TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
develop-5.10
twx-linux/crypto/essiv.c
T
Greg Kroah-Hartman 0847230e9b Merge 5.10.173 into android12-5.10-lts 
Changes in 5.10.173
	HID: asus: Remove check for same LED brightness on set
	HID: asus: use spinlock to protect concurrent accesses
	HID: asus: use spinlock to safely schedule workers
	powerpc/mm: Rearrange if-else block to avoid clang warning
	ARM: OMAP2+: Fix memory leak in realtime_counter_init()
	arm64: dts: qcom: qcs404: use symbol names for PCIe resets
	ARM: zynq: Fix refcount leak in zynq_early_slcr_init
	arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description
	arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name
	arm64: dts: qcom: sc7180: correct SPMI bus address cells
	arm64: dts: meson-gx: Fix Ethernet MAC address unit name
	arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name
	arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address
	arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names
	arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes
	arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size
	arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY
	arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges
	arm64: dts: qcom: ipq8074: fix Gen3 PCIe node
	arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names
	arm64: dts: meson: remove CPU opps below 1GHz for G12A boards
	ARM: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init()
	ARM: s3c: fix s3c64xx_set_timer_source prototype
	arm64: dts: ti: k3-j7200: Fix wakeup pinmux range
	ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato
	ARM: imx: Call ida_simple_remove() for ida_simple_get
	arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name
	arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name
	arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible
	arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property
	arm64: dts: amlogic: meson-gx: add missing unit address to rng node name
	arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name
	arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name
	arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name
	arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name
	arm64: dts: renesas: beacon-renesom: Fix gpio expander reference
	ARM: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference
	ARM: dts: imx7s: correct iomuxc gpr mux controller cells
	arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node
	blk-mq: avoid sleep in blk_mq_alloc_request_hctx
	blk-mq: remove stale comment for blk_mq_sched_mark_restart_hctx
	blk-mq: correct stale comment of .get_budget
	s390/dasd: Prepare for additional path event handling
	s390/dasd: Fix potential memleak in dasd_eckd_init()
	sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity()
	sched/rt: pick_next_rt_entity(): check list_entry
	x86/perf/zhaoxin: Add stepping check for ZXC
	block: bio-integrity: Copy flags when bio_integrity_payload is cloned
	wifi: rsi: Fix memory leak in rsi_coex_attach()
	wifi: rtlwifi: rtl8821ae: don't call kfree_skb() under spin_lock_irqsave()
	wifi: rtlwifi: rtl8188ee: don't call kfree_skb() under spin_lock_irqsave()
	wifi: rtlwifi: rtl8723be: don't call kfree_skb() under spin_lock_irqsave()
	wifi: iwlegacy: common: don't call dev_kfree_skb() under spin_lock_irqsave()
	wifi: libertas: fix memory leak in lbs_init_adapter()
	wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave()
	rtlwifi: fix -Wpointer-sign warning
	wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit()
	libbpf: Fix btf__align_of() by taking into account field offsets
	wifi: ipw2x00: don't call dev_kfree_skb() under spin_lock_irqsave()
	wifi: ipw2200: fix memory leak in ipw_wdev_init()
	wifi: wilc1000: fix potential memory leak in wilc_mac_xmit()
	wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit()
	wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid()
	wifi: libertas_tf: don't call kfree_skb() under spin_lock_irqsave()
	wifi: libertas: if_usb: don't call kfree_skb() under spin_lock_irqsave()
	wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave()
	wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave()
	wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave()
	crypto: x86/ghash - fix unaligned access in ghash_setkey()
	ACPICA: Drop port I/O validation for some regions
	genirq: Fix the return type of kstat_cpu_irqs_sum()
	rcu-tasks: Improve comments explaining tasks_rcu_exit_srcu purpose
	rcu-tasks: Remove preemption disablement around srcu_read_[un]lock() calls
	rcu-tasks: Fix synchronize_rcu_tasks() VS zap_pid_ns_processes()
	lib/mpi: Fix buffer overrun when SG is too long
	crypto: ccp: Use the stack for small SEV command buffers
	crypto: ccp: Use the stack and common buffer for status commands
	crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak
	crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2
	ACPICA: nsrepair: handle cases without a return value correctly
	thermal/drivers/tsens: Drop msm8976-specific defines
	thermal/drivers/qcom/tsens_v1: Enable sensor 3 on MSM8976
	thermal/drivers/tsens: Add compat string for the qcom,msm8960
	thermal/drivers/tsens: Sort out msm8976 vs msm8956 data
	wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU
	wifi: orinoco: check return value of hermes_write_wordrec()
	wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function
	ath9k: hif_usb: simplify if-if to if-else
	ath9k: htc: clean up statistics macros
	wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails
	wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()
	wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup
	wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data()
	ACPI: battery: Fix missing NUL-termination with large strings
	crypto: ccp - Failure on re-initialization due to duplicate sysfs filename
	crypto: essiv - Handle EBUSY correctly
	crypto: seqiv - Handle EBUSY correctly
	powercap: fix possible name leak in powercap_register_zone()
	x86/cpu: Init AP exception handling from cpu_init_secondary()
	x86/microcode: Replace deprecated CPU-hotplug functions.
