1. 14 Dec, 2016 3 commits
    • Ard Biesheuvel's avatar
      crypto: skcipher - fix crash in virtual walk · 18e615ad
      Ard Biesheuvel authored
      The new skcipher walk API may crash in the following way. (Interestingly,
      the tcrypt boot time tests seem unaffected, while an explicit test using
      the module triggers it)
      
        Unable to handle kernel NULL pointer dereference at virtual address 00000000
        ...
        [<ffff000008431d84>] __memcpy+0x84/0x180
        [<ffff0000083ec0d0>] skcipher_walk_done+0x328/0x340
        [<ffff0000080c5c04>] ctr_encrypt+0x84/0x100
        [<ffff000008406d60>] simd_skcipher_encrypt+0x88/0x98
        [<ffff0000083fa05c>] crypto_rfc3686_crypt+0x8c/0x98
        [<ffff0000009b0900>] test_skcipher_speed+0x518/0x820 [tcrypt]
        [<ffff0000009b31c0>] do_test+0x1408/0x3b70 [tcrypt]
        [<ffff0000009bd050>] tcrypt_mod_init+0x50/0x1000 [tcrypt]
        [<ffff0000080838f4>] do_one_initcall+0x44/0x138
        [<ffff0000081aee60>] do_init_module+0x68/0x1e0
        [<ffff0000081524d0>] load_module+0x1fd0/0x2458
        [<ffff000008152c38>] SyS_finit_module+0xe0/0xf0
        [<ffff0000080836f0>] el0_svc_naked+0x24/0x28
      
      This is due to the fact that skcipher_done_slow() may be entered with
      walk->buffer unset. Since skcipher_walk_done() already deals with the
      case where walk->buffer == walk->page, it appears to be the intention
      that walk->buffer point to walk->page after skcipher_next_slow(), so
      ensure that is the case.
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      18e615ad
    • Alex Yashchenko's avatar
      sign-file: Fix inplace signing when src and dst names are both specified · efcae7c9
      Alex Yashchenko authored
      When src and dst both are specified and they point to the same file
      the sign-file utility will write only signature to the dst file and
      the module (.ko file) body will not be written.
      That happens because we open the same file with "rb" and "wb" flags,
      from fopen man:
      
       w      Truncate file to zero length or create text file for writing.
      The stream is positioned at the beginning of the file.
      ...
      	bm = BIO_new_file(module_name, "rb");
      ...
      	bd = BIO_new_file(dest_name, "wb");
      ...
      	while ((n = BIO_read(bm, buf, sizeof(buf))),
      	       n > 0) {
      		ERR(BIO_write(bd, buf, n) < 0, "%s", dest_name);
      	}
      ...
      Signed-off-by: default avatarAlex Yashchenko <alexhoppus111@gmail.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      efcae7c9
    • Pan Bian's avatar
      crypto: asymmetric_keys - set error code on failure · fbb72630
      Pan Bian authored
      In function public_key_verify_signature(), returns variable ret on
      error paths. When the call to kmalloc() fails, the value of ret is 0,
      and it is not set to an errno before returning. This patch fixes the
      bug.
      
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188891Signed-off-by: default avatarPan Bian <bianpan2016@163.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      fbb72630
  2. 08 Dec, 2016 1 commit
  3. 07 Dec, 2016 8 commits
  4. 01 Dec, 2016 11 commits
  5. 30 Nov, 2016 17 commits