[PATCH 1/2] x86/crypto/sha256-mb: fix panic due to unaligned access
struct sha256_ctx_mgr allocated in sha256_mb_mod_init() via kzalloc()
and later passed in sha256_mb_flusher_mgr_flush_avx2() function where
instructions vmovdqa used to access the struct. vmovdqa requires
16-bytes aligned argument, but nothing guarantees that struct
sha256_ctx_mgr will have that alignment. Unaligned vmovdqa will
generate GP fault.
Fix this by replacing vmovdqa with vmovdqu which doesn't have alignment
requirements.
Fixes: a377c6b1876e ("crypto: sha256-mb - submit/flush routines for AVX2")
Reported-by: Josh Poimboeuf
Signed-off-by: Andrey Ryabinin
Cc:
---
arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S
b/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S
index 8fe6338bcc84..16c4ccb1f154 100644
--- a/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S
+++ b/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S
@@ -155,8 +155,8 @@ LABEL skip_ %I
.endr
# Find min length
- vmovdqa _lens+0*16(state), %xmm0
- vmovdqa _lens+1*16(state), %xmm1
+ vmovdqu _lens+0*16(state), %xmm0
+ vmovdqu _lens+1*16(state), %xmm1
vpminud %xmm1, %xmm0, %xmm2 # xmm2 has {D,C,B,A}
vpalignr $8, %xmm2, %xmm3, %xmm3# xmm3 has {x,x,D,C}
@@ -176,8 +176,8 @@ LABEL skip_ %I
vpsubd %xmm2, %xmm0, %xmm0
vpsubd %xmm2, %xmm1, %xmm1
- vmovdqa %xmm0, _lens+0*16(state)
- vmovdqa %xmm1, _lens+1*16(state)
+ vmovdqu %xmm0, _lens+0*16(state)
+ vmovdqu %xmm1, _lens+1*16(state)
# "state" and "args" are the same address, arg1
# len is arg2
@@ -234,8 +234,8 @@ ENTRY(sha256_mb_mgr_get_comp_job_avx2)
jc .return_null
# Find min length
- vmovdqa _lens(state), %xmm0
- vmovdqa _lens+1*16(state), %xmm1
+ vmovdqu _lens(state), %xmm0
+ vmovdqu _lens+1*16(state), %xmm1
vpminud %xmm1, %xmm0, %xmm2 # xmm2 has {D,C,B,A}
vpalignr $8, %xmm2, %xmm3, %xmm3# xmm3 has {x,x,D,C}
--
2.13.6
[PATCH 2/2] x86/crypto/sha1-mb: fix panic due to unaligned access
struct sha1_ctx_mgr allocated in sha1_mb_mod_init() via kzalloc()
and later passed in sha1_mb_flusher_mgr_flush_avx2() function where
instructions vmovdqa used to access the struct. vmovdqa requires
16-bytes aligned argument, but nothing guarantees that struct
sha1_ctx_mgr will have that alignment. Unaligned vmovdqa will
generate GP fault.
Fix this by replacing vmovdqa with vmovdqu which doesn't have alignment
requirements.
Fixes: 2249cbb53ead ("crypto: sha-mb - SHA1 multibuffer submit and flush
routines for AVX2")
Signed-off-by: Andrey Ryabinin
Cc:
---
arch/x86/crypto/sha1-mb/sha1_mb_mgr_flush_avx2.S | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/arch/x86/crypto/sha1-mb/sha1_mb_mgr_flush_avx2.S
b/arch/x86/crypto/sha1-mb/sha1_mb_mgr_flush_avx2.S
index 93b945597ecf..7cfba738f104 100644
--- a/arch/x86/crypto/sha1-mb/sha1_mb_mgr_flush_avx2.S
+++ b/arch/x86/crypto/sha1-mb/sha1_mb_mgr_flush_avx2.S
@@ -157,8 +157,8 @@ LABEL skip_ %I
.endr
# Find min length
- vmovdqa _lens+0*16(state), %xmm0
- vmovdqa _lens+1*16(state), %xmm1
+ vmovdqu _lens+0*16(state), %xmm0
+ vmovdqu _lens+1*16(state), %xmm1
vpminud %xmm1, %xmm0, %xmm2 # xmm2 has {D,C,B,A}
vpalignr $8, %xmm2, %xmm3, %xmm3 # xmm3 has {x,x,D,C}
@@ -178,8 +178,8 @@ LABEL skip_ %I
vpsubd %xmm2, %xmm0, %xmm0
vpsubd %xmm2, %xmm1, %xmm1
- vmovdqa %xmm0, _lens+0*16(state)
- vmovdqa %xmm1, _lens+1*16(state)
+ vmovdqu %xmm0, _lens+0*16(state)
+ vmovdqu %xmm1, _lens+1*16(state)
# "state" and "args" are the same address, arg1
# len is arg2
@@ -235,8 +235,8 @@ ENTRY(sha1_mb_mgr_get_comp_job_avx2)
jc .return_null
# Find min length
- vmovdqa _lens(state), %xmm0
- vmovdqa _lens+1*16(state), %xmm1
+ vmovdqu _lens(state), %xmm0
+ vmovdqu _lens+1*16(state), %xmm1
vpminud %xmm1, %xmm0, %xmm2# xmm2 has {D,C,B,A}
vpalignr $8, %xmm2, %xmm3, %xmm3 # xmm3 has {x,x,D,C}
--
2.13.6
Re: [lkp-robot] [x86/kconfig] 81d3871900: BUG:unable_to_handle_kernel
On 10/13/2017 07:45 AM, Josh Poimboeuf wrote:
> On Thu, Oct 12, 2017 at 12:05:04PM -0500, Christopher Lameter wrote:
>> On Wed, 11 Oct 2017, Josh Poimboeuf wrote:
>>
>>> I failed to add the slab maintainers to CC on the last attempt. Trying
>>> again.
>>
>>
>> Hmmm... Yea. SLOB is rarely used and tested. Good illustration of a simple
>> allocator and the K&R mechanism that was used in the early kernels.
>>
Adding the slub maintainers. Is slob still supposed to work?
>>
>> Have not seen anyone using it in a decade or so.
>>
>> Does the same config with SLUB and slub_debug on the commandline run
>> cleanly?
>>
I have no idea how that crypto panic could could be related to slob, but
at least it goes away when I switch to slub.
>>
>> Can you run SLUB with full debug? specify slub_debug on the commandline or
>> set CONFIG_SLUB_DEBUG_ON
>
> Oddly enough, with CONFIG_SLUB+slub_debug, I get the same crypto panic I
> got with CONFIG_SLOB. The trapping instruction is:
>
> vmovdqa 0x140(%rdi),%xmm0
It's unaligned access. Look at %rdi. vmovdqa requires 16-byte alignment.
Apparently, something fed kmalloc()'ed data here. But kmalloc() guarantees only
sizeof(unsigned long)
alignment. slub_debug changes slub's objects layout, so what happened to be
16-bytes aligned
without slub_debug, may become 8-byte aligned with slub_debg on.
> I'll try to bisect it tomorrow. It at least goes back to v4.10.
Probably no point. I bet this bug always was here (since this code added).
This could be fixed by s/vmovdqa/vmovdqu change like bellow, but maybe the
right fix
would be to align the data properly?
---
arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S
b/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S
index 8fe6338bcc84..7fd5d9b568c7 100644
--- a/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S
+++ b/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S
@@ -155,8 +155,8 @@ LABEL skip_ %I
.endr
# Find min length
- vmovdqa _lens+0*16(state), %xmm0
- vmovdqa _lens+1*16(state), %xmm1
+ vmovdqu _lens+0*16(state), %xmm0
+ vmovdqu _lens+1*16(state), %xmm1
vpminud %xmm1, %xmm0, %xmm2 # xmm2 has {D,C,B,A}
vpalignr $8, %xmm2, %xmm3, %xmm3# xmm3 has {x,x,D,C}
@@ -176,8 +176,8 @@ LABEL skip_ %I
vpsubd %xmm2, %xmm0, %xmm0
vpsubd %xmm2, %xmm1, %xmm1
- vmovdqa %xmm0, _lens+0*16(state)
- vmovdqa %xmm1, _lens+1*16(state)
+ vmovdqu %xmm0, _lens+0*16(state)
+ vmovdqu %xmm1, _lens+1*16(state)
# "state" and "args" are the same address, arg1
# len is arg2
--
2.13.6
> I'm
> not really sure whether this panic is related to SLUB or SLOB at all.
> (Though the original panic reported upthread by the kernel test robot
> *does* look SLOB related.)
