err = crypto_shash_update(&dctx->fallback, in, space) ?:
+			      crypto_shash_export(&dctx->fallback, &state);
+			if (err)
+				goto out;
+			count -= space;
+			in += space;
+		} else {
+			memcpy(state.buffer + leftover, in, count);
+			in = state.buffer;
+			count += leftover;
+		}
+	}
+
+	memcpy(result, &state.state, SHA1_DIGEST_SIZE);
 
-	((uint32_t *)result)[0] = SHA1_H0;
-	((uint32_t *)result)[1] = SHA1_H1;
-	((uint32_t *)result)[2] = SHA1_H2;
-	((uint32_t *)result)[3] = SHA1_H3;
-	((uint32_t *)result)[4] = SHA1_H4;
- 
 	/* prevent taking the spurious DNA fault with padlock. */
 	ts_state = irq_ts_save();
 	asm volatile (".byte 0xf3,0x0f,0xa6,0xc8" /* rep xsha1 */
-		      : "+S"(in), "+D"(result)
-		      : "c"(count), "a"(0));
+		      : \
+		      : "c"(state.count + count), "a"(state.count), \
+			"S"(in), "D"(result));
 	irq_ts_restore(ts_state);
 
 	padlock_output_block((uint32_t *)result, (uint32_t *)out, 5);
+
+out:
+	return err;
 }
 
-static void padlock_do_sha256(const char *in, char *out, int count)
+static int padlock_sha1_final(struct shash_desc *desc, u8 *out)
+{
+	u8 buf[4];
+
+	return padlock_sha1_finup(desc, buf, 0, out);
+}
+
+static int padlock_sha256_finup(struct shash_desc *desc, const u8 *in,
+				unsigned int count, u8 *out)
 {
 	/* We can't store directly to *out as it may be unaligned. */
 	/* BTW Don't reduce the buffer size below 128 Bytes!
 	 *     PadLock microcode needs it that big. */
-	char buf[128+16];
-	char *result = NEAREST_ALIGNED(buf);
+	char result[128] __attribute__ ((aligned(PADLOCK_ALIGNMENT)));
+	struct padlock_sha_desc *dctx = shash_desc_ctx(desc);
+	struct sha256_state state;
+	unsigned int space;
+	unsigned int leftover;
 	int ts_state;
+	int err;
 
-	((uint32_t *)result)[0] = SHA256_H0;
-	((uint32_t *)result)[1] = SHA256_H1;
-	((uint32_t *)result)[2] = SHA256_H2;
-	((uint32_t *)result)[3] = SHA256_H3;
-	((uint32_t *)result)[4] = SHA256_H4;
-	((uint32_t *)result)[5] = SHA256_H5;
-	((uint32_t *)result)[6] = SHA256_H6;
-	((uint32_t *)result)[7] = SHA256_H7;
+	dctx->fallback.flags = desc->flags & CRYPTO_TFM_REQ_MAY_SLEEP;
+	err = crypto_shash_export(&dctx->fallback, &state);
+	if (err)
+		goto out;
+
+	if (state.count + count > ULONG_MAX)
+		return crypto_shash_finup(&dctx->fallback, in, count, out);
+
+	leftover = ((state.count - 1) & (SHA256_BLOCK_SIZE - 1)) + 1;
+	space =  SHA256_BLOCK_SIZE - leftover;
+	if (space) {
+		if (count > space) {
+			err = crypto_shash_update(&dctx->fallback, in, space) ?:
+			      crypto_shash_export(&dctx->fallback, &state);
+			if (err)
+				goto out;
+			count -= space;
+			in += space;
+		} else {
+			memcpy(state.buf + leftover, in, count);
+			in = state.buf;
+			count += leftover;
+		}
+	}
+
+	memcpy(result, &state.state, SHA256_DIGEST_SIZE);
 
 	/* prevent taking the spurious DNA fault with padlock. */
 	ts_state = irq_ts_save();
 	asm volatile (".byte 0xf3,0x0f,0xa6,0xd0" /* rep xsha256 */
-		      : "+S"(in), "+D"(result)
-		      : "c"(count), "a"(0));
+		      : \
+		      : "c"(state.count + count), "a"(state.count), \
+			"S"(in), "D"(result));
 	irq_ts_restore(ts_state);
 
 	padlock_output_block((uint32_t *)result, (uint32_t *)out, 8);
+
+out:
+	return err;
 }
 
-static void padlock_sha_final(struct crypto_tfm *tfm, uint8_t *out)
+static int padlock_sha256_final(struct shash_desc *desc, u8 *out)
 {
-	int err;
-
-	if (unlikely(ctx(tfm)->bypass)) {
-		err = crypto_shash_final(ctx(tfm)->fallback, out);
-		BUG_ON(err);
-		ctx(tfm)->bypass = 0;
-		return;
-	}
+	u8 buf[4];
 
-	/* Pass the input buffer to PadLock microcode... */
-	ctx(tfm)->f_sha_padlock(ctx(tfm)->data, out, ctx(tfm)->used);
-
-	ctx(tfm)->used = 0;
+	return padlock_sha256_finup(desc, buf, 0, out);
 }
 
 static int padlock_cra_init(struct crypto_tfm *tfm)
 {
+	struct crypto_shash *hash = __crypto_shash_cast(tfm);
 	const char *fallback_driver_name = tfm->__crt_alg->cra_name;
+	struct padlock_sha_ctx *ctx = crypto_tfm_ctx(tfm);
 	struct crypto_shash *fallback_tfm;
 	int err = -ENOMEM;
 
-	/* For now we'll allocate one page. This
-	 * could eventually be configurable one day. */
-	ctx(tfm)->data = (char *)__get_free_page(GFP_KERNEL);
-	if (!ctx(tfm)->data)
-		goto out;
-
 	/* Allocate a fallback and abort if it failed. */
 	fallback_tfm = crypto_alloc_shash(fallback_driver_name, 0,
 					  CRYPTO_ALG_NEED_FALLBACK);
@@ -189,94 +197,63 @@ static int padlock_cra_init(struct crypto_tfm *tfm)
 		printk(KERN_WARNING PFX "Fallback driver '%s' could not be loaded!\n",
 		       fallback_driver_name);
 		err = PTR_ERR(fallback_tfm);
-		goto out_free_page;
+		goto out;
 	}
 
-	ctx(tfm)->fallback = kmalloc(sizeof(struct shash_desc) +
-				     crypto_shash_descsize(fallback_tfm),
-				     GFP_KERNEL);
-	if (!ctx(tfm)->fallback)
-		goto out_free_tfm;
-
-	ctx(tfm)->fallback->tfm = fallback_tfm;
-	ctx(tfm)->fallback->flags = 0;
+	ctx->fallback = fallback_tfm;
+	hash->descsize += crypto_shash_descsize(fallback_tfm);
 	return 0;
 
-out_free_tfm:
-	crypto_free_shash(fallback_tfm);
-out_free_page:
-	free_page((unsigned long)(ctx(tfm)->data));
 out:
 	return err;
 }
 
-static int padlock_sha1_cra_init(struct crypto_tfm *tfm)
-{
-	ctx(tfm)->f_sha_padlock = padlock_do_sha1;
-
-	return padlock_cra_init(tfm);
-}
-
-static int padlock_sha256_cra_init(struct crypto_tfm *tfm)
-{
-	ctx(tfm)->f_sha_padlock = padlock_do_sha256;
-
-	return padlock_cra_init(tfm);
-}
-
 static void padlock_cra_exit(struct crypto_tfm *tfm)
 {
-	if (ctx(tfm)->data) {
-		free_page((unsigned long)(ctx(tfm)->data));
-		ctx(tfm)->data = NULL;
-	}
-
-	crypto_free_shash(ctx(tfm)->fallback->tfm);
+	struct padlock_sha_ctx *ctx = crypto_tfm_ctx(tfm);
 
-	kzfree(ctx(tfm)->fallback);
+	crypto_free_shash(ctx->fallback);
 }
 
-static struct crypto_alg sha1_alg = {
-	.cra_name		=	"sha1",
-	.cra_driver_name	=	"sha1-padlock",
-	.cra_priority		=	PADLOCK_CRA_PRIORITY,
-	.cra_flags		=	CRYPTO_ALG_TYPE_DIGEST |
-					CRYPTO_ALG_NEED_FALLBACK,
-	.cra_blocksize		=	SHA1_BLOCK_SIZE,
-	.cra_ctxsize		=	sizeof(struct padlock_sha_ctx),
-	.cra_module		=	THIS_MODULE,
-	.cra_list		=	LIST_HEAD_INIT(sha1_alg.cra_list),
-	.cra_init		=	padlock_sha1_cra_init,
-	.cra_exit		=	padlock_cra_exit,
-	.cra_u			=	{
-		.digest = {
-			.dia_digestsize	=	SHA1_DIGEST_SIZE,
-			.dia_init   	= 	padlock_sha_init,
-			.dia_update 	=	padlock_sha_update,
-			.dia_final  	=	padlock_sha_final,
-		}
+static struct shash_alg sha1_alg = {
+	.digestsize	=	SHA1_DIGEST_SIZE,
+	.init   	= 	padlock_sha_init,
+	.update 	=	padlock_sha_update,
+	.finup  	=	padlock_sha1_finup,
+	.final  	=	padlock_sha1_final,
+	.descsize	=	sizeof(struct padlock_sha_desc),
+	.base		=	{
+		.cra_name		=	"sha1",
+		.cra_driver_name	=	"sha1-padlock",
+		.cra_priority		=	PADLOCK_CRA_PRIORITY,
+		.cra_flags		=	CRYPTO_ALG_TYPE_SHASH |
+						CRYPTO_ALG_NEED_FALLBACK,
+		.cra_blocksize		=	SHA1_BLOCK_SIZE,
+		.cra_ctxsize		=	sizeof(struct padlock_sha_ctx),
+		.cra_module		=	THIS_MODULE,
+		.cra_init		=	padlock_cra_init,
+		.cra_exit		=	padlock_cra_exit,
 	}
 };
 
-static struct crypto_alg sha256_alg = {
-	.cra_name		=	"sha256",
-	.cra_driver_name	=	"sha256-padlock",
-	.cra_priority		=	PADLOCK_CRA_PRIORITY,
-	.cra_flags		=	CRYPTO_ALG_TYPE_DIGEST |
-					CRYPTO_ALG_NEED_FALLBACK,
-	.cra_blocksize		=	SHA256_BLOCK_SIZE,
-	.cra_ctxsize		=	sizeof(struct padlock_sha_ctx),
-	.cra_module		=	THIS_MODULE,
-	.cra_list		=	LIST_HEAD_INIT(sha256_alg.cra_list),
-	.cra_init		=	padlock_sha256_cra_init,
-	.cra_exit		=	padlock_cra_exit,
-	.cra_u			=	{
-		.digest = {
-			.dia_digestsize	=	SHA256_DIGEST_SIZE,
-			.dia_init   	= 	padlock_sha_init,
-			.dia_update 	=	padlock_sha_update,
-			.dia_final  	=	padlock_sha_final,
-		}
+static struct shash_alg sha256_alg = {
+	.digestsize	=	SHA256_DIGEST_SIZE,
+	.init   	= 	padlock_sha_init,
+	.update 	=	padlock_sha_update,
+	.finup  	=	padlock_sha256_finup,
+	.final  	=	padlock_sha256_final,
+	.descsize	=	sizeof(struct padlock_sha_desc),
+	.base		=	{
+		.cra_name		=	"sha256",
+		.cra_driver_name	=	"sha256-padlock",
+		.cra_priority		=	PADLOCK_CRA_PRIORITY,
+		.cra_flags		=	CRYPTO_ALG_TYPE_SHASH |
+						CRYPTO_ALG_NEED_FALLBACK,
+		.cra_blocksize		=	SHA256_BLOCK_SIZE,
+		.cra_ctxsize		=	sizeof(struct padlock_sha_ctx),
+		.cra_module		=	THIS_MODULE,
+		.cra_init		=	padlock_cra_init,
+		.cra_exit		=	padlock_cra_exit,
 	}
 };
 
@@ -294,11 +271,11 @@ static int __init padlock_init(void)
 		return -ENODEV;
 	}
 
-	rc = crypto_register_alg(&sha1_alg);
+	rc = crypto_register_shash(&sha1_alg);
 	if (rc)
 		goto out;
 
-	rc = crypto_register_alg(&sha256_alg);
+	rc = crypto_register_shash(&sha256_alg);
 	if (rc)
 		goto out_unreg1;
 
@@ -307,7 +284,7 @@ static int __init padlock_init(void)
 	return 0;
 
 out_unreg1:
-	crypto_unregister_alg(&sha1_alg);
+	crypto_unregister_shash(&sha1_alg);
 out:
 	printk(KERN_ERR PFX "VIA PadLock SHA1/SHA256 initialization failed.\n");
 	return rc;
@@ -315,8 +292,8 @@ out:
 
 static void __exit padlock_fini(void)
 {
-	crypto_unregister_alg(&sha1_alg);
-	crypto_unregister_alg(&sha256_alg);
+	crypto_unregister_shash(&sha1_alg);
+	crypto_unregister_shash(&sha256_alg);
 }
 
 module_init(padlock_init);

[PATCH 13/35] crypto: hmac - Switch to shash

[Herbert Xu]

crypto: hmac - Switch to shash

This patch changes hmac to the new shash interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 crypto/hmac.c |  271 ++++++++++++++++++++++++----------------------------------
 1 file changed, 114 insertions(+), 157 deletions(-)

diff --git a/crypto/hmac.c b/crypto/hmac.c
index 0ad39c3..e373427 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -27,7 +27,7 @@
 #include <linux/string.h>
 
 struct hmac_ctx {
-	struct crypto_hash *child;
+	struct shash_desc *desc;
 };
 
 static inline void *align_ptr(void *p, unsigned int align)
@@ -35,57 +35,33 @@ static inline void *align_ptr(void *p, unsigned int align)
 	return (void *)ALIGN((unsigned long)p, align);
 }
 
-static inline struct hmac_ctx *hmac_ctx(struct crypto_hash *tfm)
+static inline struct hmac_ctx *hmac_ctx(struct crypto_shash *tfm)
 {
-	return align_ptr(crypto_hash_ctx_aligned(tfm) +
-			 crypto_hash_blocksize(tfm) * 2 +
-			 crypto_hash_digestsize(tfm), sizeof(void *));
+	return align_ptr(crypto_shash_ctx_aligned(tfm) +
+			 crypto_shash_blocksize(tfm) * 2 +
+			 crypto_shash_digestsize(tfm),
+			 crypto_tfm_ctx_alignment());
 }
 
-static int hmac_setkey(struct crypto_hash *parent,
+static int hmac_setkey(struct crypto_shash *parent,
 		       const u8 *inkey, unsigned int keylen)
 {
-	int bs = crypto_hash_blocksize(parent);
-	int ds = crypto_hash_digestsize(parent);
-	char *ipad = crypto_hash_ctx_aligned(parent);
+	int bs = crypto_shash_blocksize(parent);
+	int ds = crypto_shash_digestsize(parent);
+	char *ipad = crypto_shash_ctx_aligned(parent);
 	char *opad = ipad + bs;
 	char *digest = opad + bs;
-	struct hmac_ctx *ctx = align_ptr(digest + ds, sizeof(void *));
-	struct crypto_hash *tfm = ctx->child;
+	struct hmac_ctx *ctx = align_ptr(digest + ds,
+					 crypto_tfm_ctx_alignment());
 	unsigned int i;
 
 	if (keylen > bs) {
-		struct hash_desc desc;
-		struct scatterlist tmp;
-		int tmplen;
 		int err;
 
-		desc.tfm = tfm;
-		desc.flags = crypto_hash_get_flags(parent);
-		desc.flags &= CRYPTO_TFM_REQ_MAY_SLEEP;
+		ctx->desc->flags = crypto_shash_get_flags(parent) &
+				   CRYPTO_TFM_REQ_MAY_SLEEP;
 
-		err = crypto_hash_init(&desc);
-		if (err)
-			return err;
-
-		tmplen = bs * 2 + ds;
-		sg_init_one(&tmp, ipad, tmplen);
-
-		for (; keylen > tmplen; inkey += tmplen, keylen -= tmplen) {
-			memcpy(ipad, inkey, tmplen);
-			err = crypto_hash_update(&desc, &tmp, tmplen);
-			if (err)
-				return err;
-		}
-
-		if (keylen) {
-			memcpy(ipad, inkey, keylen);
-			err = crypto_hash_update(&desc, &tmp, keylen);
-			if (err)
-				return err;
-		}
-
-		err = crypto_hash_final(&desc, digest);
+		err = crypto_shash_digest(ctx->desc, inkey, keylen, digest);
 		if (err)
 			return err;
 
@@ -105,181 +81,162 @@ static int hmac_setkey(struct crypto_hash *parent,
 	return 0;
 }
 
-static int hmac_init(struct hash_desc *pdesc)
+static int hmac_init(struct shash_desc *pdesc)
 {
-	struct crypto_hash *parent = pdesc->tfm;
-	int bs = crypto_hash_blocksize(parent);
-	int ds = crypto_hash_digestsize(parent);
-	char *ipad = crypto_hash_ctx_aligned(parent);
-	struct hmac_ctx *ctx = align_ptr(ipad + bs * 2 + ds, sizeof(void *));
-	struct hash_desc desc;
-	struct scatterlist tmp;
-	int err;
-
-	desc.tfm = ctx->child;
-	desc.flags = pdesc->flags & CRYPTO_TFM_REQ_MAY_SLEEP;
-	sg_init_one(&tmp, ipad, bs);
-
-	err = crypto_hash_init(&desc);
-	if (unlikely(err))
-		return err;
-
-	return crypto_hash_update(&desc, &tmp, bs);
+	struct crypto_shash *parent = pdesc->tfm;
+	int bs = crypto_shash_blocksize(parent);
+	int ds = crypto_shash_digestsize(parent);
+	char *ipad = crypto_shash_ctx_aligned(parent);
+	struct hmac_ctx *ctx = align_ptr(ipad + bs * 2 + ds,
+					 crypto_tfm_ctx_alignment());
+	struct shash_desc *desc = shash_desc_ctx(pdesc);
+
+	desc->tfm = ctx->desc->tfm;
+	desc->flags = pdesc->flags & CRYPTO_TFM_REQ_MAY_SLEEP;
+
+	return crypto_shash_init(desc) ?:
+	       crypto_shash_update(desc, ipad, bs);
 }
 
-static int hmac_update(struct hash_desc *pdesc,
-		       struct scatterlist *sg, unsigned int nbytes)
+static int hmac_update(struct shash_desc *pdesc,
+		       const u8 *data, unsigned int nbytes)
 {
-	struct hmac_ctx *ctx = hmac_ctx(pdesc->tfm);
-	struct hash_desc desc;
+	struct shash_desc *desc = shash_desc_ctx(pdesc);
 
-	desc.tfm = ctx->child;
-	desc.flags = pdesc->flags & CRYPTO_TFM_REQ_MAY_SLEEP;
+	desc->flags = pdesc->flags & CRYPTO_TFM_REQ_MAY_SLEEP;
 
-	return crypto_hash_update(&desc, sg, nbytes);
+	return crypto_shash_update(desc, data, nbytes);
 }
 
-static int hmac_final(struct hash_desc *pdesc, u8 *out)
+static int hmac_final(struct shash_desc *pdesc, u8 *out)
 {
-	struct crypto_hash *parent = pdesc->tfm;
-	int bs = crypto_hash_blocksize(parent);
-	int ds = crypto_hash_digestsize(parent);
-	char *opad = crypto_hash_ctx_aligned(parent) + bs;
+	struct crypto_shash *parent = pdesc->tfm;
+	int bs = crypto_shash_blocksize(parent);
+	int ds = crypto_shash_digestsize(parent);
+	char *opad = crypto_shash_ctx_aligned(parent) + bs;
 	char *digest = opad + bs;
-	struct hmac_ctx *ctx = align_ptr(digest + ds, sizeof(void *));
-	struct hash_desc desc;
-	struct scatterlist tmp;
-	int err;
-
-	desc.tfm = ctx->child;
-	desc.flags = pdesc->flags & CRYPTO_TFM_REQ_MAY_SLEEP;
-	sg_init_one(&tmp, opad, bs + ds);
+	struct shash_desc *desc = shash_desc_ctx(pdesc);
 
