tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

Pull crypto fixes from Herbert Xu:

- fix new compiler warnings in cavium

- set post-op IV properly in caam (this fixes chaining)

- fix potential use-after-free in atmel in case of EBUSY

- fix sleeping in softirq path in chcr

- disable buggy sha1-avx2 driver (may overread and page fault)

- fix use-after-free on signals in caam

* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: cavium - make several functions static
crypto: chcr - Avoid algo allocation in softirq.
crypto: caam - properly set IV after {en,de}crypt
crypto: atmel - only treat EBUSY as transient if backlog
crypto: af_alg - Avoid sock_graft call warning
crypto: caam - fix signals handling
crypto: sha1-ssse3 - Disable avx2

Linus Torvalds dcf903d0 96d0d831

+45 -19
+1 -1
arch/x86/crypto/sha1_ssse3_glue.c
··· 201 201 202 202 static bool avx2_usable(void) 203 203 { 204 - if (avx_usable() && boot_cpu_has(X86_FEATURE_AVX2) 204 + if (false && avx_usable() && boot_cpu_has(X86_FEATURE_AVX2) 205 205 && boot_cpu_has(X86_FEATURE_BMI1) 206 206 && boot_cpu_has(X86_FEATURE_BMI2)) 207 207 return true;
+1 -1
crypto/af_alg.c
··· 287 287 goto unlock; 288 288 289 289 sock_init_data(newsock, sk2); 290 - sock_graft(sk2, newsock); 290 + security_sock_graft(sk2, newsock); 291 291 security_sk_clone(sk, sk2); 292 292 293 293 err = type->accept(ask->private, sk2);
+3 -1
drivers/crypto/atmel-sha.c
··· 1204 1204 ctx->flags |= SHA_FLAGS_FINUP; 1205 1205 1206 1206 err1 = atmel_sha_update(req); 1207 - if (err1 == -EINPROGRESS || err1 == -EBUSY) 1207 + if (err1 == -EINPROGRESS || 1208 + (err1 == -EBUSY && (ahash_request_flags(req) & 1209 + CRYPTO_TFM_REQ_MAY_BACKLOG))) 1208 1210 return err1; 1209 1211 1210 1212 /*
+18 -2
drivers/crypto/caam/caamalg.c
··· 882 882 { 883 883 struct ablkcipher_request *req = context; 884 884 struct ablkcipher_edesc *edesc; 885 - #ifdef DEBUG 886 885 struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req); 887 886 int ivsize = crypto_ablkcipher_ivsize(ablkcipher); 888 887 888 + #ifdef DEBUG 889 889 dev_err(jrdev, "%s %d: err 0x%x\n", __func__, __LINE__, err); 890 890 #endif 891 891 ··· 904 904 #endif 905 905 906 906 ablkcipher_unmap(jrdev, edesc, req); 907 + 908 + /* 909 + * The crypto API expects us to set the IV (req->info) to the last 910 + * ciphertext block. This is used e.g. by the CTS mode. 911 + */ 912 + scatterwalk_map_and_copy(req->info, req->dst, req->nbytes - ivsize, 913 + ivsize, 0); 914 + 907 915 kfree(edesc); 908 916 909 917 ablkcipher_request_complete(req, err); ··· 922 914 { 923 915 struct ablkcipher_request *req = context; 924 916 struct ablkcipher_edesc *edesc; 925 - #ifdef DEBUG 926 917 struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req); 927 918 int ivsize = crypto_ablkcipher_ivsize(ablkcipher); 928 919 920 + #ifdef DEBUG 929 921 dev_err(jrdev, "%s %d: err 0x%x\n", __func__, __LINE__, err); 930 922 #endif 931 923 ··· 943 935 #endif 944 936 945 937 ablkcipher_unmap(jrdev, edesc, req); 938 + 939 + /* 940 + * The crypto API expects us to set the IV (req->info) to the last 941 + * ciphertext block. 942 + */ 943 + scatterwalk_map_and_copy(req->info, req->src, req->nbytes - ivsize, 944 + ivsize, 0); 945 + 946 946 kfree(edesc); 947 947 948 948 ablkcipher_request_complete(req, err);
+1 -1
drivers/crypto/caam/caamhash.c
··· 396 396 ret = caam_jr_enqueue(jrdev, desc, split_key_done, &result); 397 397 if (!ret) { 398 398 /* in progress */ 399 - wait_for_completion_interruptible(&result.completion); 399 + wait_for_completion(&result.completion); 400 400 ret = result.err; 401 401 #ifdef DEBUG 402 402 print_hex_dump(KERN_ERR,