>
> general protection fault: [#1] PREEMPT SMP
> Modules linked in:
> CPU: 0 PID: 58 Comm: kworker/0:1 Not tainted 4.13.0 #81
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1.fc26
> 04/01/2014
> Workqueue: crypto mcryptd_flusher
> task: 880139108040 task.stack: c982c000
> RIP: 0010:skip_7+0x0/0x67
> RSP: 0018:c982fd88 EFLAGS: 00010246
> RAX: 88013834172c RBX: f7654321 RCX: 0003
> RDX: RSI: 81d254f9 RDI: 8801381b1a88
> RBP: c982fd90 R08: R09: 0001
> R10: 0001 R11: R12: 82392260
> R13: 88013a7e6500 R14: fffb80f5 R15:
> FS: () GS:88013a60() knlGS:
> CS: 0010 DS: ES: CR0: 80050033
> CR2: 7f88491ef914 CR3: 01e11000 CR4: 001406f0
> Call Trace:
>sha256_ctx_mgr_flush+0x28/0x30
>sha256_mb_flusher+0x53/0x120
>mcryptd_flusher+0xc4/0xf0
>process_one_work+0x253/0x6b0
>worker_thread+0x4d/0x3b0
>? preempt_count_sub+0x9b/0x100
>kthread+0x133/0x150
>? process_one_work+0x6b0/0x6b0
>? kthread_create_on_node+0x70/0x70
>ret_from_fork+0x2a/0x40
> Code: 89 87 30 01 00 00 c7 87 58 01 00 00 ff ff ff ff 48 83 bf a0 01 00 00
> 00 75 11 48 89 87 38 01 00 00 c7 87 5c 01 00 00 ff ff ff ff f9 6f 87 40
> 01 00 00 c5 f9 6f 8f 50 01 00 00 c4 e2 79 3b d1
> RIP: skip_7+0x0/0x67 RSP: c982fd88
> ---[ end trace d89a1613b7d1b8bc ]---
> BUG: sleeping function called from invalid context at
> ./include/linux/percpu-rwsem.h:33
> in_atomic(): 1, irqs_disabled(): 0, pid: 58, name: kworker/0:1
> INFO: lockdep is turned off.
> Preemption disabled at:
> [] kernel_fpu_begin+0x13/0x20
> CPU: 0 PID: 58 Comm: kworker/0:1 Tainted: G D 4.13.0 #81
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1.fc26
> 04/01/2014
> Workqueue: crypto
[PATCH] mpi: Fix NULL ptr dereference in mpi_powm()
Parsing certain certificates (see [1]) triggers NULL-ptr
dereference in mpi_powm():
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [] mpi_powm+0xf8/0x10b0
...
Call Trace:
[] _rsa_dec.isra.2+0x66/0x80
[] rsa_verify+0x103/0x1c0
[] pkcs1pad_verify+0x1c3/0x220
[] public_key_verify_signature+0x3fa/0x4d0
[] x509_check_for_self_signed+0x167/0x1e0
[] x509_cert_parse+0x27e/0x300
[] x509_key_preparse+0x3e/0x330
[] asymmetric_key_preparse+0x6f/0x100
[] key_create_or_update+0x260/0x5f0
[] SyS_add_key+0x199/0x2a0
[] entry_SYSCALL_64_fastpath+0x1e/0xad
This happens because mpi_alloc(0) doesn't allocate the limb space.
Fix this by allocating the result if needed.
Basically, this is a backport of libgcrypt patch [2].
[1] http://seclists.org/fulldisclosure/2016/Nov/76
[2]
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=patch;h=6e1adb05d290aeeb1c230c763970695f4a538526
Fixes: cdec9cb5167a ("crypto: GnuPG based MPI lib - source files (part 1)")
Signed-off-by: Andrey Ryabinin
Cc:
---
lib/mpi/mpi-pow.c | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/lib/mpi/mpi-pow.c b/lib/mpi/mpi-pow.c
index 5464c87..9e28d12 100644
--- a/lib/mpi/mpi-pow.c
+++ b/lib/mpi/mpi-pow.c
@@ -64,8 +64,13 @@ int mpi_powm(MPI res, MPI base, MPI exp, MPI mod)
if (!esize) {
/* Exponent is zero, result is 1 mod MOD, i.e., 1 or 0
* depending on if MOD equals 1. */
- rp[0] = 1;
res->nlimbs = (msize == 1 && mod->d[0] == 1) ? 0 : 1;
+ if (res->nlimbs) {
+ if (RESIZE_IF_NEEDED(res, 1) < 0)
+ goto enomem;
+ rp = res->d;
+ rp[0] = 1;
+ }
res->sign = 0;
goto leave;
}
--
2.7.3
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] X.509: Fix double free in x509_cert_parse()
We shouldn't free cert->pub->key in x509_cert_parse() because
x509_free_certificate() also does this:
BUG: Double free or freeing an invalid pointer
...
Call Trace:
[] dump_stack+0x63/0x83
[] kasan_object_err+0x21/0x70
[] kasan_report_double_free+0x49/0x60
[] kasan_slab_free+0x9d/0xc0
[] kfree+0x8a/0x1a0
[] public_key_free+0x1f/0x30
[] x509_free_certificate+0x24/0x90
[] x509_cert_parse+0x2bc/0x300
[] x509_key_preparse+0x3e/0x330
[] asymmetric_key_preparse+0x6f/0x100
[] key_create_or_update+0x260/0x5f0
[] SyS_add_key+0x199/0x2a0
[] entry_SYSCALL_64_fastpath+0x1e/0xad
Object at 880110bd1900, in cache kmalloc-512 size: 512
Freed:
PID = 2579
[] save_stack_trace+0x1b/0x20
[] save_stack+0x46/0xd0
[] kasan_slab_free+0x73/0xc0
[] kfree+0x8a/0x1a0
[] x509_cert_parse+0x2a3/0x300
[] x509_key_preparse+0x3e/0x330
[] asymmetric_key_preparse+0x6f/0x100
[] key_create_or_update+0x260/0x5f0
[] SyS_add_key+0x199/0x2a0
[] entry_SYSCALL_64_fastpath+0x1e/0xad
Fixes: db6c43bd2132 ("crypto: KEYS: convert public key and digsig asym to the
akcipher api")
Signed-off-by: Andrey Ryabinin
Cc:
---
crypto/asymmetric_keys/x509_cert_parser.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c
b/crypto/asymmetric_keys/x509_cert_parser.c
index 865f46e..c80765b 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -133,7 +133,6 @@ struct x509_certificate *x509_cert_parse(const void *data,
size_t datalen)
return cert;
error_decode:
- kfree(cert->pub->key);
kfree(ctx);
error_no_ctx:
x509_free_certificate(cert);
--
2.7.3
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH stable 3.10.y 17/18] crypto: cryptd - initialize child shash_desc on import
From: Ard Biesheuvel
commit 0bd2223594a4dcddc1e34b15774a3a4776f7749e upstream.
When calling .import() on a cryptd ahash_request, the structure members
that describe the child transform in the shash_desc need to be initialized
like they are when calling .init()
Cc: sta...@vger.kernel.org
Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu
Signed-off-by: Andrey Ryabinin
---
crypto/cryptd.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index 75c415d..d85fab9 100644
--- a/crypto/cryptd.c
+++ b/crypto/cryptd.c
@@ -565,9 +565,14 @@ static int cryptd_hash_export(struct ahash_request *req,
void *out)
static int cryptd_hash_import(struct ahash_request *req, const void *in)
{
- struct cryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
+ struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+ struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(tfm);
+ struct shash_desc *desc = cryptd_shash_desc(req);
+
+ desc->tfm = ctx->child;
+ desc->flags = req->base.flags;
- return crypto_shash_import(&rctx->desc, in);
+ return crypto_shash_import(desc, in);
}
static int cryptd_create_hash(struct crypto_template *tmpl, struct rtattr **tb,
--
2.7.3
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH stable 3.10.y 12/18] crypto: af_alg - Forbid bind(2) when nokey child sockets are present
From: Herbert Xu
commit a6a48c565f6f112c6983e2a02b1602189ed6e26e upstream.
This patch forbids the calling of bind(2) when there are child
sockets created by accept(2) in existence, even if they are created
on the nokey path.
This is needed as those child sockets have references to the tfm
object which bind(2) will destroy.
