crypto: x86/aes-ni - use AES library instead of single-use AES cipher

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The RFC4106 key derivation code instantiates an AES cipher transform
to encrypt only a single block before it is freed again. Switch to
the new AES library which is more suitable for such use cases.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Ard Biesheuvel and committed by

Herbert Xu 6 years ago f6680cbd c552ffb5

+6 -11

1 changed file

expand all

arch

x86

crypto

aesni-intel_glue.c

+6 -11

arch/x86/crypto/aesni-intel_glue.c

··· 628 628 static int 629 629 rfc4106_set_hash_subkey(u8 *hash_subkey, const u8 *key, unsigned int key_len) 630 630 { 631 - struct crypto_cipher *tfm; 631 + struct crypto_aes_ctx ctx; 632 632 int ret; 633 633 634 - tfm = crypto_alloc_cipher("aes", 0, 0); 635 - if (IS_ERR(tfm)) 636 - return PTR_ERR(tfm); 637 - 638 - ret = crypto_cipher_setkey(tfm, key, key_len); 634 + ret = aes_expandkey(&ctx, key, key_len); 639 635 if (ret) 640 - goto out_free_cipher; 636 + return ret; 641 637 642 638 /* Clear the data in the hash sub key container to zero.*/ 643 639 /* We want to cipher all zeros to create the hash sub key. */ 644 640 memset(hash_subkey, 0, RFC4106_HASH_SUBKEY_SIZE); 645 641 646 - crypto_cipher_encrypt_one(tfm, hash_subkey, hash_subkey); 642 + aes_encrypt(&ctx, hash_subkey, hash_subkey); 647 643 648 - out_free_cipher: 649 - crypto_free_cipher(tfm); 650 - return ret; 644 + memzero_explicit(&ctx, sizeof(ctx)); 645 + return 0; 651 646 } 652 647 653 648 static int common_rfc4106_set_key(struct crypto_aead *aead, const u8 *key,