| 9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 |
|
05-Feb-2013 |
Mathias Krause <minipli@googlemail.com> |
crypto: user - fix info leaks in report API
Three errors resulting in kernel memory disclosure:
1/ The structures used for the netlink based crypto algorithm report API
are located on the stack. As snprintf() does not fill the remainder of
the buffer with null bytes, those stack bytes will be disclosed to users
of the API. Switch to strncpy() to fix this.
2/ crypto_report_one() does not initialize all field of struct
crypto_user_alg. Fix this to fix the heap info leak.
3/ For the module name we should copy only as many bytes as
module_name() returns -- not as much as the destination buffer could
hold. But the current code does not and therefore copies random data
from behind the end of the module name, as the module name is always
shorter than CRYPTO_MAX_ALG_NAME.
Also switch to use strncpy() to copy the algorithm's name and
driver_name. They are strings, after all.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| 6662df33f85b87bb29f2ecad124efe7bb2c08e05 |
|
02-Apr-2012 |
David S. Miller <davem@davemloft.net> |
crypto: Stop using NLA_PUT*().
These macros contain a hidden goto, and are thus extremely error
prone and make code hard to audit.
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| f0dfc0b0b7f3d961da8a98bcfccc8be9107a848b |
|
25-Nov-2011 |
Cong Wang <amwang@redhat.com> |
crypto: remove the second argument of k[un]map_atomic()
Signed-off-by: Cong Wang <amwang@redhat.com>
|
| 3acc84739dd5d746840f881ad4d60bd2a428f1dd |
|
03-Nov-2011 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: algapi - Fix build problem with NET disabled
The report functions use NLA_PUT so we need to ensure that NET
is enabled.
Reported-by: Luis Henriques <henrix@camandro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| 6238cbaec429c98d1a280014839c934107c7c8f6 |
|
27-Sep-2011 |
Steffen Klassert <steffen.klassert@secunet.com> |
crypto: Add userspace report for ahash type algorithms
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| 23a75eee070f1370bee803a34f285cf81eb5f331 |
|
06-Aug-2010 |
Szilveszter Ördög <slipszi@gmail.com> |
crypto: hash - Fix handling of small unaligned buffers
If a scatterwalk chain contains an entry with an unaligned offset then
hash_walk_next() will cut off the next step at the next alignment point.
However, if the entry ends before the next alignment point then we a loop,
which leads to a kernel oops.
Fix this by checking whether the next aligment point is before the end of the
current entry.
Signed-off-by: Szilveszter Ördög <slipszi@gmail.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| cbb9bf65ae25dee772e85589136e7dd1c3e743ae |
|
03-Mar-2010 |
Szilveszter Ördög <slipszi@gmail.com> |
crypto: hash - Fix handling of unaligned buffers
The correct way to calculate the start of the aligned part of an
unaligned buffer is:
offset = ALIGN(offset, alignmask + 1);
However, crypto_hash_walk_done() has:
offset += alignmask - 1;
offset = ALIGN(offset, alignmask + 1);
which actually skips a whole block unless offset % (alignmask + 1) == 1.
This patch fixes the problem.
Signed-off-by: Szilveszter Ördög <slipszi@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| 5befbd5a7e9c814d145f15b4281c88da96fb1aa9 |
|
24-Jul-2009 |
Steffen Klassert <steffen.klassert@secunet.com> |
crypto: ahash - Use GFP_KERNEL on allocation if the request can sleep
ahash_op_unaligned() and ahash_def_finup() allocate memory atomically,
regardless whether the request can sleep or not. This patch changes
this to use GFP_KERNEL if the request can sleep.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| a70c522520d967844c01fa01459edc698fc54544 |
|
15-Jul-2009 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: ahash - Fix setkey crash
When the alignment check was made unconditional for ahash we
may end up crashing on shash algorithms because we're always
calling alg->setkey instead of tfm->setkey.
This patch fixes it.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| 66f6ce5e52f2f209d5bf1f06167cec888f4f4c13 |
|
14-Jul-2009 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: ahash - Add unaligned handling and default operations
This patch exports the finup operation where available and adds
a default finup operation for ahash. The operations final, finup
and digest also will now deal with unaligned result pointers by
copying it. Finally export/import operations are will now be
exported too.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| 093900c2b964da73daf234374225b5ce5d49f941 |
|
14-Jul-2009 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: ahash - Use GFP_KERNEL in unaligned setkey
We currently use GFP_ATOMIC in the unaligned setkey function
to allocate the temporary aligned buffer. Since setkey must
be called in a sleepable context, we can use GFP_KERNEL instead.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| 8c32c516eb1c1f9c14d25478442137c698788975 |
|
14-Jul-2009 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: hash - Zap unaligned buffers
Some unaligned buffers on the stack weren't zapped properly which
may cause secret data to be leaked. This patch fixes them by doing
a zero memset.