Cc: sta...@vger.kernel.org
Signed-off-by: Herbert Xu
Signed-off-by: Andrey Ryabinin
---
crypto/af_alg.c | 16 +++-
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index 2f8fd84..68ec1ac 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -130,19 +130,16 @@ EXPORT_SYMBOL_GPL(af_alg_release);
void af_alg_release_parent(struct sock *sk)
{
struct alg_sock *ask = alg_sk(sk);
- bool last;
+ unsigned int nokey = ask->nokey_refcnt;
+ bool last = nokey && !ask->refcnt;
sk = ask->parent;
-
- if (ask->nokey_refcnt && !ask->refcnt) {
- sock_put(sk);
- return;
- }
-
ask = alg_sk(sk);
lock_sock(sk);
- last = !--ask->refcnt;
+ ask->nokey_refcnt -= nokey;
+ if (!last)
+ last = !--ask->refcnt;
release_sock(sk);
if (last)
@@ -185,7 +182,7 @@ static int alg_bind(struct socket *sock, struct sockaddr
*uaddr, int addr_len)
err = -EBUSY;
lock_sock(sk);
- if (ask->refcnt)
+ if (ask->refcnt | ask->nokey_refcnt)
goto unlock;
swap(ask->type, type);
@@ -296,6 +293,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
if (nokey || !ask->refcnt++)
sock_hold(sk);
+ ask->nokey_refcnt += nokey;
alg_sk(sk2)->parent = sk;
alg_sk(sk2)->type = type;
alg_sk(sk2)->nokey_refcnt = nokey;
--
2.7.3
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH stable 3.10.y 06/18] crypto: algif_hash - Require setkey before accept(2)
From: Herbert Xu
commit 6de62f15b581f920ade22d758f4c338311c2f0d4 upstream.
Hash implementations that require a key may crash if you use
them without setting a key. This patch adds the necessary checks
so that if you do attempt to use them without a key that we return
-ENOKEY instead of proceeding.
This patch also adds a compatibility path to support old applications
that do acept(2) before setkey.
Cc: sta...@vger.kernel.org
Signed-off-by: Herbert Xu
Signed-off-by: Andrey Ryabinin
---
crypto/algif_hash.c | 201 +---
1 file changed, 193 insertions(+), 8 deletions(-)
diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index c542c0d8..7bc3f89 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -34,6 +34,11 @@ struct hash_ctx {
struct ahash_request req;
};
+struct algif_hash_tfm {
+ struct crypto_ahash *hash;
+ bool has_key;
+};
+
static int hash_sendmsg(struct kiocb *unused, struct socket *sock,
struct msghdr *msg, size_t ignored)
{
@@ -248,22 +253,151 @@ static struct proto_ops algif_hash_ops = {
.accept = hash_accept,
};
+static int hash_check_key(struct socket *sock)
+{
+ int err;
+ struct sock *psk;
+ struct alg_sock *pask;
+ struct algif_hash_tfm *tfm;
+ struct sock *sk = sock->sk;
+ struct alg_sock *ask = alg_sk(sk);
+
+ if (ask->refcnt)
+ return 0;
+
+ psk = ask->parent;
+ pask = alg_sk(ask->parent);
+ tfm = pask->private;
+
+ err = -ENOKEY;
+ lock_sock(psk);
+ if (!tfm->has_key)
+ goto unlock;
+
+ if (!pask->refcnt++)
+ sock_hold(psk);
+
+ ask->refcnt = 1;
+ sock_put(psk);
+
+ err = 0;
+
+unlock:
+ release_sock(psk);
+
+ return err;
+}
+
+static int hash_sendmsg_nokey(struct kiocb *unused, struct socket *sock,
+ struct msghdr *msg, size_t size)
+{
+ int err;
+
+ err = hash_check_key(sock);
+ if (err)
+ return err;
+
+ return hash_sendmsg(unused, sock, msg, size);
+}
+
+static ssize_t hash_sendpage_nokey(struct socket *sock, struct page *page,
+ int offset, size_t size, int flags)
+{
+ int err;
+
+ err = hash_check_key(sock);
+ if (err)
+ return err;
+
+ return hash_sendpage(sock, page, offset, size, flags);
+}
+
+static int hash_recvmsg_nokey(struct kiocb *unused, struct socket *sock,
+ struct msghdr *msg, size_t ignored, int flags)
+{
+ int err;
+
+ err = hash_check_key(sock);
+ if (err)
+ return err;
+
+ return hash_recvmsg(unused, sock, msg, ignored, flags);
+}
+
+static int hash_accept_nokey(struct socket *sock, struct socket *newsock,
+int flags)
+{
+ int err;
+
+ err = hash_check_key(sock);
+ if (err)
+ return err;
+
+ return hash_accept(sock, newsock, flags);
+}
+
+static struct proto_ops algif_hash_ops_nokey = {
+ .family = PF_ALG,
+
+ .connect= sock_no_connect,
+ .socketpair = sock_no_socketpair,
+ .getname= sock_no_getname,
+ .ioctl = sock_no_ioctl,
+ .listen = sock_no_listen,
+ .shutdown = sock_no_shutdown,
+ .getsockopt = sock_no_getsockopt,
+ .mmap = sock_no_mmap,
+ .bind = sock_no_bind,
+ .setsockopt = sock_no_setsockopt,
+ .poll = sock_no_poll,
+
+ .release= af_alg_release,
+ .sendmsg= hash_sendmsg_nokey,
+ .sendpage = hash_sendpage_nokey,
+ .recvmsg= hash_recvmsg_nokey,
+ .accept = hash_accept_nokey,
+};
+
static void *hash_bind(const char *name, u32 type, u32 mask)
{
- return crypto_alloc_ahash(name, type, mask);
+ struct algif_hash_tfm *tfm;
+ struct crypto_ahash *hash;
+
+ tfm = kzalloc(sizeof(*tfm), GFP_KERNEL);
+ if (!tfm)
+ return ERR_PTR(-ENOMEM);
+
+ hash = crypto_alloc_ahash(name, type, mask);
+ if (IS_ERR(hash)) {
+ kfree(tfm);
+ return ERR_CAST(hash);
+ }
+
+ tfm->hash = hash;
+
+ return tfm;
}
static void hash_release(void *private)
{
- crypto_free_ahash(private);
+ struct algif_hash_tfm *tfm = private;
+
+ crypto_free_ahash(tfm->hash);
+ kfree(tfm);
}
static int hash_setkey(void *private, const u8 *key, unsigned int keylen)
{
- return crypto_ahash_setkey(private, key, keylen);
+ struct algif_hash_tfm *tfm = private;
+ int err;
+
+ err = crypto_ahash_setkey(tfm->hash, key, keylen);
+ tfm->
[PATCH stable 3.10.y 00/18] Backport crypto fixes.
While fuzzing our 3.10 based kernel we observed some crashes, e.g: http://lkml.kernel.org/r/ It appears that 3.10-stable lacks some crypto related fixes. Here is my attempt to backport them. Many patches didn't apply cleanly, so to make sure that my conflict resolution is correct I compared it with other stable trees. Ard Biesheuvel (1): crypto: cryptd - initialize child shash_desc on import Herbert Xu (17): crypto: algif_skcipher - Require setkey before accept(2) crypto: af_alg - Disallow bind/setkey/... after accept(2) crypto: af_alg - Add nokey compatibility path crypto: algif_skcipher - Add nokey compatibility path crypto: hash - Add crypto_ahash_has_setkey crypto: algif_hash - Require setkey before accept(2) crypto: skcipher - Add crypto_skcipher_has_setkey crypto: algif_skcipher - Add key check exception for cipher_null crypto: af_alg - Allow af_af_alg_release_parent to be called on nokey path crypto: algif_hash - Remove custom release parent function crypto: algif_skcipher - Remove custom release parent function crypto: af_alg - Forbid bind(2) when nokey child sockets are present crypto: algif_hash - Fix race condition in hash_check_key crypto: algif_skcipher - Fix race condition in skcipher_check_key crypto: algif_skcipher - Load TX SG list after waiting crypto: shash - Fix has_key setting crypto: skcipher - Fix blkcipher walk OOM crash crypto/ablkcipher.c | 2 + crypto/af_alg.c | 51 +- crypto/ahash.c | 5 +- crypto/algif_hash.c | 165 -- crypto/algif_skcipher.c | 172 +++- crypto/blkcipher.c | 4 +- crypto/cryptd.c | 9 ++- crypto/shash.c | 5 +- include/crypto/hash.h | 6 ++ include/crypto/if_alg.h | 11 ++-- include/linux/crypto.h | 8 +++ 11 files changed, 400 insertions(+), 38 deletions(-) -- 2.7.3 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH stable 3.10.y 08/18] crypto: algif_skcipher - Add key check exception for cipher_null
From: Herbert Xu
commit 6e8d8ecf438792ecf7a3207488fb4eebc4edb040 upstream.
