path: root/crypto/af_alg.c
AgeCommit message (Collapse)AuthorLines
2015-02-10crypto: fix af_alg_make_sg() conversion to iov_iterLinus Torvalds-1/+1
Commit 1d10eb2f156f ("crypto: switch af_alg_make_sg() to iov_iter") broke af_alg_make_sg() and skcipher_recvmsg() in the process of moving them to the iov_iter interfaces. The 'npages' calculation in the formar calculated the number of *bytes* in the pages, and in the latter case the conversion didn't re-read the value of 'ctx->used' after waiting for it to become non-zero. This reverts to the original code for both these cases. Cc: Al Viro <> Cc: David Miller <> Signed-off-by: Linus Torvalds <>
2015-02-04crypto: switch af_alg_make_sg() to iov_iterAl Viro-29/+11
With that, all ->sendmsg() instances are converted to iov_iter primitives and are agnostic wrt the kind of iov_iter they are working with. So's the last remaining ->recvmsg() instance that wasn't kind-agnostic yet. All ->sendmsg() and ->recvmsg() advance ->msg_iter by the amount actually copied and none of them modifies the underlying iovec, etc. Cc: Signed-off-by: Al Viro <>
2014-12-22crypto: af_alg - fix backlog handlingRabin Vincent-0/+3
If a request is backlogged, it's complete() handler will get called twice: once with -EINPROGRESS, and once with the final error code. af_alg's complete handler, unlike other users, does not handle the -EINPROGRESS but instead always completes the completion that recvmsg() is waiting on. This can lead to a return to user space while the request is still pending in the driver. If userspace closes the sockets before the requests are handled by the driver, this will lead to use-after-frees (and potential crashes) in the kernel due to the tfm having been freed. The crashes can be easily reproduced (for example) by reducing the max queue length in cryptod.c and running the following (from on AES-NI capable hardware: $ while true; do kcapi -x 1 -e -c '__ecb-aes-aesni' \ -k 00000000000000000000000000000000 \ -p 00000000000000000000000000000000 >/dev/null & done Cc: Signed-off-by: Rabin Vincent <> Signed-off-by: Herbert Xu <>
2014-12-13Merge git:// Torvalds-0/+6
Pull crypto update from Herbert Xu: - The crypto API is now documented :) - Disallow arbitrary module loading through crypto API. - Allow get request with empty driver name through crypto_user. - Allow speed testing of arbitrary hash functions. - Add caam support for ctr(aes), gcm(aes) and their derivatives. - nx now supports concurrent hashing properly. - Add sahara support for SHA1/256. - Add ARM64 version of CRC32. - Misc fixes. * git:// (77 commits) crypto: tcrypt - Allow speed testing of arbitrary hash functions crypto: af_alg - add user space interface for AEAD crypto: qat - fix problem with coalescing enable logic crypto: sahara - add support for SHA1/256 crypto: sahara - replace tasklets with kthread crypto: sahara - add support for i.MX53 crypto: sahara - fix spinlock initialization crypto: arm - replace memset by memzero_explicit crypto: powerpc - replace memset by memzero_explicit crypto: sha - replace memset by memzero_explicit crypto: sparc - replace memset by memzero_explicit crypto: algif_skcipher - initialize upon init request crypto: algif_skcipher - removed unneeded code crypto: algif_skcipher - Fixed blocking recvmsg crypto: drbg - use memzero_explicit() for clearing sensitive data crypto: drbg - use MODULE_ALIAS_CRYPTO crypto: include crypto- module prefix in template crypto: user - add MODULE_ALIAS crypto: sha-mb - remove a bogus NULL check crytpo: qat - Fix 64 bytes requests ...
2014-12-10net: introduce helper macro for_each_cmsghdrGu Zheng-1/+1
Introduce helper macro for_each_cmsghdr as a wrapper of the enumerating cmsghdr from msghdr, just cleanup. Signed-off-by: Gu Zheng <> Signed-off-by: David S. Miller <>
2014-12-05crypto: af_alg - add user space interface for AEADStephan Mueller-0/+6
AEAD requires the caller to specify the following information separate from the data stream. This information allows the AEAD interface handler to identify the AAD, ciphertext/plaintext and the authentication tag: * Associated authentication data of arbitrary length and length * Length of authentication tag for encryption Signed-off-by: Stephan Mueller <> Signed-off-by: Herbert Xu <>
2014-07-31crypto: af_alg - properly label AF_ALG socketMilan Broz-0/+2
Th AF_ALG socket was missing a security label (e.g. SELinux) which means that socket was in "unlabeled" state. This was recently demonstrated in the cryptsetup package (cryptsetup v1.6.5 and later.) See This patch clones the sock's label from the parent sock and resolves the issue (similar to AF_BLUETOOTH protocol family). Cc: Signed-off-by: Milan Broz <> Acked-by: Paul Moore <> Signed-off-by: Herbert Xu <>
2013-11-15tree-wide: use reinit_completion instead of INIT_COMPLETIONWolfram Sang-1/+1
Use this new function to make code more comprehensible, since we are reinitialzing the completion, not initializing. [ linux-next resyncs] Signed-off-by: Wolfram Sang <> Acked-by: Linus Walleij <> (personally at LCE13) Cc: Ingo Molnar <> Signed-off-by: Andrew Morton <> Signed-off-by: Linus Torvalds <>
2011-07-26atomic: use <linux/atomic.h>Arun Sharma-1/+1
This allows us to move duplicated code in <asm/atomic.h> (atomic_inc_not_zero() for now) to <linux/atomic.h> Signed-off-by: Arun Sharma <> Reviewed-by: Eric Dumazet <> Cc: Ingo Molnar <> Cc: David Miller <> Cc: Eric Dumazet <> Acked-by: Mike Frysinger <> Signed-off-by: Andrew Morton <> Signed-off-by: Linus Torvalds <>
2010-12-21crypto: af_alg - fix af_alg memory_allocated data typeRandy Dunlap-1/+1
Change data type to fix warning: crypto/af_alg.c:35: warning: initialization from incompatible pointer type Signed-off-by: Randy Dunlap <> Signed-off-by: Herbert Xu <>
2010-12-08crypto: af_alg - Make sure sk_security is initialized on accept()ed socketsMiloslav Trmač-0/+1
Signed-off-by: Miloslav Trmač <> Signed-off-by: Herbert Xu <>
2010-11-19crypto: af_alg - User-space interface for Crypto APIHerbert Xu-0/+482
This patch creates the backbone of the user-space interface for the Crypto API, through a new socket family AF_ALG. Each session corresponds to one or more connections obtained from that socket. The number depends on the number of inputs/outputs of that particular type of operation. For most types there will be a s ingle connection/file descriptor that is used for both input and output. AEAD is one of the few that require two inputs. Each algorithm type will provide its own implementation that plugs into af_alg. They're keyed using a string such as "skcipher" or "hash". IOW this patch only contains the boring bits that is required to hold everything together. Thakns to Miloslav Trmac for reviewing this and contributing fixes and improvements. Signed-off-by: Herbert Xu <> Acked-by: David S. Miller <> Tested-by: Martin Willi <>