diff options
author | Paul Gortmaker <paul.gortmaker@windriver.com> | 2018-07-23 09:23:17 -0400 |
---|---|---|
committer | Paul Gortmaker <paul.gortmaker@windriver.com> | 2018-07-23 09:23:17 -0400 |
commit | d85c96669023a993813e2af557ad4c14ed6d3539 (patch) | |
tree | cfcfff9e72bc292fd8de7079b22dcffdfa1e662d | |
parent | 2b9c7d27b2b29404cd4ed83bb10dbab5f6f0d9f2 (diff) | |
download | longterm-queue-4.12-d85c96669023a993813e2af557ad4c14ed6d3539.tar.gz |
crypto: drop another already applied patch
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
-rw-r--r-- | queue/crypto-salsa20-fix-blkcipher_walk-API-usage.patch | 88 | ||||
-rw-r--r-- | queue/series | 1 |
2 files changed, 0 insertions, 89 deletions
diff --git a/queue/crypto-salsa20-fix-blkcipher_walk-API-usage.patch b/queue/crypto-salsa20-fix-blkcipher_walk-API-usage.patch deleted file mode 100644 index 80a9c85..0000000 --- a/queue/crypto-salsa20-fix-blkcipher_walk-API-usage.patch +++ /dev/null @@ -1,88 +0,0 @@ -From ecaaab5649781c5a0effdaf298a925063020500e Mon Sep 17 00:00:00 2001 -From: Eric Biggers <ebiggers@google.com> -Date: Tue, 28 Nov 2017 20:56:59 -0800 -Subject: [PATCH] crypto: salsa20 - fix blkcipher_walk API usage - -commit ecaaab5649781c5a0effdaf298a925063020500e upstream. - -When asked to encrypt or decrypt 0 bytes, both the generic and x86 -implementations of Salsa20 crash in blkcipher_walk_done(), either when -doing 'kfree(walk->buffer)' or 'free_page((unsigned long)walk->page)', -because walk->buffer and walk->page have not been initialized. - -The bug is that Salsa20 is calling blkcipher_walk_done() even when -nothing is in 'walk.nbytes'. But blkcipher_walk_done() is only meant to -be called when a nonzero number of bytes have been provided. - -The broken code is part of an optimization that tries to make only one -call to salsa20_encrypt_bytes() to process inputs that are not evenly -divisible by 64 bytes. To fix the bug, just remove this "optimization" -and use the blkcipher_walk API the same way all the other users do. - -Reproducer: - - #include <linux/if_alg.h> - #include <sys/socket.h> - #include <unistd.h> - - int main() - { - int algfd, reqfd; - struct sockaddr_alg addr = { - .salg_type = "skcipher", - .salg_name = "salsa20", - }; - char key[16] = { 0 }; - - algfd = socket(AF_ALG, SOCK_SEQPACKET, 0); - bind(algfd, (void *)&addr, sizeof(addr)); - reqfd = accept(algfd, 0, 0); - setsockopt(algfd, SOL_ALG, ALG_SET_KEY, key, sizeof(key)); - read(reqfd, key, sizeof(key)); - } - -Reported-by: syzbot <syzkaller@googlegroups.com> -Fixes: eb6f13eb9f81 ("[CRYPTO] salsa20_generic: Fix multi-page processing") -Cc: <stable@vger.kernel.org> # v2.6.25+ -Signed-off-by: Eric Biggers <ebiggers@google.com> -Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> - -diff --git a/arch/x86/crypto/salsa20_glue.c b/arch/x86/crypto/salsa20_glue.c -index 399a29d067d6..cb91a64a99e7 100644 ---- a/arch/x86/crypto/salsa20_glue.c -+++ b/arch/x86/crypto/salsa20_glue.c -@@ -59,13 +59,6 @@ static int encrypt(struct blkcipher_desc *desc, - - salsa20_ivsetup(ctx, walk.iv); - -- if (likely(walk.nbytes == nbytes)) -- { -- salsa20_encrypt_bytes(ctx, walk.src.virt.addr, -- walk.dst.virt.addr, nbytes); -- return blkcipher_walk_done(desc, &walk, 0); -- } -- - while (walk.nbytes >= 64) { - salsa20_encrypt_bytes(ctx, walk.src.virt.addr, - walk.dst.virt.addr, -diff --git a/crypto/salsa20_generic.c b/crypto/salsa20_generic.c -index f550b5d94630..d7da0eea5622 100644 ---- a/crypto/salsa20_generic.c -+++ b/crypto/salsa20_generic.c -@@ -188,13 +188,6 @@ static int encrypt(struct blkcipher_desc *desc, - - salsa20_ivsetup(ctx, walk.iv); - -- if (likely(walk.nbytes == nbytes)) -- { -- salsa20_encrypt_bytes(ctx, walk.dst.virt.addr, -- walk.src.virt.addr, nbytes); -- return blkcipher_walk_done(desc, &walk, 0); -- } -- - while (walk.nbytes >= 64) { - salsa20_encrypt_bytes(ctx, walk.dst.virt.addr, - walk.src.virt.addr, --- -2.15.0 - diff --git a/queue/series b/queue/series index f7c2b10..37f2520 100644 --- a/queue/series +++ b/queue/series @@ -1,6 +1,5 @@ mfd-fsl-imx25-Clean-up-irq-settings-during-removal.patch crypto-rsa-fix-buffer-overread-when-stripping-leadin.patch -crypto-salsa20-fix-blkcipher_walk-API-usage.patch cifs-fix-NULL-deref-in-SMB2_read.patch kernel-make-groups_sort-calling-a-responsibility-gro.patch tracing-Allocate-mask_str-buffer-dynamically.patch |