user/sven/linux.git/crypto, branch v3.4.40

crypto: gcm - fix assumption that assoc has one segment

2013-04-12T16:38:46Z

commit d3dde52209ab571e4e2ec26c66f85ad1355f7475 upstream. rfc4543(gcm(*)) code for GMAC assumes that assoc scatterlist always contains only one segment and only makes use of this first segment. However ipsec passes assoc with three segments when using 'extended sequence number' thus in this case rfc4543(gcm(*)) fails to function correctly. Patch fixes this issue. Reported-by: Chaoxing Lin Tested-by: Chaoxing Lin Signed-off-by: Jussi Kivilinna Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman

crypto: user - fix info leaks in report API

2013-03-14T18:29:50Z

commit 9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 upstream. Three errors resulting in kernel memory disclosure: 1/ The structures used for the netlink based crypto algorithm report API are located on the stack. As snprintf() does not fill the remainder of the buffer with null bytes, those stack bytes will be disclosed to users of the API. Switch to strncpy() to fix this. 2/ crypto_report_one() does not initialize all field of struct crypto_user_alg. Fix this to fix the heap info leak. 3/ For the module name we should copy only as many bytes as module_name() returns -- not as much as the destination buffer could hold. But the current code does not and therefore copies random data from behind the end of the module name, as the module name is always shorter than CRYPTO_MAX_ALG_NAME. Also switch to use strncpy() to copy the algorithm's name and driver_name. They are strings, after all. Signed-off-by: Mathias Krause Cc: Steffen Klassert Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman

crypto: cryptd - disable softirqs in cryptd_queue_worker to prevent data corruption

2012-11-26T19:37:41Z

commit 9efade1b3e981f5064f9db9ca971b4dc7557ae42 upstream. cryptd_queue_worker attempts to prevent simultaneous accesses to crypto workqueue by cryptd_enqueue_request using preempt_disable/preempt_enable. However cryptd_enqueue_request might be called from softirq context, so add local_bh_disable/local_bh_enable to prevent data corruption and panics. Bug report at http://marc.info/?l=linux-crypto-vger&m=134858649616319&w=2 v2: - Disable software interrupts instead of hardware interrupts Reported-by: Gurucharan Shetty Signed-off-by: Jussi Kivilinna Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman

Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

2012-04-20T18:14:58Z

Pull crypto fixes from Herbert Xu: - Locking fix for talitos driver - Fix 64-bit counter overflow in SHA-512 - Build fix for ixp4xx. * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: talitos - properly lock access to global talitos registers crypto: ixp4xx - include fix crypto: sha512 - Fix byte counter overflow in SHA-512

um: several x86 hw-dependent crypto modules won't build on uml

2012-04-09T18:02:13Z

Signed-off-by: Al Viro

crypto: sha512 - Fix byte counter overflow in SHA-512

2012-04-05T12:34:20Z

The current code only increments the upper 64 bits of the SHA-512 byte counter when the number of bytes hashed happens to hit 2^64 exactly. This patch increments the upper 64 bits whenever the lower 64 bits overflows. Signed-off-by: Kent Yoder Cc: stable@kernel.org Signed-off-by: Herbert Xu

Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

2012-04-02T16:40:24Z

Pull crypto fixes from Herbert Xu: - Fix for CPU hotplug hang in padata. - Avoid using cpu_active inappropriately in pcrypt and padata. - Fix for user-space algorithm lookup hang with IV generators. - Fix for netlink dump of algorithms where stuff went missing due to incorrect calculation of message size. * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: user - Fix size of netlink dump message crypto: user - Fix lookup of algorithms with IV generator crypto: pcrypt - Use the online cpumask as the default padata: Fix cpu hotplug padata: Use the online cpumask as the default padata: Add a reference to the api documentation

crypto: user - Fix size of netlink dump message

2012-03-29T11:52:48Z

The default netlink message size limit might be exceeded when dumping a lot of algorithms to userspace. As a result, not all of the instantiated algorithms dumped to userspace. So calculate an upper bound on the message size and call netlink_dump_start() with that value. Signed-off-by: Steffen Klassert Signed-off-by: Herbert Xu

crypto: user - Fix lookup of algorithms with IV generator

2012-03-29T11:52:47Z

We lookup algorithms with crypto_alg_mod_lookup() when instantiating via crypto_add_alg(). However, algorithms that are wrapped by an IV genearator (e.g. aead or genicv type algorithms) need special care. The userspace process hangs until it gets a timeout when we use crypto_alg_mod_lookup() to lookup these algorithms. So export the lookup functions for these algorithms and use them in crypto_add_alg(). Signed-off-by: Steffen Klassert Signed-off-by: Herbert Xu

crypto: pcrypt - Use the online cpumask as the default

2012-03-29T11:52:47Z

We use the active cpumask to determine the superset of cpus to use for parallelization. However, the active cpumask is for internal usage of the scheduler and therefore not the appropriate cpumask for these purposes. So use the online cpumask instead. Reported-by: Peter Zijlstra Signed-off-by: Steffen Klassert Signed-off-by: Herbert Xu