[PATCH 0/2] crypto: atmel-aes: fixes on block size of aes cfb mode
Hi: These two patches correct the block size in atmel-aes driver while processing cfb8 and cfb64 mode of aes. Thanks Leilei Zhao (2): crypto: atmel-aes: correct block size of cfb8 mode crypto: atmel-aes: check alignment of cfb64 mode drivers/crypto/atmel-aes.c |8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) -- 1.7.9.5 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 2/2] crypto: atmel-aes: check alignment of cfb64 mode
The length shoule be 64 bit alignment and the block size shoule be 64 bit in aes cfb64 mode. Signed-off-by: Leilei Zhao --- drivers/crypto/atmel-aes.c |6 ++ 1 file changed, 6 insertions(+) diff --git a/drivers/crypto/atmel-aes.c b/drivers/crypto/atmel-aes.c index 12628a7..a083474 100644 --- a/drivers/crypto/atmel-aes.c +++ b/drivers/crypto/atmel-aes.c @@ -716,6 +716,12 @@ static int atmel_aes_crypt(struct ablkcipher_request *req, unsigned long mode) return -EINVAL; } ctx->block_size = CFB32_BLOCK_SIZE; + } else if (mode & AES_FLAGS_CFB64) { + if (!IS_ALIGNED(req->nbytes, CFB64_BLOCK_SIZE)) { + pr_err("request size is not exact amount of CFB64 blocks\n"); + return -EINVAL; + } + ctx->block_size = CFB64_BLOCK_SIZE; } else { if (!IS_ALIGNED(req->nbytes, AES_BLOCK_SIZE)) { pr_err("request size is not exact amount of AES blocks\n"); -- 1.7.9.5 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 1/2] crypto: atmel-aes: correct block size of cfb8 mode
The block size of aes cfb8 mode shoule be 8 bit. Signed-off-by: Leilei Zhao --- drivers/crypto/atmel-aes.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/crypto/atmel-aes.c b/drivers/crypto/atmel-aes.c index d7c9e31..12628a7 100644 --- a/drivers/crypto/atmel-aes.c +++ b/drivers/crypto/atmel-aes.c @@ -1069,7 +1069,7 @@ static struct crypto_alg aes_algs[] = { .cra_driver_name= "atmel-cfb8-aes", .cra_priority = 100, .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, - .cra_blocksize = CFB64_BLOCK_SIZE, + .cra_blocksize = CFB8_BLOCK_SIZE, .cra_ctxsize= sizeof(struct atmel_aes_ctx), .cra_alignmask = 0x0, .cra_type = &crypto_ablkcipher_type, -- 1.7.9.5 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] crypto_user: Fix out-of-bounds read
This is unlikely to be exploitable for anything except an OOPS. Cc: sta...@vger.kernel.org Signed-off-by: Andy Lutomirski --- Notes: This is entirely untested, but it looks obviously correct to me. crypto/crypto_user.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c index 1512e41..bc7c4b5 100644 --- a/crypto/crypto_user.c +++ b/crypto/crypto_user.c @@ -460,7 +460,7 @@ static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) int type, err; type = nlh->nlmsg_type; - if (type > CRYPTO_MSG_MAX) + if (type < CRYPTO_MSG_BASE || type > CRYPTO_MSG_MAX) return -EINVAL; type -= CRYPTO_MSG_BASE; -- 1.9.0 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH crypto 1/2] crypto: caam - fix mem leak in ahash_setkey
On Friday, April 18, 2014 at 12:01:41 PM, Horia Geanta wrote: > In case hash key is bigger than algorithm block size, it is hashed. > In this case, memory is allocated to keep this hash in hashed_key. > hashed_key has to be freed on the key_dma dma mapping error path. > > Cc: # 3.10+ > Signed-off-by: Horia Geanta > --- > drivers/crypto/caam/caamhash.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/crypto/caam/caamhash.c > b/drivers/crypto/caam/caamhash.c index 0378328f47a7..2d244e629ed2 100644 > --- a/drivers/crypto/caam/caamhash.c > +++ b/drivers/crypto/caam/caamhash.c > @@ -545,7 +545,8 @@ static int ahash_setkey(struct crypto_ahash *ahash, > DMA_TO_DEVICE); > if (dma_mapping_error(jrdev, ctx->key_dma)) { > dev_err(jrdev, "unable to map key i/o memory\n"); > - return -ENOMEM; > + ret = -ENOMEM; > + goto map_err; > } > #ifdef DEBUG > print_hex_dump(KERN_ERR, "ctx.key@"__stringify(__LINE__)": ", > @@ -559,6 +560,7 @@ static int ahash_setkey(struct crypto_ahash *ahash, >DMA_TO_DEVICE); > } > > +map_err: > kfree(hashed_key); Reviewed-by: Marek Vasut btw you might want to clean up the use of printk() vs. dev_*() throughout the driver, it's horribly intermixed. It'd be nice to use just dev_*() for output. Stuff like #ifdef DEBUG printk(...) #endif can be easily replaced with dev_dbg() for example ... Best regards, Marek Vasut -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 3/3] crypto: Fix leak of struct aead_request in test_aead_speed()
