From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Atul Gupta <atul.gupta@chelsio.com>,
Eric Biggers <ebiggers@google.com>,
Herbert Xu <herbert@gondor.apana.org.au>
Subject: [PATCH 4.14 13/89] crypto: chelsio - fix writing tfm flags to wrong place
Date: Mon, 3 Feb 2020 16:18:58 +0000 [thread overview]
Message-ID: <20200203161918.621197108@linuxfoundation.org> (raw)
In-Reply-To: <20200203161916.847439465@linuxfoundation.org>
From: Eric Biggers <ebiggers@google.com>
commit bd56cea012fc2d6381e8cd3209510ce09f9de8c9 upstream.
The chelsio crypto driver is casting 'struct crypto_aead' directly to
'struct crypto_tfm', which is incorrect because the crypto_tfm isn't the
first field of 'struct crypto_aead'. Consequently, the calls to
crypto_tfm_set_flags() are modifying some other field in the struct.
Also, the driver is setting CRYPTO_TFM_RES_BAD_KEY_LEN in
->setauthsize(), not just in ->setkey(). This is incorrect since this
flag is for bad key lengths, not for bad authentication tag lengths.
Fix these bugs by removing the broken crypto_tfm_set_flags() calls from
->setauthsize() and by fixing them in ->setkey().
Fixes: 324429d74127 ("chcr: Support for Chelsio's Crypto Hardware")
Cc: <stable@vger.kernel.org> # v4.9+
Cc: Atul Gupta <atul.gupta@chelsio.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/crypto/chelsio/chcr_algo.c | 16 +++-------------
1 file changed, 3 insertions(+), 13 deletions(-)
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -2693,9 +2693,6 @@ static int chcr_gcm_setauthsize(struct c
aeadctx->mayverify = VERIFY_SW;
break;
default:
-
- crypto_tfm_set_flags((struct crypto_tfm *) tfm,
- CRYPTO_TFM_RES_BAD_KEY_LEN);
return -EINVAL;
}
return crypto_aead_setauthsize(aeadctx->sw_cipher, authsize);
@@ -2720,8 +2717,6 @@ static int chcr_4106_4309_setauthsize(st
aeadctx->mayverify = VERIFY_HW;
break;
default:
- crypto_tfm_set_flags((struct crypto_tfm *)tfm,
- CRYPTO_TFM_RES_BAD_KEY_LEN);
return -EINVAL;
}
return crypto_aead_setauthsize(aeadctx->sw_cipher, authsize);
@@ -2762,8 +2757,6 @@ static int chcr_ccm_setauthsize(struct c
aeadctx->mayverify = VERIFY_HW;
break;
default:
- crypto_tfm_set_flags((struct crypto_tfm *)tfm,
- CRYPTO_TFM_RES_BAD_KEY_LEN);
return -EINVAL;
}
return crypto_aead_setauthsize(aeadctx->sw_cipher, authsize);
@@ -2790,8 +2783,7 @@ static int chcr_ccm_common_setkey(struct
ck_size = CHCR_KEYCTX_CIPHER_KEY_SIZE_256;
mk_size = CHCR_KEYCTX_MAC_KEY_SIZE_256;
} else {
- crypto_tfm_set_flags((struct crypto_tfm *)aead,
- CRYPTO_TFM_RES_BAD_KEY_LEN);
+ crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
aeadctx->enckey_len = 0;
return -EINVAL;
}
@@ -2831,8 +2823,7 @@ static int chcr_aead_rfc4309_setkey(stru
int error;
if (keylen < 3) {
- crypto_tfm_set_flags((struct crypto_tfm *)aead,
- CRYPTO_TFM_RES_BAD_KEY_LEN);
+ crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
aeadctx->enckey_len = 0;
return -EINVAL;
}
@@ -2883,8 +2874,7 @@ static int chcr_gcm_setkey(struct crypto
} else if (keylen == AES_KEYSIZE_256) {
ck_size = CHCR_KEYCTX_CIPHER_KEY_SIZE_256;
} else {
- crypto_tfm_set_flags((struct crypto_tfm *)aead,
- CRYPTO_TFM_RES_BAD_KEY_LEN);
+ crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
pr_err("GCM: Invalid key length %d\n", keylen);
ret = -EINVAL;
goto out;
next prev parent reply other threads:[~2020-02-03 16:28 UTC|newest]
Thread overview: 95+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-03 16:18 [PATCH 4.14 00/89] 4.14.170-stable review Greg Kroah-Hartman
2020-02-03 16:18 ` [PATCH 4.14 01/89] orinoco_usb: fix interface sanity check Greg Kroah-Hartman
2020-02-03 16:18 ` [PATCH 4.14 02/89] rsi_91x_usb: " Greg Kroah-Hartman
2020-02-03 16:18 ` [PATCH 4.14 03/89] USB: serial: ir-usb: add missing endpoint " Greg Kroah-Hartman
2020-02-03 16:18 ` [PATCH 4.14 04/89] USB: serial: ir-usb: fix link-speed handling Greg Kroah-Hartman
2020-02-03 16:18 ` [PATCH 4.14 05/89] USB: serial: ir-usb: fix IrLAP framing Greg Kroah-Hartman
2020-02-03 16:18 ` [PATCH 4.14 06/89] usb: dwc3: turn off VBUS when leaving host mode Greg Kroah-Hartman
2020-02-03 16:18 ` [PATCH 4.14 07/89] staging: most: net: fix buffer overflow Greg Kroah-Hartman
2020-02-03 16:18 ` [PATCH 4.14 08/89] staging: wlan-ng: ensure error return is actually returned Greg Kroah-Hartman
2020-02-03 16:18 ` [PATCH 4.14 09/89] staging: vt6656: correct packet types for CTS protect, mode Greg Kroah-Hartman
2020-02-03 16:18 ` [PATCH 4.14 10/89] staging: vt6656: use NULLFUCTION stack on mac80211 Greg Kroah-Hartman
2020-02-03 16:18 ` [PATCH 4.14 11/89] staging: vt6656: Fix false Tx excessive retries reporting Greg Kroah-Hartman
