[PATCH 0/2] crypto: atmel-aes: fixes on block size of aes cfb mode
Hi: These two patches correct the block size in atmel-aes driver while processing cfb8 and cfb64 mode of aes. Thanks Leilei Zhao (2): crypto: atmel-aes: correct block size of cfb8 mode crypto: atmel-aes: check alignment of cfb64 mode drivers/crypto/atmel-aes.c |8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) -- 1.7.9.5 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 2/2] crypto: atmel-aes: check alignment of cfb64 mode
The length shoule be 64 bit alignment and the block size shoule be 64 bit in
aes cfb64 mode.
Signed-off-by: Leilei Zhao
---
drivers/crypto/atmel-aes.c |6 ++
1 file changed, 6 insertions(+)
diff --git a/drivers/crypto/atmel-aes.c b/drivers/crypto/atmel-aes.c
index 12628a7..a083474 100644
--- a/drivers/crypto/atmel-aes.c
+++ b/drivers/crypto/atmel-aes.c
@@ -716,6 +716,12 @@ static int atmel_aes_crypt(struct ablkcipher_request *req,
unsigned long mode)
return -EINVAL;
}
ctx->block_size = CFB32_BLOCK_SIZE;
+ } else if (mode & AES_FLAGS_CFB64) {
+ if (!IS_ALIGNED(req->nbytes, CFB64_BLOCK_SIZE)) {
+ pr_err("request size is not exact amount of CFB64
blocks\n");
+ return -EINVAL;
+ }
+ ctx->block_size = CFB64_BLOCK_SIZE;
} else {
if (!IS_ALIGNED(req->nbytes, AES_BLOCK_SIZE)) {
pr_err("request size is not exact amount of AES
blocks\n");
--
1.7.9.5
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 1/2] crypto: atmel-aes: correct block size of cfb8 mode
The block size of aes cfb8 mode shoule be 8 bit.
Signed-off-by: Leilei Zhao
---
drivers/crypto/atmel-aes.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/atmel-aes.c b/drivers/crypto/atmel-aes.c
index d7c9e31..12628a7 100644
--- a/drivers/crypto/atmel-aes.c
+++ b/drivers/crypto/atmel-aes.c
@@ -1069,7 +1069,7 @@ static struct crypto_alg aes_algs[] = {
.cra_driver_name= "atmel-cfb8-aes",
.cra_priority = 100,
.cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC,
- .cra_blocksize = CFB64_BLOCK_SIZE,
+ .cra_blocksize = CFB8_BLOCK_SIZE,
.cra_ctxsize= sizeof(struct atmel_aes_ctx),
.cra_alignmask = 0x0,
.cra_type = &crypto_ablkcipher_type,
--
1.7.9.5
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] crypto_user: Fix out-of-bounds read
This is unlikely to be exploitable for anything except an OOPS. Cc: sta...@vger.kernel.org Signed-off-by: Andy Lutomirski --- Notes: This is entirely untested, but it looks obviously correct to me. crypto/crypto_user.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c index 1512e41..bc7c4b5 100644 --- a/crypto/crypto_user.c +++ b/crypto/crypto_user.c @@ -460,7 +460,7 @@ static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) int type, err; type = nlh->nlmsg_type; - if (type > CRYPTO_MSG_MAX) + if (type < CRYPTO_MSG_BASE || type > CRYPTO_MSG_MAX) return -EINVAL; type -= CRYPTO_MSG_BASE; -- 1.9.0 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH crypto 1/2] crypto: caam - fix mem leak in ahash_setkey
On Friday, April 18, 2014 at 12:01:41 PM, Horia Geanta wrote:
> In case hash key is bigger than algorithm block size, it is hashed.
> In this case, memory is allocated to keep this hash in hashed_key.
> hashed_key has to be freed on the key_dma dma mapping error path.
>
> Cc: # 3.10+
> Signed-off-by: Horia Geanta
> ---
> drivers/crypto/caam/caamhash.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/crypto/caam/caamhash.c
> b/drivers/crypto/caam/caamhash.c index 0378328f47a7..2d244e629ed2 100644
> --- a/drivers/crypto/caam/caamhash.c
> +++ b/drivers/crypto/caam/caamhash.c
> @@ -545,7 +545,8 @@ static int ahash_setkey(struct crypto_ahash *ahash,
> DMA_TO_DEVICE);
> if (dma_mapping_error(jrdev, ctx->key_dma)) {
> dev_err(jrdev, "unable to map key i/o memory\n");
> - return -ENOMEM;
> + ret = -ENOMEM;
> + goto map_err;
> }
> #ifdef DEBUG
> print_hex_dump(KERN_ERR, "ctx.key@"__stringify(__LINE__)": ",
> @@ -559,6 +560,7 @@ static int ahash_setkey(struct crypto_ahash *ahash,
>DMA_TO_DEVICE);
> }
>
> +map_err:
> kfree(hashed_key);
Reviewed-by: Marek Vasut
btw you might want to clean up the use of printk() vs. dev_*() throughout the
driver, it's horribly intermixed. It'd be nice to use just dev_*() for output.
