From: Tim Chen <tim.c.chen@linux.intel.com>
To: Mikulas Patocka <mpatocka@redhat.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>
Cc: Tim Chen <tim.c.chen@linux.intel.com>,
megha.dey@linux.intel.com, linux-crypto@vger.kernel.org,
dm-devel@redhat.com, Milan Broz <mbroz@redhat.com>,
Eric Biggers <ebiggers@google.com>,
stable@vger.kernel.org
Subject: [PATCH] crypto/mcryptd: Check mcryptd algorithm compatability
Date: Fri, 2 Dec 2016 16:15:21 -0800 [thread overview]
Message-ID: <deb5f529a0ff9b454fcc62b849ac3aff96c3e684.1480724043.git.tim.c.chen@linux.intel.com> (raw)
Algorithms not compatible with mcryptd could be spawned by mcryptd
with a direct crypto_alloc_tfm invocation using a "mcryptd(alg)"
name construct. This causes mcryptd to crash the kernel if
"alg" is incompatible and not intended to be used with mcryptd.
A flag CRYPTO_ALG_MCRYPT is being added to mcryptd compatible
algorithms' cra_flags. The compatability is checked when mcryptd spawn
off an algorithm.
Link: http://marc.info/?l=linux-crypto-vger&m=148063683310477&w=2
Cc: stable@vger.kernel.org
Reported-by: Mikulas Patocka <mpatocka@redhat.com>
Tested-by: Megha Dey <megha.dey@linux.intel.com>
Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
---
arch/x86/crypto/sha1-mb/sha1_mb.c | 3 ++-
arch/x86/crypto/sha256-mb/sha256_mb.c | 3 ++-
arch/x86/crypto/sha512-mb/sha512_mb.c | 3 ++-
crypto/mcryptd.c | 6 ++++++
include/linux/crypto.h | 6 ++++++
5 files changed, 18 insertions(+), 3 deletions(-)
diff --git a/arch/x86/crypto/sha1-mb/sha1_mb.c b/arch/x86/crypto/sha1-mb/sha1_mb.c
index acf9fdf..475959db 100644
--- a/arch/x86/crypto/sha1-mb/sha1_mb.c
+++ b/arch/x86/crypto/sha1-mb/sha1_mb.c
@@ -770,7 +770,8 @@ static struct ahash_alg sha1_mb_areq_alg = {
*/
.cra_flags = CRYPTO_ALG_TYPE_AHASH |
CRYPTO_ALG_ASYNC |
- CRYPTO_ALG_INTERNAL,
+ CRYPTO_ALG_INTERNAL |
+ CRYPTO_ALG_MCRYPT,
.cra_blocksize = SHA1_BLOCK_SIZE,
.cra_module = THIS_MODULE,
.cra_list = LIST_HEAD_INIT
diff --git a/arch/x86/crypto/sha256-mb/sha256_mb.c b/arch/x86/crypto/sha256-mb/sha256_mb.c
index 7926a22..f33b592 100644
--- a/arch/x86/crypto/sha256-mb/sha256_mb.c
+++ b/arch/x86/crypto/sha256-mb/sha256_mb.c
@@ -768,7 +768,8 @@ static struct ahash_alg sha256_mb_areq_alg = {
*/
.cra_flags = CRYPTO_ALG_TYPE_AHASH |
CRYPTO_ALG_ASYNC |
- CRYPTO_ALG_INTERNAL,
+ CRYPTO_ALG_INTERNAL |
+ CRYPTO_ALG_MCRYPT,
.cra_blocksize = SHA256_BLOCK_SIZE,
.cra_module = THIS_MODULE,
.cra_list = LIST_HEAD_INIT
diff --git a/arch/x86/crypto/sha512-mb/sha512_mb.c b/arch/x86/crypto/sha512-mb/sha512_mb.c
index 9c1bb6d..13aa2e6 100644
--- a/arch/x86/crypto/sha512-mb/sha512_mb.c
+++ b/arch/x86/crypto/sha512-mb/sha512_mb.c
@@ -783,7 +783,8 @@ static struct ahash_alg sha512_mb_areq_alg = {
*/
.cra_flags = CRYPTO_ALG_TYPE_AHASH |
CRYPTO_ALG_ASYNC |
- CRYPTO_ALG_INTERNAL,
+ CRYPTO_ALG_INTERNAL |
+ CRYPTO_ALG_MCRYPT,
.cra_blocksize = SHA512_BLOCK_SIZE,
.cra_module = THIS_MODULE,
.cra_list = LIST_HEAD_INIT
diff --git a/crypto/mcryptd.c b/crypto/mcryptd.c
index 94ee44a..5c40e13 100644
--- a/crypto/mcryptd.c
+++ b/crypto/mcryptd.c
@@ -500,6 +500,12 @@ static int mcryptd_create_hash(struct crypto_template *tmpl, struct rtattr **tb,
alg = &halg->base;
pr_debug("crypto: mcryptd hash alg: %s\n", alg->cra_name);
+
+ if (!(alg->cra_flags & CRYPTO_ALG_MCRYPT)) {
+ err = -EINVAL;
+ goto out_put_alg;
+ }
+
inst = mcryptd_alloc_instance(alg, ahash_instance_headroom(),
sizeof(*ctx));
err = PTR_ERR(inst);
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
index 167aea2..e47d5a8 100644
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
@@ -106,6 +106,12 @@
#define CRYPTO_ALG_INTERNAL 0x00002000
/*
+ * Mark cipher as compatible with mcryptd
+ * for multi-buffer processing
+ */
+#define CRYPTO_ALG_MCRYPT 0x00004000
+
+/*
* Transform masks and values (for crt_flags).
*/
#define CRYPTO_TFM_REQ_MASK 0x000fff00
--
2.5.5
next reply other threads:[~2016-12-03 0:17 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-03 0:15 Tim Chen [this message]
2016-12-05 12:34 ` [PATCH] crypto/mcryptd: Check mcryptd algorithm compatability Herbert Xu
2016-12-05 16:50 ` Tim Chen
2016-12-05 19:03 ` Tim Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=deb5f529a0ff9b454fcc62b849ac3aff96c3e684.1480724043.git.tim.c.chen@linux.intel.com \
--to=tim.c.chen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=dm-devel@redhat.com \
--cc=ebiggers@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=mbroz@redhat.com \
--cc=megha.dey@linux.intel.com \
--cc=mpatocka@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).