This patch adds an exception to the key check so that cipher_null
users may continue to use algif_skcipher without setting a key.
Cc: sta...@vger.kernel.org
Signed-off-by: Herbert Xu
Signed-off-by: Andrey Ryabinin
---
crypto/algif_skcipher.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index db5f0f0..4677a45 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -759,7 +759,7 @@ static int skcipher_accept_parent(void *private, struct
sock *sk)
{
struct skcipher_tfm *tfm = private;
- if (!tfm->has_key)
+ if (!tfm->has_key && crypto_ablkcipher_has_setkey(tfm->skcipher))
return -ENOKEY;
return skcipher_accept_parent_common(private, sk);
--
2.7.3
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH stable 3.10.y 11/18] crypto: algif_skcipher - Remove custom release parent function
From: Herbert Xu
commit d7b65aee1e7b4c87922b0232eaba56a8a143a4a0 upstream.
This patch removes the custom release parent function as the
generic af_alg_release_parent now works for nokey sockets too.
Cc: sta...@vger.kernel.org
Signed-off-by: Herbert Xu
Signed-off-by: Andrey Ryabinin
---
crypto/algif_skcipher.c | 43 +++
1 file changed, 3 insertions(+), 40 deletions(-)
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index 4677a45..a7800b7 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -681,7 +681,7 @@ static int skcipher_setkey(void *private, const u8 *key,
unsigned int keylen)
return err;
}
-static void skcipher_sock_destruct_common(struct sock *sk)
+static void skcipher_sock_destruct(struct sock *sk)
{
struct alg_sock *ask = alg_sk(sk);
struct skcipher_ctx *ctx = ask->private;
@@ -690,33 +690,10 @@ static void skcipher_sock_destruct_common(struct sock *sk)
skcipher_free_sgl(sk);
sock_kfree_s(sk, ctx->iv, crypto_ablkcipher_ivsize(tfm));
sock_kfree_s(sk, ctx, ctx->len);
-}
-
-static void skcipher_sock_destruct(struct sock *sk)
-{
- skcipher_sock_destruct_common(sk);
- af_alg_release_parent(sk);
-}
-
-static void skcipher_release_parent_nokey(struct sock *sk)
-{
- struct alg_sock *ask = alg_sk(sk);
-
- if (!ask->refcnt) {
- sock_put(ask->parent);
- return;
- }
-
af_alg_release_parent(sk);
}
-static void skcipher_sock_destruct_nokey(struct sock *sk)
-{
- skcipher_sock_destruct_common(sk);
- skcipher_release_parent_nokey(sk);
-}
-
-static int skcipher_accept_parent_common(void *private, struct sock *sk)
+static int skcipher_accept_parent_nokey(void *private, struct sock *sk)
{
struct skcipher_ctx *ctx;
struct alg_sock *ask = alg_sk(sk);
@@ -762,21 +739,7 @@ static int skcipher_accept_parent(void *private, struct
sock *sk)
if (!tfm->has_key && crypto_ablkcipher_has_setkey(tfm->skcipher))
return -ENOKEY;
- return skcipher_accept_parent_common(private, sk);
-}
-
-static int skcipher_accept_parent_nokey(void *private, struct sock *sk)
-{
- int err;
-
- err = skcipher_accept_parent_common(private, sk);
- if (err)
- goto out;
-
- sk->sk_destruct = skcipher_sock_destruct_nokey;
-
-out:
- return err;
+ return skcipher_accept_parent_nokey(private, sk);
}
static const struct af_alg_type algif_type_skcipher = {
--
2.7.3
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH stable 3.10.y 02/18] crypto: af_alg - Disallow bind/setkey/... after accept(2)
From: Herbert Xu
commit c840ac6af3f8713a71b4d2363419145760bd6044 upstream.
Each af_alg parent socket obtained by socket(2) corresponds to a
tfm object once bind(2) has succeeded. An accept(2) call on that
parent socket creates a context which then uses the tfm object.
Therefore as long as any child sockets created by accept(2) exist
the parent socket must not be modified or freed.
This patch guarantees this by using locks and a reference count
on the parent socket. Any attempt to modify the parent socket will
fail with EBUSY.
Cc: sta...@vger.kernel.org
Reported-by: Dmitry Vyukov
Signed-off-by: Herbert Xu
Signed-off-by: Andrey Ryabinin
---
crypto/af_alg.c | 35 ---
include/crypto/if_alg.h | 8 +++-
2 files changed, 35 insertions(+), 8 deletions(-)
diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index 1aaa555..0ca108f 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -125,6 +125,23 @@ int af_alg_release(struct socket *sock)
}
EXPORT_SYMBOL_GPL(af_alg_release);
+void af_alg_release_parent(struct sock *sk)
+{
+ struct alg_sock *ask = alg_sk(sk);
+ bool last;
+
+ sk = ask->parent;
+ ask = alg_sk(sk);
+
+ lock_sock(sk);
+ last = !--ask->refcnt;
+ release_sock(sk);
+
+ if (last)
+ sock_put(sk);
+}
+EXPORT_SYMBOL_GPL(af_alg_release_parent);
+
static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
{
struct sock *sk = sock->sk;
@@ -132,6 +149,7 @@ static int alg_bind(struct socket *sock, struct sockaddr
*uaddr, int addr_len)
struct sockaddr_alg *sa = (void *)uaddr;
const struct af_alg_type *type;
void *private;
+ int err;
if (sock->state == SS_CONNECTED)
return -EINVAL;
@@ -157,16 +175,22 @@ static int alg_bind(struct socket *sock, struct sockaddr
*uaddr, int addr_len)
return PTR_ERR(private);
}
+ err = -EBUSY;
lock_sock(sk);
+ if (ask->refcnt)
+ goto unlock;
swap(ask->type, type);
swap(ask->private, private);
+ err = 0;
+
+unlock:
release_sock(sk);
alg_do_release(type, private);
- return 0;
+ return err;
}
static int alg_setkey(struct sock *sk, char __user *ukey,
@@ -199,11 +223,15 @@ static int alg_setsockopt(struct socket *sock, int level,
int optname,
struct sock *sk = sock->sk;
struct alg_sock *ask = alg_sk(sk);
const struct af_alg_type *type;
- int err = -ENOPROTOOPT;
+ int err = -EBUSY;
lock_sock(sk);
+ if (ask->refcnt)
+ goto unlock;
+
type = ask->type;
+ err = -ENOPROTOOPT;
if (level != SOL_ALG || !type)
goto unlock;
@@ -252,7 +280,8 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
sk2->sk_family = PF_ALG;
- sock_hold(sk);
+ if (!ask->refcnt++)
+ sock_hold(sk);
alg_sk(sk2)->parent = sk;
alg_sk(sk2)->type = type;
diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h
index d61c111..2f38daa 100644
--- a/include/crypto/if_alg.h
+++ b/include/crypto/if_alg.h
@@ -30,6 +30,8 @@ struct alg_sock {
struct sock *parent;
+ unsigned int refcnt;
+
const struct af_alg_type *type;
void *private;
};
@@ -64,6 +66,7 @@ int af_alg_register_type(const struct af_alg_type *type);
int af_alg_unregister_type(const struct af_alg_type *type);
int af_alg_release(struct socket *sock);
+void af_alg_release_parent(struct sock *sk);
int af_alg_accept(struct sock *sk, struct socket *newsock);
int af_alg_make_sg(struct af_alg_sgl *sgl, void __user *addr, int len,
@@ -80,11 +83,6 @@ static inline struct alg_sock *alg_sk(struct sock *sk)
return (struct alg_sock *)sk;
}
-static inline void af_alg_release_parent(struct sock *sk)
-{
- sock_put(alg_sk(sk)->parent);
-}
-
static inline void af_alg_init_completion(struct af_alg_completion *completion)
{
init_completion(&completion->completion);
--
2.7.3
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH stable 3.10.y 16/18] crypto: shash - Fix has_key setting
From: Herbert Xu
commit 00420a65fa2beb3206090ead86942484df2275f3 upstream.
The has_key logic is wrong for shash algorithms as they always
have a setkey function. So we should instead be testing against
shash_no_setkey.
