Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto fixes from Herbert Xu: "This push fixes the following issues: - buffer overread in RSA - potential use after free in algif_aead. - error path null pointer dereference in af_alg - forbid combinations such as hmac(hmac(sha3)) which may crash - crash in salsa20 due to incorrect API usage" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: salsa20 - fix blkcipher_walk API usage crypto: hmac - require that the underlying hash algorithm is unkeyed crypto: af_alg - fix NULL pointer dereference in crypto: algif_aead - fix reference counting of null skcipher crypto: rsa - fix buffer overread when stripping leading zeroes
This commit is contained in:
commit
916b20e02e
@ -59,13 +59,6 @@ static int encrypt(struct blkcipher_desc *desc,
|
|||||||
|
|
||||||
salsa20_ivsetup(ctx, walk.iv);
|
salsa20_ivsetup(ctx, walk.iv);
|
||||||
|
|
||||||
if (likely(walk.nbytes == nbytes))
|
|
||||||
{
|
|
||||||
salsa20_encrypt_bytes(ctx, walk.src.virt.addr,
|
|
||||||
walk.dst.virt.addr, nbytes);
|
|
||||||
return blkcipher_walk_done(desc, &walk, 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
while (walk.nbytes >= 64) {
|
while (walk.nbytes >= 64) {
|
||||||
salsa20_encrypt_bytes(ctx, walk.src.virt.addr,
|
salsa20_encrypt_bytes(ctx, walk.src.virt.addr,
|
||||||
walk.dst.virt.addr,
|
walk.dst.virt.addr,
|
||||||
|
@ -672,15 +672,16 @@ void af_alg_free_areq_sgls(struct af_alg_async_req *areq)
|
|||||||
}
|
}
|
||||||
|
|
||||||
tsgl = areq->tsgl;
|
tsgl = areq->tsgl;
|
||||||
|
if (tsgl) {
|
||||||
for_each_sg(tsgl, sg, areq->tsgl_entries, i) {
|
for_each_sg(tsgl, sg, areq->tsgl_entries, i) {
|
||||||
if (!sg_page(sg))
|
if (!sg_page(sg))
|
||||||
continue;
|
continue;
|
||||||
put_page(sg_page(sg));
|
put_page(sg_page(sg));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (areq->tsgl && areq->tsgl_entries)
|
|
||||||
sock_kfree_s(sk, tsgl, areq->tsgl_entries * sizeof(*tsgl));
|
sock_kfree_s(sk, tsgl, areq->tsgl_entries * sizeof(*tsgl));
|
||||||
}
|
}
|
||||||
|
}
|
||||||
EXPORT_SYMBOL_GPL(af_alg_free_areq_sgls);
|
EXPORT_SYMBOL_GPL(af_alg_free_areq_sgls);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -503,6 +503,7 @@ static void aead_release(void *private)
|
|||||||
struct aead_tfm *tfm = private;
|
struct aead_tfm *tfm = private;
|
||||||
|
|
||||||
crypto_free_aead(tfm->aead);
|
crypto_free_aead(tfm->aead);
|
||||||
|
crypto_put_default_null_skcipher2();
|
||||||
kfree(tfm);
|
kfree(tfm);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -535,7 +536,6 @@ static void aead_sock_destruct(struct sock *sk)
|
|||||||
unsigned int ivlen = crypto_aead_ivsize(tfm);
|
unsigned int ivlen = crypto_aead_ivsize(tfm);
|
||||||
|
|
||||||
af_alg_pull_tsgl(sk, ctx->used, NULL, 0);
|
af_alg_pull_tsgl(sk, ctx->used, NULL, 0);
|
||||||
crypto_put_default_null_skcipher2();
|
|
||||||
sock_kzfree_s(sk, ctx->iv, ivlen);
|
sock_kzfree_s(sk, ctx->iv, ivlen);
|
||||||
sock_kfree_s(sk, ctx, ctx->len);
|
sock_kfree_s(sk, ctx, ctx->len);
|
||||||
af_alg_release_parent(sk);
|
af_alg_release_parent(sk);
|
||||||
|
@ -195,11 +195,15 @@ static int hmac_create(struct crypto_template *tmpl, struct rtattr **tb)
|
|||||||
salg = shash_attr_alg(tb[1], 0, 0);
|
salg = shash_attr_alg(tb[1], 0, 0);
