* [PATCH] crypto: algif_aead - Require setkey before accept(2)
@ 2017-04-10 11:59 Stephan Müller
2017-04-21 11:11 ` Herbert Xu
0 siblings, 1 reply; 12+ messages in thread
From: Stephan Müller @ 2017-04-10 11:59 UTC (permalink / raw)
To: herbert; +Cc: linux-crypto
Some cipher implementations will crash if you try to use them
without calling setkey first. This patch adds a check so that
the accept(2) call will fail with -ENOKEY if setkey hasn't been
done on the socket yet.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
crypto/algif_aead.c | 164 ++++++++++++++++++++++++++++++++++++++++++++++++----
1 file changed, 154 insertions(+), 10 deletions(-)
diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c
index 5a80537..1f77a6f 100644
--- a/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -44,6 +44,11 @@ struct aead_async_req {
char iv[];
};
+struct aead_tfm {
+ struct crypto_aead *aead;
+ bool has_key;
+};
+
struct aead_ctx {
struct aead_sg_list tsgl;
struct aead_async_rsgl first_rsgl;
@@ -723,32 +728,157 @@ static struct proto_ops algif_aead_ops = {
.poll = aead_poll,
};
+static int aead_check_key(struct socket *sock)
+{
+ int err = 0;
+ struct sock *psk;
+ struct alg_sock *pask;
+ struct aead_tfm *tfm;
+ struct sock *sk = sock->sk;
+ struct alg_sock *ask = alg_sk(sk);
+
+ lock_sock(sk);
+ if (ask->refcnt)
+ goto unlock_child;
+
+ psk = ask->parent;
+ pask = alg_sk(ask->parent);
+ tfm = pask->private;
+
+ err = -ENOKEY;
+ lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
+ if (!tfm->has_key)
+ goto unlock;
+
+ if (!pask->refcnt++)
+ sock_hold(psk);
+
+ ask->refcnt = 1;
+ sock_put(psk);
+
+ err = 0;
+
+unlock:
+ release_sock(psk);
+unlock_child:
+ release_sock(sk);
+
+ return err;
+}
+
+static int aead_sendmsg_nokey(struct socket *sock, struct msghdr *msg,
+ size_t size)
+{
+ int err;
+
+ err = aead_check_key(sock);
+ if (err)
+ return err;
+
+ return aead_sendmsg(sock, msg, size);
+}
+
+static ssize_t aead_sendpage_nokey(struct socket *sock, struct page *page,
+ int offset, size_t size, int flags)
+{
+ int err;
+
+ err = aead_check_key(sock);
+ if (err)
+ return err;
+
+ return aead_sendpage(sock, page, offset, size, flags);
+}
+
+static int aead_recvmsg_nokey(struct socket *sock, struct msghdr *msg,
+ size_t ignored, int flags)
+{
+ int err;
+
+ err = aead_check_key(sock);
+ if (err)
+ return err;
+
+ return aead_recvmsg(sock, msg, ignored, flags);
+}
+
+static struct proto_ops algif_aead_ops_nokey = {
+ .family = PF_ALG,
+
+ .connect = sock_no_connect,
+ .socketpair = sock_no_socketpair,
+ .getname = sock_no_getname,
+ .ioctl = sock_no_ioctl,
+ .listen = sock_no_listen,
+ .shutdown = sock_no_shutdown,
+ .getsockopt = sock_no_getsockopt,
+ .mmap = sock_no_mmap,
+ .bind = sock_no_bind,
+ .accept = sock_no_accept,
+ .setsockopt = sock_no_setsockopt,
+
+ .release = af_alg_release,
+ .sendmsg = aead_sendmsg_nokey,
+ .sendpage = aead_sendpage_nokey,
+ .recvmsg = aead_recvmsg_nokey,
+ .poll = aead_poll,
+};
+
static void *aead_bind(const char *name, u32 type, u32 mask)
{
- return crypto_alloc_aead(name, type, mask);
+ struct aead_tfm *tfm;
+ struct crypto_aead *aead;
+
+ tfm = kzalloc(sizeof(*tfm), GFP_KERNEL);
+ if (!tfm)
+ return ERR_PTR(-ENOMEM);
+
+ aead = crypto_alloc_aead(name, type, mask);
+ if (IS_ERR(aead)) {
+ kfree(tfm);