2020-02-03 16:18 ` [PATCH 4.14 12/89] serial: 8250_bcm2835aux: Fix line mismatch on driver unbind Greg Kroah-Hartman
2020-02-03 16:18 ` Greg Kroah-Hartman [this message]
2020-02-03 16:18 ` [PATCH 4.14 14/89] ath9k: fix storage endpoint lookup Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 15/89] brcmfmac: fix interface sanity check Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 16/89] rtl8xxxu: " Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 17/89] zd1211rw: fix storage endpoint lookup Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 18/89] arc: eznps: fix allmodconfig kconfig warning Greg Kroah-Hartman
2020-02-03 16:19 ` Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 19/89] HID: ite: Add USB id match for Acer SW5-012 keyboard dock Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 20/89] phy: cpcap-usb: Prevent USB line glitches from waking up modem Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 21/89] watchdog: max77620_wdt: fix potential build errors Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 22/89] watchdog: rn5t618_wdt: fix module aliases Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 23/89] spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 24/89] drivers/net/b44: Change to non-atomic bit operations on pwol_mask Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 25/89] net: wan: sdla: Fix cast from pointer to integer of different size Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 26/89] gpio: max77620: Add missing dependency on GPIOLIB_IRQCHIP Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 27/89] atm: eni: fix uninitialized variable warning Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 28/89] PCI: Add DMA alias quirk for Intel VCA NTB Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 29/89] usb-storage: Disable UAS on JMicron SATA enclosure Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 30/89] net_sched: ematch: reject invalid TCF_EM_SIMPLE Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 31/89] rsi: fix use-after-free on probe errors Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 32/89] crypto: af_alg - Use bh_lock_sock in sk_destruct Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 33/89] vfs: fix do_last() regression Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 34/89] x86/resctrl: Fix use-after-free when deleting resource groups Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 35/89] x86/resctrl: Fix use-after-free due to inaccurate refcount of rdtgroup Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 36/89] x86/resctrl: Fix a deadlock due to inaccurate reference Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 37/89] crypto: pcrypt - Fix user-after-free on module unload Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 38/89] perf c2c: Fix return type for histogram sorting comparision functions Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 39/89] PM / devfreq: Add new name attribute for sysfs Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 40/89] tools lib: Fix builds when glibc contains strlcpy() Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 41/89] arm64: kbuild: remove compressed images on make ARCH=arm64 (dist)clean Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 42/89] ext4: validate the debug_want_extra_isize mount option at parse time Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 43/89] mm/mempolicy.c: fix out of bounds write in mpol_parse_str() Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 44/89] reiserfs: Fix memory leak of journal device string Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 45/89] media: digitv: dont continue if remote control state cant be read Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 46/89] media: af9005: uninitialized variable printked Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 47/89] media: gspca: zero usb_buf Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 48/89] media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0 Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 49/89] ttyprintk: fix a potential deadlock in interrupt context issue Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 50/89] Bluetooth: Fix race condition in hci_release_sock() Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 51/89] cgroup: Prevent double killing of css when enabling threaded cgroup Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 52/89] media: si470x-i2c: Move free() past last use of