linux-toradex.git/crypto/authenc.c, branch v2.6.27.57 Linux kernel for Apalis and Colibri modules crypto: authenc - Fix zero-length IV crash 2009-02-02T16:28:12+00:00 Herbert Xu herbert@gondor.apana.org.au 2009-01-13T00:26:18+00:00 d493ba54d96d117fb3dff027141444584f852054 commit 29b37f42127f7da511560a40ea74f5047da40c13 upstream. As it is if an algorithm with a zero-length IV is used (e.g., NULL encryption) with authenc, authenc may generate an SG entry of length zero, which will trigger a BUG check in the hash layer. This patch fixes it by skipping the IV SG generation if the IV size is zero. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
commit 29b37f42127f7da511560a40ea74f5047da40c13 upstream.

As it is if an algorithm with a zero-length IV is used (e.g.,
NULL encryption) with authenc, authenc may generate an SG entry
of length zero, which will trigger a BUG check in the hash layer.

This patch fixes it by skipping the IV SG generation if the IV
size is zero.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
crypto: authenc - Avoid using clobbered request pointer 2008-08-22T15:04:06+00:00 Herbert Xu herbert@gondor.apana.org.au 2008-08-22T15:04:06+00:00 a697690bece75d4ba424c1318eb25c37d41d5829 Authenc works in two stages for encryption, it first encrypts and then computes an ICV. The context memory of the request is used by both operations. The problem is that when an asynchronous encryption completes, we will compute the ICV and then reread the context memory of the encryption to get the original request. It just happens that we have a buffer of 16 bytes in front of the request pointer, so ICVs of 16 bytes (such as SHA1) do not trigger the bug. However, any attempt to uses a larger ICV instantly kills the machine when the first asynchronous encryption is completed. This patch fixes this by saving the request pointer before we start the ICV computation. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
Authenc works in two stages for encryption, it first encrypts and
then computes an ICV.  The context memory of the request is used
by both operations.  The problem is that when an asynchronous
encryption completes, we will compute the ICV and then reread the
context memory of the encryption to get the original request.

It just happens that we have a buffer of 16 bytes in front of the
request pointer, so ICVs of 16 bytes (such as SHA1) do not trigger
the bug.  However, any attempt to uses a larger ICV instantly kills
the machine when the first asynchronous encryption is completed.

This patch fixes this by saving the request pointer before we start
the ICV computation.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
[CRYPTO] authenc: Fix async crypto crash in crypto_authenc_genicv() 2008-05-01T10:22:28+00:00 Patrick McHardy kaber@trash.net 2008-04-29T13:44:28+00:00 161613293fd4b7d5ceb1faab788f47e688e07a67 crypto_authenc_givencrypt_done uses req->data as struct aead_givcrypt_request, while it really points to a struct aead_request, causing this crash: BUG: unable to handle kernel paging request at 6b6b6b6b IP: [<dc87517b>] :authenc:crypto_authenc_genicv+0x23/0x109 *pde = 00000000 Oops: 0000 [#1] PREEMPT DEBUG_PAGEALLOC Modules linked in: hifn_795x authenc esp4 aead xfrm4_mode_tunnel sha1_generic hmac crypto_hash] Pid: 3074, comm: ping Not tainted (2.6.25 #4) EIP: 0060:[<dc87517b>] EFLAGS: 00010296 CPU: 0 EIP is at crypto_authenc_genicv+0x23/0x109 [authenc] EAX: daa04690 EBX: daa046e0 ECX: dab0a100 EDX: daa046b0 ESI: 6b6b6b6b EDI: dc872054 EBP: c033ff60 ESP: c033ff0c DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 Process ping (pid: 3074, ti=c033f000 task=db883a80 task.ti=dab6c000) Stack: 00000000 daa046b0 c0215a3e daa04690 dab0a100 00000000 ffffffff db9fd7f0 dba208c0 dbbb1720 00000001 daa04720 00000001 c033ff54 c0119ca9 dc852a75 c033ff60 c033ff60 daa046e0 00000000 00000001 c033ff6c dc87527b 00000001 Call Trace: [<c0215a3e>] ? dev_alloc_skb+0x14/0x29 [<c0119ca9>] ? printk+0x15/0x17 [<dc87527b>] ? crypto_authenc_givencrypt_done+0x1a/0x27 [authenc] [<dc850cca>] ? hifn_process_ready+0x34a/0x352 [hifn_795x] [<dc8353c7>] ? rhine_napipoll+0x3f2/0x3fd [via_rhine] [<dc851a56>] ? hifn_check_for_completion+0x4d/0xa6 [hifn_795x] [<dc851ab9>] ? hifn_tasklet_callback+0xa/0xc [hifn_795x] [<c011d046>] ? tasklet_action+0x3f/0x66 [<c011d230>] ? __do_softirq+0x38/0x7a [<c0105a5f>] ? do_softirq+0x3e/0x71 [<c011d17c>] ? irq_exit+0x2c/0x65 [<c010e0c0>] ? smp_apic_timer_interrupt+0x5f/0x6a [<c01042e4>] ? apic_timer_interrupt+0x28/0x30 [<dc851640>] ? hifn_handle_req+0x44a/0x50d [hifn_795x] ... Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
crypto_authenc_givencrypt_done uses req->data as struct aead_givcrypt_request,
while it really points to a struct aead_request, causing this crash:

BUG: unable to handle kernel paging request at 6b6b6b6b
IP: [<dc87517b>] :authenc:crypto_authenc_genicv+0x23/0x109
*pde = 00000000
Oops: 0000 [#1] PREEMPT DEBUG_PAGEALLOC
Modules linked in: hifn_795x authenc esp4 aead xfrm4_mode_tunnel sha1_generic hmac crypto_hash]

