提交 916b20e0 编写于 作者: L Linus Torvalds

Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

Pull crypto fixes from Herbert Xu:
 "This push fixes the following issues:

   - buffer overread in RSA

   - potential use after free in algif_aead.

   - error path null pointer dereference in af_alg

   - forbid combinations such as hmac(hmac(sha3)) which may crash

   - crash in salsa20 due to incorrect API usage"

* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  crypto: salsa20 - fix blkcipher_walk API usage
  crypto: hmac - require that the underlying hash algorithm is unkeyed
  crypto: af_alg - fix NULL pointer dereference in
  crypto: algif_aead - fix reference counting of null skcipher
  crypto: rsa - fix buffer overread when stripping leading zeroes
...@@ -59,13 +59,6 @@ static int encrypt(struct blkcipher_desc *desc, ...@@ -59,13 +59,6 @@ static int encrypt(struct blkcipher_desc *desc,
salsa20_ivsetup(ctx, walk.iv); salsa20_ivsetup(ctx, walk.iv);
if (likely(walk.nbytes == nbytes))
{
salsa20_encrypt_bytes(ctx, walk.src.virt.addr,
walk.dst.virt.addr, nbytes);
return blkcipher_walk_done(desc, &walk, 0);
}
while (walk.nbytes >= 64) { while (walk.nbytes >= 64) {
salsa20_encrypt_bytes(ctx, walk.src.virt.addr, salsa20_encrypt_bytes(ctx, walk.src.virt.addr,
walk.dst.virt.addr, walk.dst.virt.addr,
......
...@@ -672,14 +672,15 @@ void af_alg_free_areq_sgls(struct af_alg_async_req *areq) ...@@ -672,14 +672,15 @@ void af_alg_free_areq_sgls(struct af_alg_async_req *areq)
} }
tsgl = areq->tsgl; tsgl = areq->tsgl;
for_each_sg(tsgl, sg, areq->tsgl_entries, i) { if (tsgl) {
if (!sg_page(sg)) for_each_sg(tsgl, sg, areq->tsgl_entries, i) {
continue; if (!sg_page(sg))
put_page(sg_page(sg)); continue;
} put_page(sg_page(sg));
}
if (areq->tsgl && areq->tsgl_entries)
sock_kfree_s(sk, tsgl, areq->tsgl_entries * sizeof(*tsgl)); sock_kfree_s(sk, tsgl, areq->tsgl_entries * sizeof(*tsgl));
}
} }
EXPORT_SYMBOL_GPL(af_alg_free_areq_sgls); EXPORT_SYMBOL_GPL(af_alg_free_areq_sgls);
......
...@@ -503,6 +503,7 @@ static void aead_release(void *private) ...@@ -503,6 +503,7 @@ static void aead_release(void *private)
struct aead_tfm *tfm = private; struct aead_tfm *tfm = private;
crypto_free_aead(tfm->aead); crypto_free_aead(tfm->aead);
crypto_put_default_null_skcipher2();
kfree(tfm); kfree(tfm);
} }
...@@ -535,7 +536,6 @@ static void aead_sock_destruct(struct sock *sk) ...@@ -535,7 +536,6 @@ static void aead_sock_destruct(struct sock *sk)
unsigned int ivlen = crypto_aead_ivsize(tfm); unsigned int ivlen = crypto_aead_ivsize(tfm);
af_alg_pull_tsgl(sk, ctx->used, NULL, 0); af_alg_pull_tsgl(sk, ctx->used, NULL, 0);
crypto_put_default_null_skcipher2();
sock_kzfree_s(sk, ctx->iv, ivlen); sock_kzfree_s(sk, ctx->iv, ivlen);
sock_kfree_s(sk, ctx, ctx->len); sock_kfree_s(sk, ctx, ctx->len);
af_alg_release_parent(sk); af_alg_release_parent(sk);
......
...@@ -195,11 +195,15 @@ static int hmac_create(struct crypto_template *tmpl, struct rtattr **tb) ...@@ -195,11 +195,15 @@ static int hmac_create(struct crypto_template *tmpl, struct rtattr **tb)