-	err = crypto_hash_final(&desc, digest);
-	if (unlikely(err))
-		return err;
+	desc->flags = pdesc->flags & CRYPTO_TFM_REQ_MAY_SLEEP;
 
-	return crypto_hash_digest(&desc, &tmp, bs + ds, out);
+	return crypto_shash_final(desc, digest) ?:
+	       crypto_shash_digest(desc, opad, bs + ds, out);
 }
 
-static int hmac_digest(struct hash_desc *pdesc, struct scatterlist *sg,
-		       unsigned int nbytes, u8 *out)
+static int hmac_finup(struct shash_desc *pdesc, const u8 *data,
+		      unsigned int nbytes, u8 *out)
 {
-	struct crypto_hash *parent = pdesc->tfm;
-	int bs = crypto_hash_blocksize(parent);
-	int ds = crypto_hash_digestsize(parent);
-	char *ipad = crypto_hash_ctx_aligned(parent);
-	char *opad = ipad + bs;
-	char *digest = opad + bs;
-	struct hmac_ctx *ctx = align_ptr(digest + ds, sizeof(void *));
-	struct hash_desc desc;
-	struct scatterlist sg1[2];
-	struct scatterlist sg2[1];
-	int err;
 
-	desc.tfm = ctx->child;
-	desc.flags = pdesc->flags & CRYPTO_TFM_REQ_MAY_SLEEP;
-
-	sg_init_table(sg1, 2);
-	sg_set_buf(sg1, ipad, bs);
-	scatterwalk_sg_chain(sg1, 2, sg);
+	struct crypto_shash *parent = pdesc->tfm;
+	int bs = crypto_shash_blocksize(parent);
+	int ds = crypto_shash_digestsize(parent);
+	char *opad = crypto_shash_ctx_aligned(parent) + bs;
+	char *digest = opad + bs;
+	struct shash_desc *desc = shash_desc_ctx(pdesc);
 
-	sg_init_table(sg2, 1);
-	sg_set_buf(sg2, opad, bs + ds);
+	desc->flags = pdesc->flags & CRYPTO_TFM_REQ_MAY_SLEEP;
 
-	err = crypto_hash_digest(&desc, sg1, nbytes + bs, digest);
-	if (unlikely(err))
-		return err;
-
-	return crypto_hash_digest(&desc, sg2, bs + ds, out);
+	return crypto_shash_finup(desc, data, nbytes, digest) ?:
+	       crypto_shash_digest(desc, opad, bs + ds, out);
 }
 
 static int hmac_init_tfm(struct crypto_tfm *tfm)
 {
-	struct crypto_hash *hash;
+	struct crypto_shash *parent = __crypto_shash_cast(tfm);
+	struct crypto_shash *hash;
 	struct crypto_instance *inst = (void *)tfm->__crt_alg;
-	struct crypto_spawn *spawn = crypto_instance_ctx(inst);
-	struct hmac_ctx *ctx = hmac_ctx(__crypto_hash_cast(tfm));
+	struct crypto_shash_spawn *spawn = crypto_instance_ctx(inst);
+	struct hmac_ctx *ctx = hmac_ctx(parent);
 
-	hash = crypto_spawn_hash(spawn);
+	hash = crypto_spawn_shash(spawn);
 	if (IS_ERR(hash))
 		return PTR_ERR(hash);
 
-	ctx->child = hash;
+	parent->descsize = sizeof(struct shash_desc) +
+			   crypto_shash_descsize(hash);
+
+	ctx->desc = kmalloc(parent->descsize, GFP_KERNEL);
+	if (!ctx->desc) {
+		crypto_free_shash(hash);
+		return -ENOMEM;
+	}
+
+	ctx->desc->tfm = hash;
 	return 0;
 }
 
 static void hmac_exit_tfm(struct crypto_tfm *tfm)
 {
-	struct hmac_ctx *ctx = hmac_ctx(__crypto_hash_cast(tfm));
-	crypto_free_hash(ctx->child);
+	struct hmac_ctx *ctx = hmac_ctx(__crypto_shash_cast(tfm));
+	crypto_free_shash(ctx->desc->tfm);
+	kzfree(ctx->desc);
 }
 
-static void hmac_free(struct crypto_instance *inst)
+static int hmac_create(struct crypto_template *tmpl, struct rtattr **tb)
 {
-	crypto_drop_spawn(crypto_instance_ctx(inst));
-	kfree(inst);
-}
-
-static struct crypto_instance *hmac_alloc(struct rtattr **tb)
-{
-	struct crypto_instance *inst;
+	struct shash_instance *inst;
 	struct crypto_alg *alg;
+	struct shash_alg *salg;
 	int err;
 	int ds;
 
-	err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_HASH);
+	err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_SHASH);
 	if (err)
-		return ERR_PTR(err);
-
-	alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_HASH,
-				  CRYPTO_ALG_TYPE_HASH_MASK);
-	if (IS_ERR(alg))
-		return ERR_CAST(alg);
-
-	inst = ERR_PTR(-EINVAL);
-	ds = alg->cra_type == &crypto_hash_type ?
-	     alg->cra_hash.digestsize :
-	     alg->cra_type ?
-	     __crypto_shash_alg(alg)->digestsize :
-	     alg->cra_digest.dia_digestsize;
+		return err;
+
+	salg = shash_attr_alg(tb[1], 0, 0);
+	if (IS_ERR(salg))
+		return PTR_ERR(salg);
+
+	err = -EINVAL;
+	ds = salg->digestsize;
+	alg = &salg->base;
 	if (ds > alg->cra_blocksize)
 		goto out_put_alg;
 
-	inst = crypto_alloc_instance("hmac", alg);
+	inst = shash_alloc_instance("hmac", alg);
 	if (IS_ERR(inst))
 		goto out_put_alg;
 
-	inst->alg.cra_flags = CRYPTO_ALG_TYPE_HASH;
-	inst->alg.cra_priority = alg->cra_priority;
-	inst->alg.cra_blocksize = alg->cra_blocksize;
-	inst->alg.cra_alignmask = alg->cra_alignmask;
-	inst->alg.cra_type = &crypto_hash_type;
+	err = crypto_init_shash_spawn(shash_instance_ctx(inst), salg,
+				      shash_crypto_instance(inst));
+	if (err)
+		goto out_free_inst;
+
+	inst->alg.base.cra_priority = alg->cra_priority;
+	inst->alg.base.cra_blocksize = alg->cra_blocksize;
+	inst->alg.base.cra_alignmask = alg->cra_alignmask;
 
-	inst->alg.cra_hash.digestsize = ds;
+	inst->alg.digestsize = ds;
 
-	inst->alg.cra_ctxsize = sizeof(struct hmac_ctx) +
-				ALIGN(inst->alg.cra_blocksize * 2 + ds,
-				      sizeof(void *));
+	inst->alg.base.cra_ctxsize = sizeof(struct hmac_ctx) +
+				     ALIGN(alg->cra_blocksize * 2 + ds,
+					   crypto_tfm_ctx_alignment());
 
-	inst->alg.cra_init = hmac_init_tfm;
-	inst->alg.cra_exit = hmac_exit_tfm;
+	inst->alg.base.cra_init = hmac_init_tfm;
+	inst->alg.base.cra_exit = hmac_exit_tfm;
 
-	inst->alg.cra_hash.init = hmac_init;
-	inst->alg.cra_hash.update = hmac_update;
-	inst->alg.cra_hash.final = hmac_final;
-	inst->alg.cra_hash.digest = hmac_digest;
-	inst->alg.cra_hash.setkey = hmac_setkey;
+	inst->alg.init = hmac_init;
+	inst->alg.update = hmac_update;
+	inst->alg.final = hmac_final;
+	inst->alg.finup = hmac_finup;
+	inst->alg.setkey = hmac_setkey;
+
+	err = shash_register_instance(tmpl, inst);
+	if (err) {
+out_free_inst:
+		shash_free_instance(shash_crypto_instance(inst));
+	}
 
 out_put_alg:
 	crypto_mod_put(alg);
-	return inst;
+	return err;
 }
 
 static struct crypto_template hmac_tmpl = {
 	.name = "hmac",
-	.alloc = hmac_alloc,
-	.free = hmac_free,
+	.create = hmac_create,
+	.free = shash_free_instance,
 	.module = THIS_MODULE,
 };
 

[PATCH 14/35] crypto: xcbc - Switch to shash

[Herbert Xu]

crypto: xcbc - Switch to shash

This patch converts the xcbc algorithm to the new shash type.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 crypto/xcbc.c |  235 +++++++++++++++++++++-------------------------------------
 1 file changed, 87 insertions(+), 148 deletions(-)

diff --git a/crypto/xcbc.c b/crypto/xcbc.c
index b63b633..b2cc855 100644
--- a/crypto/xcbc.c
+++ b/crypto/xcbc.c
@@ -19,15 +19,9 @@
  * 	Kazunori Miyazawa <miyazawa@linux-ipv6.org>
  */
 
-#include <crypto/scatterwalk.h>
-#include <linux/crypto.h>
+#include <crypto/internal/hash.h>
 #include <linux/err.h>
-#include <linux/hardirq.h>
 #include <linux/kernel.h>
-#include <linux/mm.h>
-#include <linux/rtnetlink.h>
-#include <linux/slab.h>
-#include <linux/scatterlist.h>
 
 static u_int32_t ks[12] = {0x01010101, 0x01010101, 0x01010101, 0x01010101,
 			   0x02020202, 0x02020202, 0x02020202, 0x02020202,
@@ -66,10 +60,10 @@ static void xor_128(u8 *a, const u8 *b, unsigned int bs)
 	((u32 *)a)[3] ^= ((u32 *)b)[3];
 }
 
-static int _crypto_xcbc_digest_setkey(struct crypto_hash *parent,
+static int _crypto_xcbc_digest_setkey(struct crypto_shash *parent,
 				      struct crypto_xcbc_ctx *ctx)
 {
-	int bs = crypto_hash_blocksize(parent);
+	int bs = crypto_shash_blocksize(parent);
 	int err = 0;
 	u8 key1[bs];
 
@@ -81,10 +75,10 @@ static int _crypto_xcbc_digest_setkey(struct crypto_hash *parent,
 	return crypto_cipher_setkey(ctx->child, key1, bs);
 }
 
-static int crypto_xcbc_digest_setkey(struct crypto_hash *parent,
+static int crypto_xcbc_digest_setkey(struct crypto_shash *parent,
 				     const u8 *inkey, unsigned int keylen)
 {
-	struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent);
+	struct crypto_xcbc_ctx *ctx = crypto_shash_ctx(parent);
 
 	if (keylen != crypto_cipher_blocksize(ctx->child))
 		return -EINVAL;
@@ -96,10 +90,10 @@ static int crypto_xcbc_digest_setkey(struct crypto_hash *parent,
 	return _crypto_xcbc_digest_setkey(parent, ctx);
 }
 
-static int crypto_xcbc_digest_init(struct hash_desc *pdesc)
+static int crypto_xcbc_digest_init(struct shash_desc *pdesc)
 {
-	struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(pdesc->tfm);
-	int bs = crypto_hash_blocksize(pdesc->tfm);
+	struct crypto_xcbc_ctx *ctx = crypto_shash_ctx(pdesc->tfm);
+	int bs = crypto_shash_blocksize(pdesc->tfm);
 
 	ctx->len = 0;
 	memset(ctx->odds, 0, bs);
@@ -108,102 +102,55 @@ static int crypto_xcbc_digest_init(struct hash_desc *pdesc)
 	return 0;
 }
 
-static int crypto_xcbc_digest_update2(struct hash_desc *pdesc,
-				      struct scatterlist *sg,
-				      unsigned int nbytes)
+static int crypto_xcbc_digest_update(struct shash_desc *pdesc, const u8 *p,
+				     unsigned int len)
 {
-	struct crypto_hash *parent = pdesc->tfm;
-	struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent);
+	struct crypto_shash *parent = pdesc->tfm;
+	struct crypto_xcbc_ctx *ctx = crypto_shash_ctx(parent);
 	struct crypto_cipher *tfm = ctx->child;
-	int bs = crypto_hash_blocksize(parent);
-
-	for (;;) {
-		struct page *pg = sg_page(sg);
-		unsigned int offset = sg->offset;
-		unsigned int slen = sg->length;
-
-		if (unlikely(slen > nbytes))
-			slen = nbytes;
-
-		nbytes -= slen;
-
-		while (slen > 0) {
-			unsigned int len = min(slen, ((unsigned int)(PAGE_SIZE)) - offset);
-			char *p = crypto_kmap(pg, 0) + offset;
-
-			/* checking the data can fill the block */
-			if ((ctx->len + len) <= bs) {
-				memcpy(ctx->odds + ctx->len, p, len);
-				ctx->len += len;
-				slen -= len;
-
-				/* checking the rest of the page */
-				if (len + offset >= PAGE_SIZE) {
-					offset = 0;
-					pg++;
-				} else
-					offset += len;
-
-				crypto_kunmap(p, 0);
-				crypto_yield(pdesc->flags);
-				continue;
-			}
-
-			/* filling odds with new data and encrypting it */
-			memcpy(ctx->odds + ctx->len, p, bs - ctx->len);
-			len -= bs - ctx->len;
-			p += bs - ctx->len;
-
-			ctx->xor(ctx->prev, ctx->odds, bs);
-			crypto_cipher_encrypt_one(tfm, ctx->prev, ctx->prev);
-
-			/* clearing the length */
-			ctx->len = 0;
-
-			/* encrypting the rest of data */
-			while (len > bs) {
-				ctx->xor(ctx->prev, p, bs);
-				crypto_cipher_encrypt_one(tfm, ctx->prev,
-							  ctx->prev);
-				p += bs;
-				len -= bs;
-			}
-
-			/* keeping the surplus of blocksize */
-			if (len) {
-				memcpy(ctx->odds, p, len);
-				ctx->len = len;
-			}
-			crypto_kunmap(p, 0);
-			crypto_yield(pdesc->flags);
-			slen -= min(slen, ((unsigned int)(PAGE_SIZE)) - offset);
-			offset = 0;
-			pg++;
-		}
-
-		if (!nbytes)
-			break;
-		sg = scatterwalk_sg_next(sg);
+	int bs = crypto_shash_blocksize(parent);
+
+	/* checking the data can fill the block */
+	if ((ctx->len + len) <= bs) {
+		memcpy(ctx->odds + ctx->len, p, len);
+		ctx->len += len;
+		return 0;
 	}
 
-	return 0;
-}
+	/* filling odds with new data and encrypting it */
+	memcpy(ctx->odds + ctx->len, p, bs - ctx->len);
+	len -= bs - ctx->len;
+	p += bs - ctx->len;
 
-static int crypto_xcbc_digest_update(struct hash_desc *pdesc,
-				     struct scatterlist *sg,
-				     unsigned int nbytes)
-{
-	if (WARN_ON_ONCE(in_irq()))
-		return -EDEADLK;
-	return crypto_xcbc_digest_update2(pdesc, sg, nbytes);
+	ctx->xor(ctx->prev, ctx->odds, bs);
+	crypto_cipher_encrypt_one(tfm, ctx->prev, ctx->prev);
+
+	/* clearing the length */
+	ctx->len = 0;
+
+	/* encrypting the rest of data */
+	while (len > bs) {
+		ctx->xor(ctx->prev, p, bs);
+		crypto_cipher_encrypt_one(tfm, ctx->prev, ctx->prev);
+		p += bs;
+		len -= bs;
+	}
+
+	/* keeping the surplus of blocksize */
+	if (len) {
+		memcpy(ctx->odds, p, len);
+		ctx->len = len;
+	}
+
+	return 0;
 }
 
-static int crypto_xcbc_digest_final(struct hash_desc *pdesc, u8 *out)
+static int crypto_xcbc_digest_final(struct shash_desc *pdesc, u8 *out)
 {
-	struct crypto_hash *parent = pdesc->tfm;
-	struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent);
+	struct crypto_shash *parent = pdesc->tfm;
+	struct crypto_xcbc_ctx *ctx = crypto_shash_ctx(parent);
 	struct crypto_cipher *tfm = ctx->child;
-	int bs = crypto_hash_blocksize(parent);
+	int bs = crypto_shash_blocksize(parent);
 	int err = 0;
 
 	if (ctx->len == bs) {
@@ -248,24 +195,13 @@ static int crypto_xcbc_digest_final(struct hash_desc *pdesc, u8 *out)
 	return 0;
 }
 
-static int crypto_xcbc_digest(struct hash_desc *pdesc,
-		  struct scatterlist *sg, unsigned int nbytes, u8 *out)
-{
-	if (WARN_ON_ONCE(in_irq()))
-		return -EDEADLK;
-
-	crypto_xcbc_digest_init(pdesc);
-	crypto_xcbc_digest_update2(pdesc, sg, nbytes);
-	return crypto_xcbc_digest_final(pdesc, out);
-}
-
 static int xcbc_init_tfm(struct crypto_tfm *tfm)
 {
 	struct crypto_cipher *cipher;
 	struct crypto_instance *inst = (void *)tfm->__crt_alg;
 	struct crypto_spawn *spawn = crypto_instance_ctx(inst);
-	struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(__crypto_hash_cast(tfm));
-	int bs = crypto_hash_blocksize(__crypto_hash_cast(tfm));
+	struct crypto_xcbc_ctx *ctx = crypto_tfm_ctx(tfm);
+	int bs = crypto_tfm_alg_blocksize(tfm);
 
 	cipher = crypto_spawn_cipher(spawn);
 	if (IS_ERR(cipher))
@@ -289,70 +225,73 @@ static int xcbc_init_tfm(struct crypto_tfm *tfm)
 
 static void xcbc_exit_tfm(struct crypto_tfm *tfm)
 {
-	struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(__crypto_hash_cast(tfm));
+	struct crypto_xcbc_ctx *ctx = crypto_tfm_ctx(tfm);
 	crypto_free_cipher(ctx->child);
 }
 
-static struct crypto_instance *xcbc_alloc(struct rtattr **tb)
+static int xcbc_create(struct crypto_template *tmpl, struct rtattr **tb)
 {
-	struct crypto_instance *inst;
+	struct shash_instance *inst;
 	struct crypto_alg *alg;
 	int err;
 
-	err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_HASH);
+	err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_SHASH);
 	if (err)
-		return ERR_PTR(err);
+		return err;
 
 	alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_CIPHER,
 				  CRYPTO_ALG_TYPE_MASK);
 	if (IS_ERR(alg))
-		return ERR_CAST(alg);
+		return PTR_ERR(alg);
 
 	switch(alg->cra_blocksize) {
 	case 16:
 		break;
 	default:
-		inst = ERR_PTR(-EINVAL);
 		goto out_put_alg;
 	}
 
-	inst = crypto_alloc_instance("xcbc", alg);
+	inst = shash_alloc_instance("xcbc", alg);
 	if (IS_ERR(inst))
 		goto out_put_alg;
 