	x86: Mark stop_this_cpu() __noreturn
	x86/microcode: Rip out the OLD_INTERFACE
	x86/microcode: Default-disable late loading
	x86/microcode: Print previous version of microcode after reload
	x86/microcode: Add a parameter to microcode_check() to store CPU capabilities
	x86/microcode: Check CPU capabilities after late microcode update correctly
	x86/microcode: Adjust late loading result reporting message
	net: ethernet: ti: am65-cpsw: fix tx csum offload for multi mac mode
	net: ethernet: ti: am65-cpsw: handle deferred probe with dev_err_probe()
	net: ethernet: ti: add missing of_node_put before return
	crypto: xts - Handle EBUSY correctly
	leds: led-class: Add missing put_device() to led_put()
	crypto: ccp - Refactor out sev_fw_alloc()
	crypto: ccp - Flush the SEV-ES TMR memory before giving it to firmware
	bpftool: profile online CPUs instead of possible
	net/mlx5: Enhance debug print in page allocation failure
	irqchip: Fix refcount leak in platform_irqchip_probe
	irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains
	irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe
	irqchip/ti-sci: Fix refcount leak in ti_sci_intr_irq_domain_probe
	s390/vmem: fix empty page tables cleanup under KASAN
	net: add sock_init_data_uid()
	tun: tun_chr_open(): correctly initialize socket uid
	tap: tap_open(): correctly initialize socket uid
	OPP: fix error checking in opp_migrate_dentry()
	Bluetooth: L2CAP: Fix potential user-after-free
	libbpf: Fix alen calculation in libbpf_nla_dump_errormsg()
	rds: rds_rm_zerocopy_callback() correct order for list_add_tail()
	crypto: rsa-pkcs1pad - Use akcipher_request_complete
	m68k: /proc/hardware should depend on PROC_FS
	RISC-V: time: initialize hrtimer based broadcast clock event device
	wifi: iwl3945: Add missing check for create_singlethread_workqueue
	wifi: iwl4965: Add missing check for create_singlethread_workqueue()
	wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize()
	selftests/bpf: Fix out-of-srctree build
	crypto: crypto4xx - Call dma_unmap_page when done
	wifi: mac80211: make rate u32 in sta_set_rate_info_rx()
	thermal/drivers/hisi: Drop second sensor hi3660
	can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of a bus error
	bpf: Fix global subprog context argument resolution logic
	irqchip/irq-brcmstb-l2: Set IRQ_LEVEL for level triggered interrupts
	irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts
	selftests/net: Interpret UDP_GRO cmsg data as an int value
	l2tp: Avoid possible recursive deadlock in l2tp_tunnel_register()
	net: bcmgenet: fix MoCA LED control
	selftest: fib_tests: Always cleanup before exit
	sefltests: netdevsim: wait for devlink instance after netns removal
	drm: Fix potential null-ptr-deref due to drmm_mode_config_init()
	drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats
	drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC
	drm/bridge: megachips: Fix error handling in i2c_register_driver()
	drm/vkms: Fix null-ptr-deref in vkms_release()
	drm/vc4: dpi: Add option for inverting pixel clock and output enable
	drm/vc4: dpi: Fix format mapping for RGB565
	drm: tidss: Fix pixel format definition
	gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id()
	drm/msm/hdmi: Add missing check for alloc_ordered_workqueue
	pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins
	pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain
	pinctrl: rockchip: add support for rk3568
	pinctrl: rockchip: do coding style for mux route struct
	pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups
	drm/vc4: hvs: Set AXI panic modes
	drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5
	drm/vc4: hdmi: Correct interlaced timings again
	ASoC: fsl_sai: initialize is_dsp_mode flag
	drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup()
	ALSA: hda/ca0132: minor fix for allocation size
	drm/msm/dpu: Disallow unallocated resources to be returned
	drm/bridge: lt9611: fix sleep mode setup
	drm/bridge: lt9611: fix HPD reenablement
	drm/bridge: lt9611: fix polarity programming
	drm/bridge: lt9611: fix programming of video modes
	drm/bridge: lt9611: fix clock calculation
	drm/bridge: lt9611: pass a pointer to the of node
	drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness
	drm/msm: use strscpy instead of strncpy
	drm/msm/dpu: Add check for cstate
	drm/msm/dpu: Add check for pstates
	drm/msm/mdp5: Add check for kzalloc
	pinctrl: bcm2835: Remove of_node_put() in bcm2835_of_gpio_ranges_fallback()
	pinctrl: mediatek: Initialize variable pullen and pullup to zero
