linux.git/crypto, branch v3.12.45 Clone of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git crypto: testmgr - fix RNG return code enforcement 2015-06-10T12:05:57+00:00 Stephan Mueller smueller@chronox.de 2015-03-10T16:00:36+00:00 56005f9a961016e2977e12f1c5bd69601234c77c commit 19e60e1392d110be03d794e2286dd6cfd779cbe3 upstream. Due to the change to RNGs to always return zero in success case, the invocation of the RNGs in the test manager must be updated as otherwise the RNG self tests are not properly executed any more. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Alexander Bergmann <abergmann@suse.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Jiri Slaby <jslaby@suse.cz> 
commit 19e60e1392d110be03d794e2286dd6cfd779cbe3 upstream.

Due to the change to RNGs to always return zero in success case, the
invocation of the RNGs in the test manager must be updated as otherwise
the RNG self tests are not properly executed any more.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Alexander Bergmann <abergmann@suse.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
crypto: rng - RNGs must return 0 in success case 2015-06-10T11:53:11+00:00 Stephan Mueller smueller@chronox.de 2015-03-06T07:26:31+00:00 f60b0fa8bbddde66f1d197be07120264b555c84a commit cde001e4c3c3625c60b68a83eb1f1c2572dee07a upstream. Change the RNGs to always return 0 in success case. This patch ensures that seqiv.c works with RNGs other than krng. seqiv expects that any return code other than 0 is an error. Without the patch, rfc4106(gcm(aes)) will not work when using a DRBG or an ANSI X9.31 RNG. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Jiri Slaby <jslaby@suse.cz> 
commit cde001e4c3c3625c60b68a83eb1f1c2572dee07a upstream.

Change the RNGs to always return 0 in success case.

This patch ensures that seqiv.c works with RNGs other than krng. seqiv
expects that any return code other than 0 is an error. Without the
patch, rfc4106(gcm(aes)) will not work when using a DRBG or an ANSI
X9.31 RNG.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
crypto: testmgr - fix 3.12.40 regression 2015-04-27T17:59:51+00:00 Lennart Sorensen lsorense@csclub.uwaterloo.ca 2015-04-21T16:31:13+00:00 764dcf7b83098c83fd366eade51a59d1f54ce589 commit ace3fc1e3f3a85ec705805146247231b11e1babe in 3.12.40 missed two lines while pulling in commit 8a45ac12ec5b6ee67f8559c78ae11d9af8b821ee from upstream. This causes the tests to fail in some cases. With the two missing lines added in, the tests pass again. Tested with omap-aes, omap-sham and talitos. Signed-off-by: Len Sorensen <lsorense@csclub.uwaterloo.ca> Signed-off-by: Jiri Slaby <jslaby@suse.cz> 
commit ace3fc1e3f3a85ec705805146247231b11e1babe in 3.12.40 missed two
lines while pulling in commit 8a45ac12ec5b6ee67f8559c78ae11d9af8b821ee
from upstream.  This causes the tests to fail in some cases.

With the two missing lines added in, the tests pass again.

Tested with omap-aes, omap-sham and talitos.

Signed-off-by: Len Sorensen <lsorense@csclub.uwaterloo.ca>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
crypto: testmgr - don't use interruptible wait in tests 2015-04-09T12:13:16+00:00 Rabin Vincent rabin.vincent@axis.com 2015-01-09T15:25:28+00:00 ace3fc1e3f3a85ec705805146247231b11e1babe commit 8a45ac12ec5b6ee67f8559c78ae11d9af8b821ee upstream. tcrypt/testmgr uses wait_for_completion_interruptible() everywhere when it waits for a request to be completed. If it's interrupted, then the test is aborted and the request is freed. However, if any of these calls actually do get interrupted, the result will likely be a kernel crash, when the driver handles the now-freed request. Use wait_for_completion() instead. Signed-off-by: Rabin Vincent <rabin.vincent@axis.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Jiri Slaby <jslaby@suse.cz> 
commit 8a45ac12ec5b6ee67f8559c78ae11d9af8b821ee upstream.

tcrypt/testmgr uses wait_for_completion_interruptible() everywhere when
it waits for a request to be completed.  If it's interrupted, then the
test is aborted and the request is freed.

However, if any of these calls actually do get interrupted, the result
will likely be a kernel crash, when the driver handles the now-freed
request.  Use wait_for_completion() instead.