-	inst->alg.cra_flags = CRYPTO_ALG_TYPE_HASH;
-	inst->alg.cra_priority = alg->cra_priority;
-	inst->alg.cra_blocksize = alg->cra_blocksize;
-	inst->alg.cra_alignmask = alg->cra_alignmask;
-	inst->alg.cra_type = &crypto_hash_type;
-
-	inst->alg.cra_hash.digestsize = alg->cra_blocksize;
-	inst->alg.cra_ctxsize = sizeof(struct crypto_xcbc_ctx) +
-				ALIGN(inst->alg.cra_blocksize * 3, sizeof(void *));
-	inst->alg.cra_init = xcbc_init_tfm;
-	inst->alg.cra_exit = xcbc_exit_tfm;
-
-	inst->alg.cra_hash.init = crypto_xcbc_digest_init;
-	inst->alg.cra_hash.update = crypto_xcbc_digest_update;
-	inst->alg.cra_hash.final = crypto_xcbc_digest_final;
-	inst->alg.cra_hash.digest = crypto_xcbc_digest;
-	inst->alg.cra_hash.setkey = crypto_xcbc_digest_setkey;
+	err = crypto_init_spawn(shash_instance_ctx(inst), alg,
+				shash_crypto_instance(inst),
+				CRYPTO_ALG_TYPE_MASK);
+	if (err)
+		goto out_free_inst;
+
+	inst->alg.base.cra_priority = alg->cra_priority;
+	inst->alg.base.cra_blocksize = alg->cra_blocksize;
+	inst->alg.base.cra_alignmask = alg->cra_alignmask;
+
+	inst->alg.digestsize = alg->cra_blocksize;
+	inst->alg.base.cra_ctxsize = sizeof(struct crypto_xcbc_ctx) +
+				     ALIGN(alg->cra_blocksize * 3,
+					   sizeof(void *));
+	inst->alg.base.cra_init = xcbc_init_tfm;
+	inst->alg.base.cra_exit = xcbc_exit_tfm;
+
+	inst->alg.init = crypto_xcbc_digest_init;
+	inst->alg.update = crypto_xcbc_digest_update;
+	inst->alg.final = crypto_xcbc_digest_final;
+	inst->alg.setkey = crypto_xcbc_digest_setkey;
+
+	err = shash_register_instance(tmpl, inst);
+	if (err) {
+out_free_inst:
+		shash_free_instance(shash_crypto_instance(inst));
+	}
 
 out_put_alg:
 	crypto_mod_put(alg);
-	return inst;
-}

[PATCH 15/35] crypto: authenc - Remove reference to crypto_hash

[Herbert Xu]

crypto: authenc - Remove reference to crypto_hash

Now that there are no more legacy hash implementations we can
remove the reference to crypto_hash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 crypto/authenc.c |    6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/crypto/authenc.c b/crypto/authenc.c
index 5793b64..2e16ce0 100644
--- a/crypto/authenc.c
+++ b/crypto/authenc.c
@@ -436,11 +436,7 @@ static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb)
 	inst->alg.cra_type = &crypto_aead_type;
 
 	inst->alg.cra_aead.ivsize = enc->cra_ablkcipher.ivsize;
-	inst->alg.cra_aead.maxauthsize = auth->cra_type == &crypto_hash_type ?
-					 auth->cra_hash.digestsize :
-					 auth->cra_type ?
-					 __crypto_shash_alg(auth)->digestsize :
-					 auth->cra_digest.dia_digestsize;
+	inst->alg.cra_aead.maxauthsize = __crypto_shash_alg(auth)->digestsize;
 
 	inst->alg.cra_ctxsize = sizeof(struct crypto_authenc_ctx);
 

[PATCH 16/35] crypto: hash - Remove legacy hash/digest implementaion

[Herbert Xu]

crypto: hash - Remove legacy hash/digest implementaion

This patch removes the implementation of hash and digest now that
no algorithms use them anymore.  The interface though will remain
until the users are converted across.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 crypto/Makefile   |    3 +--
 crypto/api.c      |   19 ++-----------------
 crypto/internal.h |   15 ---------------
 3 files changed, 3 insertions(+), 34 deletions(-)

diff --git a/crypto/Makefile b/crypto/Makefile
index 673d9f7..3c961b4 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -3,7 +3,7 @@
 #
 
 obj-$(CONFIG_CRYPTO) += crypto.o
-crypto-objs := api.o cipher.o digest.o compress.o
+crypto-objs := api.o cipher.o compress.o
 
 obj-$(CONFIG_CRYPTO_WORKQUEUE) += crypto_wq.o
 
@@ -22,7 +22,6 @@ obj-$(CONFIG_CRYPTO_BLKCIPHER2) += chainiv.o
 obj-$(CONFIG_CRYPTO_BLKCIPHER2) += eseqiv.o
 obj-$(CONFIG_CRYPTO_SEQIV) += seqiv.o
 
-crypto_hash-objs := hash.o
 crypto_hash-objs += ahash.o
 crypto_hash-objs += shash.o
 obj-$(CONFIG_CRYPTO_HASH2) += crypto_hash.o
diff --git a/crypto/api.c b/crypto/api.c
index ba81221..c8ac18f 100644
--- a/crypto/api.c
+++ b/crypto/api.c
@@ -285,13 +285,6 @@ static int crypto_init_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
 	switch (crypto_tfm_alg_type(tfm)) {
 	case CRYPTO_ALG_TYPE_CIPHER:
 		return crypto_init_cipher_ops(tfm);
-		
-	case CRYPTO_ALG_TYPE_DIGEST:
-		if ((mask & CRYPTO_ALG_TYPE_HASH_MASK) !=
-		    CRYPTO_ALG_TYPE_HASH_MASK)
-			return crypto_init_digest_ops_async(tfm);
-		else
-			return crypto_init_digest_ops(tfm);
 
 	case CRYPTO_ALG_TYPE_COMPRESS:
 		return crypto_init_compress_ops(tfm);
@@ -318,11 +311,7 @@ static void crypto_exit_ops(struct crypto_tfm *tfm)
 	case CRYPTO_ALG_TYPE_CIPHER:
 		crypto_exit_cipher_ops(tfm);
 		break;
-		
-	case CRYPTO_ALG_TYPE_DIGEST:
-		crypto_exit_digest_ops(tfm);
-		break;
-		
+
 	case CRYPTO_ALG_TYPE_COMPRESS:
 		crypto_exit_compress_ops(tfm);
 		break;
@@ -349,11 +338,7 @@ static unsigned int crypto_ctxsize(struct crypto_alg *alg, u32 type, u32 mask)
 	case CRYPTO_ALG_TYPE_CIPHER:
 		len += crypto_cipher_ctxsize(alg);
 		break;
-		
-	case CRYPTO_ALG_TYPE_DIGEST:
-		len += crypto_digest_ctxsize(alg);
-		break;
-		
+
 	case CRYPTO_ALG_TYPE_COMPRESS:
 		len += crypto_compress_ctxsize(alg);
 		break;
diff --git a/crypto/internal.h b/crypto/internal.h
index 7efa4d0..030e229 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -60,18 +60,6 @@ static inline void crypto_exit_proc(void)
 { }
 #endif
 
-static inline unsigned int crypto_digest_ctxsize(struct crypto_alg *alg)
-{
-	unsigned int len = alg->cra_ctxsize;
-
-	if (alg->cra_alignmask) {
-		len = ALIGN(len, (unsigned long)alg->cra_alignmask + 1);
-		len += alg->cra_digest.dia_digestsize;
-	}
-
-	return len;
-}

[PATCH 17/35] crypto: shash - Export async functions

[Herbert Xu]

crypto: shash - Export async functions

This patch exports the async functions so that they can be reused
by cryptd when it switches over to using shash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 crypto/shash.c                 |   42 +++++++++++++++++++++--------------------
 include/crypto/internal/hash.h |    3 ++
 2 files changed, 25 insertions(+), 20 deletions(-)

diff --git a/crypto/shash.c b/crypto/shash.c
index d8e0f8f..3b1b06b 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -202,9 +202,8 @@ static int shash_async_init(struct ahash_request *req)
 	return crypto_shash_init(desc);
 }
 
-static int shash_async_update(struct ahash_request *req)
+int shash_ahash_update(struct ahash_request *req, struct shash_desc *desc)
 {
-	struct shash_desc *desc = ahash_request_ctx(req);
 	struct crypto_hash_walk walk;
 	int nbytes;
 
@@ -214,13 +213,19 @@ static int shash_async_update(struct ahash_request *req)
 
 	return nbytes;
 }
+EXPORT_SYMBOL_GPL(shash_ahash_update);
+
+static int shash_async_update(struct ahash_request *req)
+{
+	return shash_ahash_update(req, ahash_request_ctx(req));
+}
 
 static int shash_async_final(struct ahash_request *req)
 {
 	return crypto_shash_final(ahash_request_ctx(req), req->result);
 }
 
-static int shash_async_digest(struct ahash_request *req)
+int shash_ahash_digest(struct ahash_request *req, struct shash_desc *desc)
 {
 	struct scatterlist *sg = req->src;
 	unsigned int offset = sg->offset;
@@ -228,34 +233,31 @@ static int shash_async_digest(struct ahash_request *req)
 	int err;
 
 	if (nbytes < min(sg->length, ((unsigned int)(PAGE_SIZE)) - offset)) {
-		struct crypto_shash **ctx =
-			crypto_ahash_ctx(crypto_ahash_reqtfm(req));
-		struct shash_desc *desc = ahash_request_ctx(req);
 		void *data;
 
-		desc->tfm = *ctx;
-		desc->flags = req->base.flags;
-
 		data = crypto_kmap(sg_page(sg), 0);
 		err = crypto_shash_digest(desc, data + offset, nbytes,
 					  req->result);
 		crypto_kunmap(data, 0);
 		crypto_yield(desc->flags);
-		goto out;
-	}
+	} else
+		err = crypto_shash_init(desc) ?:
+		      shash_ahash_update(req, desc) ?:
+		      crypto_shash_final(desc, req->result);
 
-	err = shash_async_init(req);
-	if (err)
-		goto out;
+	return err;
+}
+EXPORT_SYMBOL_GPL(shash_ahash_digest);
 
-	err = shash_async_update(req);
-	if (err)
-		goto out;
+static int shash_async_digest(struct ahash_request *req)
+{
+	struct crypto_shash **ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req));
+	struct shash_desc *desc = ahash_request_ctx(req);
 
-	err = shash_async_final(req);
+	desc->tfm = *ctx;
+	desc->flags = req->base.flags;
 
-out:
-	return err;
+	return shash_ahash_digest(req, desc);
 }
 
 static void crypto_exit_shash_ops_async(struct crypto_tfm *tfm)
diff --git a/include/crypto/internal/hash.h b/include/crypto/internal/hash.h
index 2d1b10f..6e28349 100644
--- a/include/crypto/internal/hash.h
+++ b/include/crypto/internal/hash.h
@@ -63,6 +63,9 @@ int crypto_init_shash_spawn(struct crypto_shash_spawn *spawn,
 
 struct shash_alg *shash_attr_alg(struct rtattr *rta, u32 type, u32 mask);
 
+int shash_ahash_update(struct ahash_request *req, struct shash_desc *desc);
+int shash_ahash_digest(struct ahash_request *req, struct shash_desc *desc);
+
 static inline void *crypto_ahash_ctx(struct crypto_ahash *tfm)
 {
 	return crypto_tfm_ctx(&tfm->base);

[PATCH 18/35] crypto: cryptd - Use shash algorithms

[Herbert Xu]

crypto: cryptd - Use shash algorithms

This patch changes cryptd to use shash algorithms instead of the
legacy hash interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 crypto/cryptd.c |  164 ++++++++++++++++++++++++++++----------------------------
 1 file changed, 84 insertions(+), 80 deletions(-)

diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index ae5fa99..ef5720c 100644
--- a/crypto/cryptd.c
+++ b/crypto/cryptd.c
@@ -39,6 +39,11 @@ struct cryptd_instance_ctx {
 	struct cryptd_queue *queue;
 };
 
+struct hashd_instance_ctx {
+	struct crypto_shash_spawn spawn;
+	struct cryptd_queue *queue;
+};
+
 struct cryptd_blkcipher_ctx {
 	struct crypto_blkcipher *child;
 };
@@ -48,11 +53,12 @@ struct cryptd_blkcipher_request_ctx {
 };
 
 struct cryptd_hash_ctx {
-	struct crypto_hash *child;
+	struct crypto_shash *child;
 };
 
 struct cryptd_hash_request_ctx {
 	crypto_completion_t complete;
+	struct shash_desc desc;
 };
 
 static void cryptd_queue_worker(struct work_struct *work);
@@ -250,13 +256,12 @@ static void cryptd_blkcipher_exit_tfm(struct crypto_tfm *tfm)
 }
 
 static struct crypto_instance *cryptd_alloc_instance(struct crypto_alg *alg,
-						     struct cryptd_queue *queue)
+						     unsigned int tail)
 {
 	struct crypto_instance *inst;
-	struct cryptd_instance_ctx *ctx;
 	int err;
 
-	inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);
+	inst = kzalloc(sizeof(*inst) + tail, GFP_KERNEL);
 	if (!inst) {
 		inst = ERR_PTR(-ENOMEM);
 		goto out;
@@ -267,14 +272,6 @@ static struct crypto_instance *cryptd_alloc_instance(struct crypto_alg *alg,
 		     "cryptd(%s)", alg->cra_driver_name) >= CRYPTO_MAX_ALG_NAME)
 		goto out_free_inst;
 
-	ctx = crypto_instance_ctx(inst);
-	err = crypto_init_spawn(&ctx->spawn, alg, inst,
-				CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_ASYNC);
-	if (err)
-		goto out_free_inst;
-
-	ctx->queue = queue;
-
 	memcpy(inst->alg.cra_name, alg->cra_name, CRYPTO_MAX_ALG_NAME);
 
 	inst->alg.cra_priority = alg->cra_priority + 50;
@@ -293,18 +290,28 @@ out_free_inst:
 static struct crypto_instance *cryptd_alloc_blkcipher(
 	struct rtattr **tb, struct cryptd_queue *queue)
 {
+	struct cryptd_instance_ctx *ctx;
 	struct crypto_instance *inst;
 	struct crypto_alg *alg;
+	int err;
 
 	alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_BLKCIPHER,
 				  CRYPTO_ALG_TYPE_MASK);
 	if (IS_ERR(alg))
 		return ERR_CAST(alg);
 
-	inst = cryptd_alloc_instance(alg, queue);
+	inst = cryptd_alloc_instance(alg, sizeof(*ctx));
 	if (IS_ERR(inst))
 		goto out_put_alg;
 
+	ctx = crypto_instance_ctx(inst);
+	ctx->queue = queue;
+
+	err = crypto_init_spawn(&ctx->spawn, alg, inst,
+				CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_ASYNC);
+	if (err)
+		goto out_free_inst;
+
 	inst->alg.cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC;
 	inst->alg.cra_type = &crypto_ablkcipher_type;
 
@@ -326,23 +333,28 @@ static struct crypto_instance *cryptd_alloc_blkcipher(
 out_put_alg:
 	crypto_mod_put(alg);
 	return inst;
+
+out_free_inst:
+	kfree(inst);
+	inst = ERR_PTR(err);
+	goto out_put_alg;
 }
 
 static int cryptd_hash_init_tfm(struct crypto_tfm *tfm)
 {
 	struct crypto_instance *inst = crypto_tfm_alg_instance(tfm);
-	struct cryptd_instance_ctx *ictx = crypto_instance_ctx(inst);
-	struct crypto_spawn *spawn = &ictx->spawn;
+	struct hashd_instance_ctx *ictx = crypto_instance_ctx(inst);
+	struct crypto_shash_spawn *spawn = &ictx->spawn;
 	struct cryptd_hash_ctx *ctx = crypto_tfm_ctx(tfm);
-	struct crypto_hash *cipher;
+	struct crypto_shash *hash;
 
-	cipher = crypto_spawn_hash(spawn);
-	if (IS_ERR(cipher))
-		return PTR_ERR(cipher);
+	hash = crypto_spawn_shash(spawn);
+	if (IS_ERR(hash))
+		return PTR_ERR(hash);
 
-	ctx->child = cipher;
-	tfm->crt_ahash.reqsize =
-		sizeof(struct cryptd_hash_request_ctx);
+	ctx->child = hash;
+	tfm->crt_ahash.reqsize = sizeof(struct cryptd_hash_request_ctx) +
+				 crypto_shash_descsize(hash);
 	return 0;
 }
 
@@ -350,22 +362,22 @@ static void cryptd_hash_exit_tfm(struct crypto_tfm *tfm)
 {
 	struct cryptd_hash_ctx *ctx = crypto_tfm_ctx(tfm);
 
-	crypto_free_hash(ctx->child);
+	crypto_free_shash(ctx->child);
 }
 
 static int cryptd_hash_setkey(struct crypto_ahash *parent,
 				   const u8 *key, unsigned int keylen)
 {
 	struct cryptd_hash_ctx *ctx   = crypto_ahash_ctx(parent);
-	struct crypto_hash     *child = ctx->child;
+	struct crypto_shash *child = ctx->child;
 	int err;
 
-	crypto_hash_clear_flags(child, CRYPTO_TFM_REQ_MASK);
-	crypto_hash_set_flags(child, crypto_ahash_get_flags(parent) &
-					  CRYPTO_TFM_REQ_MASK);
-	err = crypto_hash_setkey(child, key, keylen);
-	crypto_ahash_set_flags(parent, crypto_hash_get_flags(child) &
-					    CRYPTO_TFM_RES_MASK);
+	crypto_shash_clear_flags(child, CRYPTO_TFM_REQ_MASK);
+	crypto_shash_set_flags(child, crypto_ahash_get_flags(parent) &
+				      CRYPTO_TFM_REQ_MASK);
+	err = crypto_shash_setkey(child, key, keylen);
+	crypto_ahash_set_flags(parent, crypto_shash_get_flags(child) &
+				       CRYPTO_TFM_RES_MASK);
 	return err;
 }
 
@@ -385,21 +397,19 @@ static int cryptd_hash_enqueue(struct ahash_request *req,
 
 static void cryptd_hash_init(struct crypto_async_request *req_async, int err)
 {
-	struct cryptd_hash_ctx *ctx   = crypto_tfm_ctx(req_async->tfm);
-	struct crypto_hash     *child = ctx->child;
-	struct ahash_request    *req = ahash_request_cast(req_async);
-	struct cryptd_hash_request_ctx *rctx;
-	struct hash_desc desc;
-
-	rctx = ahash_request_ctx(req);
+	struct cryptd_hash_ctx *ctx = crypto_tfm_ctx(req_async->tfm);
+	struct crypto_shash *child = ctx->child;
+	struct ahash_request *req = ahash_request_cast(req_async);
+	struct cryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
+	struct shash_desc *desc = &rctx->desc;
 
 	if (unlikely(err == -EINPROGRESS))
 		goto out;
 
-	desc.tfm = child;
-	desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
+	desc->tfm = child;
+	desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
 
-	err = crypto_hash_crt(child)->init(&desc);
+	err = crypto_shash_init(desc);
 
 	req->base.complete = rctx->complete;
 
@@ -416,23 +426,15 @@ static int cryptd_hash_init_enqueue(struct ahash_request *req)
 
 static void cryptd_hash_update(struct crypto_async_request *req_async, int err)
 {
-	struct cryptd_hash_ctx *ctx   = crypto_tfm_ctx(req_async->tfm);
-	struct crypto_hash     *child = ctx->child;
-	struct ahash_request    *req = ahash_request_cast(req_async);
+	struct ahash_request *req = ahash_request_cast(req_async);
 	struct cryptd_hash_request_ctx *rctx;
-	struct hash_desc desc;
 
 	rctx = ahash_request_ctx(req);
 
 	if (unlikely(err == -EINPROGRESS))
 		goto out;
 
-	desc.tfm = child;
-	desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
-
-	err = crypto_hash_crt(child)->update(&desc,
-						req->src,
-						req->nbytes);
+	err = shash_ahash_update(req, &rctx->desc);
 
 	req->base.complete = rctx->complete;
 
@@ -449,21 +451,13 @@ static int cryptd_hash_update_enqueue(struct ahash_request *req)
 
 static void cryptd_hash_final(struct crypto_async_request *req_async, int err)
 {
-	struct cryptd_hash_ctx *ctx   = crypto_tfm_ctx(req_async->tfm);
-	struct crypto_hash     *child = ctx->child;
-	struct ahash_request    *req = ahash_request_cast(req_async);
-	struct cryptd_hash_request_ctx *rctx;
-	struct hash_desc desc;
-
-	rctx = ahash_request_ctx(req);
+	struct ahash_request *req = ahash_request_cast(req_async);
+	struct cryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
 
 	if (unlikely(err == -EINPROGRESS))
 		goto out;
 