	pinctrl: mediatek: Initialize variable *buf to zero
	gpu: host1x: Don't skip assigning syncpoints to channels
	drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd
	drm/mediatek: Use NULL instead of 0 for NULL pointer
	drm/mediatek: Drop unbalanced obj unref
	drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc
	drm/mediatek: Clean dangling pointer on bind error path
	ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress()
	gpio: vf610: connect GPIO label to dev name
	spi: dw_bt1: fix MUX_MMIO dependencies
	ASoC: mchp-spdifrx: fix controls which rely on rsr register
	ASoC: atmel: fix spelling mistakes
	ASoC: mchp-spdifrx: fix return value in case completion times out
	ASoC: mchp-spdifrx: fix controls that works with completion mechanism
	ASoC: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove()
	ASoC: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params()
	ASoC: dt-bindings: meson: fix gx-card codec node regex
	hwmon: (ltc2945) Handle error case in ltc2945_value_store
	drm/amdgpu: fix enum odm_combine_mode mismatch
	scsi: mpt3sas: Fix a memory leak
	scsi: aic94xx: Add missing check for dma_map_single()
	spi: bcm63xx-hsspi: fix pm_runtime
	spi: bcm63xx-hsspi: Fix multi-bit mode setting
	hwmon: (mlxreg-fan) Return zero speed for broken fan
	ASoC: tlv320adcx140: fix 'ti,gpio-config' DT property init
	dm: remove flush_scheduled_work() during local_exit()
	NFS: Fix up handling of outstanding layoutcommit in nfs_update_inode()
	NFSv4: keep state manager thread active if swap is enabled
	nfs4trace: fix state manager flag printing
	NFS: fix disabling of swap
	spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one()
	ASoC: soc-dapm.h: fixup warning struct snd_pcm_substream not declared
	HID: bigben: use spinlock to protect concurrent accesses
	HID: bigben_worker() remove unneeded check on report_field
	HID: bigben: use spinlock to safely schedule workers
	hid: bigben_probe(): validate report count
	nfsd: fix race to check ls_layouts
	cifs: Fix lost destroy smbd connection when MR allocate failed
	cifs: Fix warning and UAF when destroy the MR list
	gfs2: jdata writepage fix
	perf llvm: Fix inadvertent file creation
	leds: led-core: Fix refcount leak in of_led_get()
	perf tools: Fix auto-complete on aarch64
	sparc: allow PM configs for sparc32 COMPILE_TEST
	selftests/ftrace: Fix bash specific "==" operator
	printf: fix errname.c list
	objtool: add UACCESS exceptions for __tsan_volatile_read/write
	mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read()
	clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents
	clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents
	RISC-V: fix funct4 definition for c.jalr in parse_asm.h
	mtd: rawnand: sunxi: Fix the size of the last OOB region
	Input: iqs269a - drop unused device node references
	Input: iqs269a - increase interrupt handler return delay
	Input: iqs269a - configure device with a single block write
	linux/kconfig.h: replace IF_ENABLED() with PTR_IF() in <linux/kernel.h>
	clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed
	clk: renesas: cpg-mssr: Remove superfluous check in resume code
	clk: imx: avoid memory leak
	Input: ads7846 - don't report pressure for ads7845
	Input: ads7846 - convert to full duplex
	Input: ads7846 - convert to one message
	Input: ads7846 - always set last command to PWRDOWN
	Input: ads7846 - don't check penirq immediately for 7845
	clk: qcom: gpucc-sc7180: fix clk_dis_wait being programmed for CX GDSC
	clk: qcom: gpucc-sdm845: fix clk_dis_wait being programmed for CX GDSC
	powerpc/powernv/ioda: Skip unallocated resources when mapping to PE
	clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled()
	powerpc/perf/hv-24x7: add missing RTAS retry status handling
	powerpc/pseries/lpar: add missing RTAS retry status handling
	powerpc/pseries/lparcfg: add missing RTAS retry status handling
	powerpc/rtas: make all exports GPL
	powerpc/rtas: ensure 4KB alignment for rtas_data_buf
	powerpc/eeh: Small refactor of eeh_handle_normal_event()
	powerpc/eeh: Set channel state after notifying the drivers
	MIPS: SMP-CPS: fix build error when HOTPLUG_CPU not set
	MIPS: vpe-mt: drop physical_memsize
	vdpa/mlx5: Don't clear mr struct on destroy MR
	alpha/boot/tools/objstrip: fix the check for ELF header
	Input: iqs269a - do not poll during suspend or resume
	Input: iqs269a - do not poll during ATI
	remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers
	media: ti: cal: fix possible memory leak in cal_ctx_create()