+ return ERR_CAST(aead);
+ }
+
+ tfm->aead = aead;
+
+ return tfm;
}
static void aead_release(void *private)
{
- crypto_free_aead(private);
+ struct aead_tfm *tfm = private;
+
+ crypto_free_aead(tfm->aead);
+ kfree(tfm);
}
static int aead_setauthsize(void *private, unsigned int authsize)
{
- return crypto_aead_setauthsize(private, authsize);
+ struct aead_tfm *tfm = private;
+
+ return crypto_aead_setauthsize(tfm->aead, authsize);
}
static int aead_setkey(void *private, const u8 *key, unsigned int keylen)
{
- return crypto_aead_setkey(private, key, keylen);
+ struct aead_tfm *tfm = private;
+ int err;
+
+ err = crypto_aead_setkey(tfm->aead, key, keylen);
+ tfm->has_key = !err;
+
+ return err;
}
static void aead_sock_destruct(struct sock *sk)
{
struct alg_sock *ask = alg_sk(sk);
struct aead_ctx *ctx = ask->private;
- unsigned int ivlen = crypto_aead_ivsize(
- crypto_aead_reqtfm(&ctx->aead_req));
+ struct sock *psk = ask->parent;
+ struct alg_sock *pask = alg_sk(psk);
+ struct aead_tfm *aeadc = pask->private;
+ struct crypto_aead *tfm = aeadc->aead;
+ unsigned int ivlen = crypto_aead_ivsize(tfm);
WARN_ON(atomic_read(&sk->sk_refcnt) != 0);
aead_put_sgl(sk);
@@ -757,12 +887,14 @@ static void aead_sock_destruct(struct sock *sk)
af_alg_release_parent(sk);
}
-static int aead_accept_parent(void *private, struct sock *sk)
+static int aead_accept_parent_nokey(void *private, struct sock *sk)
{
struct aead_ctx *ctx;
struct alg_sock *ask = alg_sk(sk);
- unsigned int len = sizeof(*ctx) + crypto_aead_reqsize(private);
- unsigned int ivlen = crypto_aead_ivsize(private);
+ struct aead_tfm *tfm = private;
+ struct crypto_aead *aead = tfm->aead;
+ unsigned int len = sizeof(*ctx) + crypto_aead_reqsize(aead);
+ unsigned int ivlen = crypto_aead_ivsize(aead);
ctx = sock_kmalloc(sk, len, GFP_KERNEL);
if (!ctx)
@@ -789,7 +921,7 @@ static int aead_accept_parent(void *private, struct sock *sk)
ask->private = ctx;
- aead_request_set_tfm(&ctx->aead_req, private);
+ aead_request_set_tfm(&ctx->aead_req, aead);
aead_request_set_callback(&ctx->aead_req, CRYPTO_TFM_REQ_MAY_BACKLOG,
af_alg_complete, &ctx->completion);
@@ -798,13 +930,25 @@ static int aead_accept_parent(void *private, struct sock *sk)
return 0;
}
+static int aead_accept_parent(void *private, struct sock *sk)
+{
+ struct aead_tfm *tfm = private;
+
+ if (!tfm->has_key)
+ return -ENOKEY;
+
+ return aead_accept_parent_nokey(private, sk);
+}
+
static const struct af_alg_type algif_type_aead = {
.bind = aead_bind,
.release = aead_release,
.setkey = aead_setkey,
.setauthsize = aead_setauthsize,
.accept = aead_accept_parent,
+ .accept_nokey = aead_accept_parent_nokey,
.ops = &algif_aead_ops,
+ .ops_nokey = &algif_aead_ops_nokey,
.name = "aead",
.owner = THIS_MODULE
};
--
2.9.3
^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH] crypto: algif_aead - Require setkey before accept(2)
2017-04-10 11:59 [PATCH] crypto: algif_aead - Require setkey before accept(2) Stephan Müller
@ 2017-04-21 11:11 ` Herbert Xu
2017-04-21 15:33 ` Stephan Müller
2017-04-21 16:35 ` Stephan Müller
0 siblings, 2 replies; 12+ messages in thread
From: Herbert Xu @ 2017-04-21 11:11 UTC (permalink / raw)
To: Stephan Müller; +Cc: linux-crypto
On Mon, Apr 10, 2017 at 01:59:21PM +0200, Stephan Müller wrote:
>
> @@ -757,12 +887,14 @@ static void aead_sock_destruct(struct sock *sk)
