kernel/linux.git/crypto, branch v4.19.315Linux kernel stable tree (mirror)https://git.radix-linux.su/kernel/linux.git/atom?h=v4.19.3152024-05-02T14:17:13+00:00Revert "crypto: api - Disallow identical driver names"2024-05-02T14:17:13+00:00Greg Kroah-Hartmangregkh@linuxfoundation.org2024-04-29T10:53:46+00:00urn:sha1:69dc8fc8307640b717b37056549d88a664273206
This reverts commit 15a67115d487ea5cb8213915a4f75f58adb87cbc which is
commit 27016f75f5ed47e2d8e0ca75a8ff1f40bc1a5e27 upstream.
It is reported to cause problems in older kernels due to some crypto
drivers having the same name, so revert it here to fix the problems.
Link: https://lore.kernel.org/r/aceda6e2-cefb-4146-aef8-ff4bafa56e56@roeck-us.net
Reported-by: Guenter Roeck <linux@roeck-us.net>
Cc: Ovidiu Panait <ovidiu.panait@windriver.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
crypto: af_alg - Work around empty control messages without MSG_MORE2024-03-26T22:22:43+00:00Herbert Xuherbert@gondor.apana.org.au2020-08-27T07:14:36+00:00urn:sha1:ba1f292491c011fa11d80b152f15ef97e4519891
commit c195d66a8a75c60515819b101975f38b7ec6577f upstream.
The iwd daemon uses libell which sets up the skcipher operation with
two separate control messages. As the first control message is sent
without MSG_MORE, it is interpreted as an empty request.
While libell should be fixed to use MSG_MORE where appropriate, this
patch works around the bug in the kernel so that existing binaries
continue to work.
We will print a warning however.
A separate issue is that the new kernel code no longer allows the
control message to be sent twice within the same request. This
restriction is obviously incompatible with what iwd was doing (first
setting an IV and then sending the real control message). This
patch changes the kernel so that this is explicitly allowed.
Reported-by: Caleb Jorden <caljorden@hotmail.com>
Fixes: f3c802a1f300 ("crypto: algif_aead - Only wake up when...")
Cc: <stable@vger.kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
crypto: af_alg - Fix regression on empty requests2024-03-26T22:22:43+00:00Herbert Xuherbert@gondor.apana.org.au2020-07-02T03:32:21+00:00urn:sha1:546e3961b5d4c6db82cfb441fabb4353940c8f95
commit 662bb52f50bca16a74fe92b487a14d7dccb85e1a upstream.
Some user-space programs rely on crypto requests that have no
control metadata. This broke when a check was added to require
the presence of control metadata with the ctx->init flag.
This patch fixes the regression by setting ctx->init as long as
one sendmsg(2) has been made, with or without a control message.
Reported-by: Sachin Sant <sachinp@linux.vnet.ibm.com>
Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Fixes: f3c802a1f300 ("crypto: algif_aead - Only wake up when...")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
crypto: algif_aead - Only wake up when ctx->more is zero2024-03-26T22:22:34+00:00Herbert Xuherbert@gondor.apana.org.au2020-05-29T14:23:49+00:00urn:sha1:de564b59755dfb080ef237dd4fbd02cb0c3e58a1
[ Upstream commit f3c802a1f30013f8f723b62d7fa49eb9e991da23 ]
AEAD does not support partial requests so we must not wake up
while ctx->more is set. In order to distinguish between the
case of no data sent yet and a zero-length request, a new init
flag has been added to ctx.
SKCIPHER has also been modified to ensure that at least a block
of data is available if there is more data to come.
Fixes: 2d97591ef43d ("crypto: af_alg - consolidation of...")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: af_alg - make some functions static2024-03-26T22:22:34+00:00Eric Biggersebiggers@google.com2019-01-10T20:18:00+00:00urn:sha1:0ca02d4beebb7b47ea0cbdceac891465cbb966c6
[ Upstream commit 466e0759269d31485074126700574230bfff3b1c ]
Some exported functions in af_alg.c aren't used outside of that file.