	media: platform: ti: Add missing check for devm_regulator_get
	powerpc: Remove linker flag from KBUILD_AFLAGS
	builddeb: clean generated package content
	media: max9286: Fix memleak in max9286_v4l2_register()
	media: ov2740: Fix memleak in ov2740_init_controls()
	media: ov5675: Fix memleak in ov5675_init_controls()
	media: i2c: ov772x: Fix memleak in ov772x_probe()
	media: i2c: imx219: remove redundant writes
	media: i2c: imx219: Split common registers from mode tables
	media: i2c: imx219: Fix binning for RAW8 capture
	media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
	media: i2c: ov7670: 0 instead of -EINVAL was returned
	media: usb: siano: Fix use after free bugs caused by do_submit_urb
	media: saa7134: Use video_unregister_device for radio_dev
	rpmsg: glink: Avoid infinite loop on intent for missing channel
	udf: Define EFSCORRUPTED error code
	ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy
	blk-iocost: fix divide by 0 error in calc_lcoefs()
	wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect()
	wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds()
	rcu: Make RCU_LOCKDEP_WARN() avoid early lockdep checks
	rcu: Suppress smp_processor_id() complaint in synchronize_rcu_expedited_wait()
	rcu-tasks: Make rude RCU-Tasks work well with CPU hotplug
	wifi: ath11k: debugfs: fix to work with multiple PCI devices
	thermal: intel: Fix unsigned comparison with less than zero
	timers: Prevent union confusion from unexpected restart_syscall()
	x86/bugs: Reset speculation control settings on init
	wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds
	wifi: mt7601u: fix an integer underflow
	inet: fix fast path in __inet_hash_connect()
	ice: add missing checks for PF vsi type
	ACPI: Don't build ACPICA with '-Os'
	clocksource: Suspend the watchdog temporarily when high read latency detected
	crypto: hisilicon: Wipe entire pool on error
	net: bcmgenet: Add a check for oversized packets
	m68k: Check syscall_trace_enter() return code
	wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup
	ACPI: video: Fix Lenovo Ideapad Z570 DMI match
	net/mlx5: fw_tracer: Fix debug print
	coda: Avoid partial allocation of sig_inputArgs
	uaccess: Add minimum bounds check on kernel buffer size
	PM: EM: fix memory leak with using debugfs_lookup()
	Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE
	drm/amd/display: Fix potential null-deref in dm_resume
	drm/omap: dsi: Fix excessive stack usage
	HID: Add Mapping for System Microphone Mute
	drm/tiny: ili9486: Do not assume 8-bit only SPI controllers
	drm/radeon: free iio for atombios when driver shutdown
	drm: amd: display: Fix memory leakage
	drm/msm/dsi: Add missing check for alloc_ordered_workqueue
	docs/scripts/gdb: add necessary make scripts_gdb step
	ASoC: kirkwood: Iterate over array indexes instead of using pointer math
	regulator: max77802: Bounds check regulator id against opmode
	regulator: s5m8767: Bounds check id indexing into arrays
	gfs2: Improve gfs2_make_fs_rw error handling
	hwmon: (coretemp) Simplify platform device handling
	pinctrl: at91: use devm_kasprintf() to avoid potential leaks
	HID: logitech-hidpp: Don't restart communication if not necessary
	drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5
	dm thin: add cond_resched() to various workqueue loops
	dm cache: add cond_resched() to various workqueue loops
	nfsd: zero out pointers after putting nfsd_files on COPY setup error
	wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu
	firmware: coreboot: framebuffer: Ignore reserved pixel color bits
	rtc: pm8xxx: fix set-alarm race
	ipmi_ssif: Rename idle state and check
	s390/extmem: return correct segment type in __segment_load()
	s390: discard .interp section
	s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler
	s390/kprobes: fix current_kprobe never cleared after kprobes reenter
	cifs: Fix uninitialized memory read in smb3_qfs_tcon()
	ARM: dts: exynos: correct HDMI phy compatible in Exynos4
	hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
	fs: hfsplus: fix UAF issue in hfsplus_put_super
	exfat: fix reporting fs error when reading dir beyond EOF
	exfat: fix unexpected EOF while reading dir
	exfat: redefine DIR_DELETED as the bad cluster number
	exfat: fix inode->i_blocks for non-512 byte sector size device
	f2fs: fix information leak in f2fs_move_inline_dirents()
	f2fs: fix cgroup writeback accounting with fs-layer encryption
	ocfs2: fix defrag path triggering jbd2 ASSERT
	ocfs2: fix non-auto defrag path not working issue
	udf: Truncate added extents on failed expansion
