From eed74b3eba9eda36d155c11a12b2b4b50c67c1d8 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Mon, 20 Jan 2020 17:38:04 +0300 Subject: crypto: rng - Fix a refcounting bug in crypto_rng_reset() We need to decrement this refcounter on these error paths. Fixes: f7d76e05d058 ("crypto: user - fix use_after_free of struct xxx_request") Cc: Signed-off-by: Dan Carpenter Acked-by: Neil Horman Signed-off-by: Herbert Xu --- crypto/rng.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'crypto') diff --git a/crypto/rng.c b/crypto/rng.c index 1e21231f71c9..1490d210f1a1 100644 --- a/crypto/rng.c +++ b/crypto/rng.c @@ -37,12 +37,16 @@ int crypto_rng_reset(struct crypto_rng *tfm, const u8 *seed, unsigned int slen) crypto_stats_get(alg); if (!seed && slen) { buf = kmalloc(slen, GFP_KERNEL); - if (!buf) + if (!buf) { + crypto_alg_put(alg); return -ENOMEM; + } err = get_random_bytes_wait(buf, slen); - if (err) + if (err) { + crypto_alg_put(alg); goto out; + } seed = buf; } -- cgit v1.2.3 From 7f1cfe41cc298b4087668554fa0b91cef6094945 Mon Sep 17 00:00:00 2001 From: Tianjia Zhang Date: Wed, 5 Feb 2020 15:25:23 +0800 Subject: crypto: proc - simplify the c_show function The path with the CRYPTO_ALG_LARVAL flag has jumped to the end before Signed-off-by: Tianjia Zhang Signed-off-by: Herbert Xu --- crypto/proc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'crypto') diff --git a/crypto/proc.c b/crypto/proc.c index 7b91557adccb..08d8c2bc7e62 100644 --- a/crypto/proc.c +++ b/crypto/proc.c @@ -60,7 +60,7 @@ static int c_show(struct seq_file *m, void *p) goto out; } - switch (alg->cra_flags & (CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_LARVAL)) { + switch (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) { case CRYPTO_ALG_TYPE_CIPHER: seq_printf(m, "type : cipher\n"); seq_printf(m, "blocksize : %u\n", alg->cra_blocksize); -- cgit v1.2.3 From 8e3b7fd7ea554ccb1bdc596bfbcdaf56f7ab017c Mon Sep 17 00:00:00 2001 From: Horia Geantă Date: Wed, 5 Feb 2020 12:19:58 +0200 Subject: crypto: tcrypt - fix printed skcipher [a]sync mode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When running tcrypt skcipher speed tests, logs contain things like: testing speed of async ecb(des3_ede) (ecb(des3_ede-generic)) encryption or: testing speed of async ecb(aes) (ecb(aes-ce)) encryption The algorithm implementations are sync, not async. Fix this inaccuracy. Fixes: 7166e589da5b6 ("crypto: tcrypt - Use skcipher") Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu --- crypto/tcrypt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'crypto') diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c index f42f486e90e8..ba0b7702f2e9 100644 --- a/crypto/tcrypt.c +++ b/crypto/tcrypt.c @@ -1514,8 +1514,8 @@ static void test_skcipher_speed(const char *algo, int enc, unsigned int secs, return; } - pr_info("\ntesting speed of async %s (%s) %s\n", algo, - get_driver_name(crypto_skcipher, tfm), e); + pr_info("\ntesting speed of %s %s (%s) %s\n", async ? "async" : "sync", + algo, get_driver_name(crypto_skcipher, tfm), e); req = skcipher_request_alloc(tfm, GFP_KERNEL); if (!req) { -- cgit v1.2.3 From 2fdddaf089ef4917e15eefacca2fa2e91e819683 Mon Sep 17 00:00:00 2001 From: YueHaibing Date: Fri, 21 Feb 2020 21:55:15 +0800 Subject: crypto: md5 - remove unused macros crypto/md5.c:26:0: warning: macro "MD5_DIGEST_WORDS" is not used [-Wunused-macros] crypto/md5.c:27:0: warning: macro "MD5_MESSAGE_BYTES" is not used [-Wunused-macros] They are never used since commit 3c7eb3cc8360 ("md5: remove from lib and only live in crypto"). Signed-off-by: YueHaibing Signed-off-by: Herbert Xu --- crypto/md5.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'crypto') diff --git a/crypto/md5.c b/crypto/md5.c index 22dc60bc0437..72c0c46fb5ee 100644 --- a/crypto/md5.c +++ b/crypto/md5.c @@ -23,9 +23,6 @@ #include #include -#define MD5_DIGEST_WORDS 4 -#define MD5_MESSAGE_BYTES 64 - const u8 md5_zero_message_hash[MD5_DIGEST_SIZE] = { 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04, 0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e, -- cgit v1.2.3 From d1dc4df1fe21df4f83b8aa7997310480df72eddc Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 25 Feb 2020 20:59:13 -0800 Subject: crypto: authencesn - fix weird comma-terminated line Fix a weird case where a line was terminated by a comma rather than a semicolon, causing the statement to be continued on the next line. Fortunately the code still behaved as intended, though. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/authencesn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'crypto') diff --git a/crypto/authencesn.c b/crypto/authencesn.c index 589008146fce..149b70df2a91 100644 --- a/crypto/authencesn.c +++ b/crypto/authencesn.c @@ -458,7 +458,7 @@ static int crypto_authenc_esn_create(struct crypto_template *tmpl, inst->alg.encrypt = crypto_authenc_esn_encrypt; inst->alg.decrypt = crypto_authenc_esn_decrypt; - inst->free = crypto_authenc_esn_free, + inst->free = crypto_authenc_esn_free; err = aead_register_instance(tmpl, inst); if (err) { -- cgit v1.2.3 From 64d66793b76cd3db39137cf9fc7ebe9c2010931d Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 25 Feb 2020 20:59:14 -0800 Subject: crypto: ccm - simplify error handling in crypto_rfc4309_create() Simplify the error handling in crypto_rfc4309_create() by taking advantage of crypto_grab_aead() now handling an ERR_PTR() name and by taking advantage of crypto_drop_aead() now accepting (as a no-op) a spawn that hasn't been grabbed yet. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/ccm.c | 29 +++++++++-------------------- 1 file changed, 9 insertions(+), 20 deletions(-) (limited to 'crypto') diff --git a/crypto/ccm.c b/crypto/ccm.c index 241ecdc5c4e0..d1fb01bbc814 100644 --- a/crypto/ccm.c +++ b/crypto/ccm.c @@ -717,7 +717,6 @@ static int crypto_rfc4309_create(struct crypto_template *tmpl, struct aead_instance *inst; struct crypto_aead_spawn *spawn; struct aead_alg *alg; - const char *ccm_name; int err; algt = crypto_get_attr_type(tb); @@ -729,19 +728,15 @@ static int crypto_rfc4309_create(struct crypto_template *tmpl, mask = crypto_requires_sync(algt->type, algt->mask); - ccm_name = crypto_attr_alg_name(tb[1]); - if (IS_ERR(ccm_name)) - return PTR_ERR(ccm_name); - inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); if (!inst) return -ENOMEM; spawn = aead_instance_ctx(inst); err = crypto_grab_aead(spawn, aead_crypto_instance(inst), - ccm_name, 0, mask); + crypto_attr_alg_name(tb[1]), 0, mask); if (err) - goto out_free_inst; + goto err_free_inst; alg = crypto_spawn_aead_alg(spawn); @@ -749,11 +744,11 @@ static int crypto_rfc4309_create(struct crypto_template *tmpl, /* We only support 16-byte blocks. */ if (crypto_aead_alg_ivsize(alg) != 16) - goto out_drop_alg; + goto err_free_inst; /* Not a stream cipher? */ if (alg->base.cra_blocksize != 1) - goto out_drop_alg; + goto err_free_inst; err = -ENAMETOOLONG; if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME, @@ -762,7 +757,7 @@ static int crypto_rfc4309_create(struct crypto_template *tmpl, snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "rfc4309(%s)", alg->base.cra_driver_name) >= CRYPTO_MAX_ALG_NAME) - goto out_drop_alg; + goto err_free_inst; inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC; inst->alg.base.cra_priority = alg->base.cra_priority; @@ -786,17 +781,11 @@ static int crypto_rfc4309_create(struct crypto_template *tmpl, inst->free = crypto_rfc4309_free; err = aead_register_instance(tmpl, inst); - if (err) - goto out_drop_alg; - -out: + if (err) { +err_free_inst: + crypto_rfc4309_free(inst); + } return err; - -out_drop_alg: - crypto_drop_aead(spawn); -out_free_inst: - kfree(inst); - goto out; } static int crypto_cbcmac_digest_setkey(struct crypto_shash *parent, -- cgit v1.2.3 From b8c0d74a70273cea5724073370fb8ffec9783d20 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 25 Feb 2020 20:59:15 -0800 Subject: crypto: cryptd - simplify error handling in cryptd_create_*() Simplify the error handling in the various cryptd_create_*() functions by taking advantage of crypto_grab_*() now handling an ERR_PTR() name and by taking advantage of crypto_drop_*() now accepting (as a no-op) a spawn that hasn't been grabbed yet. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/cryptd.c | 37 +++++++++++-------------------------- 1 file changed, 11 insertions(+), 26 deletions(-) (limited to 'crypto') diff --git a/crypto/cryptd.c b/crypto/cryptd.c index d94c75c840a5..283212262adb 100644 --- a/crypto/cryptd.c +++ b/crypto/cryptd.c @@ -369,7 +369,6 @@ static int cryptd_create_skcipher(struct crypto_template *tmpl, struct skcipherd_instance_ctx *ctx; struct skcipher_instance *inst; struct skcipher_alg *alg; - const char *name; u32 type; u32 mask; int err; @@ -379,10 +378,6 @@ static int cryptd_create_skcipher(struct crypto_template *tmpl, cryptd_check_internal(tb, &type, &mask); - name = crypto_attr_alg_name(tb[1]); - if (IS_ERR(name)) - return PTR_ERR(name); - inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL); if (!inst) return -ENOMEM; @@ -391,14 +386,14 @@ static int cryptd_create_skcipher(struct crypto_template *tmpl, ctx->queue = queue; err = crypto_grab_skcipher(&ctx->spawn, skcipher_crypto_instance(inst), - name, type, mask); + crypto_attr_alg_name(tb[1]), type, mask); if (err) - goto out_free_inst; + goto err_free_inst; alg = crypto_spawn_skcipher_alg(&ctx->spawn); err = cryptd_init_instance(skcipher_crypto_instance(inst), &alg->base); if (err) - goto out_drop_skcipher; + goto err_free_inst; inst->alg.base.cra_flags = CRYPTO_ALG_ASYNC | (alg->base.cra_flags & CRYPTO_ALG_INTERNAL); @@ -421,10 +416,8 @@ static int cryptd_create_skcipher(struct crypto_template *tmpl, err = skcipher_register_instance(tmpl, inst); if (err) { -out_drop_skcipher: - crypto_drop_skcipher(&ctx->spawn); -out_free_inst: - kfree(inst); +err_free_inst: + cryptd_skcipher_free(inst); } return err; } @@ -694,8 +687,7 @@ static int cryptd_create_hash(struct crypto_template *tmpl, struct rtattr **tb, err = ahash_register_instance(tmpl, inst); if (err) { err_free_inst: - crypto_drop_shash(&ctx->spawn); - kfree(inst); + cryptd_hash_free(inst); } return err; } @@ -833,17 +825,12 @@ static int cryptd_create_aead(struct crypto_template *tmpl, struct aead_instance_ctx *ctx; struct aead_instance *inst; struct aead_alg *alg; - const char *name; u32 type = 0; u32 mask = CRYPTO_ALG_ASYNC; int err; cryptd_check_internal(tb, &type, &mask); - name = crypto_attr_alg_name(tb[1]); - if (IS_ERR(name)) - return PTR_ERR(name); - inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL); if (!inst) return -ENOMEM; @@ -852,14 +839,14 @@ static int cryptd_create_aead(struct crypto_template *tmpl, ctx->queue = queue; err = crypto_grab_aead(&ctx->aead_spawn, aead_crypto_instance(inst), - name, type, mask); + crypto_attr_alg_name(tb[1]), type, mask); if (err) - goto out_free_inst; + goto err_free_inst; alg = crypto_spawn_aead_alg(&ctx->aead_spawn); err = cryptd_init_instance(aead_crypto_instance(inst), &alg->base); if (err) - goto out_drop_aead; + goto err_free_inst; inst->alg.base.cra_flags = CRYPTO_ALG_ASYNC | (alg->base.cra_flags & CRYPTO_ALG_INTERNAL); @@ -879,10 +866,8 @@ static int cryptd_create_aead(struct crypto_template *tmpl, err = aead_register_instance(tmpl, inst); if (err) { -out_drop_aead: - crypto_drop_aead(&ctx->aead_spawn); -out_free_inst: - kfree(inst); +err_free_inst: + cryptd_aead_free(inst); } return err; } -- cgit v1.2.3 From a108dfcff8441193565bb78c4a15bf344ce9b17e Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 25 Feb 2020 20:59:16 -0800 Subject: crypto: ctr - simplify error handling in crypto_rfc3686_create() Simplify the error handling in crypto_rfc3686_create() by taking advantage of crypto_grab_skcipher() now handling an ERR_PTR() name and by taking advantage of crypto_drop_skcipher() now accepting (as a no-op) a spawn that hasn't been grabbed yet. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/ctr.c | 29 +++++++++-------------------- 1 file changed, 9 insertions(+), 20 deletions(-) (limited to 'crypto') diff --git a/crypto/ctr.c b/crypto/ctr.c index a8feab621c6c..31ac4ae598e1 100644 --- a/crypto/ctr.c +++ b/crypto/ctr.c @@ -260,7 +260,6 @@ static int crypto_rfc3686_create(struct crypto_template *tmpl, struct skcipher_instance *inst; struct skcipher_alg *alg; struct crypto_skcipher_spawn *spawn; - const char *cipher_name; u32 mask; int err; @@ -272,10 +271,6 @@ static int crypto_rfc3686_create(struct crypto_template *tmpl, if ((algt->type ^ CRYPTO_ALG_TYPE_SKCIPHER) & algt->mask) return -EINVAL; - cipher_name = crypto_attr_alg_name(tb[1]); - if (IS_ERR(cipher_name)) - return PTR_ERR(cipher_name); - inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); if (!inst) return -ENOMEM; @@ -287,7 +282,7 @@ static int crypto_rfc3686_create(struct crypto_template *tmpl, spawn = skcipher_instance_ctx(inst); err = crypto_grab_skcipher(spawn, skcipher_crypto_instance(inst), - cipher_name, 0, mask); + crypto_attr_alg_name(tb[1]), 0, mask); if (err) goto err_free_inst; @@ -296,20 +291,20 @@ static int crypto_rfc3686_create(struct crypto_template *tmpl, /* We only support 16-byte blocks. */ err = -EINVAL; if (crypto_skcipher_alg_ivsize(alg) != CTR_RFC3686_BLOCK_SIZE) - goto err_drop_spawn; + goto err_free_inst; /* Not a stream cipher? */ if (alg->base.cra_blocksize != 1) - goto err_drop_spawn; + goto err_free_inst; err = -ENAMETOOLONG; if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME, "rfc3686(%s)", alg->base.cra_name) >= CRYPTO_MAX_ALG_NAME) - goto err_drop_spawn; + goto err_free_inst; if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "rfc3686(%s)", alg->base.cra_driver_name) >= CRYPTO_MAX_ALG_NAME) - goto err_drop_spawn; + goto err_free_inst; inst->alg.base.cra_priority = alg->base.cra_priority; inst->alg.base.cra_blocksize = 1; @@ -336,17 +331,11 @@ static int crypto_rfc3686_create(struct crypto_template *tmpl, inst->free = crypto_rfc3686_free; err = skcipher_register_instance(tmpl, inst); - if (err) - goto err_drop_spawn; - -out: - return err; - -err_drop_spawn: - crypto_drop_skcipher(spawn); + if (err) { err_free_inst: - kfree(inst); - goto out; + crypto_rfc3686_free(inst); + } + return err; } static struct crypto_template crypto_ctr_tmpls[] = { -- cgit v1.2.3 From 3ff2bab82f42e05f39c77566f23ccbe5693f7982 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 25 Feb 2020 20:59:17 -0800 Subject: crypto: cts - simplify error handling in crypto_cts_create() Simplify the error handling in crypto_cts_create() by taking advantage of crypto_grab_skcipher() now handling an ERR_PTR() name and by taking advantage of crypto_drop_skcipher() now accepting (as a no-op) a spawn that hasn't been grabbed yet. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/cts.c | 27 ++++++++------------------- 1 file changed, 8 insertions(+), 19 deletions(-) (limited to 'crypto') diff --git a/crypto/cts.c b/crypto/cts.c index 48188adc8e91..5e005c4f0221 100644 --- a/crypto/cts.c +++ b/crypto/cts.c @@ -327,7 +327,6 @@ static int crypto_cts_create(struct crypto_template *tmpl, struct rtattr **tb) struct skcipher_instance *inst; struct crypto_attr_type *algt; struct skcipher_alg *alg; - const char *cipher_name; u32 mask; int err; @@ -340,10 +339,6 @@ static int crypto_cts_create(struct crypto_template *tmpl, struct rtattr **tb) mask = crypto_requires_sync(algt->type, algt->mask); - cipher_name = crypto_attr_alg_name(tb[1]); - if (IS_ERR(cipher_name)) - return PTR_ERR(cipher_name); - inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); if (!inst) return -ENOMEM; @@ -351,7 +346,7 @@ static int crypto_cts_create(struct crypto_template *tmpl, struct rtattr **tb) spawn = skcipher_instance_ctx(inst); err = crypto_grab_skcipher(spawn, skcipher_crypto_instance(inst), - cipher_name, 0, mask); + crypto_attr_alg_name(tb[1]), 0, mask); if (err) goto err_free_inst; @@ -359,15 +354,15 @@ static int crypto_cts_create(struct crypto_template *tmpl, struct rtattr **tb) err = -EINVAL; if (crypto_skcipher_alg_ivsize(alg) != alg->base.cra_blocksize) - goto err_drop_spawn; + goto err_free_inst; if (strncmp(alg->base.cra_name, "cbc(", 4)) - goto err_drop_spawn; + goto err_free_inst; err = crypto_inst_setname(skcipher_crypto_instance(inst), "cts", &alg->base); if (err) - goto err_drop_spawn; + goto err_free_inst; inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC; inst->alg.base.cra_priority = alg->base.cra_priority; @@ -391,17 +386,11 @@ static int crypto_cts_create(struct crypto_template *tmpl, struct rtattr **tb) inst->free = crypto_cts_free; err = skcipher_register_instance(tmpl, inst); - if (err) - goto err_drop_spawn; - -out: - return err; - -err_drop_spawn: - crypto_drop_skcipher(spawn); + if (err) { err_free_inst: - kfree(inst); - goto out; + crypto_cts_free(inst); + } + return err; } static struct crypto_template crypto_cts_tmpl = { -- cgit v1.2.3 From 959ac1cdd630b48fad3d8f47c96a01bfc3d71377 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 25 Feb 2020 20:59:18 -0800 Subject: crypto: gcm - simplify error handling in crypto_rfc4106_create() Simplify the error handling in crypto_rfc4106_create() by taking advantage of crypto_grab_aead() now handling an ERR_PTR() name and by taking advantage of crypto_drop_aead() now accepting (as a no-op) a spawn that hasn't been grabbed yet. Conveniently, this eliminates the 'ccm_name' variable which was incorrectly named (it should have been 'gcm_name'). Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/gcm.c | 29 +++++++++-------------------- 1 file changed, 9 insertions(+), 20 deletions(-) (limited to 'crypto') diff --git a/crypto/gcm.c b/crypto/gcm.c index 8e5c0ac65661..5560341e2810 100644 --- a/crypto/gcm.c +++ b/crypto/gcm.c @@ -840,7 +840,6 @@ static int crypto_rfc4106_create(struct crypto_template *tmpl, struct aead_instance *inst; struct crypto_aead_spawn *spawn; struct aead_alg *alg; - const char *ccm_name; int err; algt = crypto_get_attr_type(tb); @@ -852,19 +851,15 @@ static int crypto_rfc4106_create(struct crypto_template *tmpl, mask = crypto_requires_sync(algt->type, algt->mask); - ccm_name = crypto_attr_alg_name(tb[1]); - if (IS_ERR(ccm_name)) - return PTR_ERR(ccm_name); - inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); if (!inst) return -ENOMEM; spawn = aead_instance_ctx(inst); err = crypto_grab_aead(spawn, aead_crypto_instance(inst), - ccm_name, 0, mask); + crypto_attr_alg_name(tb[1]), 0, mask); if (err) - goto out_free_inst; + goto err_free_inst; alg = crypto_spawn_aead_alg(spawn); @@ -872,11 +867,11 @@ static int crypto_rfc4106_create(struct crypto_template *tmpl, /* Underlying IV size must be 12. */ if (crypto_aead_alg_ivsize(alg) != GCM_AES_IV_SIZE) - goto out_drop_alg; + goto err_free_inst; /* Not a stream cipher? */ if (alg->base.cra_blocksize != 1) - goto out_drop_alg; + goto err_free_inst; err = -ENAMETOOLONG; if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME, @@ -885,7 +880,7 @@ static int crypto_rfc4106_create(struct crypto_template *tmpl, snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "rfc4106(%s)", alg->base.cra_driver_name) >= CRYPTO_MAX_ALG_NAME) - goto out_drop_alg; + goto err_free_inst; inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC; inst->alg.base.cra_priority = alg->base.cra_priority; @@ -909,17 +904,11 @@ static int crypto_rfc4106_create(struct crypto_template *tmpl, inst->free = crypto_rfc4106_free; err = aead_register_instance(tmpl, inst); - if (err) - goto out_drop_alg; - -out: + if (err) { +err_free_inst: + crypto_rfc4106_free(inst); + } return err; - -out_drop_alg: - crypto_drop_aead(spawn); -out_free_inst: - kfree(inst); - goto out; } static int crypto_rfc4543_setkey(struct crypto_aead *parent, const u8 *key, -- cgit v1.2.3 From c4caa56d8f995aa34118757c6525cf6048c68def Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 25 Feb 2020 20:59:19 -0800 Subject: crypto: gcm - simplify error handling in crypto_rfc4543_create() Simplify the error handling in crypto_rfc4543_create() by taking advantage of crypto_grab_aead() now handling an ERR_PTR() name and by taking advantage of crypto_drop_aead() now accepting (as a no-op) a spawn that hasn't been grabbed yet. Conveniently, this eliminates the 'ccm_name' variable which was incorrectly named (it should have been 'gcm_name'). Also fix a weird case where a line was terminated by a comma rather than a semicolon, causing the statement to be continued on the next line. Fortunately the code still behaved as intended, though. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/gcm.c | 37 ++++++++++++------------------------- 1 file changed, 12 insertions(+), 25 deletions(-) (limited to 'crypto') diff --git a/crypto/gcm.c b/crypto/gcm.c index 5560341e2810..0103d28c541e 100644 --- a/crypto/gcm.c +++ b/crypto/gcm.c @@ -1060,10 +1060,8 @@ static int crypto_rfc4543_create(struct crypto_template *tmpl, struct crypto_attr_type *algt; u32 mask; struct aead_instance *inst; - struct crypto_aead_spawn *spawn; struct aead_alg *alg; struct crypto_rfc4543_instance_ctx *ctx; - const char *ccm_name; int err; algt = crypto_get_attr_type(tb); @@ -1075,32 +1073,27 @@ static int crypto_rfc4543_create(struct crypto_template *tmpl, mask = crypto_requires_sync(algt->type, algt->mask); - ccm_name = crypto_attr_alg_name(tb[1]); - if (IS_ERR(ccm_name)) - return PTR_ERR(ccm_name); - inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL); if (!inst) return -ENOMEM; ctx = aead_instance_ctx(inst); - spawn = &ctx->aead; - err = crypto_grab_aead(spawn, aead_crypto_instance(inst), - ccm_name, 0, mask); + err = crypto_grab_aead(&ctx->aead, aead_crypto_instance(inst), + crypto_attr_alg_name(tb[1]), 0, mask); if (err) - goto out_free_inst; + goto err_free_inst; - alg = crypto_spawn_aead_alg(spawn); + alg = crypto_spawn_aead_alg(&ctx->aead); err = -EINVAL; /* Underlying IV size