22 Nov, 2016
1 commit
-
Recently an init call was added to hash_recvmsg so as to reset
the hash state in case a sendmsg call was never made.Unfortunately this ended up clobbering the result if the previous
sendmsg was done with a MSG_MORE flag. This patch fixes it by
excluding that case when we make the init call.Fixes: a8348bca2944 ("algif_hash - Fix NULL hash crash with shash")
Reported-by: Patrick Steinhardt
Signed-off-by: Herbert Xu
18 Nov, 2016
1 commit
-
Recently algif_hash has been changed to allow null hashes. This
triggers a bug when used with an shash algorithm whereby it will
cause a crash during the digest operation.This patch fixes it by avoiding the digest operation and instead
doing an init followed by a final which avoids the buggy code in
shash.This patch also ensures that the result buffer is freed after an
error so that it is not returned as a genuine hash result on the
next recv call.The shash/ahash wrapper code will be fixed later to handle this
case correctly.Fixes: 493b2ed3f760 ("crypto: algif_hash - Handle NULL hashes correctly")
Signed-off-by: Herbert Xu
Tested-by: Laura Abbott
07 Sep, 2016
1 commit
-
Right now attempting to read an empty hash simply returns zeroed
bytes, this patch corrects this by calling the digest function
using an empty input.Reported-by: Russell King - ARM Linux
Signed-off-by: Herbert Xu
30 Jan, 2016
1 commit
-
hash_sendmsg/sendpage() need to wait for the completion
of crypto_ahash_init() otherwise it can cause panic.Cc: stable@vger.kernel.org
Signed-off-by: Rui Wang
Signed-off-by: Herbert Xu
18 Jan, 2016
3 commits
-
We need to lock the child socket in hash_check_key as otherwise
two simultaneous calls can cause the parent socket to be freed.Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu -
This patch removes the custom release parent function as the
generic af_alg_release_parent now works for nokey sockets too.Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu -
Hash implementations that require a key may crash if you use
them without setting a key. This patch adds the necessary checks
so that if you do attempt to use them without a key that we return
-ENOKEY instead of proceeding.This patch also adds a compatibility path to support old applications
that do acept(2) before setkey.Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu
02 Nov, 2015
1 commit
-
The hash_accept call fails to work on sockets that have not received
any data. For some algorithm implementations it may cause crashes.This patch fixes this by ensuring that we only export and import on
sockets that have received data.Cc: stable@vger.kernel.org
Reported-by: Harsh Jain
Signed-off-by: Herbert Xu
Tested-by: Stephan Mueller
12 Apr, 2015
1 commit
-
convert open-coded instances
Signed-off-by: Al Viro
03 Mar, 2015
1 commit
-
After TIPC doesn't depend on iocb argument in its internal
implementations of sendmsg() and recvmsg() hooks defined in proto
structure, no any user is using iocb argument in them at all now.
Then we can drop the redundant iocb argument completely from kinds of
implementations of both sendmsg() and recvmsg() in the entire
networking stack.Cc: Christoph Hellwig
Suggested-by: Al Viro
Signed-off-by: Ying Xue
Signed-off-by: David S. Miller
04 Feb, 2015
1 commit
-
With that, all ->sendmsg() instances are converted to iov_iter primitives
and are agnostic wrt the kind of iov_iter they are working with.
So's the last remaining ->recvmsg() instance that wasn't kind-agnostic yet.
All ->sendmsg() and ->recvmsg() advance ->msg_iter by the amount actually
copied and none of them modifies the underlying iovec, etc.Cc: linux-crypto@vger.kernel.org
Signed-off-by: Al Viro
14 Dec, 2014
1 commit
-
Pull crypto update from Herbert Xu:
- The crypto API is now documented :)
- Disallow arbitrary module loading through crypto API.
- Allow get request with empty driver name through crypto_user.
- Allow speed testing of arbitrary hash functions.
- Add caam support for ctr(aes), gcm(aes) and their derivatives.
- nx now supports concurrent hashing properly.
- Add sahara support for SHA1/256.
- Add ARM64 version of CRC32.
- Misc fixes.* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (77 commits)
crypto: tcrypt - Allow speed testing of arbitrary hash functions
crypto: af_alg - add user space interface for AEAD
crypto: qat - fix problem with coalescing enable logic
crypto: sahara - add support for SHA1/256
crypto: sahara - replace tasklets with kthread
crypto: sahara - add support for i.MX53
crypto: sahara - fix spinlock initialization
crypto: arm - replace memset by memzero_explicit
crypto: powerpc - replace memset by memzero_explicit
crypto: sha - replace memset by memzero_explicit
crypto: sparc - replace memset by memzero_explicit
crypto: algif_skcipher - initialize upon init request
crypto: algif_skcipher - removed unneeded code
crypto: algif_skcipher - Fixed blocking recvmsg
crypto: drbg - use memzero_explicit() for clearing sensitive data
crypto: drbg - use MODULE_ALIAS_CRYPTO
crypto: include crypto- module prefix in template
crypto: user - add MODULE_ALIAS
crypto: sha-mb - remove a bogus NULL check
crytpo: qat - Fix 64 bytes requests
...