	udf: Do not bother merging very long extents
	udf: Do not update file length for failed writes to inline files
	udf: Preserve link count of system files
	udf: Detect system inodes linked into directory hierarchy
	udf: Fix file corruption when appending just after end of preallocated extent
	KVM: Destroy target device if coalesced MMIO unregistration fails
	KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI
	KVM: s390: disable migration mode when dirty tracking is disabled
	x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows)
	x86/crash: Disable virt in core NMI crash handler to avoid double shootdown
	x86/reboot: Disable virtualization in an emergency if SVM is supported
	x86/reboot: Disable SVM, not just VMX, when stopping CPUs
	x86/kprobes: Fix __recover_optprobed_insn check optimizing logic
	x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range
	x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter
	x86/microcode/AMD: Add a @cpu parameter to the reloading functions
	x86/microcode/AMD: Fix mixed steppings support
	x86/speculation: Allow enabling STIBP with legacy IBRS
	Documentation/hw-vuln: Document the interaction between IBRS and STIBP
	brd: return 0/-error from brd_insert_page()
	ima: Align ima_file_mmap() parameters with mmap_file LSM hook
	irqdomain: Fix association race
	irqdomain: Fix disassociation race
	irqdomain: Drop bogus fwspec-mapping error handling
	io_uring: handle TIF_NOTIFY_RESUME when checking for task_work
	io_uring: mark task TASK_RUNNING before handling resume/task work
	io_uring: add a conditional reschedule to the IOPOLL cancelation loop
	io_uring/rsrc: disallow multi-source reg buffers
	io_uring: remove MSG_NOSIGNAL from recvmsg
	io_uring/poll: allow some retries for poll triggering spuriously
	ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls()
	ALSA: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC
	jbd2: fix data missing when reusing bh which is ready to be checkpointed
	ext4: optimize ea_inode block expansion
	ext4: refuse to create ea block when umounted
	mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type
	dm: add cond_resched() to dm_wq_work()
	wifi: rtl8xxxu: Use a longer retry limit of 48
	wifi: cfg80211: Fix use after free for wext
	thermal: intel: powerclamp: Fix cur_state for multi package system
	dm flakey: fix logic when corrupting a bio
	dm flakey: don't corrupt the zero page
	ARM: dts: exynos: correct TMU phandle in Exynos4210
	ARM: dts: exynos: correct TMU phandle in Exynos4
	ARM: dts: exynos: correct TMU phandle in Odroid XU3 family
	ARM: dts: exynos: correct TMU phandle in Exynos5250
	ARM: dts: exynos: correct TMU phandle in Odroid XU
	ARM: dts: exynos: correct TMU phandle in Odroid HC1
	rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails
	alpha: fix FEN fault handling
	dax/kmem: Fix leak of memory-hotplug resources
	mips: fix syscall_get_nr
	media: ipu3-cio2: Fix PM runtime usage_count in driver unbind
	remoteproc/mtk_scp: Move clk ops outside send_lock
	docs: gdbmacros: print newest record
	mm: memcontrol: deprecate charge moving
	mm/thp: check and bail out if page in deferred queue already
	ktest.pl: Give back console on Ctrt^C on monitor
	ktest.pl: Fix missing "end_monitor" when machine check fails
	ktest.pl: Add RUN_TIMEOUT option with default unlimited
	ring-buffer: Handle race between rb_move_tail and rb_check_pages
	scsi: qla2xxx: Fix link failure in NPIV environment
	scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests
	scsi: qla2xxx: Fix erroneous link down
	scsi: ses: Don't attach if enclosure has no components
	scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
	scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
	scsi: ses: Fix possible desc_ptr out-of-bounds accesses
	scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
	riscv: jump_label: Fixup unaligned arch_static_branch function
	PCI/PM: Observe reset delay irrespective of bridge_d3
	PCI: hotplug: Allow marking devices as disconnected during bind/unbind
	PCI: Avoid FLR for AMD FCH AHCI adapters
	vfio/type1: prevent underflow of locked_vm via exec()
	drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv
	drm/radeon: Fix eDP for single-display iMac11,2
	drm/edid: fix AVI infoframe aspect ratio handling
	arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY
	wifi: ath9k: use proper statements in conditionals
	pinctrl: rockchip: fix mux route data for rk3568
	pinctrl: rockchip: fix reading pull type on rk3568
	kbuild: Port silent mode detection to future gnu make.
