diff options
Diffstat (limited to 'crypto/shash.c')
-rw-r--r-- | crypto/shash.c | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/crypto/shash.c b/crypto/shash.c index 76f74b9..e44549c 100644 --- a/crypto/shash.c +++ b/crypto/shash.c @@ -99,6 +99,11 @@ int crypto_shash_update(struct shash_desc *desc, const u8 *data, struct shash_alg *shash = crypto_shash_alg(tfm); unsigned long alignmask = crypto_shash_alignmask(tfm); +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EACCES; +#endif + if ((unsigned long)data & alignmask) return shash_update_unaligned(desc, data, len); @@ -134,6 +139,11 @@ int crypto_shash_final(struct shash_desc *desc, u8 *out) struct shash_alg *shash = crypto_shash_alg(tfm); unsigned long alignmask = crypto_shash_alignmask(tfm); +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EACCES; +#endif + if ((unsigned long)out & alignmask) return shash_final_unaligned(desc, out); @@ -155,6 +165,11 @@ int crypto_shash_finup(struct shash_desc *desc, const u8 *data, struct shash_alg *shash = crypto_shash_alg(tfm); unsigned long alignmask = crypto_shash_alignmask(tfm); +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EACCES; +#endif + if (((unsigned long)data | (unsigned long)out) & alignmask) return shash_finup_unaligned(desc, data, len, out); @@ -176,6 +191,11 @@ int crypto_shash_digest(struct shash_desc *desc, const u8 *data, struct shash_alg *shash = crypto_shash_alg(tfm); unsigned long alignmask = crypto_shash_alignmask(tfm); +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EACCES; +#endif + if (((unsigned long)data | (unsigned long)out) & alignmask) return shash_digest_unaligned(desc, data, len, out); @@ -208,6 +228,11 @@ static int shash_async_init(struct ahash_request *req) struct crypto_shash **ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); struct shash_desc *desc = ahash_request_ctx(req); +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EACCES; +#endif + desc->tfm = *ctx; desc->flags = req->base.flags; @@ -219,6 +244,11 @@ int shash_ahash_update(struct ahash_request *req, struct shash_desc *desc) struct crypto_hash_walk walk; int nbytes; +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EACCES; +#endif + for (nbytes = crypto_hash_walk_first(req, &walk); nbytes > 0; nbytes = crypto_hash_walk_done(&walk, nbytes)) nbytes = crypto_shash_update(desc, walk.data, nbytes); @@ -242,6 +272,11 @@ int shash_ahash_finup(struct ahash_request *req, struct shash_desc *desc) struct crypto_hash_walk walk; int nbytes; +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EACCES; +#endif + nbytes = crypto_hash_walk_first(req, &walk); if (!nbytes) return crypto_shash_final(desc, req->result); @@ -276,6 +311,11 @@ int shash_ahash_digest(struct ahash_request *req, struct shash_desc *desc) unsigned int nbytes = req->nbytes; int err; +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EACCES; +#endif + if (nbytes < min(sg->length, ((unsigned int)(PAGE_SIZE)) - offset)) { void *data; @@ -334,6 +374,11 @@ int crypto_init_shash_ops_async(struct crypto_tfm *tfm) struct crypto_shash **ctx = crypto_tfm_ctx(tfm); struct crypto_shash *shash; +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EACCES; +#endif + if (!crypto_mod_get(calg)) return -EAGAIN; @@ -550,6 +595,11 @@ static const struct crypto_type crypto_shash_type = { struct crypto_shash *crypto_alloc_shash(const char *alg_name, u32 type, u32 mask) { +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return ERR_PTR(-EACCES); +#endif + return crypto_alloc_tfm(alg_name, &crypto_shash_type, type, mask); } EXPORT_SYMBOL_GPL(crypto_alloc_shash); @@ -587,6 +637,11 @@ int crypto_register_shash(struct shash_alg *alg) struct crypto_alg *base = &alg->base; int err; +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EACCES; +#endif + err = shash_prepare_alg(alg); if (err) return err; @@ -606,6 +661,11 @@ int shash_register_instance(struct crypto_template *tmpl, { int err; +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EACCES; +#endif + err = shash_prepare_alg(&inst->alg); if (err) return err; @@ -625,6 +685,11 @@ int crypto_init_shash_spawn(struct crypto_shash_spawn *spawn, struct shash_alg *alg, struct crypto_instance *inst) { +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EACCES; +#endif + return crypto_init_spawn2(&spawn->base, &alg->base, inst, &crypto_shash_type); } |