Signed-off-by: Rabin Vincent <rabin.vincent@axis.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
crypto: sha - Handle unaligned input data in generic sha256 and sha512. 2015-04-09T11:14:26+00:00 David S. Miller davem@davemloft.net 2014-10-02T06:52:37+00:00 0edeff6752d09d09df3535d34ba6c86c43d3d369 commit be34c4ef693ff5c10f55606dbd656ddf0b4a8340 upstream. Like SHA1, use get_unaligned_be*() on the raw input data. Reported-by: Bob Picco <bob.picco@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Jiri Slaby <jslaby@suse.cz> 
commit be34c4ef693ff5c10f55606dbd656ddf0b4a8340 upstream.

Like SHA1, use get_unaligned_be*() on the raw input data.

Reported-by: Bob Picco <bob.picco@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
crypto: crc32c - add missing crypto module alias 2015-02-10T10:08:16+00:00 Mathias Krause minipli@googlemail.com 2015-02-10T00:14:07+00:00 21c29e8e5abd84bc15fa05d4b1fce0f8ccb9856f The backport of commit 5d26a105b5a7 ("crypto: prefix module autoloading with "crypto-"") lost the MODULE_ALIAS_CRYPTO() annotation of crc32c.c. Add it to fix the reported filesystem related regressions. Signed-off-by: Mathias Krause <minipli@googlemail.com> Reported-by: Philip Müller <philm@manjaro.org> Cc: Kees Cook <keescook@chromium.org> Cc: Rob McCathie <rob@manjaro.org> Cc: Luis Henriques <luis.henriques@canonical.com> Cc: Kamal Mostafa <kamal@canonical.com> Cc: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Jiri Slaby <jslaby@suse.cz> 
The backport of commit 5d26a105b5a7 ("crypto: prefix module autoloading
with "crypto-"") lost the MODULE_ALIAS_CRYPTO() annotation of crc32c.c.
Add it to fix the reported filesystem related regressions.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Reported-by: Philip Müller <philm@manjaro.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Rob McCathie <rob@manjaro.org>
Cc: Luis Henriques <luis.henriques@canonical.com>
Cc: Kamal Mostafa <kamal@canonical.com>
Cc: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
crypto: add missing crypto module aliases 2015-01-29T14:45:12+00:00 Mathias Krause minipli@googlemail.com 2015-01-11T17:17:42+00:00 9e289c4b5117818d396f19c1bda0f986c31ddf20 commit 3e14dcf7cb80b34a1f38b55bc96f02d23fdaaaaf upstream. Commit 5d26a105b5a7 ("crypto: prefix module autoloading with "crypto-"") changed the automatic module loading when requesting crypto algorithms to prefix all module requests with "crypto-". This requires all crypto modules to have a crypto specific module alias even if their file name would otherwise match the requested crypto algorithm. Even though commit 5d26a105b5a7 added those aliases for a vast amount of modules, it was missing a few. Add the required MODULE_ALIAS_CRYPTO annotations to those files to make them get loaded automatically, again. This fixes, e.g., requesting 'ecb(blowfish-generic)', which used to work with kernels v3.18 and below. Also change MODULE_ALIAS() lines to MODULE_ALIAS_CRYPTO(). The former won't work for crypto modules any more. Fixes: 5d26a105b5a7 ("crypto: prefix module autoloading with "crypto-"") Cc: Kees Cook <keescook@chromium.org> Signed-off-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Jiri Slaby <jslaby@suse.cz> 
commit 3e14dcf7cb80b34a1f38b55bc96f02d23fdaaaaf upstream.

Commit 5d26a105b5a7 ("crypto: prefix module autoloading with "crypto-"")
changed the automatic module loading when requesting crypto algorithms
to prefix all module requests with "crypto-". This requires all crypto
modules to have a crypto specific module alias even if their file name
would otherwise match the requested crypto algorithm.

Even though commit 5d26a105b5a7 added those aliases for a vast amount of
modules, it was missing a few. Add the required MODULE_ALIAS_CRYPTO
annotations to those files to make them get loaded automatically, again.
This fixes, e.g., requesting 'ecb(blowfish-generic)', which used to work
with kernels v3.18 and below.

Also change MODULE_ALIAS() lines to MODULE_ALIAS_CRYPTO(). The former
won't work for crypto modules any more.