	net/sched: Retire tcindex classifier
	fs/jfs: fix shift exponent db_agl2size negative
	objtool: Fix memory leak in create_static_call_sections()
	pwm: sifive: Reduce time the controller lock is held
	pwm: sifive: Always let the first pwm_apply_state succeed
	pwm: stm32-lp: fix the check on arr and cmp registers update
	f2fs: use memcpy_{to,from}_page() where possible
	fs: f2fs: initialize fsdata in pagecache_write()
	um: vector: Fix memory leak in vector_config
	ubi: ensure that VID header offset + VID header size <= alloc, size
	ubifs: Fix build errors as symbol undefined
	ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted
	ubifs: Rectify space budget for ubifs_xrename()
	ubifs: Fix wrong dirty space budget for dirty inode
	ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1
	ubifs: Reserve one leb for each journal head while doing budget
	ubi: Fix use-after-free when volume resizing failed
	ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()
	ubifs: Fix memory leak in alloc_wbufs()
	ubi: Fix possible null-ptr-deref in ubi_free_volume()
	ubifs: Re-statistic cleaned znode count if commit failed
	ubifs: dirty_cow_znode: Fix memleak in error handling path
	ubifs: ubifs_writepage: Mark page dirty after writing inode failed
	ubi: fastmap: Fix missed fm_anchor PEB in wear-leveling after disabling fastmap
	ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show()
	ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed
	x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list
	watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path
	watchdog: Fix kmemleak in watchdog_cdev_register
	watchdog: pcwd_usb: Fix attempting to access uninitialized memory
	netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack()
	netfilter: ebtables: fix table blob use-after-free
	ipv6: Add lwtunnel encap size of all siblings in nexthop calculation
	sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop
	net: fix __dev_kfree_skb_any() vs drop monitor
	9p/xen: fix version parsing
	9p/xen: fix connection sequence
	9p/rdma: unmap receive dma buffer in rdma_request()/post_recv()
	net/mlx5: Geneve, Fix handling of Geneve object id as error code
	nfc: fix memory leak of se_io context in nfc_genl_se_io
	net/sched: act_sample: fix action bind logic
	ARM: dts: spear320-hmi: correct STMPE GPIO compatible
	tcp: tcp_check_req() can be called from process context
	vc_screen: modify vcs_size() handling in vcs_read()
	rtc: sun6i: Always export the internal oscillator
	scsi: ipr: Work around fortify-string warning
	loop: loop_set_status_from_info() check before assignment
	ASoC: adau7118: don't disable regulators on device unbind
	ASoC: zl38060: Remove spurious gpiolib select
	ASoC: zl38060 add gpiolib dependency
	thermal: intel: quark_dts: fix error pointer dereference
	thermal: intel: BXT_PMIC: select REGMAP instead of depending on it
	tracing: Add NULL checks for buffer in ring_buffer_free_read_page()
	firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3
	bootconfig: Increase max nodes of bootconfig from 1024 to 8192 for DCC support
	mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak
	IB/hfi1: Update RMT size calculation
	media: uvcvideo: Handle cameras with invalid descriptors
	media: uvcvideo: Handle errors from calls to usb_string
	media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910
	media: uvcvideo: Silence memcpy() run-time false positive warnings
	staging: emxx_udc: Add checks for dma_alloc_coherent()
	tty: fix out-of-bounds access in tty_driver_lookup_tty()
	tty: serial: fsl_lpuart: disable the CTS when send break signal
	serial: sc16is7xx: setup GPIO controller later in probe
	mei: bus-fixup:upon error print return values of send and receive
	tools/iio/iio_utils:fix memory leak
	iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word()
	iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word()
	PCI: loongson: Prevent LS7A MRRS increases
	usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math
	USB: ene_usb6250: Allocate enough memory for full object
	usb: uvc: Enumerate valid values for color matching
	usb: gadget: uvc: Make bSourceID read/write
	PCI: Align extra resources for hotplug bridges properly
	PCI: Take other bus devices into account when distributing resources
	kernel/fail_function: fix memory leak with using debugfs_lookup()
	PCI: loongson: Add more devices that need MRRS quirk
	PCI: Add ACS quirk for Wangxun NICs
	phy: rockchip-typec: Fix unsigned comparison with less than zero
	soundwire: cadence: Remove wasted space in response_buf
	soundwire: cadence: Drain the RX FIFO after an IO timeout
	net: tls: avoid hanging tasks on the tx_lock
	x86/resctrl: Apply READ_ONCE/WRITE_ONCE to task_struct.{rmid,closid}
	x86/resctl: fix scheduler confusion with 'current'
	drm/display/dp_mst: Fix down/up message handling after sink disconnect
	drm/display/dp_mst: Fix down message handling after a packet reception error
	Bluetooth: hci_sock: purge socket queues in the destruct() callback
	tcp: Fix listen() regression in 5.10.163
	drm/virtio: Fix error code in virtio_gpu_object_shmem_init()
	media: uvcvideo: Provide sync and async uvc_ctrl_status_event
	media: uvcvideo: Fix race condition with usb_kill_urb
	Revert "scsi: mpt3sas: Fix return value check of dma_get_required_mask()"
	scsi: mpt3sas: Don't change DMA mask while reallocating pools
	scsi: mpt3sas: re-do lost mpt3sas DMA mask fix
	scsi: mpt3sas: Remove usage of dma_get_required_mask() API
	malidp: Fix NULL vs IS_ERR() checking
	usb: gadget: uvc: fix missing mutex_unlock() if kstrtou8() fails
	Linux 5.10.173

Change-Id: Iedcbc093feb171d48c70976d0aa99e972fac3ad1
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2023-03-22 11:21:35 +00:00

653 lines
18 KiB
C
Raw Permalink Blame History

// SPDX-License-Identifier: GPL-2.0
/*
* ESSIV skcipher and aead template for block encryption
*
* This template encapsulates the ESSIV IV generation algorithm used by
* dm-crypt and fscrypt, which converts the initial vector for the skcipher
* used for block encryption, by encrypting it using the hash of the
* skcipher key as encryption key. Usually, the input IV is a 64-bit sector
* number in LE representation zero-padded to the size of the IV, but this
* is not assumed by this driver.
