1. 14 12月, 2016 3 次提交
    • A
      crypto: skcipher - fix crash in virtual walk · 18e615ad
      Ard Biesheuvel 提交于
      The new skcipher walk API may crash in the following way. (Interestingly,
      the tcrypt boot time tests seem unaffected, while an explicit test using
      the module triggers it)
      
        Unable to handle kernel NULL pointer dereference at virtual address 00000000
        ...
        [<ffff000008431d84>] __memcpy+0x84/0x180
        [<ffff0000083ec0d0>] skcipher_walk_done+0x328/0x340
        [<ffff0000080c5c04>] ctr_encrypt+0x84/0x100
        [<ffff000008406d60>] simd_skcipher_encrypt+0x88/0x98
        [<ffff0000083fa05c>] crypto_rfc3686_crypt+0x8c/0x98
        [<ffff0000009b0900>] test_skcipher_speed+0x518/0x820 [tcrypt]
        [<ffff0000009b31c0>] do_test+0x1408/0x3b70 [tcrypt]
        [<ffff0000009bd050>] tcrypt_mod_init+0x50/0x1000 [tcrypt]
        [<ffff0000080838f4>] do_one_initcall+0x44/0x138
        [<ffff0000081aee60>] do_init_module+0x68/0x1e0
        [<ffff0000081524d0>] load_module+0x1fd0/0x2458
        [<ffff000008152c38>] SyS_finit_module+0xe0/0xf0
        [<ffff0000080836f0>] el0_svc_naked+0x24/0x28
      
      This is due to the fact that skcipher_done_slow() may be entered with
      walk->buffer unset. Since skcipher_walk_done() already deals with the
      case where walk->buffer == walk->page, it appears to be the intention
      that walk->buffer point to walk->page after skcipher_next_slow(), so
      ensure that is the case.
      Signed-off-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      18e615ad
    • A
      sign-file: Fix inplace signing when src and dst names are both specified · efcae7c9
      Alex Yashchenko 提交于
      When src and dst both are specified and they point to the same file
      the sign-file utility will write only signature to the dst file and
      the module (.ko file) body will not be written.
      That happens because we open the same file with "rb" and "wb" flags,
      from fopen man:
      
       w      Truncate file to zero length or create text file for writing.
      The stream is positioned at the beginning of the file.
      ...
      	bm = BIO_new_file(module_name, "rb");
      ...
      	bd = BIO_new_file(dest_name, "wb");
      ...
      	while ((n = BIO_read(bm, buf, sizeof(buf))),
      	       n > 0) {
      		ERR(BIO_write(bd, buf, n) < 0, "%s", dest_name);
      	}
      ...
      Signed-off-by: NAlex Yashchenko <alexhoppus111@gmail.com>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      efcae7c9
    • P
      crypto: asymmetric_keys - set error code on failure · fbb72630
      Pan Bian 提交于
      In function public_key_verify_signature(), returns variable ret on
      error paths. When the call to kmalloc() fails, the value of ret is 0,
      and it is not set to an errno before returning. This patch fixes the
      bug.
      
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188891Signed-off-by: NPan Bian <bianpan2016@163.com>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      fbb72630
  2. 08 12月, 2016 1 次提交
  3. 07 12月, 2016 8 次提交
  4. 01 12月, 2016 11 次提交
  5. 30 11月, 2016 17 次提交