crypto: gcm - Filter out async ghash if necessary

[ Upstream commit b30bdfa86431afbafe15284a3ad5ac19b49b88e3 ]

As it is if you ask for a sync gcm you may actually end up with
an async one because it does not filter out async implementations
of ghash.

This patch fixes this by adding the necessary filter when looking
for ghash.

Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>

diff --git a/crypto/gcm.c b/crypto/gcm.c
index 2e403f6138c14bbcb048d59256f0fb40e2032f2d..ee3c29bd7ddb2b5ac71ed63584dc75bdfbe5b834 100644 (file)
--- a/crypto/gcm.c
+++ b/crypto/gcm.c
@@ -716,7 +716,9 @@ static struct crypto_instance *crypto_gcm_alloc_common(struct rtattr **tb,
 
        ghash_alg = crypto_find_alg(ghash_name, &crypto_ahash_type,
                                    CRYPTO_ALG_TYPE_HASH,
-                                   CRYPTO_ALG_TYPE_AHASH_MASK);
+                                   CRYPTO_ALG_TYPE_AHASH_MASK |
+                                   crypto_requires_sync(algt->type,
+                                                        algt->mask));
        if (IS_ERR(ghash_alg))
                return ERR_CAST(ghash_alg);