Pid: 3074, comm: ping Not tainted (2.6.25 #4)
EIP: 0060:[<dc87517b>] EFLAGS: 00010296 CPU: 0
EIP is at crypto_authenc_genicv+0x23/0x109 [authenc]
EAX: daa04690 EBX: daa046e0 ECX: dab0a100 EDX: daa046b0
ESI: 6b6b6b6b EDI: dc872054 EBP: c033ff60 ESP: c033ff0c
 DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
Process ping (pid: 3074, ti=c033f000 task=db883a80 task.ti=dab6c000)
Stack: 00000000 daa046b0 c0215a3e daa04690 dab0a100 00000000 ffffffff db9fd7f0
       dba208c0 dbbb1720 00000001 daa04720 00000001 c033ff54 c0119ca9 dc852a75
       c033ff60 c033ff60 daa046e0 00000000 00000001 c033ff6c dc87527b 00000001
Call Trace:
 [<c0215a3e>] ? dev_alloc_skb+0x14/0x29
 [<c0119ca9>] ? printk+0x15/0x17
 [<dc87527b>] ? crypto_authenc_givencrypt_done+0x1a/0x27 [authenc]
 [<dc850cca>] ? hifn_process_ready+0x34a/0x352 [hifn_795x]
 [<dc8353c7>] ? rhine_napipoll+0x3f2/0x3fd [via_rhine]
 [<dc851a56>] ? hifn_check_for_completion+0x4d/0xa6 [hifn_795x]
 [<dc851ab9>] ? hifn_tasklet_callback+0xa/0xc [hifn_795x]
 [<c011d046>] ? tasklet_action+0x3f/0x66
 [<c011d230>] ? __do_softirq+0x38/0x7a
 [<c0105a5f>] ? do_softirq+0x3e/0x71
 [<c011d17c>] ? irq_exit+0x2c/0x65
 [<c010e0c0>] ? smp_apic_timer_interrupt+0x5f/0x6a
 [<c01042e4>] ? apic_timer_interrupt+0x28/0x30
 [<dc851640>] ? hifn_handle_req+0x44a/0x50d [hifn_795x]
 ...

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
[CRYPTO] authenc: Add givencrypt operation 2008-01-10T21:16:50+00:00 Herbert Xu herbert@gondor.apana.org.au 2007-12-10T08:20:24+00:00 e56dd56418fcc024683d1638564a494d9e9aab85 This patch implements the givencrypt function for authenc. It simply calls the givencrypt operation on the underlying cipher instead of encrypt. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
This patch implements the givencrypt function for authenc.  It simply
calls the givencrypt operation on the underlying cipher instead of encrypt.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
[CRYPTO] authenc: Use crypto_grab_skcipher 2008-01-10T21:16:46+00:00 Herbert Xu herbert@gondor.apana.org.au 2007-12-17T12:12:49+00:00 9ffde35a8edd3486cd7c80af931c15cec99a1a0d This patch converts the authenc algorithm over to crypto_grab_skcipher which is a prerequisite for IV generation. This patch also changes authenc to set its ASYNC status depending on the ASYNC status of the underlying skcipher. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
This patch converts the authenc algorithm over to crypto_grab_skcipher
which is a prerequisite for IV generation.

This patch also changes authenc to set its ASYNC status depending on
the ASYNC status of the underlying skcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
[CRYPTO] authenc: Merge common hashing code 2008-01-10T21:16:38+00:00 Herbert Xu herbert@gondor.apana.org.au 2007-12-10T08:15:41+00:00 7c3d703fa81db42f9766325cebd6bfc1c5eac838 This patch merges the common hashing code between encryption and decryption. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
This patch merges the common hashing code between encryption and decryption.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
[CRYPTO] authenc: Use RTA_OK to check length 2008-01-10T21:16:38+00:00 Herbert Xu herbert@gondor.apana.org.au 2007-12-10T02:55:21+00:00 12dc5e62b4f93f1d399fd81e35be3f9ea0027712 This patch changes setkey to use RTA_OK to check the validity of the setkey request. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
This patch changes setkey to use RTA_OK to check the validity of the
setkey request.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
[CRYPTO] authenc: Fix typo in ivsize 2008-01-10T21:16:37+00:00 Herbert Xu herbert@gondor.apana.org.au 2007-12-10T02:54:44+00:00 c2c61f513db395ddd8d67690bf3301ebe1e8155a The ivsize should be fetched from ablkcipher, not blkcipher. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
The ivsize should be fetched from ablkcipher, not blkcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
[CRYPTO] scatterwalk: Move scatterwalk.h to linux/crypto 2008-01-10T21:16:32+00:00 Herbert Xu herbert@gondor.apana.org.au 2007-12-07T10:52:49+00:00 42c271c6c538857cb13c5ead5184d264d745f675 The scatterwalk infrastructure is used by algorithms so it needs to move out of crypto for future users that may live in drivers/crypto or asm/*/crypto. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
The scatterwalk infrastructure is used by algorithms so it needs to
move out of crypto for future users that may live in drivers/crypto
or asm/*/crypto.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
[CRYPTO] aead: Return EBADMSG for ICV mismatch 2008-01-10T21:16:32+00:00 Herbert Xu herbert@gondor.apana.org.au 2007-12-04T09:07:27+00:00 fe70f5dfe1a7b5caab96531089dac3d8728c0ebd This patch changes gcm/authenc to return EBADMSG instead of EINVAL for ICV mismatches. This convention has already been adopted by IPsec. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
This patch changes gcm/authenc to return EBADMSG instead of EINVAL for
ICV mismatches.  This convention has already been adopted by IPsec.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>