Therefore, un-export them and make them 'static'.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stable-dep-of: f3c802a1f300 ("crypto: algif_aead - Only wake up when ctx->more is zero")
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: algif_aead - fix uninitialized ctx->init2024-03-26T22:22:33+00:00Ondrej Mosnacekomosnace@redhat.com2020-08-12T12:58:25+00:00urn:sha1:17a1144baa54edb9c97014ad441a03b93e50ab75
[ Upstream commit 21dfbcd1f5cbff9cf2f9e7e43475aed8d072b0dd ]
In skcipher_accept_parent_nokey() the whole af_alg_ctx structure is
cleared by memset() after allocation, so add such memset() also to
aead_accept_parent_nokey() so that the new "init" field is also
initialized to zero. Without that the initial ctx->init checks might
randomly return true and cause errors.
While there, also remove the redundant zero assignments in both
functions.
Found via libkcapi testsuite.
Cc: Stephan Mueller <smueller@chronox.de>
Fixes: f3c802a1f300 ("crypto: algif_aead - Only wake up when ctx->more is zero")
Suggested-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: api - Disallow identical driver names2024-02-23T07:12:39+00:00Herbert Xuherbert@gondor.apana.org.au2023-12-07T10:36:57+00:00urn:sha1:15a67115d487ea5cb8213915a4f75f58adb87cbc
commit 27016f75f5ed47e2d8e0ca75a8ff1f40bc1a5e27 upstream.
Disallow registration of two algorithms with identical driver names.
Cc: <stable@vger.kernel.org>
Reported-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
crypto: scompress - initialize per-CPU variables on each CPU2024-01-25T22:33:39+00:00Sebastian Andrzej Siewiorbigeasy@linutronix.de2019-04-12T15:14:15+00:00urn:sha1:a132ff91717c28498c602e62824f0684a02c8832
commit 8c3fffe3993b06dd1955a79bd2f0f3b143d259b3 upstream.
In commit 71052dcf4be70 ("crypto: scompress - Use per-CPU struct instead
multiple variables") I accidentally initialized multiple times the memory on a
random CPU. I should have initialize the memory on every CPU like it has
been done earlier. I didn't notice this because the scheduler didn't
move the task to another CPU.
Guenter managed to do that and the code crashed as expected.
Allocate / free per-CPU memory on each CPU.
Fixes: 71052dcf4be70 ("crypto: scompress - Use per-CPU struct instead multiple variables")
Reported-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
crypto: scomp - fix req->dst buffer overflow2024-01-25T22:33:33+00:00Chengming Zhouzhouchengming@bytedance.com2023-12-27T09:35:23+00:00urn:sha1:1142d65c5b881590962ad763f94505b6dd67d2fe
[ Upstream commit 744e1885922a9943458954cfea917b31064b4131 ]
The req->dst buffer size should be checked before copying from the
scomp_scratch->dst to avoid req->dst buffer overflow problem.
Fixes: 1ab53a77b772 ("crypto: acomp - add driver-side scomp interface")
Reported-by: syzbot+3eff5e51bf1db122a16e@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/0000000000000b05cd060d6b5511@google.com/
Signed-off-by: Chengming Zhou <zhouchengming@bytedance.com>
Reviewed-by: Barry Song <v-songbaohua@oppo.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: scompress - Use per-CPU struct instead multiple variables2024-01-25T22:33:33+00:00Sebastian Andrzej Siewiorbigeasy@linutronix.de2019-03-29T13:09:56+00:00urn:sha1:f8f261f9ade28894f5b547d1ec2a905308990f28
[ Upstream commit 71052dcf4be70be4077817297dcde7b155e745f2 ]
Two per-CPU variables are allocated as pointer to per-CPU memory which
then are used as scratch buffers.
We could be smart about this and use instead a per-CPU struct which
contains the pointers already and then we need to allocate just the
scratch buffers.
Add a lock to the struct. By doing so we can avoid the get_cpu()
statement and gain lockdep coverage (if enabled) to ensure that the lock
is always acquired in the right context. On non-preemptible kernels the
lock vanishes.
It is okay to use raw_cpu_ptr() in order to get a pointer to the struct
since it is protected by the spinlock.
The diffstat of this is negative and according to size scompress.o:
text data bss dec hex filename
1847 160 24 2031 7ef dbg_before.o
1754 232 4 1990 7c6 dbg_after.o
1799 64 24 1887 75f no_dbg-before.o
1703 88 4 1795 703 no_dbg-after.o
The overall size increase difference is also negative. The increase in
the data section is only four bytes without lockdep.
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stable-dep-of: 744e1885922a ("crypto: scomp - fix req->dst buffer overflow")
Signed-off-by: Sasha Levin <sashal@kernel.org>