Eric Lee / smarc-fsl-linux-kernel

22 Dec, 2014

1 commit

  • 7e77bdebf   crypto: af_alg - fix backlog handling ... Browse Code »

    If a request is backlogged, it's complete() handler will get called
    twice: once with -EINPROGRESS, and once with the final error code.

    af_alg's complete handler, unlike other users, does not handle the
    -EINPROGRESS but instead always completes the completion that recvmsg()
    is waiting on. This can lead to a return to user space while the
    request is still pending in the driver. If userspace closes the sockets
    before the requests are handled by the driver, this will lead to
    use-after-frees (and potential crashes) in the kernel due to the tfm
    having been freed.

    The crashes can be easily reproduced (for example) by reducing the max
    queue length in cryptod.c and running the following (from
    http://www.chronox.de/libkcapi.html) on AES-NI capable hardware:

    $ while true; do kcapi -x 1 -e -c '__ecb-aes-aesni' \
    -k 00000000000000000000000000000000 \
    -p 00000000000000000000000000000000 >/dev/null & done

    Cc: stable@vger.kernel.org
    Signed-off-by: Rabin Vincent
    Signed-off-by: Herbert Xu

    Rabin Vincent
     

14 Dec, 2014

1 commit

  • e3aa91a7c   Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 ... Browse Code »

    Pull crypto update from Herbert Xu:
    - The crypto API is now documented :)
    - Disallow arbitrary module loading through crypto API.
    - Allow get request with empty driver name through crypto_user.
    - Allow speed testing of arbitrary hash functions.
    - Add caam support for ctr(aes), gcm(aes) and their derivatives.
    - nx now supports concurrent hashing properly.
    - Add sahara support for SHA1/256.
    - Add ARM64 version of CRC32.
    - Misc fixes.

    * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (77 commits)
    crypto: tcrypt - Allow speed testing of arbitrary hash functions
    crypto: af_alg - add user space interface for AEAD
    crypto: qat - fix problem with coalescing enable logic
    crypto: sahara - add support for SHA1/256
    crypto: sahara - replace tasklets with kthread
    crypto: sahara - add support for i.MX53
    crypto: sahara - fix spinlock initialization
    crypto: arm - replace memset by memzero_explicit
    crypto: powerpc - replace memset by memzero_explicit
    crypto: sha - replace memset by memzero_explicit
    crypto: sparc - replace memset by memzero_explicit
    crypto: algif_skcipher - initialize upon init request
    crypto: algif_skcipher - removed unneeded code
    crypto: algif_skcipher - Fixed blocking recvmsg
    crypto: drbg - use memzero_explicit() for clearing sensitive data
    crypto: drbg - use MODULE_ALIAS_CRYPTO
    crypto: include crypto- module prefix in template
    crypto: user - add MODULE_ALIAS
    crypto: sha-mb - remove a bogus NULL check
    crytpo: qat - Fix 64 bytes requests
    ...

    Linus Torvalds
     

11 Dec, 2014

1 commit

05 Dec, 2014

1 commit

  • af8e80731   crypto: af_alg - add user space interface for AEAD ... Browse Code »

    AEAD requires the caller to specify the following information separate
    from the data stream. This information allows the AEAD interface handler
    to identify the AAD, ciphertext/plaintext and the authentication tag:

    * Associated authentication data of arbitrary length and
    length

    * Length of authentication tag for encryption

    Signed-off-by: Stephan Mueller
    Signed-off-by: Herbert Xu

    Stephan Mueller
     

31 Jul, 2014

1 commit

  • 4c63f83c2   crypto: af_alg - properly label AF_ALG socket ... Browse Code »

    Th AF_ALG socket was missing a security label (e.g. SELinux)
    which means that socket was in "unlabeled" state.

    This was recently demonstrated in the cryptsetup package
    (cryptsetup v1.6.5 and later.)
    See https://bugzilla.redhat.com/show_bug.cgi?id=1115120

    This patch clones the sock's label from the parent sock
    and resolves the issue (similar to AF_BLUETOOTH protocol family).

    Cc: stable@vger.kernel.org
    Signed-off-by: Milan Broz
    Acked-by: Paul Moore
    Signed-off-by: Herbert Xu

    Milan Broz
     

15 Nov, 2013

1 commit

27 Jul, 2011

1 commit

  • 60063497a   atomic: use <linux/atomic.h> ... Browse Code »

    This allows us to move duplicated code in
    (atomic_inc_not_zero() for now) to

    Signed-off-by: Arun Sharma
    Reviewed-by: Eric Dumazet
    Cc: Ingo Molnar
    Cc: David Miller
    Cc: Eric Dumazet
    Acked-by: Mike Frysinger
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Arun Sharma
     

21 Dec, 2010

1 commit

08 Dec, 2010

1 commit

19 Nov, 2010

1 commit

  • 03c8efc1f   crypto: af_alg - User-space interface for Crypto API ... Browse Code »

    This patch creates the backbone of the user-space interface for
    the Crypto API, through a new socket family AF_ALG.

    Each session corresponds to one or more connections obtained from
    that socket. The number depends on the number of inputs/outputs
    of that particular type of operation. For most types there will
    be a s ingle connection/file descriptor that is used for both input
    and output. AEAD is one of the few that require two inputs.

    Each algorithm type will provide its own implementation that plugs
    into af_alg. They're keyed using a string such as "skcipher" or
    "hash".

    IOW this patch only contains the boring bits that is required
    to hold everything together.

    Thakns to Miloslav Trmac for reviewing this and contributing
    fixes and improvements.

    Signed-off-by: Herbert Xu
    Acked-by: David S. Miller
    Tested-by: Martin Willi

    Herbert Xu