From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Stephan Mueller <smueller@chronox.de>,
Herbert Xu <herbert@gondor.apana.org.au>
Subject: [PATCH 4.9 30/80] crypto: algif_aead - Require setkey before accept(2)
Date: Thu, 18 May 2017 12:48:12 +0200 [thread overview]
Message-ID: <20170518104835.224209126@linuxfoundation.org> (raw)
In-Reply-To: <20170518104833.667298773@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stephan Mueller <smueller@chronox.de>
commit 2a2a251f110576b1d89efbd0662677d7e7db21a8 upstream.
Some cipher implementations will crash if you try to use them
without calling setkey first. This patch adds a check so that
the accept(2) call will fail with -ENOKEY if setkey hasn't been
done on the socket yet.
Fixes: 400c40cf78da ("crypto: algif - add AEAD support")
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
crypto/algif_aead.c | 157 +++++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 149 insertions(+), 8 deletions(-)
--- a/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -44,6 +44,11 @@ struct aead_async_req {
char iv[];
};
+struct aead_tfm {
+ struct crypto_aead *aead;
+ bool has_key;
+};
+
struct aead_ctx {
struct aead_sg_list tsgl;
struct aead_async_rsgl first_rsgl;
@@ -732,24 +737,146 @@ static struct proto_ops algif_aead_ops =
.poll = aead_poll,
};
+static int aead_check_key(struct socket *sock)
+{
+ int err = 0;
+ struct sock *psk;
+ struct alg_sock *pask;
+ struct aead_tfm *tfm;
+ struct sock *sk = sock->sk;
+ struct alg_sock *ask = alg_sk(sk);
+
+ lock_sock(sk);
+ if (ask->refcnt)
+ goto unlock_child;
+
+ psk = ask->parent;
+ pask = alg_sk(ask->parent);
+ tfm = pask->private;
+
+ err = -ENOKEY;
+ lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
+ if (!tfm->has_key)
+ goto unlock;
+
+ if (!pask->refcnt++)
+ sock_hold(psk);
+
+ ask->refcnt = 1;
+ sock_put(psk);
+
+ err = 0;
+
+unlock:
+ release_sock(psk);
+unlock_child:
+ release_sock(sk);
+
+ return err;
+}
+
+static int aead_sendmsg_nokey(struct socket *sock, struct msghdr *msg,
+ size_t size)
+{
+ int err;
+
+ err = aead_check_key(sock);
+ if (err)
+ return err;
+
+ return aead_sendmsg(sock, msg, size);
+}
+
+static ssize_t aead_sendpage_nokey(struct socket *sock, struct page *page,
+ int offset, size_t size, int flags)
+{
+ int err;
+
+ err = aead_check_key(sock);
+ if (err)
+ return err;
+
+ return aead_sendpage(sock, page, offset, size, flags);
+}
+
+static int aead_recvmsg_nokey(struct socket *sock, struct msghdr *msg,
+ size_t ignored, int flags)
+{
+ int err;
+
+ err = aead_check_key(sock);
+ if (err)
+ return err;
+
+ return aead_recvmsg(sock, msg, ignored, flags);
+}
+
+static struct proto_ops algif_aead_ops_nokey = {
+ .family = PF_ALG,
+
+ .connect = sock_no_connect,
+ .socketpair = sock_no_socketpair,
+ .getname = sock_no_getname,
+ .ioctl = sock_no_ioctl,
+ .listen = sock_no_listen,
+ .shutdown = sock_no_shutdown,
+ .getsockopt = sock_no_getsockopt,
+ .mmap = sock_no_mmap,
+ .bind = sock_no_bind,
+ .accept = sock_no_accept,
+ .setsockopt = sock_no_setsockopt,
+
+ .release = af_alg_release,
+ .sendmsg = aead_sendmsg_nokey,
+ .sendpage = aead_sendpage_nokey,
+ .recvmsg = aead_recvmsg_nokey,
+ .poll = aead_poll,
+};
+
static void *aead_bind(const char *name, u32 type, u32 mask)
{
- return crypto_alloc_aead(name, type, mask);
+ struct aead_tfm *tfm;
+ struct crypto_aead *aead;
+
+ tfm = kzalloc(sizeof(*tfm), GFP_KERNEL);
+ if (!tfm)
+ return ERR_PTR(-ENOMEM);
+
+ aead = crypto_alloc_aead(name, type, mask);
+ if (IS_ERR(aead)) {
+ kfree(tfm);
+ return ERR_CAST(aead);
+ }
+
+ tfm->aead = aead;
+
+ return tfm;
}
static void aead_release(void *private)
{
- crypto_free_aead(private);
+ struct aead_tfm *tfm = private;
+
+ crypto_free_aead(tfm->aead);
+ kfree(tfm);
}
static int aead_setauthsize(void *private, unsigned int authsize)
{
- return crypto_aead_setauthsize(private, authsize);
+ struct aead_tfm *tfm = private;
+
+ return crypto_aead_setauthsize(tfm->aead, authsize);
}
static int aead_setkey(void *private, const u8 *key, unsigned int keylen)
{
- return crypto_aead_setkey(private, key, keylen);
+ struct aead_tfm *tfm = private;
+ int err;
+
+ err = crypto_aead_setkey(tfm->aead, key, keylen);
+ tfm->has_key = !err;
+
+ return err;
}
static void aead_sock_destruct(struct sock *sk)
@@ -766,12 +893,14 @@ static void aead_sock_destruct(struct so
af_alg_release_parent(sk);
}
-static int aead_accept_parent(void *private, struct sock *sk)
+static int aead_accept_parent_nokey(void *private, struct sock *sk)
{
struct aead_ctx *ctx;
struct alg_sock *ask = alg_sk(sk);
- unsigned int len = sizeof(*ctx) + crypto_aead_reqsize(private);
- unsigned int ivlen = crypto_aead_ivsize(private);
+ struct aead_tfm *tfm = private;
+ struct crypto_aead *aead = tfm->aead;
+ unsigned int len = sizeof(*ctx) + crypto_aead_reqsize(aead);
+ unsigned int ivlen = crypto_aead_ivsize(aead);
ctx = sock_kmalloc(sk, len, GFP_KERNEL);
if (!ctx)