10 Dec, 2014
1 commit
-
Note that the code _using_ ->msg_iter at that point will be very
unhappy with anything other than unshifted iovec-backed iov_iter.
We still need to convert users to proper primitives.Signed-off-by: Al Viro
25 Nov, 2014
1 commit
-
Commit e1bd95bf7c25 ("crypto: algif - zeroize IV buffer") and
2a6af25befd0 ("crypto: algif - zeroize message digest buffer")
added memzero_explicit() calls on buffers that are later on
passed back to sock_kfree_s().This is a discussed follow-up that, instead, extends the sock
API and adds sock_kzfree_s(), which internally uses kzfree()
instead of kfree() for passing the buffers back to slab.Having sock_kzfree_s() allows to keep the changes more minimal
by just having a drop-in replacement instead of adding
memzero_explicit() calls everywhere before sock_kfree_s().In kzfree(), the compiler is not allowed to optimize the memset()
away and thus there's no need for memzero_explicit(). Both,
sock_kfree_s() and sock_kzfree_s() are wrappers for
__sock_kfree_s() and call into kfree() resp. kzfree(); here,
__sock_kfree_s() needs to be explicitly inlined as we want the
compiler to optimize the call and condition away and thus it
produces e.g. on x86_64 the _same_ assembler output for
sock_kfree_s() before and after, and thus also allows for
avoiding code duplication.Cc: David S. Miller
Signed-off-by: Daniel Borkmann
Signed-off-by: Herbert Xu
24 Nov, 2014
1 commit
-
Signed-off-by: Al Viro
12 Nov, 2014
1 commit
-
Zeroize the buffer holding the message digest calculated for the
consumer before the buffer is released by the hash AF_ALG interface
handler.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu
30 Nov, 2013
1 commit
-
Commit 35f9c09fe (tcp: tcp_sendpages() should call tcp_push() once)
added an internal flag MSG_SENDPAGE_NOTLAST, similar to
MSG_MORE.algif_hash, algif_skcipher, and udp used MSG_MORE from tcp_sendpages()
and need to see the new flag as identical to MSG_MORE.This fixes sendfile() on AF_ALG.
v3: also fix udp
Cc: Tom Herbert
Cc: Eric Dumazet
Cc: David S. Miller
Cc: # 3.4.x + 3.2.x
Reported-and-tested-by: Shawn Landden
Original-patch: Richard Weinberger
Signed-off-by: Shawn Landden
Signed-off-by: David S. Miller
21 Nov, 2013
1 commit
-
This patch now always passes msg->msg_namelen as 0. recvmsg handlers must
set msg_namelen to the proper size
Suggested-by: Eric Dumazet
Signed-off-by: Hannes Frederic Sowa
Signed-off-by: David S. Miller
10 Apr, 2013
1 commit
-
The current code does not set the msg_namelen member to 0 and therefore
makes net/socket.c leak the local sockaddr_storage variable to userland
-- 128 bytes of kernel stack memory. Fix that.Cc: # 2.6.38
Signed-off-by: Mathias Krause
Signed-off-by: Herbert Xu
30 Jun, 2011
1 commit
-
When the first call to af_alg_make_sg fails, we may return garbage
instead of the real error. This patch fixes it by setting the error
if "copied" is zero.Based on a patch by Jesper Juhl.
Reported-by: Jesper Juhl
Signed-off-by: Herbert Xu
19 Nov, 2010
1 commit
-
This patch adds the af_alg plugin for hash, corresponding to
the ahash kernel operation type.Keys can optionally be set through the setsockopt interface.
Each sendmsg call will finalise the hash unless sent with a MSG_MORE
flag.Partial hash states can be cloned using accept(2).
The interface is completely synchronous, all operations will
complete prior to the system call returning.Both sendmsg(2) and splice(2) support reading the user-space
data directly without copying (except that the Crypto API itself
may copy the data if alignment is off).For now only the splice(2) interface supports performing digest
instead of init/update/final. In future the sendmsg(2) interface
will also be modified to use digest/finup where possible so that
hardware that cannot return a partial hash state can still benefit
from this interface.Thakns to Miloslav Trmac for reviewing this and contributing
fixes and improvements.Signed-off-by: Herbert Xu
Acked-by: David S. Miller
Tested-by: Martin Willi