- 23 Mar, 2016 1 commit
-
-
Nicolai Stange authored
Despite what the DocBook comment to pkcs7_validate_trust() says, the *_trusted argument is never set to false. pkcs7_validate_trust() only positively sets *_trusted upon encountering a trusted PKCS#7 SignedInfo block. This is quite unfortunate since its callers, system_verify_data() for example, depend on pkcs7_validate_trust() clearing *_trusted on non-trust. Indeed, UBSAN splats when attempting to load the uninitialized local variable 'trusted' from system_verify_data() in pkcs7_validate_trust(): UBSAN: Undefined behaviour in crypto/asymmetric_keys/pkcs7_trust.c:194:14 load of value 82 is not a valid value for type '_Bool' [...] Call Trace: [<ffffffff818c4d35>] dump_stack+0xbc/0x117 [<ffffffff818c4c79>] ? _atomic_dec_and_lock+0x169/0x169 [<ffffffff8194113b>] ubsan_epilogue+0xd/0x4e [<ffffffff819419fa>] __ubsan_handle_load_invalid_value+0x111/0x158 [<ffffffff819418e9>] ? val_to_string.constprop.12+0xcf/0xcf [<ffffffff818334a4>] ? x509_request_asymmetric_key+0x114/0x370 [<ffffffff814b83f0>] ? kfree+0x220/0x370 [<ffffffff818312c2>] ? public_key_verify_signature_2+0x32/0x50 [<ffffffff81835e04>] pkcs7_validate_trust+0x524/0x5f0 [<ffffffff813c391a>] system_verify_data+0xca/0x170 [<ffffffff813c3850>] ? top_trace_array+0x9b/0x9b [<ffffffff81510b29>] ? __vfs_read+0x279/0x3d0 [<ffffffff8129372f>] mod_verify_sig+0x1ff/0x290 [...] The implication is that pkcs7_validate_trust() effectively grants trust when it really shouldn't have. Fix this by explicitly setting *_trusted to false at the very beginning of pkcs7_validate_trust(). Cc: <stable@vger.kernel.org> Signed-off-by:Nicolai Stange <nicstange@gmail.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 17 Mar, 2016 5 commits
-
-
Boris BREZILLON authored
Forward devm_ioremap_resource() error code instead of returning -ENOMEM. Signed-off-by:
Boris Brezillon <boris.brezillon@free-electrons.com> Reported-by:
Russell King - ARM Linux <linux@arm.linux.org.uk> Fixes: f63601fd ("crypto: marvell/cesa - add a new driver for Marvell's CESA") Cc: <stable@vger.kernel.org> # 4.2+ Signed-off-by:
-
Boris BREZILLON authored
->export() might be called before we have done an update operation, and in this case the ->state field is left uninitialized. Put the correct default value when initializing the request. Signed-off-by:
-
Boris BREZILLON authored
Crypto requests are not guaranteed to be finalized (->final() call), and can be freed at any moment, without getting any notification from the core. This can lead to memory leaks of the ->cache buffer. Make this buffer part of the request object, and allocate an extra buffer from the DMA cache pool when doing DMA operations. As a side effect, this patch also fixes another bug related to cache allocation and DMA operations. When the core allocates a new request and import an existing state, a cache buffer can be allocated (depending on the state). The problem is, at that very moment, we don't know yet whether the request will use DMA or not, and since everything is likely to be initialized to zero, mv_cesa_ahash_alloc_cache() thinks it should allocate a buffer for standard operation. But when mv_cesa_ahash_free_cache() is called, req->type has been set to CESA_DMA_REQ in the meantime, thus leading to an invalind dma_pool_free() call (the buffer passed in argument has not been allocated from the pool). Signed-off-by:
Gregory CLEMENT <gregory.clement@free-electrons.com> Signed-off-by:
-
Gary R Hook authored
This patch simplifies an unneeded read-write lock. Signed-off-by:
Gary R Hook <gary.hook@amd.com> Signed-off-by:
-
Herbert Xu authored
eCryptfs: Fix null pointer dereference on kzalloc error path The conversion to skcipher and shash added a couple of null pointer dereference bugs on the kzalloc failure path. This patch fixes them. Fixes: 3095e8e3 ("eCryptfs: Use skcipher and shash") Reported-by:
Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
-
- 11 Mar, 2016 9 commits
-
-
Tadeusz Struk authored
The default arbiter configuration for ring weights and response ordering is exactly what we want so we don't need to configure anything more. This will also fix the problem where number of bundles is different between different devices. Reported-by:
Ahsan Atta <ahsan.atta@intel.com> Signed-off-by:
Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by:
-
Vladimir Zapolskiy authored
The change fixes potential oops while accessing iomem on invalid address, if devm_ioremap_resource() fails due to some reason. The devm_ioremap_resource() function returns ERR_PTR() and never returns NULL, which makes useless a following check for NULL. Signed-off-by:
Vladimir Zapolskiy <vz@mleia.com> Fixes: 5a4eea26 ("crypto: ux500 - Use devm_xxx() managed function") Signed-off-by:
-
Vladimir Zapolskiy authored