> af_alg_release_parent(sk);
> }
>
> -static int aead_accept_parent(void *private, struct sock *sk)
> +static int aead_accept_parent_nokey(void *private, struct sock *sk)
> {
> struct aead_ctx *ctx;
> struct alg_sock *ask = alg_sk(sk);
> - unsigned int len = sizeof(*ctx) + crypto_aead_reqsize(private);
> - unsigned int ivlen = crypto_aead_ivsize(private);
> + struct aead_tfm *tfm = private;
> + struct crypto_aead *aead = tfm->aead;
> + unsigned int len = sizeof(*ctx) + crypto_aead_reqsize(aead);
> + unsigned int ivlen = crypto_aead_ivsize(aead);
>
> ctx = sock_kmalloc(sk, len, GFP_KERNEL);
> if (!ctx)
> @@ -789,7 +921,7 @@ static int aead_accept_parent(void *private, struct sock *sk)
>
> ask->private = ctx;
>
> - aead_request_set_tfm(&ctx->aead_req, private);
> + aead_request_set_tfm(&ctx->aead_req, aead);
> aead_request_set_callback(&ctx->aead_req, CRYPTO_TFM_REQ_MAY_BACKLOG,
> af_alg_complete, &ctx->completion);
>
Please don't mix unrelated cleanups like this with the real change.
It makes reviewing harder than necessary.
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] crypto: algif_aead - Require setkey before accept(2)
2017-04-21 11:11 ` Herbert Xu
@ 2017-04-21 15:33 ` Stephan Müller
2017-04-21 16:35 ` Stephan Müller
1 sibling, 0 replies; 12+ messages in thread
From: Stephan Müller @ 2017-04-21 15:33 UTC (permalink / raw)
To: Herbert Xu; +Cc: linux-crypto
Am Freitag, 21. April 2017, 13:11:27 CEST schrieb Herbert Xu:
Hi Herbert,
> Please don't mix unrelated cleanups like this with the real change.
> It makes reviewing harder than necessary.
Apologies. I will resend it shortly.
Ciao
Stephan
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] crypto: algif_aead - Require setkey before accept(2)
2017-04-21 11:11 ` Herbert Xu
2017-04-21 15:33 ` Stephan Müller
@ 2017-04-21 16:35 ` Stephan Müller
2017-04-24 8:43 ` Herbert Xu
1 sibling, 1 reply; 12+ messages in thread
From: Stephan Müller @ 2017-04-21 16:35 UTC (permalink / raw)
To: Herbert Xu; +Cc: linux-crypto
Am Freitag, 21. April 2017, 13:11:27 CEST schrieb Herbert Xu:
Hi Herbert,
> On Mon, Apr 10, 2017 at 01:59:21PM +0200, Stephan Müller wrote:
> > @@ -757,12 +887,14 @@ static void aead_sock_destruct(struct sock *sk)
> >
> > af_alg_release_parent(sk);
> >
> > }
> >
> > -static int aead_accept_parent(void *private, struct sock *sk)
> > +static int aead_accept_parent_nokey(void *private, struct sock *sk)
> >
> > {
> >
> > struct aead_ctx *ctx;
> > struct alg_sock *ask = alg_sk(sk);
> >
> > - unsigned int len = sizeof(*ctx) + crypto_aead_reqsize(private);
> > - unsigned int ivlen = crypto_aead_ivsize(private);
> > + struct aead_tfm *tfm = private;
> > + struct crypto_aead *aead = tfm->aead;
> > + unsigned int len = sizeof(*ctx) + crypto_aead_reqsize(aead);
> > + unsigned int ivlen = crypto_aead_ivsize(aead);
> >
> > ctx = sock_kmalloc(sk, len, GFP_KERNEL);
> > if (!ctx)
> >
> > @@ -789,7 +921,7 @@ static int aead_accept_parent(void *private, struct
> > sock *sk)>
> > ask->private = ctx;
> >
> > - aead_request_set_tfm(&ctx->aead_req, private);
> > + aead_request_set_tfm(&ctx->aead_req, aead);
> >
> > aead_request_set_callback(&ctx->aead_req, CRYPTO_TFM_REQ_MAY_BACKLOG,
> >
> > af_alg_complete, &ctx->completion);
>
> Please don't mix unrelated cleanups like this with the real change.