radio Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 53/89] ARM: dts: sun8i: a83t: Correct USB3503 GPIOs polarity Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 54/89] ARM: dts: beagle-x15-common: Model 5V0 regulator Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 55/89] soc: ti: wkup_m3_ipc: Fix race condition with rproc_boot Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 56/89] mac80211: mesh: restrict airtime metric to peered established plinks Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 57/89] clk: mmp2: Fix the order of timer mux parents Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 58/89] ixgbevf: Remove limit of 10 entries for unicast filter list Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 59/89] ixgbe: Fix calculation of queue with VFs and flow director on interface flap Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 60/89] igb: Fix SGMII SFP module discovery for 100FX/LX Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 61/89] ASoC: sti: fix possible sleep-in-atomic Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 62/89] qmi_wwan: Add support for Quectel RM500Q Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 63/89] wireless: fix enabling channel 12 for custom regulatory domain Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 64/89] cfg80211: Fix radar event during another phy CAC Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 65/89] mac80211: Fix TKIP replay protection immediately after key setup Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 66/89] wireless: wext: avoid gcc -O3 warning Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 67/89] net: dsa: bcm_sf2: Configure IMP port for 2Gb/sec Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 68/89] bnxt_en: Fix ipv6 RFS filter matching logic Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 69/89] iwlwifi: mvm: fix NVM check for 3168 devices Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 70/89] Input: aiptek - use descriptors of current altsetting Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 71/89] ARM: dts: am335x-boneblack-common: fix memory size Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 72/89] vti[6]: fix packet tx through bpf_redirect() Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 73/89] scsi: fnic: do not queue commands during fwreset Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.14 74/89] ARM: 8955/1: virt: Relax arch timer version check during early boot Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.14 75/89] tee: optee: Fix compilation issue with nommu Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.14 76/89] airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.14 77/89] airo: Add missing CAP_NET_ADMIN check " Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.14 78/89] r8152: get default setting of WOL before initializing Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.14 79/89] qlcnic: Fix CPU soft lockup while collecting firmware dump Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.14 80/89] powerpc/fsl/dts: add fsl,erratum-a011043 Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.14 81/89] net/fsl: treat fsl,erratum-a011043 Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.14 82/89] net: fsl/fman: rename IF_MODE_XGMII to IF_MODE_10G Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.14 83/89] net/sonic: Add mutual exclusion for accessing shared state Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.14 84/89] net/sonic: Use MMIO accessors Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.14 85/89] net/sonic: Fix receive buffer handling Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.14 86/89] net/sonic: Quiesce SONIC before re-initializing descriptor memory Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.14 87/89] seq_tab_next() should increase position index Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.14 88/89] l2t_seq_next " Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.14 89/89] net: Fix skb->csum update in inet_proto_csum_replace16() Greg Kroah-Hartman
[not found] ` <20200203161916.847439465-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>
2020-02-03 21:39 ` [PATCH 4.14 00/89] 4.14.170-stable review Jon Hunter
2020-02-03 21:39 ` Jon Hunter
2020-02-04 10:03 ` Naresh Kamboju
2020-02-04 17:19 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200203161918.621197108@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=atul.gupta@chelsio.com \
--cc=ebiggers@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.