Fixes: a5596d633278 ("crypto: hash - Add crypto_ahash_has_setkey")
Cc: sta...@vger.kernel.org
Reported-by: Stephan Mueller
Signed-off-by: Herbert Xu
Tested-by: Stephan Mueller
Signed-off-by: Andrey Ryabinin
---
crypto/shash.c | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/crypto/shash.c b/crypto/shash.c
index 8e4256a..ac4d763 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -353,11 +353,10 @@ int crypto_init_shash_ops_async(struct crypto_tfm *tfm)
crt->final = shash_async_final;
crt->finup = shash_async_finup;
crt->digest = shash_async_digest;
+ crt->setkey = shash_async_setkey;
+
+ crt->has_setkey = alg->setkey != shash_no_setkey;
- if (alg->setkey) {
- crt->setkey = shash_async_setkey;
- crt->has_setkey = true;
- }
if (alg->export)
crt->export = shash_async_export;
if (alg->import)
--
2.7.3
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH stable 3.10.y 15/18] crypto: algif_skcipher - Load TX SG list after waiting
From: Herbert Xu
commit 4f0414e54e4d1893c6f08260693f8ef84c929293 upstream.
We need to load the TX SG list in sendmsg(2) after waiting for
incoming data, not before.
Cc: sta...@vger.kernel.org
Reported-by: Dmitry Vyukov
Signed-off-by: Herbert Xu
Tested-by: Dmitry Vyukov
Signed-off-by: Andrey Ryabinin
---
crypto/algif_skcipher.c | 14 +++---
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index 13fd26e..ea05c53 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -446,13 +446,6 @@ static int skcipher_recvmsg(struct kiocb *unused, struct
socket *sock,
char __user *from = iov->iov_base;
while (seglen) {
- sgl = list_first_entry(&ctx->tsgl,
- struct skcipher_sg_list, list);
- sg = sgl->sg;
-
- while (!sg->length)
- sg++;
-
used = ctx->used;
if (!used) {
err = skcipher_wait_for_data(sk, flags);
@@ -474,6 +467,13 @@ static int skcipher_recvmsg(struct kiocb *unused, struct
socket *sock,
if (!used)
goto free;
+ sgl = list_first_entry(&ctx->tsgl,
+ struct skcipher_sg_list, list);
+ sg = sgl->sg;
+
+ while (!sg->length)
+ sg++;
+
ablkcipher_request_set_crypt(&ctx->req, sg,
ctx->rsgl.sg, used,
ctx->iv);
--
2.7.3
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH stable 3.10.y 05/18] crypto: hash - Add crypto_ahash_has_setkey
From: Herbert Xu
commit a5596d6332787fd383b3b5427b41f94254430827 upstream.
This patch adds a way for ahash users to determine whether a key
is required by a crypto_ahash transform.
Cc: sta...@vger.kernel.org
Signed-off-by: Herbert Xu
Signed-off-by: Andrey Ryabinin
---
crypto/ahash.c| 5 -
crypto/shash.c| 4 +++-
include/crypto/hash.h | 6 ++
3 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/crypto/ahash.c b/crypto/ahash.c
index bcd5efc..781a8a7 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c
@@ -370,6 +370,7 @@ static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
struct ahash_alg *alg = crypto_ahash_alg(hash);
hash->setkey = ahash_nosetkey;
+ hash->has_setkey = false;
hash->export = ahash_no_export;
hash->import = ahash_no_import;
@@ -382,8 +383,10 @@ static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
hash->finup = alg->finup ?: ahash_def_finup;
hash->digest = alg->digest;
- if (alg->setkey)
+ if (alg->setkey) {
hash->setkey = alg->setkey;
+ hash->has_setkey = true;
+ }
if (alg->export)
hash->export = alg->export;
if (alg->import)
diff --git a/crypto/shash.c b/crypto/shash.c
index 929058a..8e4256a 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -354,8 +354,10 @@ int crypto_init_shash_ops_async(struct crypto_tfm *tfm)
crt->finup = shash_async_finup;
crt->digest = shash_async_digest;
- if (alg->setkey)
+ if (alg->setkey) {
crt->setkey = shash_async_setkey;
+ crt->has_setkey = true;
+ }
if (alg->export)
crt->export = shash_async_export;
if (alg->import)
diff --git a/include/crypto/hash.h b/include/crypto/hash.h
index 26cb1eb..c8c7987 100644
--- a/include/crypto/hash.h
+++ b/include/crypto/hash.h
@@ -94,6 +94,7 @@ struct crypto_ahash {
unsigned int keylen);
unsigned int reqsize;
+ bool has_setkey;
struct crypto_tfm base;
};
@@ -181,6 +182,11 @@ static inline void *ahash_request_ctx(struct ahash_request
*req)
int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key,
unsigned int keylen);
+static inline bool crypto_ahash_has_setkey(struct crypto_ahash *tfm)
+{
+ return tfm->has_setkey;
+}
+
int crypto_ahash_finup(struct ahash_request *req);
int crypto_ahash_final(struct ahash_request *req);
int crypto_ahash_digest(struct ahash_request *req);
--
2.7.3
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH stable 3.10.y 10/18] crypto: algif_hash - Remove custom release parent function
From: Herbert Xu
commit f1d84af1835846a5a2b827382c5848faf2bb0e75 upstream.
This patch removes the custom release parent function as the
generic af_alg_release_parent now works for nokey sockets too.
Cc: sta...@vger.kernel.org
Signed-off-by: Herbert Xu
Signed-off-by: Andrey Ryabinin
---
crypto/algif_hash.c | 43 +++
1 file changed, 3 insertions(+), 40 deletions(-)
diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index 7bc3f89..512aa36 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -397,7 +397,7 @@ static int hash_setkey(void *private, const u8 *key,
unsigned int keylen)
return err;
}
-static void hash_sock_destruct_common(struct sock *sk)
+static void hash_sock_destruct(struct sock *sk)
{
struct alg_sock *ask = alg_sk(sk);
struct hash_ctx *ctx = ask->private;
@@ -405,33 +405,10 @@ static void hash_sock_destruct_common(struct sock *sk)
sock_kfree_s(sk, ctx->result,
crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req)));
sock_kfree_s(sk, ctx, ctx->len);
-}
-
-static void hash_sock_destruct(struct sock *sk)
-{
- hash_sock_destruct_common(sk);
- af_alg_release_parent(sk);
-}
-
-static void hash_release_parent_nokey(struct sock *sk)
-{
- struct alg_sock *ask = alg_sk(sk);
-
- if (!ask->refcnt) {
- sock_put(ask->parent);
- return;
- }
-
af_alg_release_parent(sk);
}
-static void hash_sock_destruct_nokey(struct sock *sk)
-{
- hash_sock_destruct_common(sk);
- hash_release_parent_nokey(sk);
-}
-
-static int hash_accept_parent_common(void *private, struct sock *sk)
+static int hash_accept_parent_nokey(void *private, struct sock *sk)
{
struct hash_ctx *ctx;
struct alg_sock *ask = alg_sk(sk);
@@ -474,21 +451,7 @@ static int hash_accept_parent(void *private, struct sock
*sk)
if (!tfm->has_key && crypto_ahash_has_setkey(tfm->hash))
return -ENOKEY;
- return hash_accept_parent_common(private, sk);
-}
-
-static int hash_accept_parent_nokey(void *private, struct sock *sk)
-{
- int err;
-
- err = hash_accept_parent_common(private, sk);
- if (err)
- goto out;
-
- sk->sk_destruct = hash_sock_destruct_nokey;
-
-out:
- return err;
+ return hash_accept_parent_nokey(private, sk);
}
static const struct af_alg_type algif_type_hash = {
--
2.7.3
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH stable 3.10.y 07/18] crypto: skcipher - Add crypto_skcipher_has_setkey
From: Herbert Xu
commit a1383cd86a062fc798899ab20f0ec2116cce39cb upstream.
This patch adds a way for skcipher users to determine whether a key
is required by a transform.
