1. 23 Dec, 2018 1 commit
  2. 30 May, 2018 1 commit
  3. 12 Jan, 2018 2 commits
  4. 29 Nov, 2017 1 commit
    • Eric Biggers's avatar
      crypto: salsa20 - fix blkcipher_walk API usage · ecaaab56
      Eric Biggers authored
      When asked to encrypt or decrypt 0 bytes, both the generic and x86
      implementations of Salsa20 crash in blkcipher_walk_done(), either when
      doing 'kfree(walk->buffer)' or 'free_page((unsigned long)walk->page)',
      because walk->buffer and walk->page have not been initialized.
      
      The bug is that Salsa20 is calling blkcipher_walk_done() even when
      nothing is in 'walk.nbytes'.  But blkcipher_walk_done() is only meant to
      be called when a nonzero number of bytes have been provided.
      
      The broken code is part of an optimization that tries to make only one
      call to salsa20_encrypt_bytes() to process inputs that are not evenly
      divisible by 64 bytes.  To fix the bug, just remove this "optimization"
      and use the blkcipher_walk API the same way all the other users do.
      
      Reproducer:
      
          #include <linux/if_alg.h>
          #include <sys/socket.h>
          #include <unistd.h>
      
          int main()
          {
                  int algfd, reqfd;
                  struct sockaddr_alg addr = {
                          .salg_type = "skcipher",
                          .salg_name = "salsa20",
                  };
                  char key[16] = { 0 };
      
                  algfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
                  bind(algfd, (void *)&addr, sizeof(addr));
                  reqfd = accept(algfd, 0, 0);
                  setsockopt(algfd, SOL_ALG, ALG_SET_KEY, key, sizeof(key));
                  read(reqfd, key, sizeof(key));
          }
      Reported-by: 's avatarsyzbot <syzkaller@googlegroups.com>
      Fixes: eb6f13eb ("[CRYPTO] salsa20_generic: Fix multi-page processing")
      Cc: <stable@vger.kernel.org> # v2.6.25+
      Signed-off-by: 's avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: 's avatarHerbert Xu <herbert@gondor.apana.org.au>
      ecaaab56
  5. 13 Jan, 2015 1 commit
    • Mathias Krause's avatar
      crypto: add missing crypto module aliases · 3e14dcf7
      Mathias Krause authored
      Commit 5d26a105 ("crypto: prefix module autoloading with "crypto-"")
      changed the automatic module loading when requesting crypto algorithms
      to prefix all module requests with "crypto-". This requires all crypto
      modules to have a crypto specific module alias even if their file name
      would otherwise match the requested crypto algorithm.
      
      Even though commit 5d26a105 added those aliases for a vast amount of
      modules, it was missing a few. Add the required MODULE_ALIAS_CRYPTO
      annotations to those files to make them get loaded automatically, again.
      This fixes, e.g., requesting 'ecb(blowfish-generic)', which used to work
      with kernels v3.18 and below.
      
      Also change MODULE_ALIAS() lines to MODULE_ALIAS_CRYPTO(). The former
      won't work for crypto modules any more.
      
      Fixes: 5d26a105 ("crypto: prefix module autoloading with "crypto-"")
      Cc: Kees Cook <keescook@chromium.org>
      Signed-off-by: 's avatarMathias Krause <minipli@googlemail.com>
      Signed-off-by: 's avatarHerbert Xu <herbert@gondor.apana.org.au>
      3e14dcf7
  6. 24 Nov, 2014 1 commit
  7. 01 Aug, 2012 1 commit
  8. 25 Dec, 2008 1 commit
  9. 21 Apr, 2008 1 commit
    • Kamalesh Babulal's avatar
      [CRYPTO] all: Clean up init()/fini() · 3af5b90b
      Kamalesh Babulal authored
      On Thu, Mar 27, 2008 at 03:40:36PM +0100, Bodo Eggert wrote:
      > Kamalesh Babulal <kamalesh@linux.vnet.ibm.com> wrote:
      > 
      > > This patch cleanups the crypto code, replaces the init() and fini()
      > > with the <algorithm name>_init/_fini
      > 
      > This part ist OK.
      > 
      > > or init/fini_<algorithm name> (if the 
      > > <algorithm name>_init/_fini exist)
      > 
      > Having init_foo and foo_init won't be a good thing, will it? I'd start
      > confusing them.
      > 
      > What about foo_modinit instead?
      
      Thanks for the suggestion, the init() is replaced with
      
      	<algorithm name>_mod_init ()
      
      and fini () is replaced with <algorithm name>_mod_fini.
      Signed-off-by: 's avatarKamalesh Babulal <kamalesh@linux.vnet.ibm.com>
      Signed-off-by: 's avatarHerbert Xu <herbert@gondor.apana.org.au>
      3af5b90b
  10. 10 Jan, 2008 2 commits