*
* The typical use of this template is to instantiate the skcipher
* 'essiv(cbc(aes),sha256)', which is the only instantiation used by
* fscrypt, and the most relevant one for dm-crypt. However, dm-crypt
* also permits ESSIV to be used in combination with the authenc template,
* e.g., 'essiv(authenc(hmac(sha256),cbc(aes)),sha256)', in which case
* we need to instantiate an aead that accepts the same special key format
* as the authenc template, and deals with the way the encrypted IV is
* embedded into the AAD area of the aead request. This means the AEAD
* flavor produced by this template is tightly coupled to the way dm-crypt
* happens to use it.
*
* Copyright (c) 2019 Linaro, Ltd. <ard.biesheuvel@linaro.org>
*
* Heavily based on:
* adiantum length-preserving encryption mode
*
* Copyright 2018 Google LLC
*/
#include <crypto/authenc.h>
#include <crypto/internal/aead.h>
#include <crypto/internal/cipher.h>
#include <crypto/internal/hash.h>
#include <crypto/internal/skcipher.h>
#include <crypto/scatterwalk.h>
#include <linux/module.h>
#include "internal.h"
struct essiv_instance_ctx {
union {
struct crypto_skcipher_spawn skcipher_spawn;
struct crypto_aead_spawn aead_spawn;
} u;
char essiv_cipher_name[CRYPTO_MAX_ALG_NAME];
char shash_driver_name[CRYPTO_MAX_ALG_NAME];
};
struct essiv_tfm_ctx {
union {
struct crypto_skcipher *skcipher;
struct crypto_aead *aead;
} u;
struct crypto_cipher *essiv_cipher;
struct crypto_shash *hash;
int ivoffset;
};
struct essiv_aead_request_ctx {
struct scatterlist sg[4];
u8 *assoc;
struct aead_request aead_req;
};
static int essiv_skcipher_setkey(struct crypto_skcipher *tfm,
const u8 *key, unsigned int keylen)
{
struct essiv_tfm_ctx *tctx = crypto_skcipher_ctx(tfm);
u8 salt[HASH_MAX_DIGESTSIZE];
int err;
crypto_skcipher_clear_flags(tctx->u.skcipher, CRYPTO_TFM_REQ_MASK);
crypto_skcipher_set_flags(tctx->u.skcipher,
crypto_skcipher_get_flags(tfm) &
CRYPTO_TFM_REQ_MASK);
err = crypto_skcipher_setkey(tctx->u.skcipher, key, keylen);
if (err)
return err;
err = crypto_shash_tfm_digest(tctx->hash, key, keylen, salt);
if (err)
return err;
crypto_cipher_clear_flags(tctx->essiv_cipher, CRYPTO_TFM_REQ_MASK);
crypto_cipher_set_flags(tctx->essiv_cipher,
crypto_skcipher_get_flags(tfm) &
CRYPTO_TFM_REQ_MASK);
return crypto_cipher_setkey(tctx->essiv_cipher, salt,
crypto_shash_digestsize(tctx->hash));
}
static int essiv_aead_setkey(struct crypto_aead *tfm, const u8 *key,
unsigned int keylen)
{
struct essiv_tfm_ctx *tctx = crypto_aead_ctx(tfm);
SHASH_DESC_ON_STACK(desc, tctx->hash);
struct crypto_authenc_keys keys;
u8 salt[HASH_MAX_DIGESTSIZE];
int err;
crypto_aead_clear_flags(tctx->u.aead, CRYPTO_TFM_REQ_MASK);
crypto_aead_set_flags(tctx->u.aead, crypto_aead_get_flags(tfm) &
CRYPTO_TFM_REQ_MASK);
err = crypto_aead_setkey(tctx->u.aead, key, keylen);
if (err)
return err;
if (crypto_authenc_extractkeys(&keys, key, keylen) != 0)
return -EINVAL;
desc->tfm = tctx->hash;
err = crypto_shash_init(desc) ?:
crypto_shash_update(desc, keys.enckey, keys.enckeylen) ?:
crypto_shash_finup(desc, keys.authkey, keys.authkeylen, salt);
if (err)
return err;
crypto_cipher_clear_flags(tctx->essiv_cipher, CRYPTO_TFM_REQ_MASK);
crypto_cipher_set_flags(tctx->essiv_cipher, crypto_aead_get_flags(tfm) &
CRYPTO_TFM_REQ_MASK);
return crypto_cipher_setkey(tctx->essiv_cipher, salt,
crypto_shash_digestsize(tctx->hash));
}
static int essiv_aead_setauthsize(struct crypto_aead *tfm,
unsigned int authsize)
{
struct essiv_tfm_ctx *tctx = crypto_aead_ctx(tfm);
return crypto_aead_setauthsize(tctx->u.aead, authsize);
}
static void essiv_skcipher_done(struct crypto_async_request *areq, int err)