-	desc.tfm = child;
-	desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
-
-	err = crypto_hash_crt(child)->final(&desc, req->result);
+	err = crypto_shash_final(&rctx->desc, req->result);
 
 	req->base.complete = rctx->complete;
 
@@ -480,24 +474,19 @@ static int cryptd_hash_final_enqueue(struct ahash_request *req)
 
 static void cryptd_hash_digest(struct crypto_async_request *req_async, int err)
 {
-	struct cryptd_hash_ctx *ctx   = crypto_tfm_ctx(req_async->tfm);
-	struct crypto_hash     *child = ctx->child;
-	struct ahash_request    *req = ahash_request_cast(req_async);
-	struct cryptd_hash_request_ctx *rctx;
-	struct hash_desc desc;
-
-	rctx = ahash_request_ctx(req);
+	struct cryptd_hash_ctx *ctx = crypto_tfm_ctx(req_async->tfm);
+	struct crypto_shash *child = ctx->child;
+	struct ahash_request *req = ahash_request_cast(req_async);
+	struct cryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
+	struct shash_desc *desc = &rctx->desc;
 
 	if (unlikely(err == -EINPROGRESS))
 		goto out;
 
-	desc.tfm = child;
-	desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
+	desc->tfm = child;
+	desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
 
-	err = crypto_hash_crt(child)->digest(&desc,
-						req->src,
-						req->nbytes,
-						req->result);
+	err = shash_ahash_digest(req, desc);
 
 	req->base.complete = rctx->complete;
 
@@ -515,22 +504,32 @@ static int cryptd_hash_digest_enqueue(struct ahash_request *req)
 static struct crypto_instance *cryptd_alloc_hash(
 	struct rtattr **tb, struct cryptd_queue *queue)
 {
+	struct hashd_instance_ctx *ctx;
 	struct crypto_instance *inst;
+	struct shash_alg *salg;
 	struct crypto_alg *alg;
+	int err;
 
-	alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_HASH,
-				  CRYPTO_ALG_TYPE_HASH_MASK);
-	if (IS_ERR(alg))
-		return ERR_PTR(PTR_ERR(alg));
+	salg = shash_attr_alg(tb[1], 0, 0);
+	if (IS_ERR(salg))
+		return ERR_CAST(salg);
 
-	inst = cryptd_alloc_instance(alg, queue);
+	alg = &salg->base;
+	inst = cryptd_alloc_instance(alg, sizeof(*ctx));
 	if (IS_ERR(inst))
 		goto out_put_alg;
 
+	ctx = crypto_instance_ctx(inst);
+	ctx->queue = queue;
+
+	err = crypto_init_shash_spawn(&ctx->spawn, salg, inst);
+	if (err)
+		goto out_free_inst;
+
 	inst->alg.cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_ASYNC;
 	inst->alg.cra_type = &crypto_ahash_type;
 
-	inst->alg.cra_ahash.digestsize = alg->cra_hash.digestsize;
+	inst->alg.cra_ahash.digestsize = salg->digestsize;
 	inst->alg.cra_ctxsize = sizeof(struct cryptd_hash_ctx);
 
 	inst->alg.cra_init = cryptd_hash_init_tfm;
@@ -545,6 +544,11 @@ static struct crypto_instance *cryptd_alloc_hash(
 out_put_alg:
 	crypto_mod_put(alg);
 	return inst;
+
+out_free_inst:
+	kfree(inst);
+	inst = ERR_PTR(err);
+	goto out_put_alg;
 }
 
 static struct cryptd_queue queue;

[PATCH 19/35] crypto: ahash - Add crypto_ahash_set_reqsize

[Herbert Xu]

crypto: ahash - Add crypto_ahash_set_reqsize

This patch adds the helper crypto_ahash_set_reqsize so that
implementations do not directly access the crypto_ahash structure.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 include/crypto/internal/hash.h |    6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/include/crypto/internal/hash.h b/include/crypto/internal/hash.h
index 6e28349..5e45818 100644
--- a/include/crypto/internal/hash.h
+++ b/include/crypto/internal/hash.h
@@ -77,6 +77,12 @@ static inline struct ahash_alg *crypto_ahash_alg(
 	return &crypto_ahash_tfm(tfm)->__crt_alg->cra_ahash;
 }
 
+static inline void crypto_ahash_set_reqsize(struct crypto_ahash *tfm,
+					    unsigned int reqsize)
+{
+	crypto_ahash_crt(tfm)->reqsize = reqsize;
+}
+
 static inline int ahash_enqueue_request(struct crypto_queue *queue,
 					     struct ahash_request *request)
 {

[PATCH 20/35] crypto: cryptd - Use crypto_ahash_set_reqsize

[Herbert Xu]

crypto: cryptd - Use crypto_ahash_set_reqsize

This patch makes cryptd use crypto_ahash_set_reqsize to avoid
accessing crypto_ahash directly.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 crypto/cryptd.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index ef5720c..6e6722e 100644
--- a/crypto/cryptd.c
+++ b/crypto/cryptd.c
@@ -353,8 +353,9 @@ static int cryptd_hash_init_tfm(struct crypto_tfm *tfm)
 		return PTR_ERR(hash);
 
 	ctx->child = hash;
-	tfm->crt_ahash.reqsize = sizeof(struct cryptd_hash_request_ctx) +
-				 crypto_shash_descsize(hash);
+	crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
+				 sizeof(struct cryptd_hash_request_ctx) +
+				 crypto_shash_descsize(hash));
 	return 0;
 }
 

[PATCH 21/35] crypto: crypto4xx - Use crypto_ahash_set_reqsize

[Herbert Xu]

crypto: crypto4xx - Use crypto_ahash_set_reqsize

This patch makes crypto4xx use crypto_ahash_set_reqsize to avoid
accessing crypto_ahash directly.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 drivers/crypto/amcc/crypto4xx_alg.c  |    3 ++-
 drivers/crypto/amcc/crypto4xx_core.c |    3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/amcc/crypto4xx_alg.c b/drivers/crypto/amcc/crypto4xx_alg.c
index 61b6e1b..a33243c 100644
--- a/drivers/crypto/amcc/crypto4xx_alg.c
+++ b/drivers/crypto/amcc/crypto4xx_alg.c
@@ -208,7 +208,8 @@ static int crypto4xx_hash_alg_init(struct crypto_tfm *tfm,
 		}
 	}
 
-	tfm->crt_ahash.reqsize = sizeof(struct crypto4xx_ctx);
+	crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
+				 sizeof(struct crypto4xx_ctx));
 	sa = (struct dynamic_sa_ctl *) ctx->sa_in;
 	set_dynamic_sa_command_0(sa, SA_SAVE_HASH, SA_NOT_SAVE_IV,
 				 SA_NOT_LOAD_HASH, SA_LOAD_IV_FROM_SA,
diff --git a/drivers/crypto/amcc/crypto4xx_core.c b/drivers/crypto/amcc/crypto4xx_core.c
index 4c0dfb2..cb7be42 100644
--- a/drivers/crypto/amcc/crypto4xx_core.c
+++ b/drivers/crypto/amcc/crypto4xx_core.c
@@ -1001,7 +1001,8 @@ static int crypto4xx_alg_init(struct crypto_tfm *tfm)
 	if (alg->cra_type == &crypto_ablkcipher_type)
 		tfm->crt_ablkcipher.reqsize = sizeof(struct crypto4xx_ctx);
 	else if (alg->cra_type == &crypto_ahash_type)
-		tfm->crt_ahash.reqsize = sizeof(struct crypto4xx_ctx);
+		crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
+					 sizeof(struct crypto4xx_ctx));
 
 	return 0;
 }

[PATCH 22/35] crypto: api - Remove frontend argument from extsize/init_tfm

[Herbert Xu]

crypto: api - Remove frontend argument from extsize/init_tfm

As the extsize and init_tfm functions belong to the frontend the
frontend argument is superfluous.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 crypto/api.c            |    4 ++--
 crypto/pcompress.c      |    6 ++----
 crypto/shash.c          |    6 ++----
 include/crypto/algapi.h |    6 ++----
 4 files changed, 8 insertions(+), 14 deletions(-)

diff --git a/crypto/api.c b/crypto/api.c
index c8ac18f..798526d 100644
--- a/crypto/api.c
+++ b/crypto/api.c
@@ -457,7 +457,7 @@ void *crypto_create_tfm(struct crypto_alg *alg,
 	int err = -ENOMEM;
 
 	tfmsize = frontend->tfmsize;
-	total = tfmsize + sizeof(*tfm) + frontend->extsize(alg, frontend);
+	total = tfmsize + sizeof(*tfm) + frontend->extsize(alg);
 
 	mem = kzalloc(total, GFP_KERNEL);
 	if (mem == NULL)
@@ -466,7 +466,7 @@ void *crypto_create_tfm(struct crypto_alg *alg,
 	tfm = (struct crypto_tfm *)(mem + tfmsize);
 	tfm->__crt_alg = alg;
 
-	err = frontend->init_tfm(tfm, frontend);
+	err = frontend->init_tfm(tfm);
 	if (err)
 		goto out_free_tfm;
 
diff --git a/crypto/pcompress.c b/crypto/pcompress.c
index bcadc03..f7c4a7d 100644
--- a/crypto/pcompress.c
+++ b/crypto/pcompress.c
@@ -36,14 +36,12 @@ static int crypto_pcomp_init(struct crypto_tfm *tfm, u32 type, u32 mask)
 	return 0;
 }
 
-static unsigned int crypto_pcomp_extsize(struct crypto_alg *alg,
-					 const struct crypto_type *frontend)
+static unsigned int crypto_pcomp_extsize(struct crypto_alg *alg)
 {
 	return alg->cra_ctxsize;
 }
 
-static int crypto_pcomp_init_tfm(struct crypto_tfm *tfm,
-				 const struct crypto_type *frontend)
+static int crypto_pcomp_init_tfm(struct crypto_tfm *tfm)
 {
 	return 0;
 }
diff --git a/crypto/shash.c b/crypto/shash.c
index 3b1b06b..7063e14 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -448,8 +448,7 @@ static unsigned int crypto_shash_ctxsize(struct crypto_alg *alg, u32 type,
 	return 0;
 }
 
-static int crypto_shash_init_tfm(struct crypto_tfm *tfm,
-				 const struct crypto_type *frontend)
+static int crypto_shash_init_tfm(struct crypto_tfm *tfm)
 {
 	struct crypto_shash *hash = __crypto_shash_cast(tfm);
 
@@ -457,8 +456,7 @@ static int crypto_shash_init_tfm(struct crypto_tfm *tfm,
 	return 0;
 }
 
-static unsigned int crypto_shash_extsize(struct crypto_alg *alg,
-					 const struct crypto_type *frontend)
+static unsigned int crypto_shash_extsize(struct crypto_alg *alg)
 {
 	return alg->cra_ctxsize;
 }
diff --git a/include/crypto/algapi.h b/include/crypto/algapi.h
index 1d15a92..7635fde 100644
--- a/include/crypto/algapi.h
+++ b/include/crypto/algapi.h
@@ -22,11 +22,9 @@ struct seq_file;
 
 struct crypto_type {
 	unsigned int (*ctxsize)(struct crypto_alg *alg, u32 type, u32 mask);
-	unsigned int (*extsize)(struct crypto_alg *alg,
-				const struct crypto_type *frontend);
+	unsigned int (*extsize)(struct crypto_alg *alg);
 	int (*init)(struct crypto_tfm *tfm, u32 type, u32 mask);
-	int (*init_tfm)(struct crypto_tfm *tfm,
-		        const struct crypto_type *frontend);
+	int (*init_tfm)(struct crypto_tfm *tfm);
 	void (*show)(struct seq_file *m, struct crypto_alg *alg);
 	struct crypto_alg *(*lookup)(const char *name, u32 type, u32 mask);
 

[PATCH 23/35] crypto: ahash - Convert to new style algorithms

[Herbert Xu]

crypto: ahash - Convert to new style algorithms

This patch converts crypto_ahash to the new style.  The old ahash
algorithm type is retained until the existing ahash implementations
are also converted.  All ahash users will automatically get the
new crypto_ahash type.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 crypto/ahash.c                 |   82 +++++++++++++++++++++---------
 crypto/shash.c                 |    8 ---
 include/crypto/hash.h          |  109 +++++++++++++++++++++++++++++------------
 include/crypto/internal/hash.h |   11 +++-
 include/linux/crypto.h         |   29 +---------
 5 files changed, 148 insertions(+), 91 deletions(-)

diff --git a/crypto/ahash.c b/crypto/ahash.c
index f347637..8385193 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c
@@ -24,6 +24,12 @@
 
 #include "internal.h"
 
+static inline struct ahash_alg *crypto_ahash_alg(struct crypto_ahash *hash)
+{
+	return container_of(crypto_hash_alg_common(hash), struct ahash_alg,
+			    halg);
+}
+
 static int hash_walk_next(struct crypto_hash_walk *walk)
 {
 	unsigned int alignmask = walk->alignmask;
@@ -169,30 +175,11 @@ static int ahash_nosetkey(struct crypto_ahash *tfm, const u8 *key,
 	return -ENOSYS;
 }
 
-int crypto_ahash_import(struct ahash_request *req, const u8 *in)
-{
-	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
-	struct ahash_alg *alg = crypto_ahash_alg(tfm);
-
-	memcpy(ahash_request_ctx(req), in, crypto_ahash_reqsize(tfm));
-
-	if (alg->reinit)
-		alg->reinit(req);
-
-	return 0;
-}
-EXPORT_SYMBOL_GPL(crypto_ahash_import);
-
-static unsigned int crypto_ahash_ctxsize(struct crypto_alg *alg, u32 type,
-					u32 mask)
-{
-	return alg->cra_ctxsize;
-}
-
 static int crypto_init_ahash_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
 {
-	struct ahash_alg *alg = &tfm->__crt_alg->cra_ahash;
-	struct ahash_tfm *crt   = &tfm->crt_ahash;
+	struct old_ahash_alg *alg = &tfm->__crt_alg->cra_ahash;
+	struct crypto_ahash *crt = __crypto_ahash_cast(tfm);
+	struct ahash_alg *nalg = crypto_ahash_alg(crt);
 
 	if (alg->digestsize > PAGE_SIZE / 8)
 		return -EINVAL;
@@ -204,9 +191,42 @@ static int crypto_init_ahash_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
 	crt->setkey = alg->setkey ? ahash_setkey : ahash_nosetkey;
 	crt->digestsize = alg->digestsize;
 
+	nalg->setkey = alg->setkey;
+	nalg->halg.digestsize = alg->digestsize;
+
 	return 0;
 }
 
+static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
+{
+	struct crypto_ahash *hash = __crypto_ahash_cast(tfm);
+	struct ahash_alg *alg = crypto_ahash_alg(hash);
+	struct old_ahash_alg *oalg = crypto_old_ahash_alg(hash);
+
+	if (tfm->__crt_alg->cra_type != &crypto_ahash_type)
+		return crypto_init_shash_ops_async(tfm);
+
+	if (oalg->init)
+		return crypto_init_ahash_ops(tfm, 0, 0);
+
+	hash->init = alg->init;
+	hash->update = alg->update;
+	hash->final  = alg->final;
+	hash->digest = alg->digest;
+	hash->setkey = alg->setkey ? ahash_setkey : ahash_nosetkey;
+	hash->digestsize = alg->halg.digestsize;
+
+	return 0;
+}
+
+static unsigned int crypto_ahash_extsize(struct crypto_alg *alg)
+{
+	if (alg->cra_type == &crypto_ahash_type)
+		return alg->cra_ctxsize;
+
+	return sizeof(struct crypto_shash *);
+}
+
 static void crypto_ahash_show(struct seq_file *m, struct crypto_alg *alg)
 	__attribute__ ((unused));
 static void crypto_ahash_show(struct seq_file *m, struct crypto_alg *alg)
@@ -215,17 +235,29 @@ static void crypto_ahash_show(struct seq_file *m, struct crypto_alg *alg)
 	seq_printf(m, "async        : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ?
 					     "yes" : "no");
 	seq_printf(m, "blocksize    : %u\n", alg->cra_blocksize);
-	seq_printf(m, "digestsize   : %u\n", alg->cra_ahash.digestsize);
+	seq_printf(m, "digestsize   : %u\n",
+		   __crypto_hash_alg_common(alg)->digestsize);
 }
 
 const struct crypto_type crypto_ahash_type = {
-	.ctxsize = crypto_ahash_ctxsize,
-	.init = crypto_init_ahash_ops,
+	.extsize = crypto_ahash_extsize,
+	.init_tfm = crypto_ahash_init_tfm,
 #ifdef CONFIG_PROC_FS
 	.show = crypto_ahash_show,
 #endif
+	.maskclear = ~CRYPTO_ALG_TYPE_MASK,
+	.maskset = CRYPTO_ALG_TYPE_AHASH_MASK,
+	.type = CRYPTO_ALG_TYPE_AHASH,
+	.tfmsize = offsetof(struct crypto_ahash, base),
 };
 EXPORT_SYMBOL_GPL(crypto_ahash_type);
 
+struct crypto_ahash *crypto_alloc_ahash(const char *alg_name, u32 type,
+					u32 mask)
+{
+	return crypto_alloc_tfm(alg_name, &crypto_ahash_type, type, mask);
+}
+EXPORT_SYMBOL_GPL(crypto_alloc_ahash);
+
 MODULE_LICENSE("GPL");
 MODULE_DESCRIPTION("Asynchronous cryptographic hash type");
diff --git a/crypto/shash.c b/crypto/shash.c
index 7063e14..615a5f4 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -267,11 +267,11 @@ static void crypto_exit_shash_ops_async(struct crypto_tfm *tfm)
 	crypto_free_shash(*ctx);
 }
 
-static int crypto_init_shash_ops_async(struct crypto_tfm *tfm)
+int crypto_init_shash_ops_async(struct crypto_tfm *tfm)
 {
 	struct crypto_alg *calg = tfm->__crt_alg;
 	struct shash_alg *alg = __crypto_shash_alg(calg);
-	struct ahash_tfm *crt = &tfm->crt_ahash;
+	struct crypto_ahash *crt = __crypto_ahash_cast(tfm);
 	struct crypto_shash **ctx = crypto_tfm_ctx(tfm);
 	struct crypto_shash *shash;
 
@@ -428,8 +428,6 @@ static int crypto_init_shash_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
 	switch (mask & CRYPTO_ALG_TYPE_MASK) {
 	case CRYPTO_ALG_TYPE_HASH_MASK:
 		return crypto_init_shash_ops_compat(tfm);
-	case CRYPTO_ALG_TYPE_AHASH_MASK:
-		return crypto_init_shash_ops_async(tfm);
 	}
 
 	return -EINVAL;
@@ -441,8 +439,6 @@ static unsigned int crypto_shash_ctxsize(struct crypto_alg *alg, u32 type,
 	switch (mask & CRYPTO_ALG_TYPE_MASK) {
 	case CRYPTO_ALG_TYPE_HASH_MASK:
 		return sizeof(struct shash_desc *);
-	case CRYPTO_ALG_TYPE_AHASH_MASK:
-		return sizeof(struct crypto_shash *);
 	}
 
 	return 0;
diff --git a/include/crypto/hash.h b/include/crypto/hash.h
index fcc02d9..262861d 100644
--- a/include/crypto/hash.h
+++ b/include/crypto/hash.h
@@ -15,6 +15,39 @@
 
 #include <linux/crypto.h>
 
+struct crypto_ahash;
+
+struct hash_alg_common {
+	unsigned int digestsize;
+	unsigned int statesize;
+
+	struct crypto_alg base;
+};
+
+struct ahash_request {
+	struct crypto_async_request base;
+
+	unsigned int nbytes;
+	struct scatterlist *src;
+	u8 *result;
+
+	void *__ctx[] CRYPTO_MINALIGN_ATTR;
+};
+
+struct ahash_alg {
+	int (*init)(struct ahash_request *req);
+	int (*update)(struct ahash_request *req);
+	int (*final)(struct ahash_request *req);
+	int (*finup)(struct ahash_request *req);
+	int (*digest)(struct ahash_request *req);
+	int (*export)(struct ahash_request *req, void *out);
+	int (*import)(struct ahash_request *req, const void *in);
+	int (*setkey)(struct crypto_ahash *tfm, const u8 *key,
+		      unsigned int keylen);
+
+	struct hash_alg_common halg;
+};
+
 struct shash_desc {
 	struct crypto_shash *tfm;
 	u32 flags;
@@ -37,6 +70,8 @@ struct shash_alg {
 		      unsigned int keylen);
 
 	unsigned int descsize;
+
+	/* These fields must match hash_alg_common. */
 	unsigned int digestsize;
 	unsigned int statesize;
 
@@ -44,6 +79,18 @@ struct shash_alg {
 };
 
 struct crypto_ahash {
+	int (*init)(struct ahash_request *req);
+	int (*update)(struct ahash_request *req);
+	int (*final)(struct ahash_request *req);
+	int (*finup)(struct ahash_request *req);
+	int (*digest)(struct ahash_request *req);
+	int (*export)(struct ahash_request *req, void *out);
+	int (*import)(struct ahash_request *req, const void *in);
+	int (*setkey)(struct crypto_ahash *tfm, const u8 *key,
+		      unsigned int keylen);
+
+	unsigned int digestsize;
+	unsigned int reqsize;
 	struct crypto_tfm base;
 };
 
@@ -54,19 +101,11 @@ struct crypto_shash {
 
 static inline struct crypto_ahash *__crypto_ahash_cast(struct crypto_tfm *tfm)
 {
-	return (struct crypto_ahash *)tfm;
+	return container_of(tfm, struct crypto_ahash, base);
 }
 
-static inline struct crypto_ahash *crypto_alloc_ahash(const char *alg_name,
-						      u32 type, u32 mask)
-{
-	type &= ~CRYPTO_ALG_TYPE_MASK;
-	mask &= ~CRYPTO_ALG_TYPE_MASK;
-	type |= CRYPTO_ALG_TYPE_AHASH;
-	mask |= CRYPTO_ALG_TYPE_AHASH_MASK;
-
-	return __crypto_ahash_cast(crypto_alloc_base(alg_name, type, mask));
-}
+struct crypto_ahash *crypto_alloc_ahash(const char *alg_name, u32 type,
+					u32 mask);
 
 static inline struct crypto_tfm *crypto_ahash_tfm(struct crypto_ahash *tfm)
 {
@@ -75,7 +114,7 @@ static inline struct crypto_tfm *crypto_ahash_tfm(struct crypto_ahash *tfm)
 
 static inline void crypto_free_ahash(struct crypto_ahash *tfm)
 {
-	crypto_free_tfm(crypto_ahash_tfm(tfm));
+	crypto_destroy_tfm(tfm, crypto_ahash_tfm(tfm));
 }
 
 static inline unsigned int crypto_ahash_alignmask(
@@ -84,14 +123,26 @@ static inline unsigned int crypto_ahash_alignmask(
 	return crypto_tfm_alg_alignmask(crypto_ahash_tfm(tfm));
 }
 
-static inline struct ahash_tfm *crypto_ahash_crt(struct crypto_ahash *tfm)
+static inline struct hash_alg_common *__crypto_hash_alg_common(
+	struct crypto_alg *alg)
 {
-	return &crypto_ahash_tfm(tfm)->crt_ahash;
+	return container_of(alg, struct hash_alg_common, base);
+}
+
+static inline struct hash_alg_common *crypto_hash_alg_common(
+	struct crypto_ahash *tfm)
+{
+	return __crypto_hash_alg_common(crypto_ahash_tfm(tfm)->__crt_alg);
 }
 
 static inline unsigned int crypto_ahash_digestsize(struct crypto_ahash *tfm)
 {
-	return crypto_ahash_crt(tfm)->digestsize;
+	return tfm->digestsize;
+}
+
+static inline unsigned int crypto_ahash_statesize(struct crypto_ahash *tfm)
+{
+	return crypto_hash_alg_common(tfm)->statesize;
 }
 
 static inline u32 crypto_ahash_get_flags(struct crypto_ahash *tfm)
@@ -117,7 +168,7 @@ static inline struct crypto_ahash *crypto_ahash_reqtfm(
 
 static inline unsigned int crypto_ahash_reqsize(struct crypto_ahash *tfm)
 {
-	return crypto_ahash_crt(tfm)->reqsize;
+	return tfm->reqsize;
 }
 
 static inline void *ahash_request_ctx(struct ahash_request *req)
@@ -128,41 +179,37 @@ static inline void *ahash_request_ctx(struct ahash_request *req)
 static inline int crypto_ahash_setkey(struct crypto_ahash *tfm,
 				      const u8 *key, unsigned int keylen)
 {
-	struct ahash_tfm *crt = crypto_ahash_crt(tfm);
-
-	return crt->setkey(tfm, key, keylen);
+	return tfm->setkey(tfm, key, keylen);
 }
 
 static inline int crypto_ahash_digest(struct ahash_request *req)
 {
-	struct ahash_tfm *crt = crypto_ahash_crt(crypto_ahash_reqtfm(req));
-	return crt->digest(req);
+	return crypto_ahash_reqtfm(req)->digest(req);
 }
 
-static inline void crypto_ahash_export(struct ahash_request *req, u8 *out)
+static inline int crypto_ahash_export(struct ahash_request *req, void *out)
 {
-	memcpy(out, ahash_request_ctx(req),
-	       crypto_ahash_reqsize(crypto_ahash_reqtfm(req)));
+	return crypto_ahash_reqtfm(req)->export(req, out);
 }
 
-int crypto_ahash_import(struct ahash_request *req, const u8 *in);
+static inline int crypto_ahash_import(struct ahash_request *req, const void *in)
+{
+	return crypto_ahash_reqtfm(req)->import(req, in);
+}
 
 static inline int crypto_ahash_init(struct ahash_request *req)
 {
-	struct ahash_tfm *crt = crypto_ahash_crt(crypto_ahash_reqtfm(req));
-	return crt->init(req);
+	return crypto_ahash_reqtfm(req)->init(req);
 }
 
 static inline int crypto_ahash_update(struct ahash_request *req)
 {
-	struct ahash_tfm *crt = crypto_ahash_crt(crypto_ahash_reqtfm(req));
-	return crt->update(req);
+	return crypto_ahash_reqtfm(req)->update(req);
 }
 
 static inline int crypto_ahash_final(struct ahash_request *req)
 {
-	struct ahash_tfm *crt = crypto_ahash_crt(crypto_ahash_reqtfm(req));
-	return crt->final(req);
+	return crypto_ahash_reqtfm(req)->final(req);
 }
 
 static inline void ahash_request_set_tfm(struct ahash_request *req,
diff --git a/include/crypto/internal/hash.h b/include/crypto/internal/hash.h
index 5e45818..08bdffa 100644
--- a/include/crypto/internal/hash.h
+++ b/include/crypto/internal/hash.h
@@ -51,6 +51,9 @@ int crypto_hash_walk_first_compat(struct hash_desc *hdesc,
 				  struct crypto_hash_walk *walk,
 				  struct scatterlist *sg, unsigned int len);
 
+int crypto_register_ahash(struct ahash_alg *alg);
+int crypto_unregister_ahash(struct ahash_alg *alg);
+
 int crypto_register_shash(struct shash_alg *alg);
 int crypto_unregister_shash(struct shash_alg *alg);
 int shash_register_instance(struct crypto_template *tmpl,
@@ -66,12 +69,14 @@ struct shash_alg *shash_attr_alg(struct rtattr *rta, u32 type, u32 mask);
 int shash_ahash_update(struct ahash_request *req, struct shash_desc *desc);
 int shash_ahash_digest(struct ahash_request *req, struct shash_desc *desc);
 
+int crypto_init_shash_ops_async(struct crypto_tfm *tfm);
+
 static inline void *crypto_ahash_ctx(struct crypto_ahash *tfm)
 {
-	return crypto_tfm_ctx(&tfm->base);
+	return crypto_tfm_ctx(crypto_ahash_tfm(tfm));
 }
 
-static inline struct ahash_alg *crypto_ahash_alg(
+static inline struct old_ahash_alg *crypto_old_ahash_alg(
 	struct crypto_ahash *tfm)
 {
 	return &crypto_ahash_tfm(tfm)->__crt_alg->cra_ahash;
@@ -80,7 +85,7 @@ static inline struct ahash_alg *crypto_ahash_alg(
 static inline void crypto_ahash_set_reqsize(struct crypto_ahash *tfm,
 					    unsigned int reqsize)
 {
-	crypto_ahash_crt(tfm)->reqsize = reqsize;
+	tfm->reqsize = reqsize;
 }
 
 static inline int ahash_enqueue_request(struct crypto_queue *queue,
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
index 274f9c7..9e7e9b6 100644
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
@@ -120,6 +120,7 @@ struct crypto_rng;
 struct crypto_tfm;
 struct crypto_type;
 struct aead_givcrypt_request;
+struct ahash_request;
 struct skcipher_givcrypt_request;
 
 typedef void (*crypto_completion_t)(struct crypto_async_request *req, int err);
@@ -146,16 +147,6 @@ struct ablkcipher_request {
 	void *__ctx[] CRYPTO_MINALIGN_ATTR;
 };
 
-struct ahash_request {
-	struct crypto_async_request base;
-
-	unsigned int nbytes;
-	struct scatterlist *src;
-	u8		   *result;
-
-	void *__ctx[] CRYPTO_MINALIGN_ATTR;
-};
-
 /**
  *	struct aead_request - AEAD request
  *	@base: Common attributes for async crypto requests
@@ -220,7 +211,7 @@ struct ablkcipher_alg {
 	unsigned int ivsize;
 };
 
-struct ahash_alg {
+struct old_ahash_alg {
 	int (*init)(struct ahash_request *req);
 	int (*reinit)(struct ahash_request *req);
 	int (*update)(struct ahash_request *req);
@@ -346,7 +337,7 @@ struct crypto_alg {
 		struct cipher_alg cipher;
 		struct digest_alg digest;
 		struct hash_alg hash;
-		struct ahash_alg ahash;
+		struct old_ahash_alg ahash;
 		struct compress_alg compress;
 		struct rng_alg rng;
 	} cra_u;
@@ -433,18 +424,6 @@ struct hash_tfm {
 	unsigned int digestsize;
 };
 
-struct ahash_tfm {
-	int (*init)(struct ahash_request *req);
-	int (*update)(struct ahash_request *req);
-	int (*final)(struct ahash_request *req);
-	int (*digest)(struct ahash_request *req);
-	int (*setkey)(struct crypto_ahash *tfm, const u8 *key,
-			unsigned int keylen);
-
-	unsigned int digestsize;
-	unsigned int reqsize;
-};

[PATCH 24/35] crypto: ahash - Add instance/spawn support

[Herbert Xu]

crypto: ahash - Add instance/spawn support

This patch adds support for creating ahash instances and using
ahash as spawns.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 crypto/ahash.c                 |   72 +++++++++++++++++++++++++++++++++++++++++
 include/crypto/internal/hash.h |   51 +++++++++++++++++++++++++++++
 2 files changed, 123 insertions(+)

diff --git a/crypto/ahash.c b/crypto/ahash.c
index 8385193..7f599d2 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c
@@ -259,5 +259,77 @@ struct crypto_ahash *crypto_alloc_ahash(const char *alg_name, u32 type,
 }
 EXPORT_SYMBOL_GPL(crypto_alloc_ahash);
 
+static int ahash_prepare_alg(struct ahash_alg *alg)
+{
+	struct crypto_alg *base = &alg->halg.base;
+
+	if (alg->halg.digestsize > PAGE_SIZE / 8 ||
+	    alg->halg.statesize > PAGE_SIZE / 8)
+		return -EINVAL;
+
+	base->cra_type = &crypto_ahash_type;
+	base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK;
+	base->cra_flags |= CRYPTO_ALG_TYPE_AHASH;
+
+	return 0;
+}
+
+int crypto_register_ahash(struct ahash_alg *alg)
+{
+	struct crypto_alg *base = &alg->halg.base;
+	int err;
+
+	err = ahash_prepare_alg(alg);
+	if (err)
+		return err;
+
+	return crypto_register_alg(base);
+}
+EXPORT_SYMBOL_GPL(crypto_register_ahash);
+
+int crypto_unregister_ahash(struct ahash_alg *alg)
+{
+	return crypto_unregister_alg(&alg->halg.base);
+}
+EXPORT_SYMBOL_GPL(crypto_unregister_ahash);
+
+int ahash_register_instance(struct crypto_template *tmpl,
+			    struct ahash_instance *inst)
+{
+	int err;
+
+	err = ahash_prepare_alg(&inst->alg);
+	if (err)
+		return err;
+
+	return crypto_register_instance(tmpl, ahash_crypto_instance(inst));
+}
+EXPORT_SYMBOL_GPL(ahash_register_instance);
+
+void ahash_free_instance(struct crypto_instance *inst)
+{
+	crypto_drop_spawn(crypto_instance_ctx(inst));
+	kfree(ahash_instance(inst));
+}
+EXPORT_SYMBOL_GPL(ahash_free_instance);
+
+int crypto_init_ahash_spawn(struct crypto_ahash_spawn *spawn,
+			    struct hash_alg_common *alg,
+			    struct crypto_instance *inst)
+{
+	return crypto_init_spawn2(&spawn->base, &alg->base, inst,
+				  &crypto_ahash_type);
+}
+EXPORT_SYMBOL_GPL(crypto_init_ahash_spawn);
+
+struct hash_alg_common *ahash_attr_alg(struct rtattr *rta, u32 type, u32 mask)
+{
+	struct crypto_alg *alg;
+
+	alg = crypto_attr_alg2(rta, &crypto_ahash_type, type, mask);
+	return IS_ERR(alg) ? ERR_CAST(alg) : __crypto_hash_alg_common(alg);
+}
+EXPORT_SYMBOL_GPL(ahash_attr_alg);
+
 MODULE_LICENSE("GPL");
 MODULE_DESCRIPTION("Asynchronous cryptographic hash type");
diff --git a/include/crypto/internal/hash.h b/include/crypto/internal/hash.h
index 08bdffa..34eda23 100644
--- a/include/crypto/internal/hash.h
+++ b/include/crypto/internal/hash.h
@@ -34,10 +34,18 @@ struct crypto_hash_walk {
 	unsigned int flags;
 };
 
+struct ahash_instance {
+	struct ahash_alg alg;
+};
+
 struct shash_instance {
 	struct shash_alg alg;
 };
 
+struct crypto_ahash_spawn {
+	struct crypto_spawn base;
+};
+
 struct crypto_shash_spawn {
 	struct crypto_spawn base;
 };
@@ -53,6 +61,15 @@ int crypto_hash_walk_first_compat(struct hash_desc *hdesc,
 
 int crypto_register_ahash(struct ahash_alg *alg);
 int crypto_unregister_ahash(struct ahash_alg *alg);
+int ahash_register_instance(struct crypto_template *tmpl,
+			    struct ahash_instance *inst);
+void ahash_free_instance(struct crypto_instance *inst);
+
+int crypto_init_ahash_spawn(struct crypto_ahash_spawn *spawn,
+			    struct hash_alg_common *alg,
+			    struct crypto_instance *inst);
+
+struct hash_alg_common *ahash_attr_alg(struct rtattr *rta, u32 type, u32 mask);
 
 int crypto_register_shash(struct shash_alg *alg);
 int crypto_unregister_shash(struct shash_alg *alg);
@@ -88,6 +105,40 @@ static inline void crypto_ahash_set_reqsize(struct crypto_ahash *tfm,
 	tfm->reqsize = reqsize;
 }
 
+static inline struct crypto_instance *ahash_crypto_instance(
+	struct ahash_instance *inst)
+{
+	return container_of(&inst->alg.halg.base, struct crypto_instance, alg);
+}
+
+static inline struct ahash_instance *ahash_instance(
+	struct crypto_instance *inst)
+{
+	return container_of(&inst->alg, struct ahash_instance, alg.halg.base);
+}
+
+static inline void *ahash_instance_ctx(struct ahash_instance *inst)
+{
+	return crypto_instance_ctx(ahash_crypto_instance(inst));
+}
+
+static inline unsigned int ahash_instance_headroom(void)
+{
+	return sizeof(struct ahash_alg) - sizeof(struct crypto_alg);
+}
+
+static inline struct ahash_instance *ahash_alloc_instance(
+	const char *name, struct crypto_alg *alg)
+{
+	return crypto_alloc_instance2(name, alg, ahash_instance_headroom());
+}
+
+static inline struct crypto_ahash *crypto_spawn_ahash(
+	struct crypto_ahash_spawn *spawn)
+{
+	return crypto_spawn_tfm2(&spawn->base);
+}
+
 static inline int ahash_enqueue_request(struct crypto_queue *queue,
 					     struct ahash_request *request)
 {

[PATCH 25/35] crypto: tcrypt - Add mask parameter

[Herbert Xu]

crypto: tcrypt - Add mask parameter

This patch adds a mask parameter to complement the existing type
parameter.  This is useful when instantiating algorithms that
require a mask other than the default, e.g., ahash algorithms.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 crypto/tcrypt.c |    9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index a890a67..5a375e8 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -47,6 +47,7 @@ static unsigned int sec;
 
 static char *alg = NULL;
 static u32 type;
+static u32 mask;
 static int mode;
 static char *tvmem[TVMEMSIZE];
 
@@ -887,9 +888,10 @@ static int do_test(int m)
 	return ret;
 }
 
-static int do_alg_test(const char *alg, u32 type)
+static int do_alg_test(const char *alg, u32 type, u32 mask)
 {
-	return crypto_has_alg(alg, type, CRYPTO_ALG_TYPE_MASK) ? 0 : -ENOENT;
+	return crypto_has_alg(alg, type, mask ?: CRYPTO_ALG_TYPE_MASK) ?
+	       0 : -ENOENT;
 }
 
 static int __init tcrypt_mod_init(void)
@@ -904,7 +906,7 @@ static int __init tcrypt_mod_init(void)
 	}
 
 	if (alg)
-		err = do_alg_test(alg, type);
+		err = do_alg_test(alg, type, mask);
 	else
 		err = do_test(mode);
 
@@ -941,6 +943,7 @@ module_exit(tcrypt_mod_fini);
 
 module_param(alg, charp, 0);
 module_param(type, uint, 0);
+module_param(mask, uint, 0);
 module_param(mode, int, 0);
 module_param(sec, uint, 0);
 MODULE_PARM_DESC(sec, "Length in seconds of speed tests "

[PATCH 26/35] crypto: hash - Add helpers to free spawns

[Herbert Xu]

crypto: hash - Add helpers to free spawns

This patch adds the helpers crypto_drop_ahash and crypto_drop_shash
so that these spawns can be dropped without ugly casts.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 include/crypto/internal/hash.h |   10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/include/crypto/internal/hash.h b/include/crypto/internal/hash.h
index 34eda23..9d30316 100644
--- a/include/crypto/internal/hash.h
+++ b/include/crypto/internal/hash.h
@@ -69,6 +69,11 @@ int crypto_init_ahash_spawn(struct crypto_ahash_spawn *spawn,
 			    struct hash_alg_common *alg,
 			    struct crypto_instance *inst);
 
+static inline void crypto_drop_ahash(struct crypto_ahash_spawn *spawn)
+{
+	crypto_drop_spawn(&spawn->base);
+}
+
 struct hash_alg_common *ahash_attr_alg(struct rtattr *rta, u32 type, u32 mask);
 
 int crypto_register_shash(struct shash_alg *alg);
@@ -81,6 +86,11 @@ int crypto_init_shash_spawn(struct crypto_shash_spawn *spawn,
 			    struct shash_alg *alg,
 			    struct crypto_instance *inst);
 
