Commit 2dd3f7c9 authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

Pull crypto fixes from Herbert Xu:

 - Fix use after free in chtls

 - Fix RBP breakage in sha3

 - Fix use after free in hwrng_unregister

 - Fix overread in morus640

 - Move sleep out of kernel_neon in arm64/aes-blk

* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  hwrng: core - Always drop the RNG in hwrng_unregister()
  crypto: morus640 - Fix out-of-bounds access
  crypto: don't optimize keccakf()
  crypto: arm64/aes-blk - fix and move skcipher_walk_done out of kernel_neon_begin, _end
  crypto: chtls - use after free in chtls_pt_recvmsg()
parents b13fbe77 837bf7cc
...@@ -223,8 +223,8 @@ static int ctr_encrypt(struct skcipher_request *req) ...@@ -223,8 +223,8 @@ static int ctr_encrypt(struct skcipher_request *req)
kernel_neon_begin(); kernel_neon_begin();
aes_ctr_encrypt(walk.dst.virt.addr, walk.src.virt.addr, aes_ctr_encrypt(walk.dst.virt.addr, walk.src.virt.addr,
(u8 *)ctx->key_enc, rounds, blocks, walk.iv); (u8 *)ctx->key_enc, rounds, blocks, walk.iv);
err = skcipher_walk_done(&walk, walk.nbytes % AES_BLOCK_SIZE);
kernel_neon_end(); kernel_neon_end();
err = skcipher_walk_done(&walk, walk.nbytes % AES_BLOCK_SIZE);
} }
if (walk.nbytes) { if (walk.nbytes) {
u8 __aligned(8) tail[AES_BLOCK_SIZE]; u8 __aligned(8) tail[AES_BLOCK_SIZE];
......
...@@ -274,8 +274,9 @@ static void crypto_morus640_decrypt_chunk(struct morus640_state *state, u8 *dst, ...@@ -274,8 +274,9 @@ static void crypto_morus640_decrypt_chunk(struct morus640_state *state, u8 *dst,
union morus640_block_in tail; union morus640_block_in tail;
memcpy(tail.bytes, src, size); memcpy(tail.bytes, src, size);
memset(tail.bytes + size, 0, MORUS640_BLOCK_SIZE - size);
crypto_morus640_load_a(&m, src); crypto_morus640_load_a(&m, tail.bytes);
crypto_morus640_core(state, &m); crypto_morus640_core(state, &m);
crypto_morus640_store_a(tail.bytes, &m); crypto_morus640_store_a(tail.bytes, &m);
memset(tail.bytes + size, 0, MORUS640_BLOCK_SIZE - size); memset(tail.bytes + size, 0, MORUS640_BLOCK_SIZE - size);
......
...@@ -152,7 +152,7 @@ static SHA3_INLINE void keccakf_round(u64 st[25]) ...@@ -152,7 +152,7 @@ static SHA3_INLINE void keccakf_round(u64 st[25])
st[24] ^= bc[ 4]; st[24] ^= bc[ 4];
} }
static void __optimize("O3") keccakf(u64 st[25]) static void keccakf(u64 st[25])
{ {
int round; int round;
......
...@@ -516,11 +516,18 @@ EXPORT_SYMBOL_GPL(hwrng_register); ...@@ -516,11 +516,18 @@ EXPORT_SYMBOL_GPL(hwrng_register);
void hwrng_unregister(struct hwrng *rng) void hwrng_unregister(struct hwrng *rng)
{ {
int err;
mutex_lock(&rng_mutex); mutex_lock(&rng_mutex);
list_del(&rng->list); list_del(&rng->list);
if (current_rng == rng) if (current_rng == rng) {
enable_best_rng(); err = enable_best_rng();
if (err) {
drop_current_rng();
cur_rng_set_by_user = 0;
}
}
if (list_empty(&rng_list)) { if (list_empty(&rng_list)) {
mutex_unlock(&rng_mutex); mutex_unlock(&rng_mutex);
......
...@@ -1548,15 +1548,14 @@ static int chtls_pt_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, ...@@ -1548,15 +1548,14 @@ static int chtls_pt_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
tp->urg_data = 0; tp->urg_data = 0;
if ((avail + offset) >= skb->len) { if ((avail + offset) >= skb->len) {
if (likely(skb))
chtls_free_skb(sk, skb);
buffers_freed++;
if (ULP_SKB_CB(skb)->flags & ULPCB_FLAG_TLS_HDR) { if (ULP_SKB_CB(skb)->flags & ULPCB_FLAG_TLS_HDR) {
tp->copied_seq += skb->len; tp->copied_seq += skb->len;
hws->rcvpld = skb->hdr_len; hws->rcvpld = skb->hdr_len;
} else { } else {
tp->copied_seq += hws->rcvpld; tp->copied_seq += hws->rcvpld;
} }
chtls_free_skb(sk, skb);
buffers_freed++;
hws->copied_seq = 0; hws->copied_seq = 0;
if (copied >= target && if (copied >= target &&
!skb_peek(&sk->sk_receive_queue)) !skb_peek(&sk->sk_receive_queue))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment