diff options
| author | Eric Biggers <ebiggers@kernel.org> | 2025-10-11 11:10:42 -0700 |
|---|---|---|
| committer | Mikulas Patocka <mpatocka@redhat.com> | 2025-10-20 14:51:35 +0200 |
| commit | ba59e59b8b4dc0cb4882aa6f91fe16361dd95b99 (patch) | |
| tree | 40317f4fd7bad1c051eda8db8ba3d76c7a993589 /scripts/gdb/linux/bpf.py | |
| parent | 3a8660878839faadb4f1a6dd72c3179c1df56787 (diff) | |
dm-crypt: Use MD5 library instead of crypto_shash
The lmk IV mode, which dm-crypt supports for Loop-AES compatibility,
involves an MD5 computation. Update its implementation to use the MD5
library API instead of crypto_shash. This has many benefits, such as:
- Simpler code. Notably, much of the error-handling code is no longer
needed, since the library functions can't fail.
- Reduced stack usage. crypt_iv_lmk_one() now allocates only 112 bytes
on the stack instead of 520 bytes.
- The library functions are strongly typed, preventing bugs like
https://lore.kernel.org/r/f1625ddc-e82e-4b77-80c2-dc8e45b54848@gmail.com
- Slightly improved performance, as the library provides direct access
to the MD5 code without unnecessary overhead such as indirect calls.
To preserve the existing behavior of lmk support being disabled when the
kernel is booted with "fips=1", make crypt_iv_lmk_ctr() check
fips_enabled itself. Previously it relied on crypto_alloc_shash("md5")
failing. (I don't know for sure that lmk *actually* needs to be
disallowed in FIPS mode; this just preserves the existing behavior.)
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Diffstat (limited to 'scripts/gdb/linux/bpf.py')
0 files changed, 0 insertions, 0 deletions