The change fixes potential oops while accessing iomem on invalid address, if devm_ioremap_resource() fails due to some reason. The devm_ioremap_resource() function returns ERR_PTR() and never returns NULL, which makes useless a following check for NULL. Signed-off-by:
-
Pingchao Yang authored
The definition of icp_qat_uof_regtype should be coherent with the definition in firmware compiler. Signed-off-by:
Yang Pingchao <pingchao.yang@intel.com> Signed-off-by:
-
Arnd Bergmann authored
The exynos random driver uses #ifdef to check for CONFIG_PM, but then uses SIMPLE_DEV_PM_OPS, which leaves the references out when CONFIG_PM_SLEEP is not defined, so we get a warning with PM=y && PM_SLEEP=n: drivers/char/hw_random/exynos-rng.c:166:12: error: 'exynos_rng_suspend' defined but not used [-Werror=unused-function] drivers/char/hw_random/exynos-rng.c:171:12: error: 'exynos_rng_resume' defined but not used [-Werror=unused-function] This removes the incorrect #ifdef and instead uses a __maybe_unused annotation to let the compiler know it can silently drop the function definition. Signed-off-by:
Arnd Bergmann <arnd@arndb.de> Reviewed-by:
Krzysztof Kozlowski <k.kozlowski@samsung.com> Signed-off-by:
-
Gary R Hook authored
Support for different generations of the coprocessor requires that an abstraction layer be implemented for interacting with the hardware. This patch splits out version-specific functions to a separate file and populates the version structure (acting as a driver) with function pointers. Signed-off-by:
Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by:
-
Gary R Hook authored
Future hardware may introduce new algorithms wherein the driver will need to manage resources for different versions of the cryptographic coprocessor. This precursor patch determines the version of the available device, and marks and registers algorithms accordingly. A structure is added which manages the version-specific data. Signed-off-by:
-
Gary R Hook authored
Enable management of >1 CCPs in a system. Each device will get a unique identifier, as well as uniquely named resources. Treat each CCP as an orthogonal unit and register resources individually. Signed-off-by:
-
Gary R Hook authored
Each x86 SoC will make use of a unique PCI ID for the CCP device so it is not necessary to check for the CPU family and model. Signed-off-by:
-
- 27 Feb, 2016 8 commits
-
-
Tom Lendacky authored
Since a crypto_ahash_import() can be called against a request context that has not had a crypto_ahash_init() performed, the request context needs to be cleared to insure there is no random data present. If not, the random data can result in a kernel oops during crypto_ahash_update(). Cc: <stable@vger.kernel.org> # 3.14.x- Signed-off-by:
-
Arnd Bergmann authored
When we use CONFIG_PROFILE_ALL_BRANCHES, every 'if()' introduces a static variable, but that is not allowed in 'extern inline' functions: mpi-inline.h:116:204: warning: '______f' is static but declared in inline function 'mpihelp_sub' which is not static mpi-inline.h:113:184: warning: '______f' is static but declared in inline function 'mpihelp_sub' which is not static mpi-inline.h:70:184: warning: '______f' is static but declared in inline function 'mpihelp_add' which is not static mpi-inline.h:56:204: warning: '______f' is static but declared in inline function 'mpihelp_add_1' which is not static This changes the MPI code to use 'static inline' instead, to get rid of hundreds of warnings. Signed-off-by:
-
Arnd Bergmann authored
A wrapper around the umull assembly instruction might reuse the input register as an output, which is undefined on some ARM machines, as pointed out by this assembler warning: CC lib/mpi/generic_mpih-mul1.o /tmp/ccxJuxIy.s: Assembler messages: /tmp/ccxJuxIy.s:53: rdhi, rdlo and rm must all be different CC lib/mpi/generic_mpih-mul2.o /tmp/ccI0scAD.s: Assembler messages: /tmp/ccI0scAD.s:53: rdhi, rdlo and rm must all be different CC lib/mpi/generic_mpih-mul3.o /tmp/ccMvVQcp.s: Assembler messages: /tmp/ccMvVQcp.s:53: rdhi, rdlo and rm must all be different This changes the constraints to force different registers to be used as output. Signed-off-by:
-
Álvaro Fernández Rojas authored
Allow building when OF is not enabled as suggested by Florian Signed-off-by:
Álvaro Fernández Rojas <noltari@gmail.com> Reported-by:
Florian Fainelli <f.fainelli@gmail.com> Signed-off-by:
-
Marcus Meissner authored
RFC 3686 CTR in various authenc methods. rfc3686(ctr(aes)) is already marked fips compliant, so these should be fine. Signed-off-by:
Marcus Meissner <meissner@suse.de> Acked-by:
Stephan Mueller <smueller@chronox.de> Signed-off-by:
-
Pingchao Yang authored
Signed-off-by:
-
Michal Marek authored
