crypto: drbg - leave cipher handles operational
authorStephan Mueller <smueller@chronox.de>
Sat, 18 Apr 2015 17:37:00 +0000 (19:37 +0200)
committerHerbert Xu <herbert@gondor.apana.org.au>
Tue, 21 Apr 2015 01:14:45 +0000 (09:14 +0800)
As the DRBG does not operate on shadow copies of the DRBG instance
any more, the cipher handles only need to be allocated once during
initalization time and deallocated during uninstantiate time.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto/drbg.c

index a278f84f536f52b0d9ecb4d4d39b5bdab4c6e9c7..30ec2a624b70c120fc3246ae406477996acd541f 100644 (file)
@@ -1249,11 +1249,6 @@ static int drbg_generate(struct drbg_state *drbg,
        if ((drbg_max_requests(drbg)) < drbg->reseed_ctr)
                drbg->seeded = false;
 
-       /* allocate cipher handle */
-       len = drbg->d_ops->crypto_init(drbg);
-       if (len)
-               goto err;
-
        if (drbg->pr || !drbg->seeded) {
                pr_devel("DRBG: reseeding before generation (prediction "
                         "resistance: %s, state %s)\n",
@@ -1325,7 +1320,6 @@ static int drbg_generate(struct drbg_state *drbg,
         */
        len = 0;
 err:
-       drbg->d_ops->crypto_fini(drbg);
        return len;
 }
 
@@ -1424,9 +1418,10 @@ static int drbg_instantiate(struct drbg_state *drbg, struct drbg_string *pers,
        if (drbg->d_ops->crypto_init(drbg))
                goto err;
        ret = drbg_seed(drbg, pers, false);
-       drbg->d_ops->crypto_fini(drbg);
-       if (ret)
+       if (ret) {
+               drbg->d_ops->crypto_fini(drbg);
                goto err;
+       }
 
        mutex_unlock(&drbg->drbg_mutex);
        return 0;
@@ -1450,6 +1445,7 @@ unlock:
 static int drbg_uninstantiate(struct drbg_state *drbg)
 {
        mutex_lock(&drbg->drbg_mutex);
+       drbg->d_ops->crypto_fini(drbg);
        drbg_dealloc_state(drbg);
        /* no scrubbing of test_data -- this shall survive an uninstantiate */
        mutex_unlock(&drbg->drbg_mutex);