salg = shash_attr_alg(tb[1], 0, 0); salg = shash_attr_alg(tb[1], 0, 0);
if (IS_ERR(salg)) if (IS_ERR(salg))
return PTR_ERR(salg); return PTR_ERR(salg);
alg = &salg->base;
/* The underlying hash algorithm must be unkeyed */
err = -EINVAL; err = -EINVAL;
if (crypto_shash_alg_has_setkey(salg))
goto out_put_alg;
ds = salg->digestsize; ds = salg->digestsize;
ss = salg->statesize; ss = salg->statesize;
alg = &salg->base;
if (ds > alg->cra_blocksize || if (ds > alg->cra_blocksize ||
ss < alg->cra_blocksize) ss < alg->cra_blocksize)
goto out_put_alg; goto out_put_alg;
......
...@@ -30,7 +30,7 @@ int rsa_get_n(void *context, size_t hdrlen, unsigned char tag, ...@@ -30,7 +30,7 @@ int rsa_get_n(void *context, size_t hdrlen, unsigned char tag,
return -EINVAL; return -EINVAL;
if (fips_enabled) { if (fips_enabled) {
while (!*ptr && n_sz) { while (n_sz && !*ptr) {
ptr++; ptr++;
n_sz--; n_sz--;
} }
......
...@@ -188,13 +188,6 @@ static int encrypt(struct blkcipher_desc *desc, ...@@ -188,13 +188,6 @@ static int encrypt(struct blkcipher_desc *desc,
salsa20_ivsetup(ctx, walk.iv); salsa20_ivsetup(ctx, walk.iv);
if (likely(walk.nbytes == nbytes))
{
salsa20_encrypt_bytes(ctx, walk.dst.virt.addr,
walk.src.virt.addr, nbytes);
return blkcipher_walk_done(desc, &walk, 0);
}
while (walk.nbytes >= 64) { while (walk.nbytes >= 64) {
salsa20_encrypt_bytes(ctx, walk.dst.virt.addr, salsa20_encrypt_bytes(ctx, walk.dst.virt.addr,
walk.src.virt.addr, walk.src.virt.addr,
......
...@@ -25,11 +25,12 @@ ...@@ -25,11 +25,12 @@
static const struct crypto_type crypto_shash_type; static const struct crypto_type crypto_shash_type;
static int shash_no_setkey(struct crypto_shash *tfm, const u8 *key, int shash_no_setkey(struct crypto_shash *tfm, const u8 *key,
unsigned int keylen) unsigned int keylen)
{ {
return -ENOSYS; return -ENOSYS;
} }
EXPORT_SYMBOL_GPL(shash_no_setkey);
static int shash_setkey_unaligned(struct crypto_shash *tfm, const u8 *key, static int shash_setkey_unaligned(struct crypto_shash *tfm, const u8 *key,
unsigned int keylen) unsigned int keylen)
......
...@@ -82,6 +82,14 @@ int ahash_register_instance(struct crypto_template *tmpl, ...@@ -82,6 +82,14 @@ int ahash_register_instance(struct crypto_template *tmpl,
struct ahash_instance *inst); struct ahash_instance *inst);
void ahash_free_instance(struct crypto_instance *inst); void ahash_free_instance(struct crypto_instance *inst);
int shash_no_setkey(struct crypto_shash *tfm, const u8 *key,
unsigned int keylen);
static inline bool crypto_shash_alg_has_setkey(struct shash_alg *alg)
{
return alg->setkey != shash_no_setkey;
}
int crypto_init_ahash_spawn(struct crypto_ahash_spawn *spawn, int crypto_init_ahash_spawn(struct crypto_ahash_spawn *spawn,
struct hash_alg_common *alg, struct hash_alg_common *alg,
struct crypto_instance *inst); struct crypto_instance *inst);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册