|
||||||
if (IS_ERR(salg))
|
if (IS_ERR(salg))
|
||||||
return PTR_ERR(salg);
|
return PTR_ERR(salg);
|
||||||
|
alg = &salg->base;
|
||||||
|
|
||||||
|
/* The underlying hash algorithm must be unkeyed */
|
||||||
err = -EINVAL;
|
err = -EINVAL;
|
||||||
|
if (crypto_shash_alg_has_setkey(salg))
|
||||||
|
goto out_put_alg;
|
||||||
|
|
||||||
ds = salg->digestsize;
|
ds = salg->digestsize;
|
||||||
ss = salg->statesize;
|
ss = salg->statesize;
|
||||||
alg = &salg->base;
|
|
||||||
if (ds > alg->cra_blocksize ||
|
if (ds > alg->cra_blocksize ||
|
||||||
ss < alg->cra_blocksize)
|
ss < alg->cra_blocksize)
|
||||||
goto out_put_alg;
|
goto out_put_alg;
|
||||||
|
@ -30,7 +30,7 @@ int rsa_get_n(void *context, size_t hdrlen, unsigned char tag,
|
|||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
if (fips_enabled) {
|
if (fips_enabled) {
|
||||||
while (!*ptr && n_sz) {
|
while (n_sz && !*ptr) {
|
||||||
ptr++;
|
ptr++;
|
||||||
n_sz--;
|
n_sz--;
|
||||||
}
|
}
|
||||||
|
@ -188,13 +188,6 @@ static int encrypt(struct blkcipher_desc *desc,
|
|||||||
|
|
||||||
salsa20_ivsetup(ctx, walk.iv);
|
salsa20_ivsetup(ctx, walk.iv);
|
||||||
|
|
||||||
if (likely(walk.nbytes == nbytes))
|
|
||||||
{
|
|
||||||
salsa20_encrypt_bytes(ctx, walk.dst.virt.addr,
|
|
||||||
walk.src.virt.addr, nbytes);
|
|
||||||
return blkcipher_walk_done(desc, &walk, 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
while (walk.nbytes >= 64) {
|
while (walk.nbytes >= 64) {
|
||||||
salsa20_encrypt_bytes(ctx, walk.dst.virt.addr,
|
salsa20_encrypt_bytes(ctx, walk.dst.virt.addr,
|
||||||
walk.src.virt.addr,
|
walk.src.virt.addr,
|
||||||
|
@ -25,11 +25,12 @@
|
|||||||
|
|
||||||
static const struct crypto_type crypto_shash_type;
|
static const struct crypto_type crypto_shash_type;
|
||||||
|
|
||||||
static int shash_no_setkey(struct crypto_shash *tfm, const u8 *key,
|
int shash_no_setkey(struct crypto_shash *tfm, const u8 *key,
|
||||||
unsigned int keylen)
|
unsigned int keylen)
|
||||||
{
|
{
|
||||||
return -ENOSYS;
|
return -ENOSYS;
|
||||||
}
|
}
|
||||||
|
EXPORT_SYMBOL_GPL(shash_no_setkey);
|
||||||
|
|
||||||
static int shash_setkey_unaligned(struct crypto_shash *tfm, const u8 *key,
|
static int shash_setkey_unaligned(struct crypto_shash *tfm, const u8 *key,
|
||||||
unsigned int keylen)
|
unsigned int keylen)
|
||||||
|
@ -82,6 +82,14 @@ int ahash_register_instance(struct crypto_template *tmpl,
|
|||||||
struct ahash_instance *inst);
|
struct ahash_instance *inst);
|
||||||
void ahash_free_instance(struct crypto_instance *inst);
|
void ahash_free_instance(struct crypto_instance *inst);
|
||||||
|
|
||||||
|
int shash_no_setkey(struct crypto_shash *tfm, const u8 *key,
|
||||||
|
unsigned int keylen);
|
||||||
|
|
||||||
|
static inline bool crypto_shash_alg_has_setkey(struct shash_alg *alg)
|
||||||
|
{
|
||||||
|
return alg->setkey != shash_no_setkey;
|
||||||
|
}
|
||||||
|
|
||||||
int crypto_init_ahash_spawn(struct crypto_ahash_spawn *spawn,
|
int crypto_init_ahash_spawn(struct crypto_ahash_spawn *spawn,
|
||||||
struct hash_alg_common *alg,
|
struct hash_alg_common *alg,
|
||||||
struct crypto_instance *inst);
|
struct crypto_instance *inst);
|
||||||
|
Loading…
Reference in New Issue
Block a user