+1 -1
drivers/crypto/caam/key_gen.c
··· 149 149 ret = caam_jr_enqueue(jrdev, desc, split_key_done, &result); 150 150 if (!ret) { 151 151 /* in progress */ 152 - wait_for_completion_interruptible(&result.completion); 152 + wait_for_completion(&result.completion); 153 153 ret = result.err; 154 154 #ifdef DEBUG 155 155 print_hex_dump(KERN_ERR, "ctx.key@"__stringify(__LINE__)": ",
+4 -4
drivers/crypto/cavium/cpt/cptvf_algs.c
··· 222 222 return -EINPROGRESS; 223 223 } 224 224 225 - int cvm_encrypt(struct ablkcipher_request *req) 225 + static int cvm_encrypt(struct ablkcipher_request *req) 226 226 { 227 227 return cvm_enc_dec(req, true); 228 228 } 229 229 230 - int cvm_decrypt(struct ablkcipher_request *req) 230 + static int cvm_decrypt(struct ablkcipher_request *req) 231 231 { 232 232 return cvm_enc_dec(req, false); 233 233 } 234 234 235 - int cvm_xts_setkey(struct crypto_ablkcipher *cipher, const u8 *key, 235 + static int cvm_xts_setkey(struct crypto_ablkcipher *cipher, const u8 *key, 236 236 u32 keylen) 237 237 { 238 238 struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher); ··· 336 336 return cvm_setkey(cipher, key, keylen, DES3_ECB); 337 337 } 338 338 339 - int cvm_enc_dec_init(struct crypto_tfm *tfm) 339 + static int cvm_enc_dec_init(struct crypto_tfm *tfm) 340 340 { 341 341 struct cvm_enc_ctx *ctx = crypto_tfm_ctx(tfm); 342 342
+15 -8
drivers/crypto/chelsio/chcr_algo.c
··· 898 898 u8 *key; 899 899 unsigned int keylen; 900 900 901 - cipher = crypto_alloc_cipher("aes-generic", 0, 0); 901 + cipher = ablkctx->aes_generic; 902 902 memcpy(iv, req->info, AES_BLOCK_SIZE); 903 903 904 - if (IS_ERR(cipher)) { 905 - ret = -ENOMEM; 906 - goto out; 907 - } 908 904 keylen = ablkctx->enckey_len / 2; 909 905 key = ablkctx->key + keylen; 910 906 ret = crypto_cipher_setkey(cipher, key, keylen); 911 907 if (ret) 912 - goto out1; 908 + goto out; 913 909 914 910 crypto_cipher_encrypt_one(cipher, iv, iv); 915 911 for (i = 0; i < (reqctx->processed / AES_BLOCK_SIZE); i++) 916 912 gf128mul_x_ble((le128 *)iv, (le128 *)iv); 917 913 918 914 crypto_cipher_decrypt_one(cipher, iv, iv); 919 - out1: 920 - crypto_free_cipher(cipher); 921 915 out: 922 916 return ret; 923 917 } ··· 1255 1261 pr_err("failed to allocate fallback for %s\n", alg->cra_name); 1256 1262 return PTR_ERR(ablkctx->sw_cipher); 1257 1263 } 1264 + 1265 + if (get_cryptoalg_subtype(tfm) == CRYPTO_ALG_SUB_TYPE_XTS) { 1266 + /* To update tweak*/ 1267 + ablkctx->aes_generic = crypto_alloc_cipher("aes-generic", 0, 0); 1268 + if (IS_ERR(ablkctx->aes_generic)) { 1269 + pr_err("failed to allocate aes cipher for tweak\n"); 1270 + return PTR_ERR(ablkctx->aes_generic); 1271 + } 1272 + } else 1273 + ablkctx->aes_generic = NULL; 1274 + 1258 1275 tfm->crt_ablkcipher.reqsize = sizeof(struct chcr_blkcipher_req_ctx); 1259 1276 return chcr_device_init(crypto_tfm_ctx(tfm)); 1260 1277 } ··· 1296 1291 struct ablk_ctx *ablkctx = ABLK_CTX(ctx); 1297 1292 1298 1293 crypto_free_skcipher(ablkctx->sw_cipher); 1294 + if (ablkctx->aes_generic) 1295 + crypto_free_cipher(ablkctx->aes_generic); 1299 1296 } 1300 1297 1301 1298 static int get_alg_config(struct algo_param *params,
+1
drivers/crypto/chelsio/chcr_crypto.h
··· 155 155 156 156 struct ablk_ctx { 157 157 struct crypto_skcipher *sw_cipher; 158 + struct crypto_cipher *aes_generic; 158 159 __be32 key_ctx_hdr; 159 160 unsigned int enckey_len; 160 161 unsigned char ciph_mode;