08 Apr, 2018
1 commit
-
commit 8c9bdab21289c211ca1ca6a5f9b7537b4a600a02 upstream.
The buffer rctx->ext contains potentially sensitive data and should
be freed with kzfree.Cc:
Fixes: 700cb3f5fe75 ("crypto: lrw - Convert to skcipher")
Reported-by: Dan Carpenter
Signed-off-by: Herbert Xu
Signed-off-by: Greg Kroah-Hartman
25 Dec, 2017
1 commit
-
[ Upstream commit 616129cc6e75fb4da6681c16c981fa82dfe5e4c7 ]
All error handling paths 'goto err_drop_spawn' except this one.
In order to avoid some resources leak, we should do it as well here.Fixes: 700cb3f5fe75 ("crypto: lrw - Convert to skcipher")
Signed-off-by: Christophe JAILLET
Signed-off-by: Herbert Xu
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
10 Apr, 2017
1 commit
-
When we get an EINPROGRESS completion in lrw, we will end up marking
the request as done and freeing it. This then blows up when the
request is really completed as we've already freed the memory.Fixes: 700cb3f5fe75 ("crypto: lrw - Convert to skcipher")
Cc:
Signed-off-by: Herbert Xu
24 Mar, 2017
1 commit
-
In the generic XTS and LRW algorithms, for input data > 128 bytes, a
temporary buffer is allocated to hold the values to be XOR'ed with the
data before and after encryption or decryption. If the allocation
fails, the fixed-size buffer embedded in the request buffer is meant to
be used as a fallback --- resulting in more calls to the ECB algorithm,
but still producing the correct result. However, we weren't correctly
limiting subreq->cryptlen in this case, resulting in pre_crypt()
overrunning the embedded buffer. Fix this by setting subreq->cryptlen
correctly.Fixes: f1c131b45410 ("crypto: xts - Convert to skcipher")
Fixes: 700cb3f5fe75 ("crypto: lrw - Convert to skcipher")
Cc: stable@vger.kernel.org # v4.10+
Reported-by: Dmitry Vyukov
Signed-off-by: Eric Biggers
Acked-by: David S. Miller
Signed-off-by: Herbert Xu
28 Nov, 2016
1 commit
-
This patch converts lrw over to the skcipher interface. It also
optimises the implementation to be based on ECB instead of the
underlying cipher. For compatibility the existing naming scheme
of lrw(aes) is maintained as opposed to the more obvious one of
lrw(ecb(aes)).Signed-off-by: Herbert Xu
26 Nov, 2014
1 commit
-
This adds the module loading prefix "crypto-" to the template lookup
as well.For example, attempting to load 'vfat(blowfish)' via AF_ALG now correctly
includes the "crypto-" prefix at every level, correctly rejecting "vfat":net-pf-38
algif-hash
crypto-vfat(blowfish)
crypto-vfat(blowfish)-all
crypto-vfatReported-by: Mathias Krause
Signed-off-by: Kees Cook
Acked-by: Mathias Krause
Signed-off-by: Herbert Xu
09 Nov, 2011
4 commits
-
Export gf128mul table initialization routines and add lrw_crypt() function
that can be used by cipher implementations that can benefit from parallelized
cipher operations.Signed-off-by: Jussi Kivilinna
Signed-off-by: Herbert Xu -
Split gf128mul initialization from setkey so that it can be used outside
lrw-module.Signed-off-by: Jussi Kivilinna
Signed-off-by: Herbert Xu -
LRW has fixed blocksize of 16. Define LRW_BLOCK_SIZE and use in place of
crypto_cipher_blocksize().Signed-off-by: Jussi Kivilinna
Signed-off-by: Herbert Xu -
LRW module leaks child cipher memory when init_tfm() fails because of child
block size not being 16.Signed-off-by: Jussi Kivilinna
Signed-off-by: Herbert Xu
17 Feb, 2009
1 commit
-
It turns out that LRW has never worked properly on big endian.
This was never discussed because nobody actually used it that
way. In fact, it was only discovered when Geert Uytterhoeven
loaded it through tcrypt which failed the test on it.The fix is straightforward, on big endian the to find the nth
bit we should be grouping them by words instead of bytes. So
setbit128_bbe should xor with 128 - BITS_PER_LONG instead of
128 - BITS_PER_BYTE == 0x78.Tested-by: Geert Uytterhoeven
Signed-off-by: Herbert Xu
21 Apr, 2008
1 commit
-
replace all:
big_endian_variable = cpu_to_beX(beX_to_cpu(big_endian_variable) +
expression_in_cpu_byteorder);
with:
beX_add_cpu(&big_endian_variable, expression_in_cpu_byteorder);Signed-off-by: Marcin Slusarz
Cc: David S. Miller
Cc: Roel Kluin
Signed-off-by: Herbert Xu
08 Feb, 2008
1 commit
-
Convert instances of ERR_PTR(PTR_ERR(p)) to ERR_CAST(p) using:
perl -spi -e 's/ERR_PTR[(]PTR_ERR[(](.*)[)][)]/ERR_CAST(\1)/' `grep -rl 'ERR_PTR[(]*PTR_ERR' fs crypto net security`
Signed-off-by: David Howells
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
02 May, 2007
1 commit
-
This patch passes the type/mask along when constructing instances of
templates. This is in preparation for templates that may support
multiple types of instances depending on what is requested. For example,
the planned software async crypto driver will use this construct.For the moment this allows us to check whether the instance constructed
is of the correct type and avoid returning success if the type does not
match.Signed-off-by: Herbert Xu
07 Feb, 2007
1 commit
-
This patch allows spawns of specific types (e.g., cipher) to be allocated.
Signed-off-by: Herbert Xu
07 Dec, 2006
2 commits
-
Fixes:
crypto/lrw.c:99: warning: conflicting types for built-in function ‘round’
Signed-off-by: David S. Miller
-
Main module, this implements the Liskov Rivest Wagner block cipher mode
in the new blockcipher API. The implementation is based on ecb.c.The LRW-32-AES specification I used can be found at:
http://grouper.ieee.org/groups/1619/email/pdf00017.pdfIt implements the optimization specified as optional in the
specification, and in addition it uses optimized multiplication
routines from gf128mul.c.Since gf128mul.[ch] is not tested on bigendian, this cipher mode
may currently fail badly on bigendian machines.Signed-off-by: Rik Snel
Signed-off-by: Herbert Xu