must be 12. */ if (crypto_aead_alg_ivsize(alg) != GCM_AES_IV_SIZE) - goto out_drop_alg; + goto err_free_inst; /* Not a stream cipher? */ if (alg->base.cra_blocksize != 1) - goto out_drop_alg; + goto err_free_inst; err = -ENAMETOOLONG; if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME, @@ -1109,7 +1102,7 @@ static int crypto_rfc4543_create(struct crypto_template *tmpl, snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "rfc4543(%s)", alg->base.cra_driver_name) >= CRYPTO_MAX_ALG_NAME) - goto out_drop_alg; + goto err_free_inst; inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC; inst->alg.base.cra_priority = alg->base.cra_priority; @@ -1130,20 +1123,14 @@ static int crypto_rfc4543_create(struct crypto_template *tmpl, inst->alg.encrypt = crypto_rfc4543_encrypt; inst->alg.decrypt = crypto_rfc4543_decrypt; - inst->free = crypto_rfc4543_free, + inst->free = crypto_rfc4543_free; err = aead_register_instance(tmpl, inst); - if (err) - goto out_drop_alg; - -out: + if (err) { +err_free_inst: + crypto_rfc4543_free(inst); + } return err; - -out_drop_alg: - crypto_drop_aead(spawn); -out_free_inst: - kfree(inst); - goto out; } static struct crypto_template crypto_gcm_tmpls[] = { -- cgit v1.2.3 From 376ffe1acbc642ce38169f7410b1735ffcacd774 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 25 Feb 2020 20:59:20 -0800 Subject: crypto: geniv - simply error handling in aead_geniv_alloc() Simplify the error handling in aead_geniv_alloc() by taking advantage of crypto_grab_aead() now handling an ERR_PTR() name and by taking advantage of crypto_drop_aead() now accepting (as a no-op) a spawn that hasn't been grabbed yet. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/geniv.c | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) (limited to 'crypto') diff --git a/crypto/geniv.c b/crypto/geniv.c index dbcc640274cd..6a90c52d49ad 100644 --- a/crypto/geniv.c +++ b/crypto/geniv.c @@ -41,7 +41,6 @@ static void aead_geniv_free(struct aead_instance *inst) struct aead_instance *aead_geniv_alloc(struct crypto_template *tmpl, struct rtattr **tb, u32 type, u32 mask) { - const char *name; struct crypto_aead_spawn *spawn; struct crypto_attr_type *algt; struct aead_instance *inst; @@ -57,10 +56,6 @@ struct aead_instance *aead_geniv_alloc(struct crypto_template *tmpl, if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) return ERR_PTR(-EINVAL); - name = crypto_attr_alg_name(tb[1]); - if (IS_ERR(name)) - return ERR_CAST(name); - inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); if (!inst) return ERR_PTR(-ENOMEM); @@ -71,7 +66,7 @@ struct aead_instance *aead_geniv_alloc(struct crypto_template *tmpl, mask |= crypto_requires_sync(algt->type, algt->mask); err = crypto_grab_aead(spawn, aead_crypto_instance(inst), - name, type, mask); + crypto_attr_alg_name(tb[1]), type, mask); if (err) goto err_free_inst; @@ -82,17 +77,17 @@ struct aead_instance *aead_geniv_alloc(struct crypto_template *tmpl, err = -EINVAL; if (ivsize < sizeof(u64)) - goto err_drop_alg; + goto err_free_inst; err = -ENAMETOOLONG; if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME, "%s(%s)", tmpl->name, alg->base.cra_name) >= CRYPTO_MAX_ALG_NAME) - goto err_drop_alg; + goto err_free_inst; if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s(%s)", tmpl->name, alg->base.cra_driver_name) >= CRYPTO_MAX_ALG_NAME) - goto err_drop_alg; + goto err_free_inst; inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC; inst->alg.base.cra_priority = alg->base.cra_priority; @@ -111,10 +106,8 @@ struct aead_instance *aead_geniv_alloc(struct crypto_template *tmpl, out: return inst; -err_drop_alg: - crypto_drop_aead(spawn); err_free_inst: - kfree(inst); + aead_geniv_free(inst); inst = ERR_PTR(err); goto out; } -- cgit v1.2.3 From d57063103332b95eac9c118900f35700a491da08 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 25 Feb 2020 20:59:21 -0800 Subject: crypto: lrw - simplify error handling in create() Simplify the error handling in the LRW template's ->create() function by taking advantage of crypto_drop_skcipher() now accepting (as a no-op) a spawn that hasn't been grabbed yet. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/lrw.c | 28 +++++++++++----------------- 1 file changed, 11 insertions(+), 17 deletions(-) (limited to 'crypto') diff --git a/crypto/lrw.c b/crypto/lrw.c index 63c485c0d8a6..376d7ed3f1f8 100644 --- a/crypto/lrw.c +++ b/crypto/lrw.c @@ -343,15 +343,15 @@ static int create(struct crypto_template *tmpl, struct rtattr **tb) err = -EINVAL; if (alg->base.cra_blocksize != LRW_BLOCK_SIZE) - goto err_drop_spawn; + goto err_free_inst; if (crypto_skcipher_alg_ivsize(alg)) - goto err_drop_spawn; + goto err_free_inst; err = crypto_inst_setname(skcipher_crypto_instance(inst), "lrw", &alg->base); if (err) - goto err_drop_spawn; + goto err_free_inst; err = -EINVAL; cipher_name = alg->base.cra_name; @@ -364,20 +364,20 @@ static int create(struct crypto_template *tmpl, struct rtattr **tb) len = strlcpy(ecb_name, cipher_name + 4, sizeof(ecb_name)); if (len < 2 || len >= sizeof(ecb_name)) - goto err_drop_spawn; + goto err_free_inst; if (ecb_name[len - 1] != ')') - goto err_drop_spawn; + goto err_free_inst; ecb_name[len - 1] = 0; if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME, "lrw(%s)", ecb_name) >= CRYPTO_MAX_ALG_NAME) { err = -ENAMETOOLONG; - goto err_drop_spawn; + goto err_free_inst; } } else - goto err_drop_spawn; + goto err_free_inst; inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC; inst->alg.base.cra_priority = alg->base.cra_priority; @@ -403,17 +403,11 @@ static int create(struct crypto_template *tmpl, struct rtattr **tb) inst->free = free; err = skcipher_register_instance(tmpl, inst); - if (err) - goto err_drop_spawn; - -out: - return err; - -err_drop_spawn: - crypto_drop_skcipher(spawn); + if (err) { err_free_inst: - kfree(inst); - goto out; + free(inst); + } + return err; } static struct crypto_template crypto_tmpl = { -- cgit v1.2.3 From 07b24c7c08bdc2d36de10881a17145426f47742b Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 25 Feb 2020 20:59:22 -0800 Subject: crypto: pcrypt - simplify error handling in pcrypt_create_aead() Simplify the error handling in pcrypt_create_aead() by taking advantage of crypto_grab_aead() now handling an ERR_PTR() name and by taking advantage of crypto_drop_aead() now accepting (as a no-op) a spawn that hasn't been grabbed yet. This required also making padata_free_shell() accept a NULL argument. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/pcrypt.c | 33 +++++++++------------------------ kernel/padata.c | 7 ++++--- 2 files changed, 13 insertions(+), 27 deletions(-) (limited to 'crypto') diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c index 1b632139a8c1..8bddc65cd509 100644 --- a/crypto/pcrypt.c +++ b/crypto/pcrypt.c @@ -232,17 +232,12 @@ static int pcrypt_create_aead(struct crypto_template *tmpl, struct rtattr **tb, struct crypto_attr_type *algt; struct aead_instance *inst; struct aead_alg *alg; - const char *name; int err; algt = crypto_get_attr_type(tb); if (IS_ERR(algt)) return PTR_ERR(algt); - name = crypto_attr_alg_name(tb[1]); - if (IS_ERR(name)) - return PTR_ERR(name); - inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL); if (!inst) return -ENOMEM; @@ -252,21 +247,21 @@ static int pcrypt_create_aead(struct crypto_template *tmpl, struct rtattr **tb, ctx = aead_instance_ctx(inst); ctx->psenc = padata_alloc_shell(pencrypt); if (!ctx->psenc) - goto out_free_inst; + goto err_free_inst; ctx->psdec = padata_alloc_shell(pdecrypt); if (!ctx->psdec) - goto out_free_psenc; + goto err_free_inst; err = crypto_grab_aead(&ctx->spawn, aead_crypto_instance(inst), - name, 0, 0); + crypto_attr_alg_name(tb[1]), 0, 0); if (err) - goto out_free_psdec; + goto err_free_inst; alg = crypto_spawn_aead_alg(&ctx->spawn); err = pcrypt_init_instance(aead_crypto_instance(inst), &alg->base); if (err) - goto out_drop_aead; + goto err_free_inst; inst->alg.base.cra_flags = CRYPTO_ALG_ASYNC; @@ -286,21 +281,11 @@ static int pcrypt_create_aead(struct crypto_template *tmpl, struct rtattr **tb, inst->free = pcrypt_free; err = aead_register_instance(tmpl, inst); - if (err) - goto out_drop_aead; - -out: + if (err) { +err_free_inst: + pcrypt_free(inst); + } return err; - -out_drop_aead: - crypto_drop_aead(&ctx->spawn); -out_free_psdec: - padata_free_shell(ctx->psdec); -out_free_psenc: - padata_free_shell(ctx->psenc); -out_free_inst: - kfree(inst); - goto out; } static int pcrypt_create(struct crypto_template *tmpl, struct rtattr **tb) diff --git a/kernel/padata.c b/kernel/padata.c index 62082597d4a2..a6afa12fb75e 100644 --- a/kernel/padata.c +++ b/kernel/padata.c @@ -1038,12 +1038,13 @@ EXPORT_SYMBOL(padata_alloc_shell); */ void padata_free_shell(struct padata_shell *ps) { - struct padata_instance *pinst = ps->pinst; + if (!ps) + return; - mutex_lock(&pinst->lock); + mutex_lock(&ps->pinst->lock); list_del(&ps->list); padata_free_pd(rcu_dereference_protected(ps->pd, 1)); - mutex_unlock(&pinst->lock); + mutex_unlock(&ps->pinst->lock); kfree(ps); } -- cgit v1.2.3 From 0708bb435354aede92819d44563d3113c7180cf0 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 25 Feb 2020 20:59:23 -0800 Subject: crypto: rsa-pkcs1pad - simplify error handling in pkcs1pad_create() Simplify the error handling in pkcs1pad_create() by taking advantage of crypto_grab_akcipher() now handling an ERR_PTR() name and by taking advantage of crypto_drop_akcipher() now accepting (as a no-op) a spawn that hasn't been grabbed yet. While we're at it, also simplify the way the hash_name optional argument is handled. We only need to check whether it's present in one place, and we can just assign directly to ctx->digest_info. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/rsa-pkcs1pad.c | 59 +++++++++++++++++---------------------------------- 1 file changed, 20 insertions(+), 39 deletions(-) (limited to 'crypto') diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c index 176b63afec8d..d31031de51bc 100644 --- a/crypto/rsa-pkcs1pad.c +++ b/crypto/rsa-pkcs1pad.c @@ -596,14 +596,11 @@ static void pkcs1pad_free(struct akcipher_instance *inst) static int pkcs1pad_create(struct crypto_template *tmpl, struct rtattr **tb) { - const struct rsa_asn1_template *digest_info; struct crypto_attr_type *algt; u32 mask; struct akcipher_instance *inst; struct pkcs1pad_inst_ctx *ctx; - struct crypto_akcipher_spawn *spawn; struct akcipher_alg *rsa_alg; - const char *rsa_alg_name; const char *hash_name; int err; @@ -616,60 +613,49 @@ static int pkcs1pad_create(struct crypto_template *tmpl, struct rtattr **tb) mask = crypto_requires_sync(algt->type, algt->mask); - rsa_alg_name = crypto_attr_alg_name(tb[1]); - if (IS_ERR(rsa_alg_name)) - return PTR_ERR(rsa_alg_name); - - hash_name = crypto_attr_alg_name(tb[2]); - if (IS_ERR(hash_name)) - hash_name = NULL; - - if (hash_name) { - digest_info = rsa_lookup_asn1(hash_name); - if (!digest_info) - return -EINVAL; - } else - digest_info = NULL; - inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL); if (!inst) return -ENOMEM; ctx = akcipher_instance_ctx(inst); - spawn = &ctx->spawn; - ctx->digest_info = digest_info; - err = crypto_grab_akcipher(spawn, akcipher_crypto_instance(inst), - rsa_alg_name, 0, mask); + err = crypto_grab_akcipher(&ctx->spawn, akcipher_crypto_instance(inst), + crypto_attr_alg_name(tb[1]), 0, mask); if (err) - goto out_free_inst; + goto err_free_inst; - rsa_alg = crypto_spawn_akcipher_alg(spawn); + rsa_alg = crypto_spawn_akcipher_alg(&ctx->spawn); err = -ENAMETOOLONG; - - if (!hash_name) { + hash_name = crypto_attr_alg_name(tb[2]); + if (IS_ERR(hash_name)) { if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME, "pkcs1pad(%s)", rsa_alg->base.cra_name) >= CRYPTO_MAX_ALG_NAME) - goto out_drop_alg; + goto err_free_inst; if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "pkcs1pad(%s)", rsa_alg->base.cra_driver_name) >= CRYPTO_MAX_ALG_NAME) - goto out_drop_alg; + goto err_free_inst; } else { + ctx->digest_info = rsa_lookup_asn1(hash_name); + if (!ctx->digest_info) { + err = -EINVAL; + goto err_free_inst; + } + if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME, "pkcs1pad(%s,%s)", rsa_alg->base.cra_name, hash_name) >= CRYPTO_MAX_ALG_NAME) - goto out_drop_alg; + goto err_free_inst; if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "pkcs1pad(%s,%s)", rsa_alg->base.cra_driver_name, hash_name) >= CRYPTO_MAX_ALG_NAME) - goto out_drop_alg; + goto err_free_inst; } inst->alg.base.cra_flags = rsa_alg->base.cra_flags & CRYPTO_ALG_ASYNC; @@ -691,15 +677,10 @@ static int pkcs1pad_create(struct crypto_template *tmpl, struct rtattr **tb) inst->free = pkcs1pad_free; err = akcipher_register_instance(tmpl, inst); - if (err) - goto out_drop_alg; - - return 0; - -out_drop_alg: - crypto_drop_akcipher(spawn); -out_free_inst: - kfree(inst); + if (err) { +err_free_inst: + pkcs1pad_free(inst); + } return err; } -- cgit v1.2.3 From 732e540953477083082e999ff553622c59cffd5f Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 25 Feb 2020 20:59:24 -0800 Subject: crypto: xts - simplify error handling in ->create() Simplify the error handling in the XTS template's ->create() function by taking advantage of crypto_drop_skcipher() now accepting (as a no-op) a spawn that hasn't been grabbed yet. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/xts.c | 28 +++++++++++----------------- 1 file changed, 11 insertions(+), 17 deletions(-) (limited to 'crypto') diff --git a/crypto/xts.c b/crypto/xts.c index 29efa15f1495..dbdd8af629e6 100644 --- a/crypto/xts.c +++ b/crypto/xts.c @@ -379,15 +379,15 @@ static int create(struct crypto_template *tmpl, struct rtattr **tb) err = -EINVAL; if (alg->base.cra_blocksize != XTS_BLOCK_SIZE) - goto err_drop_spawn; + goto err_free_inst; if (crypto_skcipher_alg_ivsize(alg)) - goto err_drop_spawn; + goto err_free_inst; err = crypto_inst_setname(skcipher_crypto_instance(inst), "xts", &alg->base); if (err) - goto err_drop_spawn; + goto err_free_inst; err = -EINVAL; cipher_name = alg->base.cra_name; @@ -400,20 +400,20 @@ static int create(struct crypto_template *tmpl, struct rtattr **tb) len = strlcpy(ctx->name, cipher_name + 4, sizeof(ctx->name)); if (len < 2 || len >= sizeof(ctx->name)) - goto err_drop_spawn; + goto err_free_inst; if (ctx->name[len - 1] != ')') - goto err_drop_spawn; + goto err_free_inst; ctx->name[len - 1] = 0; if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME, "xts(%s)", ctx->name) >= CRYPTO_MAX_ALG_NAME) { err = -ENAMETOOLONG; - goto err_drop_spawn; + goto err_free_inst; } } else - goto err_drop_spawn; + goto err_free_inst; inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC; inst->alg.base.cra_priority = alg->base.cra_priority; @@ -437,17 +437,11 @@ static int create(struct crypto_template *tmpl, struct rtattr **tb) inst->free = free; err = skcipher_register_instance(tmpl, inst); - if (err) - goto err_drop_spawn; - -out: - return err; - -err_drop_spawn: - crypto_drop_skcipher(&ctx->spawn); + if (err) { err_free_inst: - kfree(inst); - goto out; + free(inst); + } + return err; } static struct crypto_template crypto_tmpl = { -- cgit v1.2.3 From 6f3a06d959f4f38f2beb0a8f25b0e2d5c9792b18 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 4 Mar 2020 14:44:03 -0800 Subject: crypto: testmgr - use consistent IV copies for AEADs that need it rfc4543 was missing from the list of algorithms that may treat the end of the AAD buffer specially. Also, with rfc4106, rfc4309, rfc4543, and rfc7539esp, the end of the AAD buffer is actually supposed to contain a second copy of the IV, and we've concluded that if the IV copies don't match the behavior is implementation-defined. So, the fuzz tests can't easily test that case. So, make the fuzz tests only use inputs where the two IV copies match. Reported-by: Geert Uytterhoeven Fixes: 40153b10d91c ("crypto: testmgr - fuzz AEADs against their generic implementation") Cc: Stephan Mueller Originally-from: Gilad Ben-Yossef Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/testmgr.