From b802db1451d3f0e056f88947a82256c3d3ed1b4a Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Mon, 6 Jul 2015 19:11:03 +0800 Subject: crypto: cryptd - Fix AEAD request context corruption The AEAD version of cryptd uses the same context for its own state as well as that of the child. In doing so it did not maintain the proper ordering, thus resulting in potential state corruption where the child will overwrite the state stored by cryptd. This patch fixes and also sets the request size properly. Signed-off-by: Herbert Xu --- crypto/cryptd.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'crypto/cryptd.c') diff --git a/crypto/cryptd.c b/crypto/cryptd.c index 22ba81f7..2f833dcc 100644 --- a/crypto/cryptd.c +++ b/crypto/cryptd.c @@ -688,16 +688,18 @@ static void cryptd_aead_crypt(struct aead_request *req, int (*crypt)(struct aead_request *req)) { struct cryptd_aead_request_ctx *rctx; + crypto_completion_t compl; + rctx = aead_request_ctx(req); + compl = rctx->complete; if (unlikely(err == -EINPROGRESS)) goto out; aead_request_set_tfm(req, child); err = crypt( req ); - req->base.complete = rctx->complete; out: local_bh_disable(); - rctx->complete(&req->base, err); + compl(&req->base, err); local_bh_enable(); } @@ -756,7 +758,9 @@ static int cryptd_aead_init_tfm(struct crypto_aead *tfm) return PTR_ERR(cipher); ctx->child = cipher; - crypto_aead_set_reqsize(tfm, sizeof(struct cryptd_aead_request_ctx)); + crypto_aead_set_reqsize( + tfm, max((unsigned)sizeof(struct cryptd_aead_request_ctx), + crypto_aead_reqsize(cipher))); return 0; } @@ -775,7 +779,7 @@ static int cryptd_create_aead(struct crypto_template *tmpl, struct aead_alg *alg; const char *name; u32 type = 0; - u32 mask = 0; + u32 mask = CRYPTO_ALG_ASYNC; int err; cryptd_check_internal(tb, &type, &mask); -- cgit v1.2.3 From e53df306b2717ba18c5a92245dece4f369ec8b92 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 9 Jul 2015 07:17:19 +0800 Subject: crypto: cryptd - Propagate new AEAD implementation flag This patch allows the CRYPTO_ALG_AEAD_NEW flag to be propagated. Signed-off-by: Herbert Xu --- crypto/cryptd.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'crypto/cryptd.c') diff --git a/crypto/cryptd.c b/crypto/cryptd.c index 2f833dcc..360ee855 100644 --- a/crypto/cryptd.c +++ b/crypto/cryptd.c @@ -176,10 +176,9 @@ static inline void cryptd_check_internal(struct rtattr **tb, u32 *type, algt = crypto_get_attr_type(tb); if (IS_ERR(algt)) return; - if ((algt->type & CRYPTO_ALG_INTERNAL)) - *type |= CRYPTO_ALG_INTERNAL; - if ((algt->mask & CRYPTO_ALG_INTERNAL)) - *mask |= CRYPTO_ALG_INTERNAL; + + *type |= algt->type & (CRYPTO_ALG_INTERNAL | CRYPTO_ALG_AEAD_NEW); + *mask |= algt->mask & (CRYPTO_ALG_INTERNAL | CRYPTO_ALG_AEAD_NEW); } static int cryptd_blkcipher_setkey(struct crypto_ablkcipher *parent, @@ -806,7 +805,9 @@ static int cryptd_create_aead(struct crypto_template *tmpl, goto out_drop_aead; inst->alg.base.cra_flags = CRYPTO_ALG_ASYNC | - (alg->base.cra_flags & CRYPTO_ALG_INTERNAL); + (alg->base.cra_flags & + (CRYPTO_ALG_INTERNAL | + CRYPTO_ALG_AEAD_NEW)); inst->alg.base.cra_ctxsize = sizeof(struct cryptd_aead_ctx); inst->alg.ivsize = crypto_aead_alg_ivsize(alg); -- cgit v1.2.3 From 2054d223bb40a1197077cb6fd4390176d9572672 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 13 Aug 2015 17:29:02 +0800 Subject: crypto: cryptd - Remove reference to crypto_aead_crt Pretty soon the crypto_aead encrypt/decrypt hooks will disappear as they are now always identical to those in struct aead_alg. This patch replaces the references to these hooks with the ones from aead_alg instead. Signed-off-by: Herbert Xu --- crypto/cryptd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'crypto/cryptd.c') diff --git a/crypto/cryptd.c b/crypto/cryptd.c index 360ee855..e5076f85 100644 --- a/crypto/cryptd.c +++ b/crypto/cryptd.c @@ -709,7 +709,7 @@ static void cryptd_aead_encrypt(struct crypto_async_request *areq, int err) struct aead_request *req; req = container_of(areq, struct aead_request, base); - cryptd_aead_crypt(req, child, err, crypto_aead_crt(child)->encrypt); + cryptd_aead_crypt(req, child, err, crypto_aead_alg(child)->encrypt); } static void cryptd_aead_decrypt(struct crypto_async_request *areq, int err) @@ -719,7 +719,7 @@ static void cryptd_aead_decrypt(struct crypto_async_request *areq, int err) struct aead_request *req; req = container_of(areq, struct aead_request, base); - cryptd_aead_crypt(req, child, err, crypto_aead_crt(child)->decrypt); + cryptd_aead_crypt(req, child, err, crypto_aead_alg(child)->decrypt); } static int cryptd_aead_enqueue(struct aead_request *req, -- cgit v1.2.3 From a185980d2413d2ba4935438bd6470b73e1e49b8b Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 13 Aug 2015 17:29:06 +0800 Subject: crypto: aead - Remove CRYPTO_ALG_AEAD_NEW flag This patch removes the CRYPTO_ALG_AEAD_NEW flag now that everyone has been converted. Signed-off-by: Herbert Xu --- crypto/aead.c | 6 ++---- crypto/algif_aead.c | 3 +-- crypto/authenc.c | 4 +--- crypto/authencesn.c | 4 +--- crypto/ccm.c | 8 ++------ crypto/chacha20poly1305.c | 4 +--- crypto/cryptd.c | 8 +++----- crypto/gcm.c | 12 +++--------- crypto/pcrypt.c | 5 +---- crypto/tcrypt.c | 7 +------ 10 files changed, 16 insertions(+), 45 deletions(-) (limited to 'crypto/cryptd.c') diff --git a/crypto/aead.c b/crypto/aead.c index c40df2c4..9b18a1e4 100644 --- a/crypto/aead.c +++ b/crypto/aead.c @@ -204,8 +204,7 @@ struct aead_instance *aead_geniv_alloc(struct crypto_template *tmpl, if (IS_ERR(algt)) return ERR_CAST(algt); - if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & - algt->mask & ~CRYPTO_ALG_AEAD_NEW) + if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) return ERR_PTR(-EINVAL); name = crypto_attr_alg_name(tb[1]); @@ -245,8 +244,7 @@ struct aead_instance *aead_geniv_alloc(struct crypto_template *tmpl, CRYPTO_MAX_ALG_NAME) goto err_drop_alg; - inst->alg.base.cra_flags = alg->base.cra_flags & - (CRYPTO_ALG_ASYNC | CRYPTO_ALG_AEAD_NEW); + inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC; inst->alg.base.cra_priority = alg->base.cra_priority; inst->alg.base.cra_blocksize = alg->base.cra_blocksize; inst->alg.base.cra_alignmask = alg->base.cra_alignmask; diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c index e0408a48..38a6cab7 100644 --- a/crypto/algif_aead.c +++ b/crypto/algif_aead.c @@ -514,8 +514,7 @@ static struct proto_ops algif_aead_ops = { static void *aead_bind(const char *name, u32 type, u32 mask) { - return crypto_alloc_aead(name, type | CRYPTO_ALG_AEAD_NEW, - mask | CRYPTO_ALG_AEAD_NEW); + return crypto_alloc_aead(name, type, mask); } static void aead_release(void *private) diff --git a/crypto/authenc.c b/crypto/authenc.c index bca3835b..55a354d5 100644 --- a/crypto/authenc.c +++ b/crypto/authenc.c @@ -393,8 +393,7 @@ static int crypto_authenc_create(struct crypto_template *tmpl, if (IS_ERR(algt)) return PTR_ERR(algt); - if ((algt->type ^ (CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_AEAD_NEW)) & - algt->mask) + if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) return -EINVAL; auth = ahash_attr_alg(tb[1], CRYPTO_ALG_TYPE_HASH, @@ -445,7 +444,6 @@ static int crypto_authenc_create(struct crypto_template *tmpl, goto err_drop_enc; inst->alg.base.cra_flags = enc->cra_flags & CRYPTO_ALG_ASYNC; - inst->alg.base.cra_flags |= CRYPTO_ALG_AEAD_NEW; inst->alg.base.cra_priority = enc->cra_priority * 10 + auth_base->cra_priority; inst->alg.base.cra_blocksize = enc->cra_blocksize; diff --git a/crypto/authencesn.c b/crypto/authencesn.c index c30393e2..0c046886 100644 --- a/crypto/authencesn.c +++ b/crypto/authencesn.c @@ -409,8 +409,7 @@ static int crypto_authenc_esn_create(struct