@@ -798,7 +927,7 @@ static int aead_accept_parent(void *priv
ask->private = ctx;
- aead_request_set_tfm(&ctx->aead_req, private);
+ aead_request_set_tfm(&ctx->aead_req, aead);
aead_request_set_callback(&ctx->aead_req, CRYPTO_TFM_REQ_MAY_BACKLOG,
af_alg_complete, &ctx->completion);
@@ -807,13 +936,25 @@ static int aead_accept_parent(void *priv
return 0;
}
+static int aead_accept_parent(void *private, struct sock *sk)
+{
+ struct aead_tfm *tfm = private;
+
+ if (!tfm->has_key)
+ return -ENOKEY;
+
+ return aead_accept_parent_nokey(private, sk);
+}
+
static const struct af_alg_type algif_type_aead = {
.bind = aead_bind,
.release = aead_release,
.setkey = aead_setkey,
.setauthsize = aead_setauthsize,
.accept = aead_accept_parent,
+ .accept_nokey = aead_accept_parent_nokey,
.ops = &algif_aead_ops,
+ .ops_nokey = &algif_aead_ops_nokey,
.name = "aead",
.owner = THIS_MODULE
};
next prev parent reply other threads:[~2017-05-18 10:48 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-18 10:47 [PATCH 4.9 00/80] 4.9.29-stable review Greg Kroah-Hartman
2017-05-18 10:47 ` [PATCH 4.9 01/80] xen: adjust early dom0 p2m handling to xen hypervisor behavior Greg Kroah-Hartman
2017-05-18 10:47 ` [PATCH 4.9 02/80] target: Fix compare_and_write_callback handling for non GOOD status Greg Kroah-Hartman
2017-05-18 10:47 ` [PATCH 4.9 03/80] target/fileio: Fix zero-length READ and WRITE handling Greg Kroah-Hartman
2017-05-18 10:47 ` [PATCH 4.9 04/80] iscsi-target: Set session_fall_back_to_erl0 when forcing reinstatement Greg Kroah-Hartman
2017-05-18 10:47 ` [PATCH 4.9 05/80] usb: xhci: bInterval quirk for TI TUSB73x0 Greg Kroah-Hartman
2017-05-18 10:47 ` [PATCH 4.9 06/80] usb: host: xhci: print correct command ring address Greg Kroah-Hartman
2017-05-18 10:47 ` [PATCH 4.9 07/80] USB: serial: ftdi_sio: add device ID for Microsemi/Arrow SF2PLUS Dev Kit Greg Kroah-Hartman
2017-05-18 10:47 ` [PATCH 4.9 08/80] USB: Proper handling of Race Condition when two USB class drivers try to call init_usb_class simultaneously Greg Kroah-Hartman
2017-05-18 10:47 ` [PATCH 4.9 10/80] staging: vt6656: use off stack for in buffer USB transfers Greg Kroah-Hartman
2017-05-18 10:47 ` [PATCH 4.9 11/80] staging: vt6656: use off stack for out " Greg Kroah-Hartman
2017-05-18 10:47 ` [PATCH 4.9 12/80] staging: gdm724x: gdm_mux: fix use-after-free on module unload Greg Kroah-Hartman
2017-05-18 10:47 ` [PATCH 4.9 13/80] staging: comedi: jr3_pci: fix possible null pointer dereference Greg Kroah-Hartman
2017-05-18 10:47 ` [PATCH 4.9 14/80] staging: comedi: jr3_pci: cope with jiffies wraparound Greg Kroah-Hartman
2017-05-18 10:47 ` [PATCH 4.9 15/80] usb: misc: add missing continue in switch Greg Kroah-Hartman
2017-05-18 10:47 ` [PATCH 4.9 16/80] usb: gadget: legacy gadgets are optional Greg Kroah-Hartman
2017-05-18 10:47 ` [PATCH 4.9 17/80] usb: Make sure usb/phy/of gets built-in Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 18/80] usb: hub: Fix error loop seen after hub communication errors Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 19/80] usb: hub: Do not attempt to autosuspend disconnected devices Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 20/80] usb: misc: legousbtower: Fix buffers on stack Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 21/80] x86/boot: Fix BSS corruption/overwrite bug in early x86 kernel startup Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 22/80] selftests/x86/ldt_gdt_32: Work around a glibc sigaction() bug Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 23/80] x86, pmem: Fix cache flushing for iovec write < 8 bytes Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 24/80] um: Fix PTRACE_POKEUSER on x86_64 Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 25/80] perf/x86: Fix Broadwell-EP DRAM RAPL events Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 27/80] KVM: arm/arm64: fix races in kvm_psci_vcpu_on Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 28/80] arm64: KVM: Fix decoding of Rt/Rt2 when trapping AArch32 CP accesses Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 29/80] block: fix blk_integrity_register to use templates interval_exp if not 0 Greg Kroah-Hartman
2017-05-18 10:48 ` Greg Kroah-Hartman [this message]
2017-05-18 10:48 ` [PATCH 4.9 31/80] crypto: ccp - Use only the relevant interrupt bits Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 32/80] crypto: ccp - Disable interrupts early on unload Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 33/80] crypto: ccp - Change ISR handler method for a v3 CCP Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 34/80] crypto: ccp - Change ISR handler method for a v5 CCP Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 35/80] dm era: save spacemap metadata root after the pre-commit Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 36/80] dm rq: check blk_mq_register_dev() return value in dm_mq_init_request_queue() Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 37/80] dm thin: fix a memory leak when passing discard bio down Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 38/80] vfio/type1: Remove locked page accounting workqueue Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 39/80] iov_iter: dont revert iov buffer if csum error Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 40/80] IB/core: Fix sysfs registration error flow Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 41/80] IB/core: For multicast functions, verify that LIDs are multicast LIDs Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 42/80] IB/IPoIB: ibX: failed to create mcg debug file Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 43/80] IB/mlx4: Fix ib device initialization error flow Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 44/80] IB/mlx4: Reduce SRIOV multicast cleanup warning message to debug level Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 45/80] IB/hfi1: Prevent kernel QP post send hard lockups Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 46/80] perf auxtrace: Fix no_size logic in addr_filter__resolve_kernel_syms() Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 47/80] ext4: evict inline data when writing to memory map Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 48/80] orangefs: fix bounds check for listxattr Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 49/80] orangefs: clean up oversize xattr validation Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 50/80] orangefs: do not set getattr_time on orangefs_lookup Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 51/80] orangefs: do not check possibly stale size on truncate Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 52/80] fs/xattr.c: zero out memory copied to userspace in getxattr Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 53/80] ceph: fix memory leak in __ceph_setxattr() Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 54/80] fs/block_dev: always invalidate cleancache in invalidate_bdev() Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 55/80] mm: prevent potential recursive reclaim due to clearing PF_MEMALLOC Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 56/80] Fix match_prepath() Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 57/80] Set unicode flag on cifs echo request to avoid Mac error Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 58/80] SMB3: Work around mount failure when using SMB3 dialect to Macs Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 60/80] cifs: fix leak in FSCTL_ENUM_SNAPS response handling Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 61/80] cifs: fix CIFS_ENUMERATE_SNAPSHOTS oops Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 62/80] CIFS: fix oplock break deadlocks Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 63/80] cifs: fix CIFS_IOC_GET_MNT_INFO oops Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 65/80] padata: free correct variable Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 66/80] device-dax: fix cdev leak Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 67/80] fscrypt: fix context consistency check when key(s) unavailable Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 68/80] serial: samsung: Use right device for DMA-mapping calls Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 69/80] serial: omap: fix runtime-pm handling on unbind Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 70/80] serial: omap: suspend device on probe errors Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 71/80] tty: pty: Fix ldisc flush after userspace become aware of the data already Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 72/80] Bluetooth: Fix user channel for 32bit userspace on 64bit kernel Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 73/80] Bluetooth: hci_bcm: add missing tty-device sanity check Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 74/80] Bluetooth: hci_intel: " Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 75/80] ipmi: Fix kernel panic at ipmi_ssif_thread() Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 76/80] libnvdimm, region: fix flush hint detection crash Greg Kroah-Hartman
2017-05-18 10:48 ` [PATCH 4.9 77/80] libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify Greg Kroah-Hartman
2017-05-18 10:49 ` [PATCH 4.9 78/80] libnvdimm, pfn: fix npfns vs section alignment Greg Kroah-Hartman
2017-05-18 10:49 ` [PATCH 4.9 79/80] pstore: Fix flags to enable dumps on powerpc Greg Kroah-Hartman
2017-05-18 10:49 ` [PATCH 4.9 80/80] pstore: Shut down worker when unregistering Greg Kroah-Hartman
2017-05-18 17:32 ` [PATCH 4.9 00/80] 4.9.29-stable review Shuah Khan
2017-05-19 1:10 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170518104835.224209126@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-kernel@vger.kernel.org \
--cc=smueller@chronox.de \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).