1. 19 Feb, 2013 1 commit
    • Mathias Krause's avatar
      crypto: user - fix info leaks in report API · 9a5467bf
      Mathias Krause authored
      Three errors resulting in kernel memory disclosure:
      
      1/ The structures used for the netlink based crypto algorithm report API
      are located on the stack. As snprintf() does not fill the remainder of
      the buffer with null bytes, those stack bytes will be disclosed to users
      of the API. Switch to strncpy() to fix this.
      
      2/ crypto_report_one() does not initialize all field of struct
      crypto_user_alg. Fix this to fix the heap info leak.
      
      3/ For the module name we should copy only as many bytes as
      module_name() returns -- not as much as the destination buffer could
      hold. But the current code does not and therefore copies random data
      from behind the end of the module name, as the module name is always
      shorter than CRYPTO_MAX_ALG_NAME.
      
      Also switch to use strncpy() to copy the algorithm's name and
      driver_name. They are strings, after all.
      Signed-off-by: default avatarMathias Krause <minipli@googlemail.com>
      Cc: Steffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      9a5467bf
  2. 04 Feb, 2013 1 commit
  3. 02 Apr, 2012 1 commit
  4. 20 Mar, 2012 1 commit
  5. 10 Nov, 2011 1 commit
  6. 21 Oct, 2011 1 commit
  7. 26 Oct, 2010 1 commit
  8. 18 Feb, 2009 1 commit
    • Herbert Xu's avatar
      crypto: skcipher - Avoid infinite loop when cipher fails selftest · b170a137
      Herbert Xu authored
      When an skcipher constructed through crypto_givcipher_default fails
      its selftest, we'll loop forever trying to construct new skcipher
      objects but failing because it already exists.
      
      The crux of the issue is that once a givcipher fails the selftest,
      we'll ignore it on the next run through crypto_skcipher_lookup and
      attempt to construct a new givcipher.
      
      We should instead return an error to the caller if we find a
      givcipher that has failed the test.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      b170a137
  9. 27 Jan, 2009 1 commit
  10. 29 Aug, 2008 1 commit
  11. 23 Feb, 2008 1 commit
  12. 10 Jan, 2008 5 commits
    • Herbert Xu's avatar
      [CRYPTO] skcipher: Create default givcipher instances · b9c55aa4
      Herbert Xu authored
      This patch makes crypto_alloc_ablkcipher/crypto_grab_skcipher always
      return algorithms that are capable of generating their own IVs through
      givencrypt and givdecrypt.  Each algorithm may specify its default IV
      generator through the geniv field.
      
      For algorithms that do not set the geniv field, the blkcipher layer will
      pick a default.  Currently it's chainiv for synchronous algorithms and
      eseqiv for asynchronous algorithms.  Note that if these wrappers do not
      work on an algorithm then that algorithm must specify its own geniv or
      it can't be used at all.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      b9c55aa4
    • Herbert Xu's avatar
      [CRYPTO] skcipher: Add skcipher_geniv_alloc/skcipher_geniv_free · ecfc4329
      Herbert Xu authored
      This patch creates the infrastructure to help the construction of givcipher
      templates that wrap around existing blkcipher/ablkcipher algorithms by adding
      an IV generator to them.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      ecfc4329
    • Herbert Xu's avatar
      [CRYPTO] skcipher: Added geniv field · 23508e11
      Herbert Xu authored
      This patch introduces the geniv field which indicates the default IV
      generator for each algorithm.  It should point to a string that is not
      freed as long as the algorithm is registered.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      23508e11
    • Herbert Xu's avatar
      [CRYPTO] scatterwalk: Move scatterwalk.h to linux/crypto · 42c271c6
      Herbert Xu authored
      The scatterwalk infrastructure is used by algorithms so it needs to
      move out of crypto for future users that may live in drivers/crypto
      or asm/*/crypto.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      42c271c6
    • Herbert Xu's avatar
      [CRYPTO] ablkcipher: Add distinct ABLKCIPHER type · 332f8840
      Herbert Xu authored
      Up until now we have ablkcipher algorithms have been identified as
      type BLKCIPHER with the ASYNC bit set.  This is suboptimal because
      ablkcipher refers to two things.  On the one hand it refers to the
      top-level ablkcipher interface with requests.  On the other hand it
      refers to and algorithm type underneath.
      
      As it is you cannot request a synchronous block cipher algorithm
      with the ablkcipher interface on top.  This is a problem because
      we want to be able to eventually phase out the blkcipher top-level
      interface.
      
      This patch fixes this by making ABLKCIPHER its own type, just as
      we have distinct types for HASH and DIGEST.  The type it associated
      with the algorithm implementation only.
      
      Which top-level interface is used for synchronous block ciphers is
      then determined by the mask that's used.  If it's a specific mask
      then the old blkcipher interface is given, otherwise we go with the
      new ablkcipher interface.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      332f8840
  13. 10 Oct, 2007 5 commits
  14. 10 Sep, 2007 1 commit
  15. 09 Sep, 2007 1 commit
    • Herbert Xu's avatar
      [CRYPTO] blkcipher: Fix handling of kmalloc page straddling · e4630f9f
      Herbert Xu authored
      The function blkcipher_get_spot tries to return a buffer of
      the specified length that does not straddle a page.  It has
      an off-by-one bug so it may advance a page unnecessarily.
      
      What's worse, one of its callers doesn't provide a buffer
      that's sufficiently long for this operation.
      
      This patch fixes both problems.  Thanks to Bob Gilligan for
      diagnosing this problem and providing a fix.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      e4630f9f
  16. 06 Aug, 2007 1 commit
  17. 11 Jul, 2007 1 commit
  18. 02 May, 2007 2 commits
    • Herbert Xu's avatar
      [CRYPTO] api: Add async block cipher interface · 32e3983f
      Herbert Xu authored
      This patch adds the frontend interface for asynchronous block ciphers.
      In addition to the usual block cipher parameters, there is a callback
      function pointer and a data pointer.  The callback will be invoked only
      if the encrypt/decrypt handlers return -EINPROGRESS.  In other words,
      if the return value of zero the completion handler (or the equivalent
      code) needs to be invoked by the caller.
      
      The request structure is allocated and freed by the caller.  Its size
      is determined by calling crypto_ablkcipher_reqsize().  The helpers
      ablkcipher_request_alloc/ablkcipher_request_free can be used to manage
      the memory for a request.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      32e3983f
    • Herbert Xu's avatar
      [CRYPTO] api: Proc functions should be marked as unused · 03f5d8ce
      Herbert Xu authored
      The proc functions were incorrectly marked as used rather than unused.
      They may be unused if proc is disabled.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      03f5d8ce
  19. 06 Feb, 2007 2 commits
  20. 13 Dec, 2006 1 commit
  21. 21 Sep, 2006 1 commit
    • Herbert Xu's avatar
      [CRYPTO] cipher: Added block cipher type · 5cde0af2
      Herbert Xu authored
      This patch adds the new type of block ciphers.  Unlike current cipher
      algorithms which operate on a single block at a time, block ciphers
      operate on an arbitrarily long linear area of data.  As it is block-based,
      it will skip any data remaining at the end which cannot form a block.
      
      The block cipher has one major difference when compared to the existing
      block cipher implementation.  The sg walking is now performed by the
      algorithm rather than the cipher mid-layer.  This is needed for drivers
      that directly support sg lists.  It also improves performance for all
      algorithms as it reduces the total number of indirect calls by one.
      
      In future the existing cipher algorithm will be converted to only have
      a single-block interface.  This will be done after all existing users
      have switched over to the new block cipher type.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      5cde0af2