crypto_template *tmpl, if (IS_ERR(algt)) return PTR_ERR(algt); - if ((algt->type ^ (CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_AEAD_NEW)) & - algt->mask) + if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) return -EINVAL; auth = ahash_attr_alg(tb[1], CRYPTO_ALG_TYPE_HASH, @@ -458,7 +457,6 @@ static int crypto_authenc_esn_create(struct crypto_template *tmpl, goto err_drop_enc; inst->alg.base.cra_flags = enc->cra_flags & CRYPTO_ALG_ASYNC; - inst->alg.base.cra_flags |= CRYPTO_ALG_AEAD_NEW; inst->alg.base.cra_priority = enc->cra_priority * 10 + auth_base->cra_priority; inst->alg.base.cra_blocksize = enc->cra_blocksize; diff --git a/crypto/ccm.c b/crypto/ccm.c index b63f96a0..cc31ea43 100644 --- a/crypto/ccm.c +++ b/crypto/ccm.c @@ -518,8 +518,7 @@ static int crypto_ccm_create_common(struct crypto_template *tmpl, if (IS_ERR(algt)) return PTR_ERR(algt); - if ((algt->type ^ (CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_AEAD_NEW)) & - algt->mask) + if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) return -EINVAL; cipher = crypto_alg_mod_lookup(cipher_name, CRYPTO_ALG_TYPE_CIPHER, @@ -571,7 +570,6 @@ static int crypto_ccm_create_common(struct crypto_template *tmpl, memcpy(inst->alg.base.cra_name, full_name, CRYPTO_MAX_ALG_NAME); inst->alg.base.cra_flags = ctr->cra_flags & CRYPTO_ALG_ASYNC; - inst->alg.base.cra_flags |= CRYPTO_ALG_AEAD_NEW; inst->alg.base.cra_priority = (cipher->cra_priority + ctr->cra_priority) / 2; inst->alg.base.cra_blocksize = 1; @@ -820,8 +818,7 @@ static int crypto_rfc4309_create(struct crypto_template *tmpl, if (IS_ERR(algt)) return PTR_ERR(algt); - if ((algt->type ^ (CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_AEAD_NEW)) & - algt->mask) + if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) return -EINVAL; ccm_name = crypto_attr_alg_name(tb[1]); @@ -861,7 +858,6 @@ static int crypto_rfc4309_create(struct crypto_template *tmpl, goto out_drop_alg; inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC; - inst->alg.base.cra_flags |= CRYPTO_ALG_AEAD_NEW; inst->alg.base.cra_priority = alg->base.cra_priority; inst->alg.base.cra_blocksize = 1; inst->alg.base.cra_alignmask = alg->base.cra_alignmask; diff --git a/crypto/chacha20poly1305.c b/crypto/chacha20poly1305.c index b71445f2..99c3cce0 100644 --- a/crypto/chacha20poly1305.c +++ b/crypto/chacha20poly1305.c @@ -585,8 +585,7 @@ static int chachapoly_create(struct crypto_template *tmpl, struct rtattr **tb, if (IS_ERR(algt)) return PTR_ERR(algt); - if ((algt->type ^ (CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_AEAD_NEW)) & - algt->mask) + if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) return -EINVAL; chacha_name = crypto_attr_alg_name(tb[1]); @@ -644,7 +643,6 @@ static int chachapoly_create(struct crypto_template *tmpl, struct rtattr **tb, inst->alg.base.cra_flags = (chacha->cra_flags | poly->cra_flags) & CRYPTO_ALG_ASYNC; - inst->alg.base.cra_flags |= CRYPTO_ALG_AEAD_NEW; inst->alg.base.cra_priority = (chacha->cra_priority + poly->cra_priority) / 2; inst->alg.base.cra_blocksize = 1; diff --git a/crypto/cryptd.c b/crypto/cryptd.c index e5076f85..c81861b1 100644 --- a/crypto/cryptd.c +++ b/crypto/cryptd.c @@ -177,8 +177,8 @@ static inline void cryptd_check_internal(struct rtattr **tb, u32 *type, if (IS_ERR(algt)) return; - *type |= algt->type & (CRYPTO_ALG_INTERNAL | CRYPTO_ALG_AEAD_NEW); - *mask |= algt->mask & (CRYPTO_ALG_INTERNAL | CRYPTO_ALG_AEAD_NEW); + *type |= algt->type & CRYPTO_ALG_INTERNAL; + *mask |= algt->mask & CRYPTO_ALG_INTERNAL; } static int cryptd_blkcipher_setkey(struct crypto_ablkcipher *parent, @@ -805,9 +805,7 @@ static int cryptd_create_aead(struct crypto_template *tmpl, goto out_drop_aead; inst->alg.base.cra_flags = CRYPTO_ALG_ASYNC | - (alg->base.cra_flags & - (CRYPTO_ALG_INTERNAL | - CRYPTO_ALG_AEAD_NEW)); + (alg->base.cra_flags & CRYPTO_ALG_INTERNAL); inst->alg.base.cra_ctxsize = sizeof(struct cryptd_aead_ctx); inst->alg.ivsize = crypto_aead_alg_ivsize(alg); diff --git a/crypto/gcm.c b/crypto/gcm.c index 0c9e33bd..ddb4f29b 100644 --- a/crypto/gcm.c +++ b/crypto/gcm.c @@ -634,8 +634,7 @@ static int crypto_gcm_create_common(struct crypto_template *tmpl, if (IS_ERR(algt)) return PTR_ERR(algt); - if ((algt->type ^ (CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_AEAD_NEW)) & - algt->mask) + if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) return -EINVAL; ghash_alg = crypto_find_alg(ghash_name, &crypto_ahash_type, @@ -690,7 +689,6 @@ static int crypto_gcm_create_common(struct crypto_template *tmpl, inst->alg.base.cra_flags = (ghash->base.cra_flags | ctr->cra_flags) & CRYPTO_ALG_ASYNC; - inst->alg.base.cra_flags |= CRYPTO_ALG_AEAD_NEW; inst->alg.base.cra_priority = (ghash->base.cra_priority + ctr->cra_priority) / 2; inst->alg.base.cra_blocksize = 1; @@ -935,8 +933,7 @@ static int crypto_rfc4106_create(struct crypto_template *tmpl, if (IS_ERR(algt)) return PTR_ERR(algt); - if ((algt->type ^ (CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_AEAD_NEW)) & - algt->mask) + if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) return -EINVAL; ccm_name = crypto_attr_alg_name(tb[1]); @@ -976,7 +973,6 @@ static int crypto_rfc4106_create(struct crypto_template *tmpl, goto out_drop_alg; inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC; - inst->alg.base.cra_flags |= CRYPTO_ALG_AEAD_NEW; inst->alg.base.cra_priority = alg->base.cra_priority; inst->alg.base.cra_blocksize = 1; inst->alg.base.cra_alignmask = alg->base.cra_alignmask; @@ -1175,8 +1171,7 @@ static int crypto_rfc4543_create(struct crypto_template *tmpl, if (IS_ERR(algt)) return PTR_ERR(algt); - if ((algt->type ^ (CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_AEAD_NEW)) & - algt->mask) + if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) return -EINVAL; ccm_name = crypto_attr_alg_name(tb[1]); @@ -1217,7 +1212,6 @@ static int crypto_rfc4543_create(struct crypto_template *tmpl, goto out_drop_alg; inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC; - inst->alg.base.cra_flags |= CRYPTO_ALG_AEAD_NEW; inst->alg.base.cra_priority = alg->base.cra_priority; inst->alg.base.cra_blocksize = 1; inst->alg.base.cra_alignmask = alg->base.cra_alignmask; diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c index 001a3a3e..ee9cfb99 100644 --- a/crypto/pcrypt.c +++ b/crypto/pcrypt.c @@ -295,9 +295,7 @@ static int pcrypt_create_aead(struct crypto_template *tmpl, struct rtattr **tb, ctx = aead_instance_ctx(inst); crypto_set_aead_spawn(&ctx->spawn, aead_crypto_instance(inst)); - err = crypto_grab_aead(&ctx->spawn, name, - algt->type & CRYPTO_ALG_AEAD_NEW, - algt->mask & CRYPTO_ALG_AEAD_NEW); + err = crypto_grab_aead(&ctx->spawn, name, 0, 0); if (err) goto out_free_inst; @@ -307,7 +305,6 @@ static int pcrypt_create_aead(struct crypto_template *tmpl, struct rtattr **tb, goto out_drop_aead; inst->alg.base.cra_flags = CRYPTO_ALG_ASYNC; - inst->alg.base.cra_flags |= alg->base.cra_flags & CRYPTO_ALG_AEAD_NEW; inst->alg.ivsize = crypto_aead_alg_ivsize(alg); inst->alg.maxauthsize = crypto_aead_alg_maxauthsize(alg); diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c index e9a05ba2..2b00b617 100644 --- a/crypto/tcrypt.c +++ b/crypto/tcrypt.c @@ -344,12 +344,7 @@ static void test_aead_speed(const char *algo, int enc, unsigned int secs, goto out_nosg; sgout = &sg[9]; - tfm = crypto_alloc_aead(algo, CRYPTO_ALG_AEAD_NEW, - CRYPTO_ALG_AEAD_NEW); - if (PTR_ERR(tfm) == -ENOENT) { - aad_size -= 8; - tfm = crypto_alloc_aead(algo, 0, CRYPTO_ALG_AEAD_NEW); - } + tfm = crypto_alloc_aead(algo, 0, 0); if (IS_ERR(tfm)) { pr_err("alg: aead: Failed to load transform for %s: %ld\n", algo, -- cgit v1.2.3