linux/crypto, branch v3.1

crypto: ghash - Avoid null pointer dereference if no key is set

2011-10-21T11:18:42Z

The ghash_update function passes a pointer to gf128mul_4k_lle which will be NULL if ghash_setkey is not called or if the most recent call to ghash_setkey failed to allocate memory. This causes an oops. Fix this up by returning an error code in the null case. This is trivially triggered from unprivileged userspace through the AF_ALG interface by simply writing to the socket without setting a key. The ghash_final function has a similar issue, but triggering it requires a memory allocation failure in ghash_setkey _after_ at least one successful call to ghash_update. BUG: unable to handle kernel NULL pointer dereference at 00000670 IP: [] gf128mul_4k_lle+0x23/0x60 [gf128mul] *pde = 00000000 Oops: 0000 [#1] PREEMPT SMP Modules linked in: ghash_generic gf128mul algif_hash af_alg nfs lockd nfs_acl sunrpc bridge ipv6 stp llc Pid: 1502, comm: hashatron Tainted: G W 3.1.0-rc9-00085-ge9308cf #32 Bochs Bochs EIP: 0060:[] EFLAGS: 00000202 CPU: 0 EIP is at gf128mul_4k_lle+0x23/0x60 [gf128mul] EAX: d69db1f0 EBX: d6b8ddac ECX: 00000004 EDX: 00000000 ESI: 00000670 EDI: d6b8ddac EBP: d6b8ddc8 ESP: d6b8dda4 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 Process hashatron (pid: 1502, ti=d6b8c000 task=d6810000 task.ti=d6b8c000) Stack: 00000000 d69db1f0 00000163 00000000 d6b8ddc8 c101a520 d69db1f0 d52aa000 00000ff0 d6b8dde8 d88d310f d6b8a3f8 d52aa000 00001000 d88d502c d6b8ddfc 00001000 d6b8ddf4 c11676ed d69db1e8 d6b8de24 c11679ad d52aa000 00000000 Call Trace: [] ? kmap_atomic_prot+0x37/0xa6 [] ghash_update+0x85/0xbe [ghash_generic] [] crypto_shash_update+0x18/0x1b [] shash_ahash_update+0x22/0x36 [] shash_async_update+0xb/0xd [] hash_sendpage+0xba/0xf2 [algif_hash] [] kernel_sendpage+0x39/0x4e [] ? 0xd88cdfff [] sock_sendpage+0x37/0x3e [] ? kernel_sendpage+0x4e/0x4e [] pipe_to_sendpage+0x56/0x61 [] splice_from_pipe_feed+0x58/0xcd [] ? splice_from_pipe_begin+0x10/0x10 [] __splice_from_pipe+0x36/0x55 [] ? splice_from_pipe_begin+0x10/0x10 [] splice_from_pipe+0x51/0x64 [] ? default_file_splice_write+0x2c/0x2c [] generic_splice_sendpage+0x13/0x15 [] ? splice_from_pipe_begin+0x10/0x10 [] do_splice_from+0x5d/0x67 [] sys_splice+0x2bf/0x363 [] ? sysenter_exit+0xf/0x16 [] ? trace_hardirqs_on_caller+0x10e/0x13f [] sysenter_do_call+0x12/0x32 Code: 83 c4 0c 5b 5e 5f c9 c3 55 b9 04 00 00 00 89 e5 57 8d 7d e4 56 53 8d 5d e4 83 ec 18 89 45 e0 89 55 dc 0f b6 70 0f c1 e6 04 01 d6 a5 be 0f 00 00 00 4e 89 d8 e8 48 ff ff ff 8b 45 e0 89 da 0f EIP: [] gf128mul_4k_lle+0x23/0x60 [gf128mul] SS:ESP 0068:d6b8dda4 CR2: 0000000000000670 ---[ end trace 4eaa2a86a8e2da24 ]--- note: hashatron[1502] exited with preempt_count 1 BUG: scheduling while atomic: hashatron/1502/0x10000002 INFO: lockdep is turned off. [...] Signed-off-by: Nick Bowler Cc: stable@kernel.org [2.6.37+] Signed-off-by: Herbert Xu

crypto: Move md5_transform to lib/md5.c

2011-08-07T01:32:45Z

We are going to use this for TCP/IP sequence number and fragment ID generation. Signed-off-by: David S. Miller

atomic: use

2011-07-26T23:49:47Z

This allows us to move duplicated code in (atomic_inc_not_zero() for now) to Signed-off-by: Arun Sharma Reviewed-by: Eric Dumazet Cc: Ingo Molnar Cc: David Miller Cc: Eric Dumazet Acked-by: Mike Frysinger Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial

2011-07-25T20:56:39Z

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (43 commits) fs: Merge split strings treewide: fix potentially dangerous trailing ';' in #defined values/expressions uwb: Fix misspelling of neighbourhood in comment net, netfilter: Remove redundant goto in ebt_ulog_packet trivial: don't touch files that are removed in the staging tree lib/vsprintf: replace link to Draft by final RFC number doc: Kconfig: `to be' -> `be' doc: Kconfig: Typo: square -> squared doc: Konfig: Documentation/power/{pm => apm-acpi}.txt drivers/net: static should be at beginning of declaration drivers/media: static should be at beginning of declaration drivers/i2c: static should be at beginning of declaration XTENSA: static should be at beginning of declaration SH: static should be at beginning of declaration MIPS: static should be at beginning of declaration ARM: static should be at beginning of declaration rcu: treewide: Do not use rcu_read_lock_held when calling rcu_dereference_check Update my e-mail address PCIe ASPM: forcedly -> forcibly gma500: push through device driver tree ... Fix up trivial conflicts: - arch/arm/mach-ep93xx/dma-m2p.c (deleted) - drivers/gpio/gpio-ep93xx.c (renamed and context nearby) - drivers/net/r8169.c (just context changes)

Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

2011-07-24T16:05:32Z

* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (34 commits) crypto: caam - ablkcipher support crypto: caam - faster aead implementation crypto: caam - structure renaming crypto: caam - shorter names crypto: talitos - don't bad_key in ablkcipher setkey crypto: talitos - remove unused giv from ablkcipher methods crypto: talitos - don't set done notification in hot path crypto: talitos - ensure request ordering within a single tfm crypto: gf128mul - fix call to memset() crypto: s390 - support hardware accelerated SHA-224 crypto: algif_hash - Handle initial af_alg_make_sg error correctly crypto: sha1_generic - use SHA1_BLOCK_SIZE hwrng: ppc4xx - add support for ppc4xx TRNG crypto: crypto4xx - Perform read/modify/write on device control register crypto: caam - fix build warning when DEBUG_FS not configured crypto: arc4 - Fixed coding style issues crypto: crc32c - Fixed coding style issue crypto: omap-sham - do not schedule tasklet if there is no active requests crypto: omap-sham - clear device flags when finishing request crypto: omap-sham - irq handler must not clear error code ...

doc: Kconfig: `to be' -> `be'

2011-07-11T12:23:35Z

Also, a comma was inserted to offset a modifier. Signed-off-by: Michael Witten Signed-off-by: Jiri Kosina

crypto: gf128mul - fix call to memset()

2011-07-08T09:21:21Z

In gf128mul_lle() and gf128mul_bbe() r isn't completely initialized with zero because the size argument passed to memset() is the size of the pointer, not the structure it points to. Luckily there are no in-kernel users of those functions so the ABI change implied by this fix should break no existing code. Based on a patch by the PaX Team. Signed-off-by: Mathias Krause Cc: PaX Team Acked-by: David S. Miller Signed-off-by: Herbert Xu

Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

2011-07-06T06:23:37Z

crypto: algif_hash - Handle initial af_alg_make_sg error correctly

2011-06-29T23:44:06Z

When the first call to af_alg_make_sg fails, we may return garbage instead of the real error. This patch fixes it by setting the error if "copied" is zero. Based on a patch by Jesper Juhl. Reported-by: Jesper Juhl Signed-off-by: Herbert Xu

crypto: sha1_generic - use SHA1_BLOCK_SIZE

2011-06-29T23:44:06Z

Modify sha1_update to use SHA1_BLOCK_SIZE. Signed-off-by: Mandeep Singh Baines Signed-off-by: Herbert Xu