+static inline void crypto_drop_shash(struct crypto_shash_spawn *spawn)
+{
+	crypto_drop_spawn(&spawn->base);
+}
+
 struct shash_alg *shash_attr_alg(struct rtattr *rta, u32 type, u32 mask);
 
 int shash_ahash_update(struct ahash_request *req, struct shash_desc *desc);

[PATCH 27/35] crypto: cryptd - Switch to template create API

[Herbert Xu]

crypto: cryptd - Switch to template create API

This patch changes cryptd to use the template->create function
instead of alloc in anticipation for the switch to new style
ahash algorithms.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 crypto/cryptd.c         |   53 ++++++++++++++++++++++++++----------------------
 crypto/internal.h       |    3 --
 include/crypto/algapi.h |    3 ++
 3 files changed, 32 insertions(+), 27 deletions(-)

diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index 6e6722e..ad58f51 100644
--- a/crypto/cryptd.c
+++ b/crypto/cryptd.c
@@ -287,8 +287,9 @@ out_free_inst:
 	goto out;
 }
 
-static struct crypto_instance *cryptd_alloc_blkcipher(
-	struct rtattr **tb, struct cryptd_queue *queue)
+static int cryptd_create_blkcipher(struct crypto_template *tmpl,
+				   struct rtattr **tb,
+				   struct cryptd_queue *queue)
 {
 	struct cryptd_instance_ctx *ctx;
 	struct crypto_instance *inst;
@@ -298,7 +299,7 @@ static struct crypto_instance *cryptd_alloc_blkcipher(
 	alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_BLKCIPHER,
 				  CRYPTO_ALG_TYPE_MASK);
 	if (IS_ERR(alg))
-		return ERR_CAST(alg);
+		return PTR_ERR(alg);
 
 	inst = cryptd_alloc_instance(alg, sizeof(*ctx));
 	if (IS_ERR(inst))
@@ -330,14 +331,16 @@ static struct crypto_instance *cryptd_alloc_blkcipher(
 	inst->alg.cra_ablkcipher.encrypt = cryptd_blkcipher_encrypt_enqueue;
 	inst->alg.cra_ablkcipher.decrypt = cryptd_blkcipher_decrypt_enqueue;
 
+	err = crypto_register_instance(tmpl, inst);
+	if (err) {
+		crypto_drop_spawn(&ctx->spawn);
+out_free_inst:
+		kfree(inst);
+	}
+
 out_put_alg:
 	crypto_mod_put(alg);
-	return inst;
-
-out_free_inst:
-	kfree(inst);
-	inst = ERR_PTR(err);
-	goto out_put_alg;
+	return err;
 }
 
 static int cryptd_hash_init_tfm(struct crypto_tfm *tfm)
@@ -502,8 +505,8 @@ static int cryptd_hash_digest_enqueue(struct ahash_request *req)
 	return cryptd_hash_enqueue(req, cryptd_hash_digest);
 }
 
-static struct crypto_instance *cryptd_alloc_hash(
-	struct rtattr **tb, struct cryptd_queue *queue)
+static int cryptd_create_hash(struct crypto_template *tmpl, struct rtattr **tb,
+			      struct cryptd_queue *queue)
 {
 	struct hashd_instance_ctx *ctx;
 	struct crypto_instance *inst;
@@ -513,7 +516,7 @@ static struct crypto_instance *cryptd_alloc_hash(
 
 	salg = shash_attr_alg(tb[1], 0, 0);
 	if (IS_ERR(salg))
-		return ERR_CAST(salg);
+		return PTR_ERR(salg);
 
 	alg = &salg->base;
 	inst = cryptd_alloc_instance(alg, sizeof(*ctx));
@@ -542,34 +545,36 @@ static struct crypto_instance *cryptd_alloc_hash(
 	inst->alg.cra_ahash.setkey = cryptd_hash_setkey;
 	inst->alg.cra_ahash.digest = cryptd_hash_digest_enqueue;
 
+	err = crypto_register_instance(tmpl, inst);
+	if (err) {
+		crypto_drop_shash(&ctx->spawn);
+out_free_inst:
+		kfree(inst);
+	}
+
 out_put_alg:
 	crypto_mod_put(alg);
-	return inst;
-
-out_free_inst:
-	kfree(inst);
-	inst = ERR_PTR(err);
-	goto out_put_alg;
+	return err;
 }
 
 static struct cryptd_queue queue;
 
-static struct crypto_instance *cryptd_alloc(struct rtattr **tb)
+static int cryptd_create(struct crypto_template *tmpl, struct rtattr **tb)
 {
 	struct crypto_attr_type *algt;
 
 	algt = crypto_get_attr_type(tb);
 	if (IS_ERR(algt))
-		return ERR_CAST(algt);
+		return PTR_ERR(algt);
 
 	switch (algt->type & algt->mask & CRYPTO_ALG_TYPE_MASK) {
 	case CRYPTO_ALG_TYPE_BLKCIPHER:
-		return cryptd_alloc_blkcipher(tb, &queue);
+		return cryptd_create_blkcipher(tmpl, tb, &queue);
 	case CRYPTO_ALG_TYPE_DIGEST:
-		return cryptd_alloc_hash(tb, &queue);
+		return cryptd_create_hash(tmpl, tb, &queue);
 	}
 
-	return ERR_PTR(-EINVAL);
+	return -EINVAL;
 }
 
 static void cryptd_free(struct crypto_instance *inst)
@@ -582,7 +587,7 @@ static void cryptd_free(struct crypto_instance *inst)
 
 static struct crypto_template cryptd_tmpl = {
 	.name = "cryptd",
-	.alloc = cryptd_alloc,
+	.create = cryptd_create,
 	.free = cryptd_free,
 	.module = THIS_MODULE,
 };
diff --git a/crypto/internal.h b/crypto/internal.h
index 030e229..2d22636 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -97,9 +97,6 @@ struct crypto_alg *crypto_find_alg(const char *alg_name,
 void *crypto_alloc_tfm(const char *alg_name,
 		       const struct crypto_type *frontend, u32 type, u32 mask);
 
-int crypto_register_instance(struct crypto_template *tmpl,
-			     struct crypto_instance *inst);

[PATCH 28/35] crypto: cryptd - Switch to new style ahash

[Herbert Xu]

crypto: cryptd - Switch to new style ahash

This patch changes cryptd to use the new style ahash type.  In
particular, the instance is enlarged to encapsulate the new
ahash_alg structure.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 crypto/cryptd.c |   64 ++++++++++++++++++++++++++++++++------------------------
 1 file changed, 37 insertions(+), 27 deletions(-)

diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index ad58f51..5dabb7d 100644
--- a/crypto/cryptd.c
+++ b/crypto/cryptd.c
@@ -255,17 +255,18 @@ static void cryptd_blkcipher_exit_tfm(struct crypto_tfm *tfm)
 	crypto_free_blkcipher(ctx->child);
 }
 
-static struct crypto_instance *cryptd_alloc_instance(struct crypto_alg *alg,
-						     unsigned int tail)
+static void *cryptd_alloc_instance(struct crypto_alg *alg, unsigned int head,
+				   unsigned int tail)
 {
+	char *p;
 	struct crypto_instance *inst;
 	int err;
 
-	inst = kzalloc(sizeof(*inst) + tail, GFP_KERNEL);
-	if (!inst) {
-		inst = ERR_PTR(-ENOMEM);
-		goto out;
-	}
+	p = kzalloc(head + sizeof(*inst) + tail, GFP_KERNEL);
+	if (!p)
+		return ERR_PTR(-ENOMEM);
+
+	inst = (void *)(p + head);
 
 	err = -ENAMETOOLONG;
 	if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
@@ -279,11 +280,11 @@ static struct crypto_instance *cryptd_alloc_instance(struct crypto_alg *alg,
 	inst->alg.cra_alignmask = alg->cra_alignmask;
 
 out:
-	return inst;
+	return p;
 
 out_free_inst:
-	kfree(inst);
-	inst = ERR_PTR(err);
+	kfree(p);
+	p = ERR_PTR(err);
 	goto out;
 }
 
@@ -301,7 +302,7 @@ static int cryptd_create_blkcipher(struct crypto_template *tmpl,
 	if (IS_ERR(alg))
 		return PTR_ERR(alg);
 
-	inst = cryptd_alloc_instance(alg, sizeof(*ctx));
+	inst = cryptd_alloc_instance(alg, 0, sizeof(*ctx));
 	if (IS_ERR(inst))
 		goto out_put_alg;
 
@@ -509,7 +510,7 @@ static int cryptd_create_hash(struct crypto_template *tmpl, struct rtattr **tb,
 			      struct cryptd_queue *queue)
 {
 	struct hashd_instance_ctx *ctx;
-	struct crypto_instance *inst;
+	struct ahash_instance *inst;
 	struct shash_alg *salg;
 	struct crypto_alg *alg;
 	int err;
@@ -519,33 +520,34 @@ static int cryptd_create_hash(struct crypto_template *tmpl, struct rtattr **tb,
 		return PTR_ERR(salg);
 
 	alg = &salg->base;
-	inst = cryptd_alloc_instance(alg, sizeof(*ctx));
+	inst = cryptd_alloc_instance(alg, ahash_instance_headroom(),
+				     sizeof(*ctx));
 	if (IS_ERR(inst))
 		goto out_put_alg;
 
-	ctx = crypto_instance_ctx(inst);
+	ctx = ahash_instance_ctx(inst);
 	ctx->queue = queue;
 
-	err = crypto_init_shash_spawn(&ctx->spawn, salg, inst);
+	err = crypto_init_shash_spawn(&ctx->spawn, salg,
+				      ahash_crypto_instance(inst));
 	if (err)
 		goto out_free_inst;
 
-	inst->alg.cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_ASYNC;
-	inst->alg.cra_type = &crypto_ahash_type;
+	inst->alg.halg.base.cra_flags = CRYPTO_ALG_ASYNC;
 
-	inst->alg.cra_ahash.digestsize = salg->digestsize;
-	inst->alg.cra_ctxsize = sizeof(struct cryptd_hash_ctx);
+	inst->alg.halg.digestsize = salg->digestsize;
+	inst->alg.halg.base.cra_ctxsize = sizeof(struct cryptd_hash_ctx);
 
-	inst->alg.cra_init = cryptd_hash_init_tfm;
-	inst->alg.cra_exit = cryptd_hash_exit_tfm;
+	inst->alg.halg.base.cra_init = cryptd_hash_init_tfm;
+	inst->alg.halg.base.cra_exit = cryptd_hash_exit_tfm;
 
-	inst->alg.cra_ahash.init   = cryptd_hash_init_enqueue;
-	inst->alg.cra_ahash.update = cryptd_hash_update_enqueue;
-	inst->alg.cra_ahash.final  = cryptd_hash_final_enqueue;
-	inst->alg.cra_ahash.setkey = cryptd_hash_setkey;
-	inst->alg.cra_ahash.digest = cryptd_hash_digest_enqueue;
+	inst->alg.init   = cryptd_hash_init_enqueue;
+	inst->alg.update = cryptd_hash_update_enqueue;
+	inst->alg.final  = cryptd_hash_final_enqueue;
+	inst->alg.setkey = cryptd_hash_setkey;
+	inst->alg.digest = cryptd_hash_digest_enqueue;
 
-	err = crypto_register_instance(tmpl, inst);
+	err = ahash_register_instance(tmpl, inst);
 	if (err) {
 		crypto_drop_shash(&ctx->spawn);
 out_free_inst:
@@ -580,6 +582,14 @@ static int cryptd_create(struct crypto_template *tmpl, struct rtattr **tb)
 static void cryptd_free(struct crypto_instance *inst)
 {
 	struct cryptd_instance_ctx *ctx = crypto_instance_ctx(inst);
+	struct hashd_instance_ctx *hctx = crypto_instance_ctx(inst);
+
+	switch (inst->alg.cra_flags & CRYPTO_ALG_TYPE_MASK) {
+	case CRYPTO_ALG_TYPE_AHASH:
+		crypto_drop_shash(&hctx->spawn);
+		kfree(ahash_instance(inst));
+		return;
+	}
 
 	crypto_drop_spawn(&ctx->spawn);
 	kfree(inst);

[PATCH 29/35] crypto: crypto4xx - Switch to new style ahash

[Herbert Xu]

crypto: crypto4xx - Switch to new style ahash

This patch changes crypto4xx to use the new style ahash type.
In particular, we now use ahash_alg to define ahash algorithms
instead of crypto_alg.

This is achieved by introducing a union that encapsulates the
new type and the existing crypto_alg structure.  They're told
apart through a u32 field containing the type value.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 drivers/crypto/amcc/crypto4xx_core.c |   85 ++++++++++++++++++++---------------
 drivers/crypto/amcc/crypto4xx_core.h |   25 +++++++++-
 include/crypto/internal/hash.h       |    6 ++
 3 files changed, 77 insertions(+), 39 deletions(-)

diff --git a/drivers/crypto/amcc/crypto4xx_core.c b/drivers/crypto/amcc/crypto4xx_core.c
index cb7be42..857e35e 100644
--- a/drivers/crypto/amcc/crypto4xx_core.c
+++ b/drivers/crypto/amcc/crypto4xx_core.c
@@ -31,8 +31,6 @@
 #include <asm/dcr.h>
 #include <asm/dcr-regs.h>
 #include <asm/cacheflush.h>
-#include <crypto/internal/hash.h>
-#include <crypto/algapi.h>
 #include <crypto/aes.h>
 #include <crypto/sha.h>
 #include "crypto4xx_reg_def.h"
@@ -998,11 +996,15 @@ static int crypto4xx_alg_init(struct crypto_tfm *tfm)
 	ctx->sa_out_dma_addr = 0;
 	ctx->sa_len = 0;
 
-	if (alg->cra_type == &crypto_ablkcipher_type)
+	switch (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) {
+	default:
 		tfm->crt_ablkcipher.reqsize = sizeof(struct crypto4xx_ctx);
-	else if (alg->cra_type == &crypto_ahash_type)
+		break;
+	case CRYPTO_ALG_TYPE_AHASH:
 		crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
 					 sizeof(struct crypto4xx_ctx));
+		break;
+	}
 
 	return 0;
 }
@@ -1016,7 +1018,8 @@ static void crypto4xx_alg_exit(struct crypto_tfm *tfm)
 }
 
 int crypto4xx_register_alg(struct crypto4xx_device *sec_dev,
-			   struct crypto_alg *crypto_alg, int array_size)
+			   struct crypto4xx_alg_common *crypto_alg,
+			   int array_size)
 {
 	struct crypto4xx_alg *alg;
 	int i;
@@ -1028,13 +1031,18 @@ int crypto4xx_register_alg(struct crypto4xx_device *sec_dev,
 			return -ENOMEM;
 
 		alg->alg = crypto_alg[i];
-		INIT_LIST_HEAD(&alg->alg.cra_list);
-		if (alg->alg.cra_init == NULL)
-			alg->alg.cra_init = crypto4xx_alg_init;
-		if (alg->alg.cra_exit == NULL)
-			alg->alg.cra_exit = crypto4xx_alg_exit;
 		alg->dev = sec_dev;
-		rc = crypto_register_alg(&alg->alg);
+
+		switch (alg->alg.type) {
+		case CRYPTO_ALG_TYPE_AHASH:
+			rc = crypto_register_ahash(&alg->alg.u.hash);
+			break;
+
+		default:
+			rc = crypto_register_alg(&alg->alg.u.cipher);
+			break;
+		}
+
 		if (rc) {
 			list_del(&alg->entry);
 			kfree(alg);
@@ -1052,7 +1060,14 @@ static void crypto4xx_unregister_alg(struct crypto4xx_device *sec_dev)
 
 	list_for_each_entry_safe(alg, tmp, &sec_dev->alg_list, entry) {
 		list_del(&alg->entry);
-		crypto_unregister_alg(&alg->alg);
+		switch (alg->alg.type) {
+		case CRYPTO_ALG_TYPE_AHASH:
+			crypto_unregister_ahash(&alg->alg.u.hash);
+			break;
+
+		default:
+			crypto_unregister_alg(&alg->alg.u.cipher);
+		}
 		kfree(alg);
 	}
 }
@@ -1105,17 +1120,18 @@ static irqreturn_t crypto4xx_ce_interrupt_handler(int irq, void *data)
 /**
  * Supported Crypto Algorithms
  */
-struct crypto_alg crypto4xx_alg[] = {
+struct crypto4xx_alg_common crypto4xx_alg[] = {
 	/* Crypto AES modes */
-	{
+	{ .type = CRYPTO_ALG_TYPE_ABLKCIPHER, .u.cipher = {
 		.cra_name 	= "cbc(aes)",
 		.cra_driver_name = "cbc-aes-ppc4xx",
 		.cra_priority 	= CRYPTO4XX_CRYPTO_PRIORITY,
 		.cra_flags 	= CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC,
 		.cra_blocksize 	= AES_BLOCK_SIZE,
 		.cra_ctxsize 	= sizeof(struct crypto4xx_ctx),
-		.cra_alignmask 	= 0,
 		.cra_type 	= &crypto_ablkcipher_type,
+		.cra_init	= crypto4xx_alg_init,
+		.cra_exit	= crypto4xx_alg_exit,
 		.cra_module 	= THIS_MODULE,
 		.cra_u 		= {
 			.ablkcipher = {
@@ -1127,29 +1143,26 @@ struct crypto_alg crypto4xx_alg[] = {
 				.decrypt 	= crypto4xx_decrypt,
 			}
 		}
-	},
+	}},
 	/* Hash SHA1 */
-	{
-		.cra_name	= "sha1",
-		.cra_driver_name = "sha1-ppc4xx",
-		.cra_priority	= CRYPTO4XX_CRYPTO_PRIORITY,
-		.cra_flags	= CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_ASYNC,
-		.cra_blocksize	= SHA1_BLOCK_SIZE,
-		.cra_ctxsize	= sizeof(struct crypto4xx_ctx),
-		.cra_alignmask	= 0,
-		.cra_type	= &crypto_ahash_type,
-		.cra_init	= crypto4xx_sha1_alg_init,
-		.cra_module	= THIS_MODULE,
-		.cra_u		= {
-			.ahash = {
-				.digestsize 	= SHA1_DIGEST_SIZE,
-				.init		= crypto4xx_hash_init,
-				.update		= crypto4xx_hash_update,
-				.final  	= crypto4xx_hash_final,
-				.digest 	= crypto4xx_hash_digest,
-			}
+	{ .type = CRYPTO_ALG_TYPE_AHASH, .u.hash = {
+		.init		= crypto4xx_hash_init,
+		.update		= crypto4xx_hash_update,
+		.final  	= crypto4xx_hash_final,
+		.digest 	= crypto4xx_hash_digest,
+		.halg.digestsize = SHA1_DIGEST_SIZE,
+		.halg.base	= {
+			.cra_name	= "sha1",
+			.cra_driver_name = "sha1-ppc4xx",
+			.cra_priority	= CRYPTO4XX_CRYPTO_PRIORITY,
+			.cra_flags	= CRYPTO_ALG_ASYNC,
+			.cra_blocksize	= SHA1_BLOCK_SIZE,
+			.cra_ctxsize	= sizeof(struct crypto4xx_ctx),
+			.cra_init	= crypto4xx_sha1_alg_init,
+			.cra_exit	= crypto4xx_alg_exit,
+			.cra_module	= THIS_MODULE,
 		}
-	},
+	}},
 };
 
 /**
diff --git a/drivers/crypto/amcc/crypto4xx_core.h b/drivers/crypto/amcc/crypto4xx_core.h
index 1ef1034..da9cbe3 100644
--- a/drivers/crypto/amcc/crypto4xx_core.h
+++ b/drivers/crypto/amcc/crypto4xx_core.h
@@ -22,6 +22,8 @@
 #ifndef __CRYPTO4XX_CORE_H__
 #define __CRYPTO4XX_CORE_H__
 
+#include <crypto/internal/hash.h>
+
 #define PPC460SX_SDR0_SRST                      0x201
 #define PPC405EX_SDR0_SRST                      0x200
 #define PPC460EX_SDR0_SRST                      0x201
@@ -138,14 +140,31 @@ struct crypto4xx_req_ctx {
 	u16 sa_len;
 };
 