Fixes: 5d26a105b5a7 ("crypto: prefix module autoloading with "crypto-"")
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
crypto: include crypto- module prefix in template 2015-01-29T14:45:11+00:00 Kees Cook keescook@chromium.org 2014-11-25T00:32:38+00:00 f753253c2c19423b0d6743ca9eae725549299245 commit 4943ba16bbc2db05115707b3ff7b4874e9e3c560 upstream. This adds the module loading prefix "crypto-" to the template lookup as well. For example, attempting to load 'vfat(blowfish)' via AF_ALG now correctly includes the "crypto-" prefix at every level, correctly rejecting "vfat": net-pf-38 algif-hash crypto-vfat(blowfish) crypto-vfat(blowfish)-all crypto-vfat Reported-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Jiri Slaby <jslaby@suse.cz> 
commit 4943ba16bbc2db05115707b3ff7b4874e9e3c560 upstream.

This adds the module loading prefix "crypto-" to the template lookup
as well.

For example, attempting to load 'vfat(blowfish)' via AF_ALG now correctly
includes the "crypto-" prefix at every level, correctly rejecting "vfat":

	net-pf-38
	algif-hash
	crypto-vfat(blowfish)
	crypto-vfat(blowfish)-all
	crypto-vfat

Reported-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
crypto: prefix module autoloading with "crypto-" 2015-01-29T14:45:11+00:00 Kees Cook keescook@chromium.org 2014-11-21T01:05:53+00:00 7f655881c786824340b0bee70f9738e10d427494 commit 5d26a105b5a73e5635eae0629b42fa0a90e07b7b upstream. This prefixes all crypto module loading with "crypto-" so we never run the risk of exposing module auto-loading to userspace via a crypto API, as demonstrated by Mathias Krause: https://lkml.org/lkml/2013/3/4/70 Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Jiri Slaby <jslaby@suse.cz> 
commit 5d26a105b5a73e5635eae0629b42fa0a90e07b7b upstream.

This prefixes all crypto module loading with "crypto-" so we never run
the risk of exposing module auto-loading to userspace via a crypto API,
as demonstrated by Mathias Krause:

https://lkml.org/lkml/2013/3/4/70

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
crypto: af_alg - fix backlog handling 2015-01-07T16:55:16+00:00 Rabin Vincent rabin.vincent@axis.com 2014-12-19T12:36:08+00:00 4f62b27e2776ea102579e9d2fbcc9660b89caa53 commit 7e77bdebff5cb1e9876c561f69710b9ab8fa1f7e upstream. If a request is backlogged, it's complete() handler will get called twice: once with -EINPROGRESS, and once with the final error code. af_alg's complete handler, unlike other users, does not handle the -EINPROGRESS but instead always completes the completion that recvmsg() is waiting on. This can lead to a return to user space while the request is still pending in the driver. If userspace closes the sockets before the requests are handled by the driver, this will lead to use-after-frees (and potential crashes) in the kernel due to the tfm having been freed. The crashes can be easily reproduced (for example) by reducing the max queue length in cryptod.c and running the following (from http://www.chronox.de/libkcapi.html) on AES-NI capable hardware: $ while true; do kcapi -x 1 -e -c '__ecb-aes-aesni' \ -k 00000000000000000000000000000000 \ -p 00000000000000000000000000000000 >/dev/null & done Signed-off-by: Rabin Vincent <rabin.vincent@axis.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Jiri Slaby <jslaby@suse.cz> 
commit 7e77bdebff5cb1e9876c561f69710b9ab8fa1f7e upstream.

If a request is backlogged, it's complete() handler will get called
twice: once with -EINPROGRESS, and once with the final error code.

af_alg's complete handler, unlike other users, does not handle the
-EINPROGRESS but instead always completes the completion that recvmsg()
is waiting on.  This can lead to a return to user space while the
request is still pending in the driver.  If userspace closes the sockets
before the requests are handled by the driver, this will lead to
use-after-frees (and potential crashes) in the kernel due to the tfm
having been freed.

The crashes can be easily reproduced (for example) by reducing the max
queue length in cryptod.c and running the following (from
http://www.chronox.de/libkcapi.html) on AES-NI capable hardware:

 $ while true; do kcapi -x 1 -e -c '__ecb-aes-aesni' \
    -k 00000000000000000000000000000000 \
    -p 00000000000000000000000000000000 >/dev/null & done

Signed-off-by: Rabin Vincent <rabin.vincent@axis.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>