> It makes reviewing harder than necessary.
>
After checking again, IMHO that is no unreleated cleanup or even a cleanup at
all.
void *private used to be struct crypto_aead and is now struct aead_tfm. struct
crypto_aead is found in private->aead. Hence, the patch assigned private to
tfm and then obtained the struct crypto_aead pointer. As this was not
necessary before, it is a required extension IMHO.
Ciao
Stephan
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] crypto: algif_aead - Require setkey before accept(2)
2017-04-21 16:35 ` Stephan Müller
@ 2017-04-24 8:43 ` Herbert Xu
2017-04-24 9:01 ` Stephan Müller
0 siblings, 1 reply; 12+ messages in thread
From: Herbert Xu @ 2017-04-24 8:43 UTC (permalink / raw)
To: Stephan Müller; +Cc: linux-crypto
On Fri, Apr 21, 2017 at 06:35:07PM +0200, Stephan Müller wrote:
>
> After checking again, IMHO that is no unreleated cleanup or even a cleanup at
> all.
>
> void *private used to be struct crypto_aead and is now struct aead_tfm. struct
> crypto_aead is found in private->aead. Hence, the patch assigned private to
> tfm and then obtained the struct crypto_aead pointer. As this was not
> necessary before, it is a required extension IMHO.
Fair enough.
But what about the change in aead_sock_destruct? Can you explain why
it is no longer possible to obtain the tfm from ctx->aead_req?
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] crypto: algif_aead - Require setkey before accept(2)
2017-04-24 8:43 ` Herbert Xu
@ 2017-04-24 9:01 ` Stephan Müller
2017-04-24 9:03 ` Herbert Xu
0 siblings, 1 reply; 12+ messages in thread
From: Stephan Müller @ 2017-04-24 9:01 UTC (permalink / raw)
To: Herbert Xu; +Cc: linux-crypto
Am Montag, 24. April 2017, 10:43:24 CEST schrieb Herbert Xu:
Hi Herbert,
> On Fri, Apr 21, 2017 at 06:35:07PM +0200, Stephan Müller wrote:
> > After checking again, IMHO that is no unreleated cleanup or even a cleanup
> > at all.
> >
> > void *private used to be struct crypto_aead and is now struct aead_tfm.
> > struct crypto_aead is found in private->aead. Hence, the patch assigned
> > private to tfm and then obtained the struct crypto_aead pointer. As this
> > was not necessary before, it is a required extension IMHO.
>
> Fair enough.
>
> But what about the change in aead_sock_destruct? Can you explain why
> it is no longer possible to obtain the tfm from ctx->aead_req?
>
> Thanks,
aead_request_set_callback(&ctx->aead_req) is set in aead_accept_parent_nokey.
aead_accept_parent_nokey is only invoked from aead_accept_parent if the key
was set.
My thought was: Let us assume a caller does not set a key, calls accept and
then destruct. In this code path, ctx->aead_req is not initialized. Hence, I
would think that only the path using struct aead_tfm is safe in any case.
But I see that aead_sock_destruct is also linked in by
aead_accept_parent_nokey. Hence, my initial idea was not correct as the
destruct path is only callable when the accept_nokey is invoked.
Shall I send an updated patch with aead_sock_destruct cleared?
Ciao
Stephan
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] crypto: algif_aead - Require setkey before accept(2)
2017-04-24 9:01 ` Stephan Müller
@ 2017-04-24 9:03 ` Herbert Xu
2017-04-24 9:15 ` [PATCH v2] " Stephan Müller
0 siblings, 1 reply; 12+ messages in thread
From: Herbert Xu @ 2017-04-24 9:03 UTC (permalink / raw)
To: Stephan Müller; +Cc: linux-crypto
On Mon, Apr 24, 2017 at 11:01:50AM +0200, Stephan Müller wrote:
>
> Shall I send an updated patch with aead_sock_destruct cleared?
Yes please.
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 12+ messages in thread
* [PATCH v2] crypto: algif_aead - Require setkey before accept(2)
2017-04-24 9:03 ` Herbert Xu
@ 2017-04-24 9:15 ` Stephan Müller
2017-04-24 10:22 ` Herbert Xu
0 siblings, 1 reply; 12+ messages in thread
From: Stephan Müller @ 2017-04-24 9:15 UTC (permalink / raw)
To: Herbert Xu; +Cc: linux-crypto
Am Montag, 24. April 2017, 11:03:13 CEST schrieb Herbert Xu:
Hi Herbert,
> On Mon, Apr 24, 2017 at 11:01:50AM +0200, Stephan Müller wrote:
> > Shall I send an updated patch with aead_sock_destruct cleared?
>
> Yes please.
Please find attached v2 with the discussed change.
---8<---
Some cipher implementations will crash if you try to use them
without calling setkey first. This patch adds a check so that
the accept(2) call will fail with -ENOKEY if setkey hasn't been
done on the socket yet.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
crypto/algif_aead.c | 157 +++++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 149 insertions(+), 8 deletions(-)
diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c
index 5a80537..e0d55ea 100644
--- a/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -44,6 +44,11 @@ struct aead_async_req {
char iv[];
};
+struct aead_tfm {
+ struct crypto_aead *aead;
+ bool has_key;
+};
+
struct aead_ctx {
struct aead_sg_list tsgl;
struct aead_async_rsgl first_rsgl;
@@ -723,24 +728,146 @@ static struct proto_ops algif_aead_ops = {
.poll = aead_poll,
};
+static int aead_check_key(struct socket *sock)
+{
+ int err = 0;
+ struct sock *psk;
+ struct alg_sock *pask;
+ struct aead_tfm *tfm;
+ struct sock *sk = sock->sk;
+ struct alg_sock *ask = alg_sk(sk);
+
+ lock_sock(sk);
+ if (ask->refcnt)
+ goto unlock_child;
+
+ psk = ask->parent;
+ pask = alg_sk(ask->parent);
+ tfm = pask->private;
+
+ err = -ENOKEY;
+ lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
+ if (!tfm->has_key)
+ goto unlock;
+
+ if (!pask->refcnt++)
+ sock_hold(psk);
+
+ ask->refcnt = 1;
+ sock_put(psk);
+
+ err = 0;
+
+unlock:
+ release_sock(psk);
+unlock_child:
+ release_sock(sk);
+
+ return err;
+}
+
+static int aead_sendmsg_nokey(struct socket *sock, struct msghdr *msg,
+ size_t size)
+{
+ int err;
+
+ err = aead_check_key(sock);
+ if (err)
+ return err;
+
+ return aead_sendmsg(sock, msg, size);
+}
+
+static ssize_t aead_sendpage_nokey(struct socket *sock, struct page *page,
+ int offset, size_t size, int flags)
+{
+ int err;
+
+ err = aead_check_key(sock);
+ if (err)
+ return err;
+
+ return aead_sendpage(sock, page, offset, size, flags);
+}
+
+static int aead_recvmsg_nokey(struct socket *sock, struct msghdr *msg,
+ size_t ignored, int flags)
+{
+ int err;
+
+ err = aead_check_key(sock);
+ if (err)
+ return err;
+
+ return aead_recvmsg(sock, msg, ignored, flags);
+}
+
+static struct proto_ops algif_aead_ops_nokey = {
+ .family = PF_ALG,
+
+ .connect = sock_no_connect,
+ .socketpair = sock_no_socketpair,
+ .getname = sock_no_getname,
+ .ioctl = sock_no_ioctl,
+ .listen = sock_no_listen,
+ .shutdown = sock_no_shutdown,
+ .getsockopt = sock_no_getsockopt,