+struct crypto4xx_alg_common {
+	u32 type;
+	union {
+		struct crypto_alg cipher;
+		struct ahash_alg hash;
+	} u;
+};
+
 struct crypto4xx_alg {
 	struct list_head  entry;
-	struct crypto_alg alg;
+	struct crypto4xx_alg_common alg;
 	struct crypto4xx_device *dev;
 };
 
-#define crypto_alg_to_crypto4xx_alg(x) \
-		container_of(x, struct crypto4xx_alg, alg)
+static inline struct crypto4xx_alg *crypto_alg_to_crypto4xx_alg(
+	struct crypto_alg *x)
+{
+	switch (x->cra_flags & CRYPTO_ALG_TYPE_MASK) {
+	case CRYPTO_ALG_TYPE_AHASH:
+		return container_of(__crypto_ahash_alg(x),
+				    struct crypto4xx_alg, alg.u.hash);
+	}
+
+	return container_of(x, struct crypto4xx_alg, alg.u.cipher);
+}
 
 extern int crypto4xx_alloc_sa(struct crypto4xx_ctx *ctx, u32 size);
 extern void crypto4xx_free_sa(struct crypto4xx_ctx *ctx);
diff --git a/include/crypto/internal/hash.h b/include/crypto/internal/hash.h
index 9d30316..e3a8251 100644
--- a/include/crypto/internal/hash.h
+++ b/include/crypto/internal/hash.h
@@ -103,6 +103,12 @@ static inline void *crypto_ahash_ctx(struct crypto_ahash *tfm)
 	return crypto_tfm_ctx(crypto_ahash_tfm(tfm));
 }
 
+static inline struct ahash_alg *__crypto_ahash_alg(struct crypto_alg *alg)
+{
+	return container_of(__crypto_hash_alg_common(alg), struct ahash_alg,
+			    halg);
+}
+
 static inline struct old_ahash_alg *crypto_old_ahash_alg(
 	struct crypto_ahash *tfm)
 {

[PATCH 30/35] crypto: ahash - Remove old_ahash_alg

[Herbert Xu]

crypto: ahash - Remove old_ahash_alg

Now that all ahash implementations have been converted to the new
ahash type, we can remove old_ahash_alg and its associated support.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 crypto/ahash.c                 |   27 ---------------------------
 crypto/shash.c                 |    2 --
 include/crypto/hash.h          |    3 +--
 include/crypto/internal/hash.h |    6 ------
 include/linux/crypto.h         |   16 ----------------
 5 files changed, 1 insertion(+), 53 deletions(-)

diff --git a/crypto/ahash.c b/crypto/ahash.c
index 7f599d2..cc824ef 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c
@@ -175,46 +175,19 @@ static int ahash_nosetkey(struct crypto_ahash *tfm, const u8 *key,
 	return -ENOSYS;
 }
 
-static int crypto_init_ahash_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
-{
-	struct old_ahash_alg *alg = &tfm->__crt_alg->cra_ahash;
-	struct crypto_ahash *crt = __crypto_ahash_cast(tfm);
-	struct ahash_alg *nalg = crypto_ahash_alg(crt);
-
-	if (alg->digestsize > PAGE_SIZE / 8)
-		return -EINVAL;
-
-	crt->init = alg->init;
-	crt->update = alg->update;
-	crt->final  = alg->final;
-	crt->digest = alg->digest;
-	crt->setkey = alg->setkey ? ahash_setkey : ahash_nosetkey;
-	crt->digestsize = alg->digestsize;
-
-	nalg->setkey = alg->setkey;
-	nalg->halg.digestsize = alg->digestsize;
-
-	return 0;
-}
-
 static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
 {
 	struct crypto_ahash *hash = __crypto_ahash_cast(tfm);
 	struct ahash_alg *alg = crypto_ahash_alg(hash);
-	struct old_ahash_alg *oalg = crypto_old_ahash_alg(hash);
 
 	if (tfm->__crt_alg->cra_type != &crypto_ahash_type)
 		return crypto_init_shash_ops_async(tfm);
 
-	if (oalg->init)
-		return crypto_init_ahash_ops(tfm, 0, 0);
-
 	hash->init = alg->init;
 	hash->update = alg->update;
 	hash->final  = alg->final;
 	hash->digest = alg->digest;
 	hash->setkey = alg->setkey ? ahash_setkey : ahash_nosetkey;
-	hash->digestsize = alg->halg.digestsize;
 
 	return 0;
 }
diff --git a/crypto/shash.c b/crypto/shash.c
index 615a5f4..fd92c03 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -270,7 +270,6 @@ static void crypto_exit_shash_ops_async(struct crypto_tfm *tfm)
 int crypto_init_shash_ops_async(struct crypto_tfm *tfm)
 {
 	struct crypto_alg *calg = tfm->__crt_alg;
-	struct shash_alg *alg = __crypto_shash_alg(calg);
 	struct crypto_ahash *crt = __crypto_ahash_cast(tfm);
 	struct crypto_shash **ctx = crypto_tfm_ctx(tfm);
 	struct crypto_shash *shash;
@@ -293,7 +292,6 @@ int crypto_init_shash_ops_async(struct crypto_tfm *tfm)
 	crt->digest = shash_async_digest;
 	crt->setkey = shash_async_setkey;
 
-	crt->digestsize = alg->digestsize;
 	crt->reqsize = sizeof(struct shash_desc) + crypto_shash_descsize(shash);
 
 	return 0;
diff --git a/include/crypto/hash.h b/include/crypto/hash.h
index 262861d..45c2bdd 100644
--- a/include/crypto/hash.h
+++ b/include/crypto/hash.h
@@ -89,7 +89,6 @@ struct crypto_ahash {
 	int (*setkey)(struct crypto_ahash *tfm, const u8 *key,
 		      unsigned int keylen);
 
-	unsigned int digestsize;
 	unsigned int reqsize;
 	struct crypto_tfm base;
 };
@@ -137,7 +136,7 @@ static inline struct hash_alg_common *crypto_hash_alg_common(
 
 static inline unsigned int crypto_ahash_digestsize(struct crypto_ahash *tfm)
 {
-	return tfm->digestsize;
+	return crypto_hash_alg_common(tfm)->digestsize;
 }
 
 static inline unsigned int crypto_ahash_statesize(struct crypto_ahash *tfm)
diff --git a/include/crypto/internal/hash.h b/include/crypto/internal/hash.h
index e3a8251..179dd8f 100644
--- a/include/crypto/internal/hash.h
+++ b/include/crypto/internal/hash.h
@@ -109,12 +109,6 @@ static inline struct ahash_alg *__crypto_ahash_alg(struct crypto_alg *alg)
 			    halg);
 }
 
-static inline struct old_ahash_alg *crypto_old_ahash_alg(
-	struct crypto_ahash *tfm)
-{
-	return &crypto_ahash_tfm(tfm)->__crt_alg->cra_ahash;
-}
-
 static inline void crypto_ahash_set_reqsize(struct crypto_ahash *tfm,
 					    unsigned int reqsize)
 {
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
index 9e7e9b6..fd92988 100644
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
@@ -115,12 +115,10 @@ struct crypto_async_request;
 struct crypto_aead;
 struct crypto_blkcipher;
 struct crypto_hash;
-struct crypto_ahash;
 struct crypto_rng;
 struct crypto_tfm;
 struct crypto_type;
 struct aead_givcrypt_request;
-struct ahash_request;
 struct skcipher_givcrypt_request;
 
 typedef void (*crypto_completion_t)(struct crypto_async_request *req, int err);
@@ -211,18 +209,6 @@ struct ablkcipher_alg {
 	unsigned int ivsize;
 };
 
-struct old_ahash_alg {
-	int (*init)(struct ahash_request *req);
-	int (*reinit)(struct ahash_request *req);
-	int (*update)(struct ahash_request *req);
-	int (*final)(struct ahash_request *req);
-	int (*digest)(struct ahash_request *req);
-	int (*setkey)(struct crypto_ahash *tfm, const u8 *key,
-			unsigned int keylen);
-
-	unsigned int digestsize;
-};

[PATCH 31/35] crypto: hash - Zap unaligned buffers

[Herbert Xu]

crypto: hash - Zap unaligned buffers

Some unaligned buffers on the stack weren't zapped properly which
may cause secret data to be leaked.  This patch fixes them by doing
a zero memset.

It is also possible for us to place random kernel stack contents
in the digest buffer if a digest operation fails.  This is fixed
by only copying if the operation succeeded.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 crypto/ahash.c |    3 +--
 crypto/shash.c |   14 +++++++++++---
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/crypto/ahash.c b/crypto/ahash.c
index cc824ef..1576f95 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c
@@ -152,8 +152,7 @@ static int ahash_setkey_unaligned(struct crypto_ahash *tfm, const u8 *key,
 	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
 	memcpy(alignbuffer, key, keylen);
 	ret = ahash->setkey(tfm, alignbuffer, keylen);
-	memset(alignbuffer, 0, keylen);
-	kfree(buffer);
+	kzfree(buffer);
 	return ret;
 }
 
diff --git a/crypto/shash.c b/crypto/shash.c
index fd92c03..e543283 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -45,8 +45,7 @@ static int shash_setkey_unaligned(struct crypto_shash *tfm, const u8 *key,
 	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
 	memcpy(alignbuffer, key, keylen);
 	err = shash->setkey(tfm, alignbuffer, keylen);
-	memset(alignbuffer, 0, keylen);
-	kfree(buffer);
+	kzfree(buffer);
 	return err;
 }
 
@@ -79,13 +78,16 @@ static int shash_update_unaligned(struct shash_desc *desc, const u8 *data,
 				     ((unsigned long)data & alignmask);
 	u8 buf[shash_align_buffer_size(unaligned_len, alignmask)]
 		__attribute__ ((aligned));
+	int err;
 
 	if (unaligned_len > len)
 		unaligned_len = len;
 
 	memcpy(buf, data, unaligned_len);
+	err = shash->update(desc, buf, unaligned_len);
+	memset(buf, 0, unaligned_len);
 
-	return shash->update(desc, buf, unaligned_len) ?:
+	return err ?:
 	       shash->update(desc, data + unaligned_len, len - unaligned_len);
 }
 
@@ -114,7 +116,13 @@ static int shash_final_unaligned(struct shash_desc *desc, u8 *out)
 	int err;
 
 	err = shash->final(desc, buf);
+	if (err)
+		goto out;
+
 	memcpy(out, buf, ds);
+
+out:
+	memset(buf, 0, ds);
 	return err;
 }
 

[PATCH 32/35] crypto: shash - Fix alignment in unaligned operations

[Herbert Xu]

crypto: shash - Fix alignment in unaligned operations

When we encounter an unaligned pointer we are supposed to copy
it to a temporary aligned location.  However the temporary buffer
isn't aligned properly.  This patch fixes that.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 crypto/shash.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/crypto/shash.c b/crypto/shash.c
index e543283..171c8f0 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -76,8 +76,9 @@ static int shash_update_unaligned(struct shash_desc *desc, const u8 *data,
 	unsigned long alignmask = crypto_shash_alignmask(tfm);
 	unsigned int unaligned_len = alignmask + 1 -
 				     ((unsigned long)data & alignmask);
-	u8 buf[shash_align_buffer_size(unaligned_len, alignmask)]
+	u8 ubuf[shash_align_buffer_size(unaligned_len, alignmask)]
 		__attribute__ ((aligned));
+	u8 *buf = PTR_ALIGN(&ubuf[0], alignmask + 1);
 	int err;
 
 	if (unaligned_len > len)
@@ -111,8 +112,9 @@ static int shash_final_unaligned(struct shash_desc *desc, u8 *out)
 	unsigned long alignmask = crypto_shash_alignmask(tfm);
 	struct shash_alg *shash = crypto_shash_alg(tfm);
 	unsigned int ds = crypto_shash_digestsize(tfm);
-	u8 buf[shash_align_buffer_size(ds, alignmask)]
+	u8 ubuf[shash_align_buffer_size(ds, alignmask)]
 		__attribute__ ((aligned));
+	u8 *buf = PTR_ALIGN(&ubuf[0], alignmask + 1);
 	int err;
 
 	err = shash->final(desc, buf);

[PATCH 33/35] crypto: ahash - Use GFP_KERNEL in unaligned setkey

[Herbert Xu]

crypto: ahash - Use GFP_KERNEL in unaligned setkey

We currently use GFP_ATOMIC in the unaligned setkey function
to allocate the temporary aligned buffer.  Since setkey must
be called in a sleepable context, we can use GFP_KERNEL instead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 crypto/ahash.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/ahash.c b/crypto/ahash.c
index 1576f95..a196055 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c
@@ -145,7 +145,7 @@ static int ahash_setkey_unaligned(struct crypto_ahash *tfm, const u8 *key,
 	unsigned long absize;
 
 	absize = keylen + alignmask;
-	buffer = kmalloc(absize, GFP_ATOMIC);
+	buffer = kmalloc(absize, GFP_KERNEL);
 	if (!buffer)
 		return -ENOMEM;
 

[PATCH 34/35] crypto: ahash - Add unaligned handling and default operations

[Herbert Xu]

crypto: ahash - Add unaligned handling and default operations

This patch exports the finup operation where available and adds
a default finup operation for ahash.  The operations final, finup
and digest also will now deal with unaligned result pointers by
copying it.  Finally export/import operations are will now be
exported too.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 crypto/ahash.c                 |  204 ++++++++++++++++++++++++++++++++++++++++-
 crypto/shash.c                 |   52 +++++++++-
 include/crypto/hash.h          |   23 +---
 include/crypto/internal/hash.h |    6 +
 4 files changed, 263 insertions(+), 22 deletions(-)

diff --git a/crypto/ahash.c b/crypto/ahash.c
index a196055..ac0798d 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c
@@ -24,6 +24,13 @@
 
 #include "internal.h"
 
+struct ahash_request_priv {
+	crypto_completion_t complete;
+	void *data;
+	u8 *result;
+	void *ubuf[] CRYPTO_MINALIGN_ATTR;
+};
+
 static inline struct ahash_alg *crypto_ahash_alg(struct crypto_ahash *hash)
 {
 	return container_of(crypto_hash_alg_common(hash), struct ahash_alg,
@@ -156,7 +163,7 @@ static int ahash_setkey_unaligned(struct crypto_ahash *tfm, const u8 *key,
 	return ret;
 }
 
-static int ahash_setkey(struct crypto_ahash *tfm, const u8 *key,
+int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key,
 			unsigned int keylen)
 {
 	struct ahash_alg *ahash = crypto_ahash_alg(tfm);
@@ -167,6 +174,7 @@ static int ahash_setkey(struct crypto_ahash *tfm, const u8 *key,
 
 	return ahash->setkey(tfm, key, keylen);
 }
+EXPORT_SYMBOL_GPL(crypto_ahash_setkey);
 
 static int ahash_nosetkey(struct crypto_ahash *tfm, const u8 *key,
 			  unsigned int keylen)
@@ -174,19 +182,209 @@ static int ahash_nosetkey(struct crypto_ahash *tfm, const u8 *key,
 	return -ENOSYS;
 }
 
+static inline unsigned int ahash_align_buffer_size(unsigned len,
+						   unsigned long mask)
+{
+	return len + (mask & ~(crypto_tfm_ctx_alignment() - 1));
+}
+
+static void ahash_op_unaligned_finish(struct ahash_request *req, int err)
+{
+	struct ahash_request_priv *priv = req->priv;
+
+	if (err == -EINPROGRESS)
+		return;
+
+	if (!err)
+		memcpy(priv->result, req->result,
+		       crypto_ahash_digestsize(crypto_ahash_reqtfm(req)));
+
+	kzfree(priv);
+}
+
+static void ahash_op_unaligned_done(struct crypto_async_request *req, int err)
+{
+	struct ahash_request *areq = req->data;
+	struct ahash_request_priv *priv = areq->priv;
+	crypto_completion_t complete = priv->complete;
+	void *data = priv->data;
+
+	ahash_op_unaligned_finish(areq, err);
+
+	complete(data, err);
+}
+
+static int ahash_op_unaligned(struct ahash_request *req,
+			      int (*op)(struct ahash_request *))
+{
+	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+	unsigned long alignmask = crypto_ahash_alignmask(tfm);
+	unsigned int ds = crypto_ahash_digestsize(tfm);
+	struct ahash_request_priv *priv;
+	int err;
+
+	priv = kmalloc(sizeof(*priv) + ahash_align_buffer_size(ds, alignmask),
+		       (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ?
+		       GFP_ATOMIC : GFP_ATOMIC);
+	if (!priv)
+		return -ENOMEM;
+
+	priv->result = req->result;
+	priv->complete = req->base.complete;
+	priv->data = req->base.data;
+
+	req->result = PTR_ALIGN((u8 *)priv->ubuf, alignmask + 1);
+	req->base.complete = ahash_op_unaligned_done;
+	req->base.data = req;
+	req->priv = priv;
+
+	err = op(req);
+	ahash_op_unaligned_finish(req, err);
+
+	return err;
+}
+
+static int crypto_ahash_op(struct ahash_request *req,
+			   int (*op)(struct ahash_request *))
+{
+	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+	unsigned long alignmask = crypto_ahash_alignmask(tfm);
+
+	if ((unsigned long)req->result & alignmask)
+		return ahash_op_unaligned(req, op);
+
+	return op(req);
+}
+
+int crypto_ahash_final(struct ahash_request *req)
+{
+	return crypto_ahash_op(req, crypto_ahash_reqtfm(req)->final);
+}
+EXPORT_SYMBOL_GPL(crypto_ahash_final);
+
+int crypto_ahash_finup(struct ahash_request *req)
+{
+	return crypto_ahash_op(req, crypto_ahash_reqtfm(req)->finup);
+}
+EXPORT_SYMBOL_GPL(crypto_ahash_finup);
+
+int crypto_ahash_digest(struct ahash_request *req)
+{
+	return crypto_ahash_op(req, crypto_ahash_reqtfm(req)->digest);
+}
+EXPORT_SYMBOL_GPL(crypto_ahash_digest);
+
+static void ahash_def_finup_finish2(struct ahash_request *req, int err)
+{
+	struct ahash_request_priv *priv = req->priv;
+
+	if (err == -EINPROGRESS)
+		return;
+
+	if (!err)
+		memcpy(priv->result, req->result,
+		       crypto_ahash_digestsize(crypto_ahash_reqtfm(req)));
+
+	kzfree(priv);
+}
+
+static void ahash_def_finup_done2(struct crypto_async_request *req, int err)
+{
+	struct ahash_request *areq = req->data;
+	struct ahash_request_priv *priv = areq->priv;
+	crypto_completion_t complete = priv->complete;
+	void *data = priv->data;
+
+	ahash_def_finup_finish2(areq, err);
+
+	complete(data, err);
+}
+
+static int ahash_def_finup_finish1(struct ahash_request *req, int err)
+{
+	if (err)
+		goto out;
+
+	req->base.complete = ahash_def_finup_done2;
+	req->base.flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
+	err = crypto_ahash_reqtfm(req)->final(req);
+
+out:
+	ahash_def_finup_finish2(req, err);
+	return err;
+}
+
+static void ahash_def_finup_done1(struct crypto_async_request *req, int err)
+{
+	struct ahash_request *areq = req->data;
+	struct ahash_request_priv *priv = areq->priv;
+	crypto_completion_t complete = priv->complete;
+	void *data = priv->data;
+
+	err = ahash_def_finup_finish1(areq, err);
+
+	complete(data, err);
+}
+
+static int ahash_def_finup(struct ahash_request *req)
+{
+	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+	unsigned long alignmask = crypto_ahash_alignmask(tfm);
+	unsigned int ds = crypto_ahash_digestsize(tfm);
+	struct ahash_request_priv *priv;
+
+	priv = kmalloc(sizeof(*priv) + ahash_align_buffer_size(ds, alignmask),
+		       (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ?
+		       GFP_ATOMIC : GFP_ATOMIC);
+	if (!priv)
+		return -ENOMEM;
+
+	priv->result = req->result;
+	priv->complete = req->base.complete;
+	priv->data = req->base.data;
+
+	req->result = PTR_ALIGN((u8 *)priv->ubuf, alignmask + 1);
+	req->base.complete = ahash_def_finup_done1;
+	req->base.data = req;
+	req->priv = priv;
+
+	return ahash_def_finup_finish1(req, tfm->update(req));
+}
+
+static int ahash_no_export(struct ahash_request *req, void *out)
+{
+	return -ENOSYS;
+}
+
+static int ahash_no_import(struct ahash_request *req, const void *in)
+{
+	return -ENOSYS;
+}
+
 static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
 {
 	struct crypto_ahash *hash = __crypto_ahash_cast(tfm);
 	struct ahash_alg *alg = crypto_ahash_alg(hash);
 
