[Devel,RHEL7,COMMIT] ms/crypto: algif_skcipher - Require setkey before accept(2)

Submitted by Konstantin Khorenko on Oct. 24, 2016, 12:34 p.m.

Details

Message ID 201610241234.u9OCY1Gu023633@finist_cl7.x64_64.work.ct
State New
Series "ms/crypto: algif_skcipher - Require setkey before accept(2)"
Headers show

Commit Message

Konstantin Khorenko Oct. 24, 2016, 12:34 p.m.
The commit is pushed to "branch-rh7-3.10.0-327.36.1.vz7.19.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-327.36.1.vz7.19.3
------>
commit 1cceb46ba162d9661d32093f30797a3c72df0c4c
Author: Herbert Xu <herbert@gondor.apana.org.au>
Date:   Mon Oct 24 16:34:01 2016 +0400

    ms/crypto: algif_skcipher - Require setkey before accept(2)
    
    Some cipher implementations will crash if you try to use them
    without calling setkey first.  This patch adds a check so that
    the accept(2) call will fail with -ENOKEY if setkey hasn't been
    done on the socket yet.
    
    Cc: stable@vger.kernel.org
    Reported-by: Dmitry Vyukov <dvyukov@google.com>
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
    Tested-by: Dmitry Vyukov <dvyukov@google.com>
    (cherry picked from commit dd504589577d8e8e70f51f997ad487a4cb6c026f)
    Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
    
    ==========================================
    Patchset description:
    Bunch of crypto-stable backports
    
    A lot of stable fixes for crypto subsystem didn't managed to
    get into 3.10-stable branch (but got into 3.12 stable and later).
    So, this caused - https://jira.sw.ru/browse/PSBM-53860
    
    PSBM-53860 == PSBM-54117 is fixed by 073d419 ("ms/crypto: algif_hash - Only
    export and import on sockets with data"), but this patchset is still
    good to be applied.
    
    Andrey Ryabinin (1):
      crypto: testmgr - don't copy from source IV too much
    
    Ard Biesheuvel (1):
      crypto: cryptd - initialize child shash_desc on import
    
    Herbert Xu (13):
      crypto: algif_skcipher - Require setkey before accept(2)
      crypto: af_alg - Disallow bind/setkey/... after accept(2)
      crypto: af_alg - Fix socket double-free when accept fails
      crypto: af_alg - Add nokey compatibility path
      crypto: algif_skcipher - Add nokey compatibility path
      crypto: hash - Add crypto_ahash_has_setkey
      crypto: algif_hash - Require setkey before accept(2)
      crypto: shash - Fix has_key setting
      crypto: gcm - Fix rfc4543 decryption crash
      crypto: hash - Fix page length clamping in hash walk
      crypto: gcm - Filter out async ghash if necessary
      crypto: scatterwalk - Fix test in scatterwalk_done
      crypto: skcipher - Fix blkcipher walk OOM crash
    
    James Yonan (1):
      crypto: crypto_memneq - add equality testing of memory regions w/o
        timing leaks
    
    Mathias Krause (1):
      crypto: user - lock crypto_alg_list on alg dump
    
    Wang, Rui Y (1):
      crypto: algif_hash - wait for crypto_ahash_init() to complete
---
 crypto/algif_skcipher.c | 51 ++++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 42 insertions(+), 9 deletions(-)

Patch hide | download patch | download mbox

diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index 83187f4..c4c121a 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -31,6 +31,11 @@  struct skcipher_sg_list {
 	struct scatterlist sg[0];
 };
 
+struct skcipher_tfm {
+	struct crypto_ablkcipher *skcipher;
+	bool has_key;
+};
+
 struct skcipher_ctx {
 	struct list_head tsgl;
 	struct af_alg_sgl rsgl;
@@ -546,17 +551,41 @@  static struct proto_ops algif_skcipher_ops = {
 
 static void *skcipher_bind(const char *name, u32 type, u32 mask)
 {
-	return crypto_alloc_ablkcipher(name, type, mask);
+	struct skcipher_tfm *tfm;
+	struct crypto_ablkcipher *skcipher;
+
+	tfm = kzalloc(sizeof(*tfm), GFP_KERNEL);
+	if (!tfm)
+		return ERR_PTR(-ENOMEM);
+
+	skcipher = crypto_alloc_ablkcipher(name, type, mask);
+	if (IS_ERR(skcipher)) {
+		kfree(tfm);
+		return ERR_CAST(skcipher);
+	}
+
+	tfm->skcipher = skcipher;
+
+	return tfm;
 }
 
 static void skcipher_release(void *private)
 {
-	crypto_free_ablkcipher(private);
+	struct skcipher_tfm *tfm = private;
+
+	crypto_free_ablkcipher(tfm->skcipher);
+	kfree(tfm);
 }
 
 static int skcipher_setkey(void *private, const u8 *key, unsigned int keylen)
 {
-	return crypto_ablkcipher_setkey(private, key, keylen);
+	struct skcipher_tfm *tfm = private;
+	int err;
+
+	err = crypto_ablkcipher_setkey(tfm->skcipher, key, keylen);
+	tfm->has_key = !err;
+
+	return err;
 }
 
 static void skcipher_sock_destruct(struct sock *sk)
@@ -575,20 +604,24 @@  static int skcipher_accept_parent(void *private, struct sock *sk)
 {
 	struct skcipher_ctx *ctx;
 	struct alg_sock *ask = alg_sk(sk);
-	unsigned int len = sizeof(*ctx) + crypto_ablkcipher_reqsize(private);
+	struct skcipher_tfm *tfm = private;
+	struct crypto_ablkcipher *skcipher = tfm->skcipher;
+	unsigned int len = sizeof(*ctx) + crypto_ablkcipher_reqsize(skcipher);
+
+	if (!tfm->has_key)
+		return -ENOKEY;
 
 	ctx = sock_kmalloc(sk, len, GFP_KERNEL);
 	if (!ctx)
 		return -ENOMEM;
-
-	ctx->iv = sock_kmalloc(sk, crypto_ablkcipher_ivsize(private),
+	ctx->iv = sock_kmalloc(sk, crypto_ablkcipher_ivsize(skcipher),
 			       GFP_KERNEL);
 	if (!ctx->iv) {
 		sock_kfree_s(sk, ctx, len);
 		return -ENOMEM;
 	}
 
-	memset(ctx->iv, 0, crypto_ablkcipher_ivsize(private));
+	memset(ctx->iv, 0, crypto_ablkcipher_ivsize(skcipher));
 
 	INIT_LIST_HEAD(&ctx->tsgl);
 	ctx->len = len;
@@ -600,9 +633,9 @@  static int skcipher_accept_parent(void *private, struct sock *sk)
 
 	ask->private = ctx;
 
-	ablkcipher_request_set_tfm(&ctx->req, private);
+	ablkcipher_request_set_tfm(&ctx->req, skcipher);
 	ablkcipher_request_set_callback(&ctx->req, CRYPTO_TFM_REQ_MAY_BACKLOG,
-					af_alg_complete, &ctx->completion);
+				      af_alg_complete, &ctx->completion);
 
 	sk->sk_destruct = skcipher_sock_destruct;