Cc: sta...@vger.kernel.org
Signed-off-by: Herbert Xu
Signed-off-by: Andrey Ryabinin
---
crypto/ablkcipher.c| 2 ++
crypto/blkcipher.c | 1 +
include/linux/crypto.h | 8
3 files changed, 11 insertions(+)
diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c
index ebcec74..2b6dd74 100644
--- a/crypto/ablkcipher.c
+++ b/crypto/ablkcipher.c
@@ -379,6 +379,7 @@ static int crypto_init_ablkcipher_ops(struct crypto_tfm
*tfm, u32 type,
}
crt->base = __crypto_ablkcipher_cast(tfm);
crt->ivsize = alg->ivsize;
+ crt->has_setkey = alg->max_keysize;
return 0;
}
@@ -460,6 +461,7 @@ static int crypto_init_givcipher_ops(struct crypto_tfm
*tfm, u32 type,
crt->givdecrypt = alg->givdecrypt ?: no_givdecrypt;
crt->base = __crypto_ablkcipher_cast(tfm);
crt->ivsize = alg->ivsize;
+ crt->has_setkey = alg->max_keysize;
return 0;
}
diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
index a79e7e9..37af08e 100644
--- a/crypto/blkcipher.c
+++ b/crypto/blkcipher.c
@@ -458,6 +458,7 @@ static int crypto_init_blkcipher_ops_async(struct
crypto_tfm *tfm)
}
crt->base = __crypto_ablkcipher_cast(tfm);
crt->ivsize = alg->ivsize;
+ crt->has_setkey = alg->max_keysize;
return 0;
}
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
index 2b00d92..61dd0b1 100644
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
@@ -354,6 +354,7 @@ struct ablkcipher_tfm {
unsigned int ivsize;
unsigned int reqsize;
+ bool has_setkey;
};
struct aead_tfm {
@@ -664,6 +665,13 @@ static inline int crypto_ablkcipher_setkey(struct
crypto_ablkcipher *tfm,
return crt->setkey(crt->base, key, keylen);
}
+static inline bool crypto_ablkcipher_has_setkey(struct crypto_ablkcipher *tfm)
+{
+ struct ablkcipher_tfm *crt = crypto_ablkcipher_crt(tfm);
+
+ return crt->has_setkey;
+}
+
static inline struct crypto_ablkcipher *crypto_ablkcipher_reqtfm(
struct ablkcipher_request *req)
{
--
2.7.3
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH stable 3.10.y 04/18] crypto: algif_skcipher - Add nokey compatibility path
From: Herbert Xu
commit a0fa2d037129a9849918a92d91b79ed6c7bd2818 upstream.
This patch adds a compatibility path to support old applications
that do acept(2) before setkey.
Cc: sta...@vger.kernel.org
Signed-off-by: Herbert Xu
Signed-off-by: Andrey Ryabinin
---
crypto/algif_skcipher.c | 149 ++--
1 file changed, 144 insertions(+), 5 deletions(-)
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index c4c121a..db5f0f0 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -549,6 +549,99 @@ static struct proto_ops algif_skcipher_ops = {
.poll = skcipher_poll,
};
+static int skcipher_check_key(struct socket *sock)
+{
+ int err;
+ struct sock *psk;
+ struct alg_sock *pask;
+ struct skcipher_tfm *tfm;
+ struct sock *sk = sock->sk;
+ struct alg_sock *ask = alg_sk(sk);
+
+ if (ask->refcnt)
+ return 0;
+
+ psk = ask->parent;
+ pask = alg_sk(ask->parent);
+ tfm = pask->private;
+
+ err = -ENOKEY;
+ lock_sock(psk);
+ if (!tfm->has_key)
+ goto unlock;
+
+ if (!pask->refcnt++)
+ sock_hold(psk);
+
+ ask->refcnt = 1;
+ sock_put(psk);
+
+ err = 0;
+
+unlock:
+ release_sock(psk);
+
+ return err;
+}
+
+static int skcipher_sendmsg_nokey(struct kiocb *unused, struct socket *sock,
+ struct msghdr *msg, size_t size)
+{
+ int err;
+
+ err = skcipher_check_key(sock);
+ if (err)
+ return err;
+
+ return skcipher_sendmsg(unused, sock, msg, size);
+}
+
+static ssize_t skcipher_sendpage_nokey(struct socket *sock, struct page *page,
+ int offset, size_t size, int flags)
+{
+ int err;
+
+ err = skcipher_check_key(sock);
+ if (err)
+ return err;
+
+ return skcipher_sendpage(sock, page, offset, size, flags);
+}
+
+static int skcipher_recvmsg_nokey(struct kiocb *unused, struct socket *sock,
+ struct msghdr *msg, size_t ignored, int flags)
+{
+ int err;
+
+ err = skcipher_check_key(sock);
+ if (err)
+ return err;
+
+ return skcipher_recvmsg(unused, sock, msg, ignored, flags);
+}
+
+static struct proto_ops algif_skcipher_ops_nokey = {
+ .family = PF_ALG,
+
+ .connect= sock_no_connect,
+ .socketpair = sock_no_socketpair,
+ .getname= sock_no_getname,
+ .ioctl = sock_no_ioctl,
+ .listen = sock_no_listen,
+ .shutdown = sock_no_shutdown,
+ .getsockopt = sock_no_getsockopt,
+ .mmap = sock_no_mmap,
+ .bind = sock_no_bind,
+ .accept = sock_no_accept,
+ .setsockopt = sock_no_setsockopt,
+
+ .release= af_alg_release,
+ .sendmsg= skcipher_sendmsg_nokey,
+ .sendpage = skcipher_sendpage_nokey,
+ .recvmsg= skcipher_recvmsg_nokey,
+ .poll = skcipher_poll,
+};
+
static void *skcipher_bind(const char *name, u32 type, u32 mask)
{
struct skcipher_tfm *tfm;
@@ -588,7 +681,7 @@ static int skcipher_setkey(void *private, const u8 *key,
unsigned int keylen)
return err;
}
-static void skcipher_sock_destruct(struct sock *sk)
+static void skcipher_sock_destruct_common(struct sock *sk)
{
struct alg_sock *ask = alg_sk(sk);
struct skcipher_ctx *ctx = ask->private;
@@ -597,10 +690,33 @@ static void skcipher_sock_destruct(struct sock *sk)
skcipher_free_sgl(sk);
sock_kfree_s(sk, ctx->iv, crypto_ablkcipher_ivsize(tfm));
sock_kfree_s(sk, ctx, ctx->len);
+}
+
+static void skcipher_sock_destruct(struct sock *sk)
+{
+ skcipher_sock_destruct_common(sk);
af_alg_release_parent(sk);
}
-static int skcipher_accept_parent(void *private, struct sock *sk)
+static void skcipher_release_parent_nokey(struct sock *sk)
+{
+ struct alg_sock *ask = alg_sk(sk);
+
+ if (!ask->refcnt) {
+ sock_put(ask->parent);
+ return;
+ }
+
+ af_alg_release_parent(sk);
+}
+
+static void skcipher_sock_destruct_nokey(struct sock *sk)
+{
+ skcipher_sock_destruct_common(sk);
+ skcipher_release_parent_nokey(sk);
+}
+
+static int skcipher_accept_parent_common(void *private, struct sock *sk)
{
struct skcipher_ctx *ctx;
struct alg_sock *ask = alg_sk(sk);
@@ -608,9 +724,6 @@ static int skcipher_accept_parent(void *private, struct
sock *sk)
struct crypto_ablkcipher *skcipher = tfm->skcipher;
unsigned int len = sizeof(*ctx) + crypto_ablkcipher_reqsize(skcipher);
- if (!tfm->has_key)
- re
[PATCH stable 3.10.y 18/18] crypto: skcipher - Fix blkcipher walk OOM crash
From: Herbert Xu
commit acdb04d0b36769b3e05990c488dc74d8b7ac8060 upstream.
When we need to allocate a temporary blkcipher_walk_next and it
fails, the code is supposed to take the slow path of processing
the data block by block. However, due to an unrelated change
we instead end up dereferencing the NULL pointer.
This patch fixes it by moving the unrelated bsize setting out
of the way so that we enter the slow path as inteded.
Fixes: 7607bd8ff03b ("[CRYPTO] blkcipher: Added blkcipher_walk_virt_block")
Cc: sta...@vger.kernel.org
Reported-by: xiakaixu
Reported-by: Ard Biesheuvel
Signed-off-by: Herbert Xu
Tested-by: Ard Biesheuvel
Signed-off-by: Andrey Ryabinin
---
crypto/blkcipher.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
index 37af08e..39b09f25 100644
--- a/crypto/blkcipher.c
+++ b/crypto/blkcipher.c
@@ -238,6 +238,8 @@ static int blkcipher_walk_next(struct blkcipher_desc *desc,
return blkcipher_walk_done(desc, walk, -EINVAL);
}
+ bsize = min(walk->blocksize, n);
+
walk->flags &= ~(BLKCIPHER_WALK_SLOW | BLKCIPHER_WALK_COPY |
BLKCIPHER_WALK_DIFF);
if (!scatterwalk_aligned(&walk->in, alignmask) ||
@@ -250,7 +252,6 @@ static int blkcipher_walk_next(struct blkcipher_desc *desc,
}
}
- bsize = min(walk->blocksize, n);
n = scatterwalk_clamp(&walk->in, n);
n = scatterwalk_clamp(&walk->out, n);
--
2.7.3
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH stable 3.10.y 14/18] crypto: algif_skcipher - Fix race condition in skcipher_check_key
From: Herbert Xu
commit 1822793a523e5d5730b19cc21160ff1717421bc8 upstream.
We need to lock the child socket in skcipher_check_key as otherwise
two simultaneous calls can cause the parent socket to be freed.
Cc: sta...@vger.kernel.org
Signed-off-by: Herbert Xu
Signed-off-by: Andrey Ryabinin
---
crypto/algif_skcipher.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index a7800b7..13fd26e 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -551,22 +551,23 @@ static struct proto_ops algif_skcipher_ops = {
static int skcipher_check_key(struct socket *sock)
{
- int err;
+ int err = 0;
struct sock *psk;
struct alg_sock *pask;
struct skcipher_tfm *tfm;
struct sock *sk = sock->sk;
struct alg_sock *ask = alg_sk(sk);
+ lock_sock(sk);
if (ask->refcnt)
- return 0;
+ goto unlock_child;
psk = ask->parent;
pask = alg_sk(ask->parent);
tfm = pask->private;
err = -ENOKEY;
- lock_sock(psk);
+ lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
if (!tfm->has_key)
goto unlock;
@@ -580,6 +581,8 @@ static int skcipher_check_key(struct socket *sock)
unlock:
release_sock(psk);
+unlock_child:
+ release_sock(sk);
return err;
}
--
2.7.3
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH stable 3.10.y 09/18] crypto: af_alg - Allow af_af_alg_release_parent to be called on nokey path
From: Herbert Xu
commit 6a935170a980024dd29199e9dbb5c4da4767a1b9 upstream.
This patch allows af_alg_release_parent to be called even for
nokey sockets.
Cc: sta...@vger.kernel.org
Signed-off-by: Herbert Xu
Signed-off-by: Andrey Ryabinin
---
crypto/af_alg.c | 9 -
include/crypto/if_alg.h | 1 +
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index de130c2..2f8fd84 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -133,6 +133,12 @@ void af_alg_release_parent(struct sock *sk)
bool last;
sk = ask->parent;
+
+ if (ask->nokey_refcnt && !ask->refcnt) {
+ sock_put(sk);
+ return;
+ }
+
ask = alg_sk(sk);
lock_sock(sk);
@@ -258,8 +264,8 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
struct alg_sock *ask = alg_sk(sk);
const struct af_alg_type *type;
struct sock *sk2;
+ unsigned int nokey;
int err;
- bool nokey;
lock_sock(sk);
type = ask->type;
@@ -292,6 +298,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
sock_hold(sk);
alg_sk(sk2)->parent = sk;
alg_sk(sk2)->type = type;
+ alg_sk(sk2)->nokey_refcnt = nokey;
newsock->ops = type->ops;
newsock->state = SS_CONNECTED;
diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h
index 9e6a2f3..bfefd81 100644
--- a/include/crypto/if_alg.h
+++ b/include/crypto/if_alg.h
@@ -31,6 +31,7 @@ struct alg_sock {
struct sock *parent;
unsigned int refcnt;
+ unsigned int nokey_refcnt;
const struct af_alg_type *type;
void *private;
--
2.7.3
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH stable 3.10.y 13/18] crypto: algif_hash - Fix race condition in hash_check_key
From: Herbert Xu
commit ad46d7e33219218605ea619e32553daf4f346b9f upstream.
We need to lock the child socket in hash_check_key as otherwise
two simultaneous calls can cause the parent socket to be freed.
Cc: sta...@vger.kernel.org
Signed-off-by: Herbert Xu
Signed-off-by: Andrey Ryabinin
---
crypto/algif_hash.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index 512aa36..d11d431 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -255,22 +255,23 @@ static struct proto_ops algif_hash_ops = {
static int hash_check_key(struct socket *sock)
{
- int err;
+ int err = 0;
struct sock *psk;
struct alg_sock *pask;
struct algif_hash_tfm *tfm;
struct sock *sk = sock->sk;
struct alg_sock *ask = alg_sk(sk);
+ lock_sock(sk);
if (ask->refcnt)
- return 0;
+ goto unlock_child;
psk = ask->parent;
pask = alg_sk(ask->parent);
tfm = pask->private;
err = -ENOKEY;
- lock_sock(psk);
+ lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
if (!tfm->has_key)
goto unlock;
@@ -284,6 +285,8 @@ static int hash_check_key(struct socket *sock)
unlock:
release_sock(psk);
+unlock_child:
+ release_sock(sk);
return err;
}
--
2.7.3
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH stable 3.10.y 01/18] crypto: algif_skcipher - Require setkey before accept(2)
From: Herbert Xu
commit dd504589577d8e8e70f51f997ad487a4cb6c026f upstream.
Some cipher implementations will crash if you try to use them
without calling setkey first. This patch adds a check so that
the accept(2) call will fail with -ENOKEY if setkey hasn't been
done on the socket yet.
Cc: sta...@vger.kernel.org
Reported-by: Dmitry Vyukov
Signed-off-by: Herbert Xu
Tested-by: Dmitry Vyukov
Signed-off-by: Andrey Ryabinin
---
crypto/algif_skcipher.c | 51 -
1 file changed, 42 insertions(+), 9 deletions(-)
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index 83187f4..c4c121a 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -31,6 +31,11 @@ struct skcipher_sg_list {
struct scatterlist sg[0];
};
+struct skcipher_tfm {
+ struct crypto_ablkcipher *skcipher;
+ bool has_key;
+};
+
struct skcipher_ctx {
struct list_head tsgl;
struct af_alg_sgl rsgl;
@@ -546,17 +551,41 @@ static struct proto_ops algif_skcipher_ops = {
static void *skcipher_bind(const char *name, u32 type, u32 mask)
{
- return crypto_alloc_ablkcipher(name, type, mask);
+ struct skcipher_tfm *tfm;
+ struct crypto_ablkcipher *skcipher;
+
+ tfm = kzalloc(sizeof(*tfm), GFP_KERNEL);
+ if (!tfm)
+ return ERR_PTR(-ENOMEM);
+
+ skcipher = crypto_alloc_ablkcipher(name, type, mask);
+ if (IS_ERR(skcipher)) {
+ kfree(tfm);
+ return ERR_CAST(skcipher);
+ }
+
+ tfm->skcipher = skcipher;
+
+ return tfm;
}
static void skcipher_release(void *private)
{
- crypto_free_ablkcipher(private);
+ struct skcipher_tfm *tfm = private;
+
+ crypto_free_ablkcipher(tfm->skcipher);
+ kfree(tfm);
}
static int skcipher_setkey(void *private, const u8 *key, unsigned int keylen)
{
- return crypto_ablkcipher_setkey(private, key, keylen);
+ struct skcipher_tfm *tfm = private;
+ int err;
+
+ err = crypto_ablkcipher_setkey(tfm->skcipher, key, keylen);
+ tfm->has_key = !err;
+
+ return err;
}
static void skcipher_sock_destruct(struct sock *sk)
@@ -575,20 +604,24 @@ static int skcipher_accept_parent(void *private, struct
sock *sk)
{
struct skcipher_ctx *ctx;
struct alg_sock *ask = alg_sk(sk);
- unsigned int len = sizeof(*ctx) + crypto_ablkcipher_reqsize(private);
+ struct skcipher_tfm *tfm = private;
+ struct crypto_ablkcipher *skcipher = tfm->skcipher;
+ unsigned int len = sizeof(*ctx) + crypto_ablkcipher_reqsize(skcipher);
+
+ if (!tfm->has_key)
+ return -ENOKEY;
ctx = sock_kmalloc(sk, len, GFP_KERNEL);
if (!ctx)
return -ENOMEM;
-
- ctx->iv = sock_kmalloc(sk, crypto_ablkcipher_ivsize(private),
+ ctx->iv = sock_kmalloc(sk, crypto_ablkcipher_ivsize(skcipher),
GFP_KERNEL);
if (!ctx->iv) {
sock_kfree_s(sk, ctx, len);
return -ENOMEM;
}
- memset(ctx->iv, 0, crypto_ablkcipher_ivsize(private));
+ memset(ctx->iv, 0, crypto_ablkcipher_ivsize(skcipher));
INIT_LIST_HEAD(&ctx->tsgl);
ctx->len = len;
@@ -600,9 +633,9 @@ static int skcipher_accept_parent(void *private, struct
sock *sk)
ask->private = ctx;
- ablkcipher_request_set_tfm(&ctx->req, private);
+ ablkcipher_request_set_tfm(&ctx->req, skcipher);
ablkcipher_request_set_callback(&ctx->req, CRYPTO_TFM_REQ_MAY_BACKLOG,
- af_alg_complete, &ctx->completion);
+ af_alg_complete, &ctx->completion);
sk->sk_destruct = skcipher_sock_destruct;
--
2.7.3
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH stable 3.10.y 03/18] crypto: af_alg - Add nokey compatibility path
From: Herbert Xu
commit 37766586c965d63758ad542325a96d5384f4a8c9 upstream.
This patch adds a compatibility path to support old applications
that do acept(2) before setkey.
Cc: sta...@vger.kernel.org
Signed-off-by: Herbert Xu
Signed-off-by: Andrey Ryabinin
---
crypto/af_alg.c | 13 -
include/crypto/if_alg.h | 2 ++
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index 0ca108f..de130c2 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -76,6 +76,8 @@ int af_alg_register_type(const struct af_alg_type *type)
goto unlock;
type->ops->owner = THIS_MODULE;
+ if (type->ops_nokey)
+ type->ops_nokey->owner = THIS_MODULE;
node->type = type;
list_add(&node->list, &alg_types);
err = 0;
@@ -257,6 +259,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
const struct af_alg_type *type;
struct sock *sk2;
int err;
+ bool nokey;
lock_sock(sk);
type = ask->type;
@@ -275,12 +278,17 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
security_sk_clone(sk, sk2);
err = type->accept(ask->private, sk2);
+
+ nokey = err == -ENOKEY;
+ if (nokey && type->accept_nokey)
+ err = type->accept_nokey(ask->private, sk2);
+
if (err)
goto unlock;
sk2->sk_family = PF_ALG;
- if (!ask->refcnt++)
+ if (nokey || !ask->refcnt++)
sock_hold(sk);
alg_sk(sk2)->parent = sk;
alg_sk(sk2)->type = type;
@@ -288,6 +296,9 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
newsock->ops = type->ops;
newsock->state = SS_CONNECTED;
+ if (nokey)
+ newsock->ops = type->ops_nokey;
+
err = 0;
unlock:
diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h
index 2f38daa..9e6a2f3 100644
--- a/include/crypto/if_alg.h
+++ b/include/crypto/if_alg.h
@@ -51,8 +51,10 @@ struct af_alg_type {
void (*release)(void *private);
int (*setkey)(void *private, const u8 *key, unsigned int keylen);
int (*accept)(void *private, struct sock *sk);
+ int (*accept_nokey)(void *private, struct sock *sk);
struct proto_ops *ops;
+ struct proto_ops *ops_nokey;
struct module *owner;
char name[14];
};
--
2.7.3
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH v2] crypto/testmgr: don't copy from source IV too much
While the destination buffer 'iv' is MAX_IVLEN size, the source 'template[i].iv' could be smaller, thus memcpy may read read invalid memory. Use crypto_skcipher_ivsize() to get real ivsize and pass it to memcpy. Signed-off-by: Andrey Ryabinin --- crypto/testmgr.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 35c2de1..fa18753 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -940,6 +940,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc, char *xbuf[XBUFSIZE]; char *xoutbuf[XBUFSIZE]; int ret = -ENOMEM; + unsigned int ivsize = crypto_skcipher_ivsize(tfm); if (testmgr_alloc_buf(xbuf)) goto out_nobuf; @@ -975,7 +976,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc, continue; if (template[i].iv) - memcpy(iv, template[i].iv, MAX_IVLEN); + memcpy(iv, template[i].iv, ivsize); else memset(iv, 0, MAX_IVLEN); @@ -1051,7 +1052,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc, continue; if (template[i].iv) - memcpy(iv, template[i].iv, MAX_IVLEN); + memcpy(iv, template[i].iv, ivsize); else memset(iv, 0, MAX_IVLEN); -- 2.4.6 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] crypto/testmgr: don't copy from source IV too much
On 09/03/2015 04:20 PM, Herbert Xu wrote: > On Thu, Sep 03, 2015 at 02:32:00PM +0300, Andrey Ryabinin wrote: >> While the destination buffer 'iv' is MAX_IVLEN size, >> the source 'template[i].iv' could be smaller. Thus >> copying it via memcpy() leads to invalid memory access. >> Use strlcpy() instead. >> >> Signed-off-by: Andrey Ryabinin > > Thanks for the patch. Unfortunately it's broken because the IV > is not a string and can contain NULs. So either fix it by using > the real ivsize, So I've tried to use crypto_ablkcipher_ivsize(tfm) for that. But noticed that some algs don't set ivsize (which makes it zero). E.g. "ecb-cast6-avx" doesn't set it, but test vectors (cast6_enc_tv_template[], cast6_dec_tv_template[]) have .iv of 16bytes. So I'm not sure what part is wrong here. Is it wrong to use crypto_ablkcipher_ivsize(tfm) to get ivsize here? Is it bug in 'ecb-cast6-avx'? Or maybe something else? > or change template[i].iv to a char array. > > Cheers, > -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] x86/crypto/ghash-intel: specify context size for ghash async algorithm
Currently context size (cra_ctxsize) doesn't specified for
ghash_async_alg. Which means it's zero. Thus crypto_create_tfm()
doesn't allocate needed space for ghash_async_ctx, so any
read/write to ctx (e.g. in ghash_async_init_tfm()) is not valid.
Signed-off-by: Andrey Ryabinin
---
arch/x86/crypto/ghash-clmulni-intel_glue.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/crypto/ghash-clmulni-intel_glue.c
b/arch/x86/crypto/ghash-clmulni-intel_glue.c
index 64d7cf1..440df0c 100644
--- a/arch/x86/crypto/ghash-clmulni-intel_glue.c
+++ b/arch/x86/crypto/ghash-clmulni-intel_glue.c
@@ -294,6 +294,7 @@ static struct ahash_alg ghash_async_alg = {
.cra_name = "ghash",
.cra_driver_name= "ghash-clmulni",
.cra_priority = 400,
+ .cra_ctxsize= sizeof(struct
ghash_async_ctx),
.cra_flags = CRYPTO_ALG_TYPE_AHASH |
CRYPTO_ALG_ASYNC,
.cra_blocksize = GHASH_BLOCK_SIZE,
.cra_type = &crypto_ahash_type,
--
2.4.6
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] crypto/testmgr: don't copy from source IV too much
While the destination buffer 'iv' is MAX_IVLEN size, the source 'template[i].iv' could be smaller. Thus copying it via memcpy() leads to invalid memory access. Use strlcpy() instead. Signed-off-by: Andrey Ryabinin --- crypto/testmgr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index d0a42bd..d85221c 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -974,7 +974,7 @@ static int __test_skcipher(struct crypto_ablkcipher *tfm, int enc, continue; if (template[i].iv) - memcpy(iv, template[i].iv, MAX_IVLEN); + strlcpy(iv, template[i].iv, MAX_IVLEN); else memset(iv, 0, MAX_IVLEN); @@ -1049,7 +1049,7 @@ static int __test_skcipher(struct crypto_ablkcipher *tfm, int enc, continue; if (template[i].iv) - memcpy(iv, template[i].iv, MAX_IVLEN); + strlcpy(iv, template[i].iv, MAX_IVLEN); else memset(iv, 0, MAX_IVLEN); -- 2.4.6 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] mm: kill kmemcheck
2015-03-11 21:44 GMT+03:00 David Miller : > From: Sasha Levin > Date: Wed, 11 Mar 2015 13:25:47 -0400 > >> You're probably wondering why there are changes to SPARC in that patchset? :) > > Libsanitizer doesn't even build have the time on sparc, the release > manager has to hand patch it into building again every major release > because of the way ASAN development is done out of tree and local > commits to the gcc tree are basically written over during the > next merge. > Libsanitizer is userspace lib it's for userspace ASan, KASan doesn't use it. We have our own 'libsanitzer' in kernel. > So I'm a little bit bitter about this, as you can see. :) > -- Best regards, Andrey Ryabinin -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] crypto: ccp: terminate ccp_support array with empty element
x86_match_cpu() expects array of x86_cpu_ids terminated
with empty element.
Signed-off-by: Andrey Ryabinin
---
drivers/crypto/ccp/ccp-dev.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/crypto/ccp/ccp-dev.c b/drivers/crypto/ccp/ccp-dev.c
index c6e6171..ca29c12 100644
--- a/drivers/crypto/ccp/ccp-dev.c
+++ b/drivers/crypto/ccp/ccp-dev.c
@@ -583,6 +583,7 @@ bool ccp_queues_suspended(struct ccp_device *ccp)
#ifdef CONFIG_X86
static const struct x86_cpu_id ccp_support[] = {
{ X86_VENDOR_AMD, 22, },
+ { },
};
#endif
--
2.2.1
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