+ .mmap = sock_no_mmap,
+ .bind = sock_no_bind,
+ .accept = sock_no_accept,
+ .setsockopt = sock_no_setsockopt,
+
+ .release = af_alg_release,
+ .sendmsg = aead_sendmsg_nokey,
+ .sendpage = aead_sendpage_nokey,
+ .recvmsg = aead_recvmsg_nokey,
+ .poll = aead_poll,
+};
+
static void *aead_bind(const char *name, u32 type, u32 mask)
{
- return crypto_alloc_aead(name, type, mask);
+ struct aead_tfm *tfm;
+ struct crypto_aead *aead;
+
+ tfm = kzalloc(sizeof(*tfm), GFP_KERNEL);
+ if (!tfm)
+ return ERR_PTR(-ENOMEM);
+
+ aead = crypto_alloc_aead(name, type, mask);
+ if (IS_ERR(aead)) {
+ kfree(tfm);
+ return ERR_CAST(aead);
+ }
+
+ tfm->aead = aead;
+
+ return tfm;
}
static void aead_release(void *private)
{
- crypto_free_aead(private);
+ struct aead_tfm *tfm = private;
+
+ crypto_free_aead(tfm->aead);
+ kfree(tfm);
}
static int aead_setauthsize(void *private, unsigned int authsize)
{
- return crypto_aead_setauthsize(private, authsize);
+ struct aead_tfm *tfm = private;
+
+ return crypto_aead_setauthsize(tfm->aead, authsize);
}
static int aead_setkey(void *private, const u8 *key, unsigned int keylen)
{
- return crypto_aead_setkey(private, key, keylen);
+ struct aead_tfm *tfm = private;
+ int err;
+
+ err = crypto_aead_setkey(tfm->aead, key, keylen);
+ tfm->has_key = !err;
+
+ return err;
}
static void aead_sock_destruct(struct sock *sk)
@@ -757,12 +884,14 @@ static void aead_sock_destruct(struct sock *sk)
af_alg_release_parent(sk);
}
-static int aead_accept_parent(void *private, struct sock *sk)
+static int aead_accept_parent_nokey(void *private, struct sock *sk)
{
struct aead_ctx *ctx;
struct alg_sock *ask = alg_sk(sk);
- unsigned int len = sizeof(*ctx) + crypto_aead_reqsize(private);
- unsigned int ivlen = crypto_aead_ivsize(private);
+ struct aead_tfm *tfm = private;
+ struct crypto_aead *aead = tfm->aead;
+ unsigned int len = sizeof(*ctx) + crypto_aead_reqsize(aead);
+ unsigned int ivlen = crypto_aead_ivsize(aead);
ctx = sock_kmalloc(sk, len, GFP_KERNEL);
if (!ctx)
@@ -789,7 +918,7 @@ static int aead_accept_parent(void *private, struct sock *sk)
ask->private = ctx;
- aead_request_set_tfm(&ctx->aead_req, private);
+ aead_request_set_tfm(&ctx->aead_req, aead);
aead_request_set_callback(&ctx->aead_req, CRYPTO_TFM_REQ_MAY_BACKLOG,
af_alg_complete, &ctx->completion);
@@ -798,13 +927,25 @@ static int aead_accept_parent(void *private, struct sock *sk)
return 0;
}
+static int aead_accept_parent(void *private, struct sock *sk)
+{
+ struct aead_tfm *tfm = private;
+
+ if (!tfm->has_key)
+ return -ENOKEY;
+
+ return aead_accept_parent_nokey(private, sk);
+}
+
static const struct af_alg_type algif_type_aead = {
.bind = aead_bind,
.release = aead_release,
.setkey = aead_setkey,
.setauthsize = aead_setauthsize,
.accept = aead_accept_parent,
+ .accept_nokey = aead_accept_parent_nokey,
.ops = &algif_aead_ops,
+ .ops_nokey = &algif_aead_ops_nokey,
.name = "aead",
.owner = THIS_MODULE
};
--
2.9.3
^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH v2] crypto: algif_aead - Require setkey before accept(2)
2017-04-24 9:15 ` [PATCH v2] " Stephan Müller
@ 2017-04-24 10:22 ` Herbert Xu
2017-04-24 10:26 ` Stephan Müller
0 siblings, 1 reply; 12+ messages in thread
From: Herbert Xu @ 2017-04-24 10:22 UTC (permalink / raw)
To: Stephan Müller; +Cc: linux-crypto
On Mon, Apr 24, 2017 at 11:15:23AM +0200, Stephan Müller wrote:
> Am Montag, 24. April 2017, 11:03:13 CEST schrieb Herbert Xu:
>
> Hi Herbert,
>
> > On Mon, Apr 24, 2017 at 11:01:50AM +0200, Stephan Müller wrote:
> > > Shall I send an updated patch with aead_sock_destruct cleared?