Stuff like
#ifdef DEBUG
printk(...)
#endif
can be easily replaced with dev_dbg() for example ...
Best regards,
Marek Vasut
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 3/3] crypto: Fix leak of struct aead_request in test_aead_speed()
On Monday, April 21, 2014 at 08:47:05 PM, Christian Engelmayer wrote: > Fix leakage of memory for struct aead_request that is allocated via > aead_request_alloc() but not released via aead_request_free(). > Reported by Coverity - CID 1163869. > > Signed-off-by: Christian Engelmayer Reviewed-by: Marek Vasut Best regards, Marek Vasut -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH crypto 2/2] crypto: caam - add allocation failure handling in SPRINTFCAT macro
On Friday, April 18, 2014 at 12:01:42 PM, Horia Geanta wrote:
> GFP_ATOMIC memory allocation could fail.
> In this case, avoid NULL pointer dereference and notify user.
>
> Cc: # 3.2+
If I recall correctly, you need to get the patch accepted into mainline before
sending it for -stable .
> Cc: Kim Phillips
> Signed-off-by: Horia Geanta
> ---
> drivers/crypto/caam/error.c | 10 +++---
> 1 file changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/crypto/caam/error.c b/drivers/crypto/caam/error.c
> index 9f25f5296029..0eabd81e1a90 100644
> --- a/drivers/crypto/caam/error.c
> +++ b/drivers/crypto/caam/error.c
> @@ -16,9 +16,13 @@
> char *tmp; \
> \
> tmp = kmalloc(sizeof(format) + max_alloc, GFP_ATOMIC); \
> - sprintf(tmp, format, param);\
> - strcat(str, tmp); \
> - kfree(tmp); \
> + if (likely(tmp)) { \
> + sprintf(tmp, format, param);\
> + strcat(str, tmp); \
> + kfree(tmp); \
> + } else {\
> + strcat(str, "kmalloc failure in SPRINTFCAT"); \
This entire macro looks somewhat strange.
1) Can't you just snprintf() into $str + some offset ? Something like:
snprintf(str + strlen(str), str_total_sz - strlen(str), format, param);
2) Why is noone checking if the $str has enough space for contents of $tmp ?
Best regards,
Marek Vasut
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 2/3] crypto: Fix potential leak in test_aead_speed() if crypto_alloc_aead() fails
On Monday, April 21, 2014 at 08:46:40 PM, Christian Engelmayer wrote: > Fix a potential memory leak in the error handling of test_aead_speed(). In > case crypto_alloc_aead() fails, the function returns without going through > the centralized cleanup path. Reported by Coverity - CID 1163870. > > Signed-off-by: Christian Engelmayer Looks OK to me, thanks. Reviewed-by: Marek Vasut Best regards, Marek Vasut -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 1/3] crypto: Fix potential leak in test_aead_speed() if aad_size is too big
On Monday, April 21, 2014 at 08:45:59 PM, Christian Engelmayer wrote:
> Fix a potential memory leak in the error handling of test_aead_speed(). In
> case the size check on the associate data length parameter fails, the
> function goes through the wrong exit label. Reported by Coverity - CID
> 1163870.
>
> Signed-off-by: Christian Engelmayer
> ---
> crypto/tcrypt.c | 14 ++
> 1 file changed, 6 insertions(+), 8 deletions(-)
>
> diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
> index 870be7b..1856d7f 100644
> --- a/crypto/tcrypt.c
> +++ b/crypto/tcrypt.c
> @@ -282,6 +282,11 @@ static void test_aead_speed(const char *algo, int enc,
> unsigned int sec, unsigned int *b_size;
> unsigned int iv_len;
>
> + if (aad_size >= PAGE_SIZE) {
On an unrelated note ... Won't if (aad_size > PAGE_SIZE) be sufficient here?
Cheers!
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