It is also possible for us to place random kernel stack contents
in the digest buffer if a digest operation fails. This is fixed
by only copying if the operation succeeded.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| 500b3e3c3dc8e4845b77ae81e5b7b085ab183ce6 |
|
14-Jul-2009 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: ahash - Remove old_ahash_alg
Now that all ahash implementations have been converted to the new
ahash type, we can remove old_ahash_alg and its associated support.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| 01c2dece4316dadc0f9fad1ad0b56d493980e492 |
|
14-Jul-2009 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: ahash - Add instance/spawn support
This patch adds support for creating ahash instances and using
ahash as spawns.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| 88056ec346ccf41f63dbc7080b24b5fd19d1358d |
|
13-Jul-2009 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: ahash - Convert to new style algorithms
This patch converts crypto_ahash to the new style. The old ahash
algorithm type is retained until the existing ahash implementations
are also converted. All ahash users will automatically get the
new crypto_ahash type.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| d315a0e09f1c8b833cacd5e72f3edea419978138 |
|
31-May-2009 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: hash - Fix handling of sg entry that crosses page boundary
A quirk that we've always supported is having an sg entry that's
bigger than a page, or more generally an sg entry that crosses
page boundaries. Even though it would be better to explicitly have
to sg entries for this, we need to support it for the existing users,
in particular, IPsec.
The new ahash sg walking code did try to handle this, but there was
a bug where we didn't increment the page so kept on walking on the
first page over an dover again.
This patch fixes it.
Tested-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| bb402f16ecf9bcdb944b8fa730f0e43cae519673 |
|
19-Feb-2009 |
Lee Nipper <lee.nipper@freescale.com> |
crypto: ahash - Fix digest size in /proc/crypto
crypto_ahash_show changed to use cra_ahash for digestsize reference.
Signed-off-by: Lee Nipper <lee.nipper@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| 3751f402e099893c34089ed303dca6f5f92dbfd1 |
|
08-Nov-2008 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: hash - Make setkey optional
Since most cryptographic hash algorithms have no keys, this patch
makes the setkey function optional for ahash and shash.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| 5f7082ed4f482f05db01d84dbf58190492ebf0ad |
|
31-Aug-2008 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: hash - Export shash through hash
This patch allows shash algorithms to be used through the old hash
interface. This is a transitional measure so we can convert the
underlying algorithms to shash before converting the users across.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| dec8b78606ebd5f309c38f2fb10196ce996dd18d |
|
02-Nov-2008 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: hash - Add import/export interface
It is often useful to save the partial state of a hash function
so that it can be used as a base for two or more computations.
The most prominent example is HMAC where all hashes start from
a base determined by the key. Having an import/export interface
means that we only have to compute that base once rather than
for each message.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| 20036252fc61c624a49770fb89684ea5cfdfa05e |
|
07-Jul-2008 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: hash - Added scatter list walking helper
This patch adds the walking helpers for hash algorithms akin to
those of block ciphers. This is a necessary step before we can
reimplement existing hash algorithms using the new ahash interface.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| 166247f46a9c866e6f7f7d2212be875fb82212a1 |
|
07-Jul-2008 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: hash - Removed vestigial ahash fields
The base field in ahash_tfm appears to have been cut-n-pasted from
ablkcipher. It isn't needed here at all. Similarly, the info field
in ahash_request also appears to have originated from its cipher
counter-part and is vestigial.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| ca786dc738f4f583b57b1bba7a335b5e8233f4b0 |
|
07-Jul-2008 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: hash - Fixed digest size check
The digest size check on hash algorithms is incorrect. It's
perfectly valid for hash algorithms to have a digest length
longer than their block size. For example crc32c has a block
size of 1 and a digest size of 4. Rather than having it lie
about its block size, this patch fixes the checks to do what
they really should which is to bound the digest size so that
code placing the digest on the stack continue to work.
HMAC however still needs to check this as it's only defined
for such algorithms.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| 004a403c2e954734090a69aedc7f4f822bdcc142 |
|
14-May-2008 |
Loc Ho <lho@amcc.com> |
[CRYPTO] hash: Add asynchronous hash support
This patch adds asynchronous hash and digest support.
Signed-off-by: Loc Ho <lho@amcc.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|