diff options
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/842.c | 6 | ||||
| -rw-r--r-- | crypto/anubis.c | 5 | ||||
| -rw-r--r-- | crypto/asymmetric_keys/x509_cert_parser.c | 16 | ||||
| -rw-r--r-- | crypto/cryptd.c | 3 | ||||
| -rw-r--r-- | crypto/essiv.c | 14 | ||||
| -rw-r--r-- | crypto/jitterentropy-kcapi.c | 1 | ||||
| -rw-r--r-- | crypto/lz4.c | 6 | ||||
| -rw-r--r-- | crypto/lz4hc.c | 6 | ||||
| -rw-r--r-- | crypto/lzo-rle.c | 6 | ||||
| -rw-r--r-- | crypto/lzo.c | 6 | ||||
| -rw-r--r-- | crypto/rng.c | 8 | ||||
| -rw-r--r-- | crypto/skcipher.c | 2 | ||||
| -rw-r--r-- | crypto/testmgr.c | 5 | ||||
| -rw-r--r-- | crypto/zstd.c | 2 |
14 files changed, 58 insertions, 28 deletions
diff --git a/crypto/842.c b/crypto/842.c index 8c257c40e2b9..4007e87bed80 100644 --- a/crypto/842.c +++ b/crypto/842.c @@ -54,8 +54,10 @@ static int crypto842_sdecompress(struct crypto_scomp *tfm, } static struct scomp_alg scomp = { - .alloc_ctx = crypto842_alloc_ctx, - .free_ctx = crypto842_free_ctx, + .streams = { + .alloc_ctx = crypto842_alloc_ctx, + .free_ctx = crypto842_free_ctx, + }, .compress = crypto842_scompress, .decompress = crypto842_sdecompress, .base = { diff --git a/crypto/anubis.c b/crypto/anubis.c index 4268c3833baa..4b01b6ec961a 100644 --- a/crypto/anubis.c +++ b/crypto/anubis.c @@ -683,10 +683,7 @@ static struct crypto_alg anubis_alg = { static int __init anubis_mod_init(void) { - int ret = 0; - - ret = crypto_register_alg(&anubis_alg); - return ret; + return crypto_register_alg(&anubis_alg); } static void __exit anubis_mod_fini(void) diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c index 2ffe4ae90bea..8df3fa60a44f 100644 --- a/crypto/asymmetric_keys/x509_cert_parser.c +++ b/crypto/asymmetric_keys/x509_cert_parser.c @@ -610,11 +610,14 @@ int x509_process_extension(void *context, size_t hdrlen, /* * Get hold of the basicConstraints * v[1] is the encoding size - * (Expect 0x2 or greater, making it 1 or more bytes) + * (Expect 0x00 for empty SEQUENCE with CA:FALSE, or + * 0x03 or greater for non-empty SEQUENCE) * v[2] is the encoding type * (Expect an ASN1_BOOL for the CA) - * v[3] is the contents of the ASN1_BOOL - * (Expect 1 if the CA is TRUE) + * v[3] is the length of the ASN1_BOOL + * (Expect 1 for a single byte boolean) + * v[4] is the contents of the ASN1_BOOL + * (Expect 0xFF if the CA is TRUE) * vlen should match the entire extension size */ if (v[0] != (ASN1_CONS_BIT | ASN1_SEQ)) @@ -623,8 +626,13 @@ int x509_process_extension(void *context, size_t hdrlen, return -EBADMSG; if (v[1] != vlen - 2) return -EBADMSG; - if (vlen >= 4 && v[1] != 0 && v[2] == ASN1_BOOL && v[3] == 1) + /* Empty SEQUENCE means CA:FALSE (default value omitted per DER) */ + if (v[1] == 0) + return 0; + if (vlen >= 5 && v[2] == ASN1_BOOL && v[3] == 1 && v[4] == 0xFF) ctx->cert->pub->key_eflags |= 1 << KEY_EFLAG_CA; + else + return -EBADMSG; return 0; } diff --git a/crypto/cryptd.c b/crypto/cryptd.c index efff54e707cb..cd38f4676176 100644 --- a/crypto/cryptd.c +++ b/crypto/cryptd.c @@ -1115,7 +1115,8 @@ static int __init cryptd_init(void) { int err; - cryptd_wq = alloc_workqueue("cryptd", WQ_MEM_RECLAIM | WQ_CPU_INTENSIVE, + cryptd_wq = alloc_workqueue("cryptd", + WQ_MEM_RECLAIM | WQ_CPU_INTENSIVE | WQ_PERCPU, 1); if (!cryptd_wq) return -ENOMEM; diff --git a/crypto/essiv.c b/crypto/essiv.c index d003b78fcd85..a47a3eab6935 100644 --- a/crypto/essiv.c +++ b/crypto/essiv.c @@ -186,9 +186,14 @@ static int essiv_aead_crypt(struct aead_request *req, bool enc) const struct essiv_tfm_ctx *tctx = crypto_aead_ctx(tfm); struct essiv_aead_request_ctx *rctx = aead_request_ctx(req); struct aead_request *subreq = &rctx->aead_req; + int ivsize = crypto_aead_ivsize(tfm); + int ssize = req->assoclen - ivsize; struct scatterlist *src = req->src; int err; + if (ssize < 0) + return -EINVAL; + crypto_cipher_encrypt_one(tctx->essiv_cipher, req->iv, req->iv); /* @@ -198,19 +203,12 @@ static int essiv_aead_crypt(struct aead_request *req, bool enc) */ rctx->assoc = NULL; if (req->src == req->dst || !enc) { - scatterwalk_map_and_copy(req->iv, req->dst, - req->assoclen - crypto_aead_ivsize(tfm), - crypto_aead_ivsize(tfm), 1); + scatterwalk_map_and_copy(req->iv, req->dst, ssize, ivsize, 1); } else { u8 *iv = (u8 *)aead_request_ctx(req) + tctx->ivoffset; - int ivsize = crypto_aead_ivsize(tfm); - int ssize = req->assoclen - ivsize; struct scatterlist *sg; int nents; - if (ssize < 0) - return -EINVAL; - nents = sg_nents_for_len(req->src, ssize); if (nents < 0) return -EINVAL; diff --git a/crypto/jitterentropy-kcapi.c b/crypto/jitterentropy-kcapi.c index 1266eb790708..a53de7affe8d 100644 --- a/crypto/jitterentropy-kcapi.c +++ b/crypto/jitterentropy-kcapi.c @@ -117,6 +117,7 @@ int jent_hash_time(void *hash_state, __u64 time, u8 *addtl, pr_warn_ratelimited("Unexpected digest size\n"); return -EINVAL; } + kmsan_unpoison_memory(intermediary, sizeof(intermediary)); /* * This loop fills a buffer which is injected into the entropy pool. diff --git a/crypto/lz4.c b/crypto/lz4.c index 7a984ae5ae52..57b713516aef 100644 --- a/crypto/lz4.c +++ b/crypto/lz4.c @@ -68,8 +68,10 @@ static int lz4_sdecompress(struct crypto_scomp *tfm, const u8 *src, } static struct scomp_alg scomp = { - .alloc_ctx = lz4_alloc_ctx, - .free_ctx = lz4_free_ctx, + .streams = { + .alloc_ctx = lz4_alloc_ctx, + .free_ctx = lz4_free_ctx, + }, .compress = lz4_scompress, .decompress = lz4_sdecompress, .base = { diff --git a/crypto/lz4hc.c b/crypto/lz4hc.c index 9c61d05b6214..bb84f8a68cb5 100644 --- a/crypto/lz4hc.c +++ b/crypto/lz4hc.c @@ -66,8 +66,10 @@ static int lz4hc_sdecompress(struct crypto_scomp *tfm, const u8 *src, } static struct scomp_alg scomp = { - .alloc_ctx = lz4hc_alloc_ctx, - .free_ctx = lz4hc_free_ctx, + .streams = { + .alloc_ctx = lz4hc_alloc_ctx, + .free_ctx = lz4hc_free_ctx, + }, .compress = lz4hc_scompress, .decompress = lz4hc_sdecompress, .base = { diff --git a/crypto/lzo-rle.c b/crypto/lzo-rle.c index ba013f2d5090..794e7ec49536 100644 --- a/crypto/lzo-rle.c +++ b/crypto/lzo-rle.c @@ -70,8 +70,10 @@ static int lzorle_sdecompress(struct crypto_scomp *tfm, const u8 *src, } static struct scomp_alg scomp = { - .alloc_ctx = lzorle_alloc_ctx, - .free_ctx = lzorle_free_ctx, + .streams = { + .alloc_ctx = lzorle_alloc_ctx, + .free_ctx = lzorle_free_ctx, + }, .compress = lzorle_scompress, .decompress = lzorle_sdecompress, .base = { diff --git a/crypto/lzo.c b/crypto/lzo.c index 7867e2c67c4e..d43242b24b4e 