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) (limited to 'crypto') diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 88f33c0efb23..0a10dbde27ef 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -91,10 +91,11 @@ struct aead_test_suite { unsigned int einval_allowed : 1; /* - * Set if the algorithm intentionally ignores the last 8 bytes of the - * AAD buffer during decryption. + * Set if this algorithm requires that the IV be located at the end of + * the AAD buffer, in addition to being given in the normal way. The + * behavior when the two IV copies differ is implementation-defined. */ - unsigned int esp_aad : 1; + unsigned int aad_iv : 1; }; struct cipher_test_suite { @@ -2167,9 +2168,10 @@ struct aead_extra_tests_ctx { * here means the full ciphertext including the authentication tag. The * authentication tag (and hence also the ciphertext) is assumed to be nonempty. */ -static void mutate_aead_message(struct aead_testvec *vec, bool esp_aad) +static void mutate_aead_message(struct aead_testvec *vec, bool aad_iv, + unsigned int ivsize) { - const unsigned int aad_tail_size = esp_aad ? 8 : 0; + const unsigned int aad_tail_size = aad_iv ? ivsize : 0; const unsigned int authsize = vec->clen - vec->plen; if (prandom_u32() % 2 == 0 && vec->alen > aad_tail_size) { @@ -2207,6 +2209,9 @@ static void generate_aead_message(struct aead_request *req, /* Generate the AAD. */ generate_random_bytes((u8 *)vec->assoc, vec->alen); + if (suite->aad_iv && vec->alen >= ivsize) + /* Avoid implementation-defined behavior. */ + memcpy((u8 *)vec->assoc + vec->alen - ivsize, vec->iv, ivsize); if (inauthentic && prandom_u32() % 2 == 0) { /* Generate a random ciphertext. */ @@ -2242,7 +2247,7 @@ static void generate_aead_message(struct aead_request *req, * Mutate the authentic (ciphertext, AAD) pair to get an * inauthentic one. */ - mutate_aead_message(vec, suite->esp_aad); + mutate_aead_message(vec, suite->aad_iv, ivsize); } vec->novrfy = 1; if (suite->einval_allowed) @@ -5202,7 +5207,7 @@ static const struct alg_test_desc alg_test_descs[] = { .aead = { ____VECS(aes_gcm_rfc4106_tv_template), .einval_allowed = 1, - .esp_aad = 1, + .aad_iv = 1, } } }, { @@ -5214,7 +5219,7 @@ static const struct alg_test_desc alg_test_descs[] = { .aead = { ____VECS(aes_ccm_rfc4309_tv_template), .einval_allowed = 1, - .esp_aad = 1, + .aad_iv = 1, } } }, { @@ -5225,6 +5230,7 @@ static const struct alg_test_desc alg_test_descs[] = { .aead = { ____VECS(aes_gcm_rfc4543_tv_template), .einval_allowed = 1, + .aad_iv = 1, } } }, { @@ -5240,7 +5246,7 @@ static const struct alg_test_desc alg_test_descs[] = { .aead = { ____VECS(rfc7539esp_tv_template), .einval_allowed = 1, - .esp_aad = 1, + .aad_iv = 1, } } }, { -- cgit v1.2.3 From 8ff357a9d146b94d0a165449cad59adbe36f8b50 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 4 Mar 2020 14:44:04 -0800 Subject: crypto: testmgr - do comparison tests before inauthentic input tests Do test_aead_vs_generic_impl() before test_aead_inauthentic_inputs() so that any differences with the generic driver are detected before getting to the inauthentic input tests, which intentionally use only the driver being tested (so that they run even if a generic driver is unavailable). Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/testmgr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'crypto') diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 0a10dbde27ef..428a5f8bc80f 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -2512,11 +2512,11 @@ static int test_aead_extra(const char *driver, goto out; } - err = test_aead_inauthentic_inputs(ctx); + err = test_aead_vs_generic_impl(ctx); if (err) goto out; - err = test_aead_vs_generic_impl(ctx); + err = test_aead_inauthentic_inputs(ctx); out: kfree(ctx->vec.key); kfree(ctx->vec.iv); -- cgit v1.2.3 From fcb90d51c375d09a034993cda262b68499e233a4 Mon Sep 17 00:00:00 2001 From: Lothar Rubusch Date: Fri, 20 Mar 2020 11:36:31 +0000 Subject: crypto: af_alg - bool type cosmetics When working with bool values the true and false definitions should be used instead of 1 and 0. Hopefully I fixed my mailer and apologize for that. Signed-off-by: Lothar Rubusch Signed-off-by: Herbert Xu --- crypto/af_alg.c | 10 +++++----- crypto/algif_hash.c | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) (limited to 'crypto') diff --git a/crypto/af_alg.c b/crypto/af_alg.c index 439367a8e95c..b1cd3535c525 100644 --- a/crypto/af_alg.c +++ b/crypto/af_alg.c @@ -821,8 +821,8 @@ int af_alg_sendmsg(struct socket *sock, struct msghdr *msg, size_t size, struct af_alg_tsgl *sgl; struct af_alg_control con = {}; long copied = 0; - bool enc = 0; - bool init = 0; + bool enc = false; + bool init = false; int err = 0; if (msg->msg_controllen) { @@ -830,13 +830,13 @@ int af_alg_sendmsg(struct socket *sock, struct msghdr *msg, size_t size, if (err) return err; - init = 1; + init = true; switch (con.op) { case ALG_OP_ENCRYPT: - enc = 1; + enc = true; break; case ALG_OP_DECRYPT: - enc = 0; + enc = false; break; default: return -EINVAL; diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c index 178f4cd75ef1..da1ffa4f7f8d 100644 --- a/crypto/algif_hash.c +++ b/crypto/algif_hash.c @@ -83,7 +83,7 @@ static int hash_sendmsg(struct socket *sock, struct msghdr *msg, goto unlock; } - ctx->more = 0; + ctx->more = false; while (msg_data_left(msg)) { int len = msg_data_left(msg); @@ -211,7 +211,7 @@ static int hash_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, } if (!result || ctx->more) { - ctx->more = 0; + ctx->more = false; err = crypto_wait_req(crypto_ahash_final(&ctx->req), &ctx->wait); if (err) @@ -436,7 +436,7 @@ static int hash_accept_parent_nokey(void *private, struct sock *sk) ctx->result = NULL; ctx->len = len; - ctx->more = 0; + ctx->more = false; crypto_init_wait(&ctx->wait); ask->private = ctx; -- cgit v1.2.3