+	hash->setkey = ahash_nosetkey;
+	hash->export = ahash_no_export;
+	hash->import = ahash_no_import;
+
 	if (tfm->__crt_alg->cra_type != &crypto_ahash_type)
 		return crypto_init_shash_ops_async(tfm);
 
 	hash->init = alg->init;
 	hash->update = alg->update;
-	hash->final  = alg->final;
+	hash->final = alg->final;
+	hash->finup = alg->finup ?: ahash_def_finup;
 	hash->digest = alg->digest;
-	hash->setkey = alg->setkey ? ahash_setkey : ahash_nosetkey;
+
+	if (alg->setkey)
+		hash->setkey = alg->setkey;
+	if (alg->export)
+		hash->export = alg->export;
+	if (alg->import)
+		hash->import = alg->import;
 
 	return 0;
 }
diff --git a/crypto/shash.c b/crypto/shash.c
index 171c8f0..834d9d2 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -235,6 +235,33 @@ static int shash_async_final(struct ahash_request *req)
 	return crypto_shash_final(ahash_request_ctx(req), req->result);
 }
 
+int shash_ahash_finup(struct ahash_request *req, struct shash_desc *desc)
+{
+	struct crypto_hash_walk walk;
+	int nbytes;
+
+	for (nbytes = crypto_hash_walk_first(req, &walk); nbytes > 0;
+	     nbytes = crypto_hash_walk_done(&walk, nbytes))
+		nbytes = crypto_hash_walk_last(&walk) ?
+			 crypto_shash_finup(desc, walk.data, nbytes,
+					    req->result) :
+			 crypto_shash_update(desc, walk.data, nbytes);
+
+	return nbytes;
+}
+EXPORT_SYMBOL_GPL(shash_ahash_finup);
+
+static int shash_async_finup(struct ahash_request *req)
+{
+	struct crypto_shash **ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req));
+	struct shash_desc *desc = ahash_request_ctx(req);
+
+	desc->tfm = *ctx;
+	desc->flags = req->base.flags;
+
+	return shash_ahash_finup(req, desc);
+}
+
 int shash_ahash_digest(struct ahash_request *req, struct shash_desc *desc)
 {
 	struct scatterlist *sg = req->src;
@@ -252,8 +279,7 @@ int shash_ahash_digest(struct ahash_request *req, struct shash_desc *desc)
 		crypto_yield(desc->flags);
 	} else
 		err = crypto_shash_init(desc) ?:
-		      shash_ahash_update(req, desc) ?:
-		      crypto_shash_final(desc, req->result);
+		      shash_ahash_finup(req, desc);
 
 	return err;
 }
@@ -270,6 +296,16 @@ static int shash_async_digest(struct ahash_request *req)
 	return shash_ahash_digest(req, desc);
 }
 
+static int shash_async_export(struct ahash_request *req, void *out)
+{
+	return crypto_shash_export(ahash_request_ctx(req), out);
+}
+
+static int shash_async_import(struct ahash_request *req, const void *in)
+{
+	return crypto_shash_import(ahash_request_ctx(req), in);
+}
+
 static void crypto_exit_shash_ops_async(struct crypto_tfm *tfm)
 {
 	struct crypto_shash **ctx = crypto_tfm_ctx(tfm);
@@ -280,6 +316,7 @@ static void crypto_exit_shash_ops_async(struct crypto_tfm *tfm)
 int crypto_init_shash_ops_async(struct crypto_tfm *tfm)
 {
 	struct crypto_alg *calg = tfm->__crt_alg;
+	struct shash_alg *alg = __crypto_shash_alg(calg);
 	struct crypto_ahash *crt = __crypto_ahash_cast(tfm);
 	struct crypto_shash **ctx = crypto_tfm_ctx(tfm);
 	struct crypto_shash *shash;
@@ -298,9 +335,16 @@ int crypto_init_shash_ops_async(struct crypto_tfm *tfm)
 
 	crt->init = shash_async_init;
 	crt->update = shash_async_update;
-	crt->final  = shash_async_final;
+	crt->final = shash_async_final;
+	crt->finup = shash_async_finup;
 	crt->digest = shash_async_digest;
-	crt->setkey = shash_async_setkey;
+
+	if (alg->setkey)
+		crt->setkey = shash_async_setkey;
+	if (alg->export)
+		crt->export = shash_async_export;
+	if (alg->setkey)
+		crt->import = shash_async_import;
 
 	crt->reqsize = sizeof(struct shash_desc) + crypto_shash_descsize(shash);
 
diff --git a/include/crypto/hash.h b/include/crypto/hash.h
index 45c2bdd..3e89ce1 100644
--- a/include/crypto/hash.h
+++ b/include/crypto/hash.h
@@ -31,6 +31,9 @@ struct ahash_request {
 	struct scatterlist *src;
 	u8 *result;
 
+	/* This field may only be used by the ahash API code. */
+	void *priv;
+
 	void *__ctx[] CRYPTO_MINALIGN_ATTR;
 };
 
@@ -175,16 +178,11 @@ static inline void *ahash_request_ctx(struct ahash_request *req)
 	return req->__ctx;
 }
 
-static inline int crypto_ahash_setkey(struct crypto_ahash *tfm,
-				      const u8 *key, unsigned int keylen)
-{
-	return tfm->setkey(tfm, key, keylen);
-}
-
-static inline int crypto_ahash_digest(struct ahash_request *req)
-{
-	return crypto_ahash_reqtfm(req)->digest(req);
-}
+int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key,
+			unsigned int keylen);
+int crypto_ahash_finup(struct ahash_request *req);
+int crypto_ahash_final(struct ahash_request *req);
+int crypto_ahash_digest(struct ahash_request *req);
 
 static inline int crypto_ahash_export(struct ahash_request *req, void *out)
 {
@@ -206,11 +204,6 @@ static inline int crypto_ahash_update(struct ahash_request *req)
 	return crypto_ahash_reqtfm(req)->update(req);
 }
 
-static inline int crypto_ahash_final(struct ahash_request *req)
-{
-	return crypto_ahash_reqtfm(req)->final(req);
-}
-
 static inline void ahash_request_set_tfm(struct ahash_request *req,
 					 struct crypto_ahash *tfm)
 {
diff --git a/include/crypto/internal/hash.h b/include/crypto/internal/hash.h
index 179dd8f..5bfad8c 100644
--- a/include/crypto/internal/hash.h
+++ b/include/crypto/internal/hash.h
@@ -59,6 +59,11 @@ int crypto_hash_walk_first_compat(struct hash_desc *hdesc,
 				  struct crypto_hash_walk *walk,
 				  struct scatterlist *sg, unsigned int len);
 
+static inline int crypto_hash_walk_last(struct crypto_hash_walk *walk)
+{
+	return !(walk->entrylen | walk->total);
+}
+
 int crypto_register_ahash(struct ahash_alg *alg);
 int crypto_unregister_ahash(struct ahash_alg *alg);
 int ahash_register_instance(struct crypto_template *tmpl,
@@ -94,6 +99,7 @@ static inline void crypto_drop_shash(struct crypto_shash_spawn *spawn)
 struct shash_alg *shash_attr_alg(struct rtattr *rta, u32 type, u32 mask);
 
 int shash_ahash_update(struct ahash_request *req, struct shash_desc *desc);
+int shash_ahash_finup(struct ahash_request *req, struct shash_desc *desc);
 int shash_ahash_digest(struct ahash_request *req, struct shash_desc *desc);
 
 int crypto_init_shash_ops_async(struct crypto_tfm *tfm);

[PATCH 35/35] crypto: crypto4xx - Disable SHA implementation

[Herbert Xu]

crypto: crypto4xx - Disable SHA implementation

The crypto4xx SHA implementation keeps the hash state in the tfm
data structure.  This breaks a fundamental requirement of ahash
implementations that they must be reentrant.

This patch disables the broken implementation.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 drivers/crypto/amcc/crypto4xx_core.c |   19 -------------------
 1 file changed, 19 deletions(-)

diff --git a/drivers/crypto/amcc/crypto4xx_core.c b/drivers/crypto/amcc/crypto4xx_core.c
index 857e35e..46e899a 100644
--- a/drivers/crypto/amcc/crypto4xx_core.c
+++ b/drivers/crypto/amcc/crypto4xx_core.c
@@ -1144,25 +1144,6 @@ struct crypto4xx_alg_common crypto4xx_alg[] = {
 			}
 		}
 	}},
-	/* Hash SHA1 */
-	{ .type = CRYPTO_ALG_TYPE_AHASH, .u.hash = {
-		.init		= crypto4xx_hash_init,
-		.update		= crypto4xx_hash_update,
-		.final  	= crypto4xx_hash_final,
-		.digest 	= crypto4xx_hash_digest,
-		.halg.digestsize = SHA1_DIGEST_SIZE,
-		.halg.base	= {
-			.cra_name	= "sha1",
-			.cra_driver_name = "sha1-ppc4xx",
-			.cra_priority	= CRYPTO4XX_CRYPTO_PRIORITY,
-			.cra_flags	= CRYPTO_ALG_ASYNC,
-			.cra_blocksize	= SHA1_BLOCK_SIZE,
-			.cra_ctxsize	= sizeof(struct crypto4xx_ctx),
-			.cra_init	= crypto4xx_sha1_alg_init,
-			.cra_exit	= crypto4xx_alg_exit,
-			.cra_module	= THIS_MODULE,
-		}
-	}},
 };
 
 /**

Re: [PATCH 27/35] crypto: cryptd - Switch to template create API

[Steffen Klassert]

On Wed, Jul 15, 2009 at 03:16:21PM +0800, Herbert Xu wrote:
> crypto: cryptd - Switch to template create API
> 
> This patch changes cryptd to use the template->create function
> instead of alloc in anticipation for the switch to new style
> ahash algorithms.
> 
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> ---
> 
>  crypto/cryptd.c         |   53 ++++++++++++++++++++++++++----------------------
>  crypto/internal.h       |    3 --
>  include/crypto/algapi.h |    3 ++
>  3 files changed, 32 insertions(+), 27 deletions(-)
> 
> diff --git a/crypto/cryptd.c b/crypto/cryptd.c
> index 6e6722e..ad58f51 100644
> --- a/crypto/cryptd.c
> +++ b/crypto/cryptd.c
> @@ -287,8 +287,9 @@ out_free_inst:
>  	goto out;
>  }
>  
> -static struct crypto_instance *cryptd_alloc_blkcipher(
> -	struct rtattr **tb, struct cryptd_queue *queue)
> +static int cryptd_create_blkcipher(struct crypto_template *tmpl,
> +				   struct rtattr **tb,
> +				   struct cryptd_queue *queue)
>  {
>  	struct cryptd_instance_ctx *ctx;
>  	struct crypto_instance *inst;
> @@ -298,7 +299,7 @@ static struct crypto_instance *cryptd_alloc_blkcipher(
>  	alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_BLKCIPHER,
>  				  CRYPTO_ALG_TYPE_MASK);
>  	if (IS_ERR(alg))
> -		return ERR_CAST(alg);
> +		return PTR_ERR(alg);
>  
>  	inst = cryptd_alloc_instance(alg, sizeof(*ctx));
>  	if (IS_ERR(inst))
> @@ -330,14 +331,16 @@ static struct crypto_instance *cryptd_alloc_blkcipher(
>  	inst->alg.cra_ablkcipher.encrypt = cryptd_blkcipher_encrypt_enqueue;
>  	inst->alg.cra_ablkcipher.decrypt = cryptd_blkcipher_decrypt_enqueue;
>  
> +	err = crypto_register_instance(tmpl, inst);
> +	if (err) {
> +		crypto_drop_spawn(&ctx->spawn);
> +out_free_inst:
> +		kfree(inst);
> +	}
> +
>  out_put_alg:
>  	crypto_mod_put(alg);
> -	return inst;
> -
> -out_free_inst:
> -	kfree(inst);
> -	inst = ERR_PTR(err);
> -	goto out_put_alg;
> +	return err;

This introduces an uninitialized return value warning. err is not initialized
if cryptd_alloc_instance() fails.

>  }
>  
>  static int cryptd_hash_init_tfm(struct crypto_tfm *tfm)
> @@ -502,8 +505,8 @@ static int cryptd_hash_digest_enqueue(struct ahash_request *req)
>  	return cryptd_hash_enqueue(req, cryptd_hash_digest);
>  }
>  
> -static struct crypto_instance *cryptd_alloc_hash(
> -	struct rtattr **tb, struct cryptd_queue *queue)
> +static int cryptd_create_hash(struct crypto_template *tmpl, struct rtattr **tb,
> +			      struct cryptd_queue *queue)
>  {
>  	struct hashd_instance_ctx *ctx;
>  	struct crypto_instance *inst;
> @@ -513,7 +516,7 @@ static struct crypto_instance *cryptd_alloc_hash(
>  
>  	salg = shash_attr_alg(tb[1], 0, 0);
>  	if (IS_ERR(salg))
> -		return ERR_CAST(salg);
> +		return PTR_ERR(salg);
>  
>  	alg = &salg->base;
>  	inst = cryptd_alloc_instance(alg, sizeof(*ctx));
> @@ -542,34 +545,36 @@ static struct crypto_instance *cryptd_alloc_hash(
>  	inst->alg.cra_ahash.setkey = cryptd_hash_setkey;
>  	inst->alg.cra_ahash.digest = cryptd_hash_digest_enqueue;
>  
> +	err = crypto_register_instance(tmpl, inst);
> +	if (err) {
> +		crypto_drop_shash(&ctx->spawn);
> +out_free_inst:
> +		kfree(inst);
> +	}
> +
>  out_put_alg:
>  	crypto_mod_put(alg);
> -	return inst;
> -
> -out_free_inst:
> -	kfree(inst);
> -	inst = ERR_PTR(err);
> -	goto out_put_alg;
> +	return err;

Same here.
I'll send a patch to fix it.

Re: [PATCH 27/35] crypto: cryptd - Switch to template create API

[Herbert Xu]

On Wed, Jul 15, 2009 at 10:47:23AM +0200, Steffen Klassert wrote:
>
> This introduces an uninitialized return value warning. err is not initialized
> if cryptd_alloc_instance() fails.

Good catch!

> Same here.
> I'll send a patch to fix it.

Thanks.
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH 12/35] crypto: padlock - Switch sha to shash

[Steffen Klassert]

On Wed, Jul 15, 2009 at 03:16:05PM +0800, Herbert Xu wrote:
> crypto: padlock - Switch sha to shash
> 
> This patch converts the padlock-sha implementation to shash.
> In doing so the existing mechanism of storing the data until
> final is no longer viable as we do not have a way of allocating
> data in crypto_shash_init and then reliably freeing it.
> 
> This is just as well because a better way of handling the problem
> is to hash everything but the last chunk using normal sha code
> and then provide the intermediate result to the padlock device.
> 
> This is good enough because the primary application of padlock-sha
> is IPsec and there the data is laid out in the form of an hmac
> header followed by the rest of the packet.  In essence we can
> provide all the data to the padlock as the hmac header only needs
> to be hashed once.
> 
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> ---
> 
>  drivers/crypto/Kconfig       |    2 
>  drivers/crypto/padlock-sha.c |  333 ++++++++++++++++++++-----------------------
>  2 files changed, 156 insertions(+), 179 deletions(-)
> 

Just FYI, I'm getting the following compiler error:

 CC [M]  drivers/crypto/padlock-sha.o
  LD      kernel/built-in.o
/home/klassert/git/linux-sinafe-2.6/drivers/crypto/padlock-sha.c: In function 'padlock_sha256_finup':
/home/klassert/git/linux-sinafe-2.6/drivers/crypto/padlock-sha.c:166: error: impossible register constraint in 'asm'
/home/klassert/git/linux-sinafe-2.6/drivers/crypto/padlock-sha.c:166: error: impossible register constraint in 'asm'
/home/klassert/git/linux-sinafe-2.6/drivers/crypto/padlock-sha.c:176: confused by earlier errors, bailing out
make[3]: *** [drivers/crypto/padlock-sha.o] Error 1

Re: [PATCH 12/35] crypto: padlock - Switch sha to shash

[Herbert Xu]

On Wed, Jul 15, 2009 at 12:28:18PM +0200, Steffen Klassert wrote:
>
> Just FYI, I'm getting the following compiler error:

Is this 32-bit or 64-bit?

Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH 12/35] crypto: padlock - Switch sha to shash

[Steffen Klassert]

On Wed, Jul 15, 2009 at 06:30:25PM +0800, Herbert Xu wrote:
> On Wed, Jul 15, 2009 at 12:28:18PM +0200, Steffen Klassert wrote:
> >
> > Just FYI, I'm getting the following compiler error:
> 
> Is this 32-bit or 64-bit?
> 

It's 32-bit.
One of my test systems had padlock enabled by chance.

Re: [PATCH 12/35] crypto: padlock - Switch sha to shash

[Herbert Xu]

On Wed, Jul 15, 2009 at 12:36:46PM +0200, Steffen Klassert wrote:
>
> It's 32-bit.
> One of my test systems had padlock enabled by chance.

This should fix it.

commit faae890883624e14a328863eafabf54a36698774
Author: Herbert Xu <herbert@gondor.apana.org.au>
Date:   Wed Jul 15 18:37:48 2009 +0800

    crypto: padlock - Fix compile error on i386
    
    The previous change to allow hashing from states other than the
    initial broke compilation on i386 because the inline assembly
    tried to squeeze a u64 into a 32-bit register.  As we've already
    checked for 32-bit overflows we can simply truncate it to u32,
    or unsigned long so that we don't truncate at all on x86-64.
    
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/drivers/crypto/padlock-sha.c b/drivers/crypto/padlock-sha.c
index fb6e6c3..a936ba4 100644
--- a/drivers/crypto/padlock-sha.c
+++ b/drivers/crypto/padlock-sha.c
@@ -103,7 +103,8 @@ static int padlock_sha1_finup(struct shash_desc *desc, const u8 *in,
 	ts_state = irq_ts_save();
 	asm volatile (".byte 0xf3,0x0f,0xa6,0xc8" /* rep xsha1 */
 		      : \
-		      : "c"(state.count + count), "a"(state.count), \
+		      : "c"((unsigned long)state.count + count), \
+			"a"((unsigned long)state.count), \
 			"S"(in), "D"(result));
 	irq_ts_restore(ts_state);
 
@@ -165,7 +166,8 @@ static int padlock_sha256_finup(struct shash_desc *desc, const u8 *in,
 	ts_state = irq_ts_save();
 	asm volatile (".byte 0xf3,0x0f,0xa6,0xd0" /* rep xsha256 */
 		      : \
-		      : "c"(state.count + count), "a"(state.count), \
+		      : "c"((unsigned long)state.count + count), \
+			"a"((unsigned long)state.count), \
 			"S"(in), "D"(result));
 	irq_ts_restore(ts_state);
 
Thanks,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH 12/35] crypto: padlock - Switch sha to shash

[Steffen Klassert]

On Wed, Jul 15, 2009 at 06:38:43PM +0800, Herbert Xu wrote:
> On Wed, Jul 15, 2009 at 12:36:46PM +0200, Steffen Klassert wrote:
> >
> > It's 32-bit.
> > One of my test systems had padlock enabled by chance.
> 
> This should fix it.
> 

Yes, it does.
Thanks!