100644 --- a/crypto/lzo.c +++ b/crypto/lzo.c @@ -70,8 +70,10 @@ static int lzo_sdecompress(struct crypto_scomp *tfm, const u8 *src, } static struct scomp_alg scomp = { - .alloc_ctx = lzo_alloc_ctx, - .free_ctx = lzo_free_ctx, + .streams = { + .alloc_ctx = lzo_alloc_ctx, + .free_ctx = lzo_free_ctx, + }, .compress = lzo_scompress, .decompress = lzo_sdecompress, .base = { diff --git a/crypto/rng.c b/crypto/rng.c index b8ae6ebc091d..ee1768c5a400 100644 --- a/crypto/rng.c +++ b/crypto/rng.c @@ -168,6 +168,11 @@ out: EXPORT_SYMBOL_GPL(crypto_del_default_rng); #endif +static void rng_default_set_ent(struct crypto_rng *tfm, const u8 *data, + unsigned int len) +{ +} + int crypto_register_rng(struct rng_alg *alg) { struct crypto_alg *base = &alg->base; @@ -179,6 +184,9 @@ int crypto_register_rng(struct rng_alg *alg) base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK; base->cra_flags |= CRYPTO_ALG_TYPE_RNG; + if (!alg->set_ent) + alg->set_ent = rng_default_set_ent; + return crypto_register_alg(base); } EXPORT_SYMBOL_GPL(crypto_register_rng); diff --git a/crypto/skcipher.c b/crypto/skcipher.c index de5fc91bba26..8fa5d9686d08 100644 --- a/crypto/skcipher.c +++ b/crypto/skcipher.c @@ -294,6 +294,8 @@ static int crypto_skcipher_init_tfm(struct crypto_tfm *tfm) return crypto_init_lskcipher_ops_sg(tfm); } + crypto_skcipher_set_reqsize(skcipher, crypto_tfm_alg_reqsize(tfm)); + if (alg->exit) skcipher->base.exit = crypto_skcipher_exit_tfm; diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 9dca41e7ee73..6a490aaa71b9 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -4187,6 +4187,7 @@ static const struct alg_test_desc alg_test_descs[] = { .alg = "authenc(hmac(sha1),cbc(aes))", .generic_driver = "authenc(hmac-sha1-lib,cbc(aes-generic))", .test = alg_test_aead, + .fips_allowed = 1, .suite = { .aead = __VECS(hmac_sha1_aes_cbc_tv_temp) } @@ -4207,6 +4208,7 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "authenc(hmac(sha1),ctr(aes))", .test = alg_test_null, + .fips_allowed = 1, }, { .alg = "authenc(hmac(sha1),ecb(cipher_null))", .generic_driver = "authenc(hmac-sha1-lib,ecb-cipher_null)", @@ -4217,6 +4219,7 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))", .test = alg_test_null, + .fips_allowed = 1, }, { .alg = "authenc(hmac(sha224),cbc(des))", .generic_driver = "authenc(hmac-sha224-lib,cbc(des-generic))", @@ -5075,6 +5078,7 @@ static const struct alg_test_desc alg_test_descs[] = { .alg = "hmac(sha1)", .generic_driver = "hmac-sha1-lib", .test = alg_test_hash, + .fips_allowed = 1, .suite = { .hash = __VECS(hmac_sha1_tv_template) } @@ -5448,6 +5452,7 @@ static const struct alg_test_desc alg_test_descs[] = { .alg = "sha1", .generic_driver = "sha1-lib", .test = alg_test_hash, + .fips_allowed = 1, .suite = { .hash = __VECS(sha1_tv_template) } diff --git a/crypto/zstd.c b/crypto/zstd.c index c2a19cb0879d..ac318d333b68 100644 --- a/crypto/zstd.c +++ b/crypto/zstd.c @@ -83,7 +83,7 @@ static void zstd_exit(struct crypto_acomp *acomp_tfm) static int zstd_compress_one(struct acomp_req *req, struct zstd_ctx *ctx, const void *src, void *dst, unsigned int *dlen) { - unsigned int out_len; + size_t out_len; ctx->cctx = zstd_init_cctx(ctx->wksp, ctx->wksp_size); if (!ctx->cctx) |