On Monday, April 21, 2014 at 08:47:05 PM, Christian Engelmayer wrote: > Fix leakage of memory for struct aead_request that is allocated via > aead_request_alloc() but not released via aead_request_free(). > Reported by Coverity - CID 1163869. > > Signed-off-by: Christian Engelmayer Reviewed-by: Marek Vasut Best regards, Marek Vasut -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH crypto 2/2] crypto: caam - add allocation failure handling in SPRINTFCAT macro
On Friday, April 18, 2014 at 12:01:42 PM, Horia Geanta wrote: > GFP_ATOMIC memory allocation could fail. > In this case, avoid NULL pointer dereference and notify user. > > Cc: # 3.2+ If I recall correctly, you need to get the patch accepted into mainline before sending it for -stable . > Cc: Kim Phillips > Signed-off-by: Horia Geanta > --- > drivers/crypto/caam/error.c | 10 +++--- > 1 file changed, 7 insertions(+), 3 deletions(-) > > diff --git a/drivers/crypto/caam/error.c b/drivers/crypto/caam/error.c > index 9f25f5296029..0eabd81e1a90 100644 > --- a/drivers/crypto/caam/error.c > +++ b/drivers/crypto/caam/error.c > @@ -16,9 +16,13 @@ > char *tmp; \ > \ > tmp = kmalloc(sizeof(format) + max_alloc, GFP_ATOMIC); \ > - sprintf(tmp, format, param);\ > - strcat(str, tmp); \ > - kfree(tmp); \ > + if (likely(tmp)) { \ > + sprintf(tmp, format, param);\ > + strcat(str, tmp); \ > + kfree(tmp); \ > + } else {\ > + strcat(str, "kmalloc failure in SPRINTFCAT"); \ This entire macro looks somewhat strange. 1) Can't you just snprintf() into $str + some offset ? Something like: snprintf(str + strlen(str), str_total_sz - strlen(str), format, param); 2) Why is noone checking if the $str has enough space for contents of $tmp ? Best regards, Marek Vasut -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 2/3] crypto: Fix potential leak in test_aead_speed() if crypto_alloc_aead() fails
On Monday, April 21, 2014 at 08:46:40 PM, Christian Engelmayer wrote: > Fix a potential memory leak in the error handling of test_aead_speed(). In > case crypto_alloc_aead() fails, the function returns without going through > the centralized cleanup path. Reported by Coverity - CID 1163870. > > Signed-off-by: Christian Engelmayer Looks OK to me, thanks. Reviewed-by: Marek Vasut Best regards, Marek Vasut -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 1/3] crypto: Fix potential leak in test_aead_speed() if aad_size is too big
On Monday, April 21, 2014 at 08:45:59 PM, Christian Engelmayer wrote: > Fix a potential memory leak in the error handling of test_aead_speed(). In > case the size check on the associate data length parameter fails, the > function goes through the wrong exit label. Reported by Coverity - CID > 1163870. > > Signed-off-by: Christian Engelmayer > --- > crypto/tcrypt.c | 14 ++ > 1 file changed, 6 insertions(+), 8 deletions(-) > > diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c > index 870be7b..1856d7f 100644 > --- a/crypto/tcrypt.c > +++ b/crypto/tcrypt.c > @@ -282,6 +282,11 @@ static void test_aead_speed(const char *algo, int enc, > unsigned int sec, unsigned int *b_size; > unsigned int iv_len; > > + if (aad_size >= PAGE_SIZE) { On an unrelated note ... Won't if (aad_size > PAGE_SIZE) be sufficient here? Cheers! -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html