The limbs are integers in the host endianness, so we can't simply iterate over the individual bytes. The current code happens to work on little-endian, because the order of the limbs in the MPI array is the same as the order of the bytes in each limb, but it breaks on big-endian. Fixes: 0f74fbf7 ("MPI: Fix mpi_read_buffer") Signed-off-by:
Michal Marek <mmarek@suse.com> Signed-off-by:
-
Zain Wang authored
Add md5 sha1 sha256 support for crypto engine in rk3288. Signed-off-by:
Zain Wang <zain.wang@rock-chips.com> Signed-off-by:
-
- 17 Feb, 2016 1 commit
-
-
Stephan Mueller authored
Commit 28856a9e missed the addition of the crypto/xts.h include file for different architecture-specific AES implementations. Signed-off-by:
-
- 16 Feb, 2016 12 commits
-
-
Stephan Mueller authored
The crypto API received the skcipher API which is intended to replace the ablkcipher and blkcipher API. This patch adds the skcipher API documentation to the DocBook, updates the code sample (including removing the blkcipher example) replaces the references to ablkcipher and blkcipher with skcipher. Signed-off-by:
-
Stephan Mueller authored
The associated data handling with the kernel crypto API has been updated. This needs to be reflected in the documentation. Signed-off-by:
-
Stephan Mueller authored
Add new crypto API call crypto_rng_generate to DocBook. Signed-off-by:
-
Stephan Mueller authored
Reference the new akcipher API calls in the kernel crypto API DocBook. Also, fix the comments in the akcipher.h file: double dashes do not look good in the DocBook; fix a typo. Signed-off-by:
-
Fabio Estevam authored
caam_jr_shutdown() is only used in this file, so it can be made static. This avoids the following sparse warning: drivers/crypto/caam/jr.c:68:5: warning: symbol 'caam_jr_shutdown' was not declared. Should it be static? Signed-off-by:
Fabio Estevam <fabio.estevam@nxp.com> Signed-off-by:
-
Tadeusz Struk authored
Fix a leak on error path in qat asym Reported-by:
Salvatore Benedetto <salvatore.benedetto@intel.com> Signed-off-by:
-
Stephan Mueller authored
The patch centralizes the XTS key check logic into the service function xts_check_key which is invoked from the different XTS implementations. With this, the XTS implementations in ARM, ARM64, PPC and S390 have now a sanity check for the XTS keys similar to the other arches. In addition, this service function received a check to ensure that the key != the tweak key which is mandated by FIPS 140-2 IG A.9. As the check is not present in the standards defining XTS, it is only enforced in FIPS mode of the kernel. Signed-off-by:
-
Joshua Henderson authored
Add support for the hardware true random number generator peripheral found on PIC32. Signed-off-by:
Joshua Henderson <joshua.henderson@microchip.com> Signed-off-by:
Purna Chandra Mandal <purna.mandal@microchip.com> Reviewed-by:
Daniel Thompson <daniel.thompson@linaro.org> Signed-off-by:
-
Joshua Henderson authored
Document the devicetree bindings for the random number generator found on Microchip PIC32 class devices. Signed-off-by:
Rob Herring <robh@kernel.org> Signed-off-by:
-
Cyrille Pitchen authored
When (!ctx->bufcnt && !(ctx->flags & SHA_FLAGS_PAD)), the former source code used to set the SHA_FLAGS_BUSY without checking whether this flag was already set. If so, the hardware is already processing another hash request so the processing of the req argument of atmel_sha_final() should be delayed by queueing this request, the same way as done for the (ctx->bufcnt != 0) case. Signed-off-by:
Cyrille Pitchen <cyrille.pitchen@atmel.com> Signed-off-by:
-
Cyrille Pitchen authored
Using only the digest, digcnt[], bufcnt and buffer[] fields of the struct atmel_sha_reqctx was not enough to import/export the request state, so now we use the whole structure. Signed-off-by:
-
Marcus Meissner authored
(2nd try that adds missing , to build.) Signed-off-by:
-
- 09 Feb, 2016 1 commit
-
-
Herbert Xu authored
This needs to go through the security tree so I'm reverting the patches for now. Signed-off-by:
-
- 06 Feb, 2016 3 commits
-
-
Marcus Meissner authored
Some more authenc() wrapped algorithms are FIPS compliant, tag them as such. Signed-off-by:
-
Jerome Marchand authored
__test_aead() reads MAX_IVLEN bytes from template[i].iv, but the actual length of the initialisation vector can be shorter. The length of the IV is already calculated earlier in the function. Let's just reuses that. Also the IV length is currently calculated several time for no reason. Let's fix that too. This fix an out-of-bound error detected by KASan. Signed-off-by:
Jerome Marchand <jmarchan@redhat.com> Signed-off-by:
-
Fabio Estevam authored
Currently the sahara driver fails to probe: sahara: probe of 63ff8000.crypto failed with error -22 This happens since commit 8996eafd ("crypto: ahash - ensure statesize is non-zero"), which requires statesize to be filled. Pass the statesize members for sha1 and sha256, so we can probe the driver successfully again. Signed-off-by:
-