> >
> > Yes please.
>
> Please find attached v2 with the discussed change.
>
> ---8<---
>
> Some cipher implementations will crash if you try to use them
> without calling setkey first. This patch adds a check so that
> the accept(2) call will fail with -ENOKEY if setkey hasn't been
> done on the socket yet.
>
> Signed-off-by: Stephan Mueller <smueller@chronox.de>
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH v2] crypto: algif_aead - Require setkey before accept(2)
2017-04-24 10:22 ` Herbert Xu
@ 2017-04-24 10:26 ` Stephan Müller
2017-04-25 8:47 ` Herbert Xu
0 siblings, 1 reply; 12+ messages in thread
From: Stephan Müller @ 2017-04-24 10:26 UTC (permalink / raw)
To: Herbert Xu; +Cc: linux-crypto
Am Montag, 24. April 2017, 12:22:39 CEST schrieb Herbert Xu:
Hi Herbert,
> Patch applied. Thanks.
Thank you.
The patch regarding the memory management of algif_aead is affected by this
change as well. Shall I roll a new version of that patch for algif_aead or do
you want me to wait for another review round?
Ciao
Stephan
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH v2] crypto: algif_aead - Require setkey before accept(2)
2017-04-24 10:26 ` Stephan Müller
@ 2017-04-25 8:47 ` Herbert Xu
2017-04-25 8:54 ` Stephan Müller
0 siblings, 1 reply; 12+ messages in thread
From: Herbert Xu @ 2017-04-25 8:47 UTC (permalink / raw)
To: Stephan Müller; +Cc: linux-crypto
On Mon, Apr 24, 2017 at 12:26:15PM +0200, Stephan Müller wrote:
> Am Montag, 24. April 2017, 12:22:39 CEST schrieb Herbert Xu:
>
> Hi Herbert,
>
> > Patch applied. Thanks.
>
> Thank you.
>
> The patch regarding the memory management of algif_aead is affected by this
> change as well. Shall I roll a new version of that patch for algif_aead or do
> you want me to wait for another review round?
Could you wait until the next merge window closes?
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH v2] crypto: algif_aead - Require setkey before accept(2)
2017-04-25 8:47 ` Herbert Xu
@ 2017-04-25 8:54 ` Stephan Müller
0 siblings, 0 replies; 12+ messages in thread
From: Stephan Müller @ 2017-04-25 8:54 UTC (permalink / raw)
To: Herbert Xu; +Cc: linux-crypto
Am Dienstag, 25. April 2017, 10:47:48 CEST schrieb Herbert Xu:
Hi Herbert,
> Could you wait until the next merge window closes?
Will do.
Ciao
Stephan
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2017-04-25 8:55 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-10 11:59 [PATCH] crypto: algif_aead - Require setkey before accept(2) Stephan Müller
2017-04-21 11:11 ` Herbert Xu
2017-04-21 15:33 ` Stephan Müller
2017-04-21 16:35 ` Stephan Müller
2017-04-24 8:43 ` Herbert Xu
2017-04-24 9:01 ` Stephan Müller
2017-04-24 9:03 ` Herbert Xu
2017-04-24 9:15 ` [PATCH v2] " Stephan Müller
2017-04-24 10:22 ` Herbert Xu
2017-04-24 10:26 ` Stephan Müller
2017-04-25 8:47 ` Herbert Xu
2017-04-25 8:54 ` Stephan Müller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.