{
struct skcipher_request *req = areq->data;
skcipher_request_complete(req, err);
}
static int essiv_skcipher_crypt(struct skcipher_request *req, bool enc)
{
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
const struct essiv_tfm_ctx *tctx = crypto_skcipher_ctx(tfm);
struct skcipher_request *subreq = skcipher_request_ctx(req);
crypto_cipher_encrypt_one(tctx->essiv_cipher, req->iv, req->iv);
skcipher_request_set_tfm(subreq, tctx->u.skcipher);
skcipher_request_set_crypt(subreq, req->src, req->dst, req->cryptlen,
req->iv);
skcipher_request_set_callback(subreq, skcipher_request_flags(req),
essiv_skcipher_done, req);
return enc ? crypto_skcipher_encrypt(subreq) :
crypto_skcipher_decrypt(subreq);
}
static int essiv_skcipher_encrypt(struct skcipher_request *req)
{
return essiv_skcipher_crypt(req, true);
}
static int essiv_skcipher_decrypt(struct skcipher_request *req)
{
return essiv_skcipher_crypt(req, false);
}
static void essiv_aead_done(struct crypto_async_request *areq, int err)
{
struct aead_request *req = areq->data;
struct essiv_aead_request_ctx *rctx = aead_request_ctx(req);
if (err == -EINPROGRESS)
goto out;
kfree(rctx->assoc);
out:
aead_request_complete(req, err);
}
static int essiv_aead_crypt(struct aead_request *req, bool enc)
{
struct crypto_aead *tfm = crypto_aead_reqtfm(req);
const struct essiv_tfm_ctx *tctx = crypto_aead_ctx(tfm);
struct essiv_aead_request_ctx *rctx = aead_request_ctx(req);
struct aead_request *subreq = &rctx->aead_req;
struct scatterlist *src = req->src;
int err;
crypto_cipher_encrypt_one(tctx->essiv_cipher, req->iv, req->iv);
/*
* dm-crypt embeds the sector number and the IV in the AAD region, so
* we have to copy the converted IV into the right scatterlist before
* we pass it on.
*/
rctx->assoc = NULL;
if (req->src == req->dst || !enc) {
scatterwalk_map_and_copy(req->iv, req->dst,
req->assoclen - crypto_aead_ivsize(tfm),
crypto_aead_ivsize(tfm), 1);
} else {
u8 *iv = (u8 *)aead_request_ctx(req) + tctx->ivoffset;
int ivsize = crypto_aead_ivsize(tfm);
int ssize = req->assoclen - ivsize;
struct scatterlist *sg;
int nents;
if (ssize < 0)
return -EINVAL;
nents = sg_nents_for_len(req->src, ssize);
if (nents < 0)
return -EINVAL;
memcpy(iv, req->iv, ivsize);
sg_init_table(rctx->sg, 4);
if (unlikely(nents > 1)) {
/*
* This is a case that rarely occurs in practice, but
* for correctness, we have to deal with it nonetheless.
*/
rctx->assoc = kmalloc(ssize, GFP_ATOMIC);
if (!rctx->assoc)
return -ENOMEM;
scatterwalk_map_and_copy(rctx->assoc, req->src, 0,
ssize, 0);
sg_set_buf(rctx->sg, rctx->assoc, ssize);
} else {
sg_set_page(rctx->sg, sg_page(req->src), ssize,
req->src->offset);
}
sg_set_buf(rctx->sg + 1, iv, ivsize);
sg = scatterwalk_ffwd(rctx->sg + 2, req->src, req->assoclen);
if (sg != rctx->sg + 2)
sg_chain(rctx->sg, 3, sg);
src = rctx->sg;
}
aead_request_set_tfm(subreq, tctx->u.aead);
aead_request_set_ad(subreq, req->assoclen);
aead_request_set_callback(subreq, aead_request_flags(req),
essiv_aead_done, req);
aead_request_set_crypt(subreq, src, req->dst, req->cryptlen, req->iv);
err = enc ? crypto_aead_encrypt(subreq) :
crypto_aead_decrypt(subreq);
if (rctx->assoc && err != -EINPROGRESS && err != -EBUSY)
kfree(rctx->assoc);
return err;
}
static int essiv_aead_encrypt(struct aead_request *req)
{
return essiv_aead_crypt(req, true);
}
static int essiv_aead_decrypt(struct aead_request *req)
{
return essiv_aead_crypt(req, false);
}
static int essiv_init_tfm(struct essiv_instance_ctx *ictx,
struct essiv_tfm_ctx *tctx)
{
struct crypto_cipher *essiv_cipher;
struct crypto_shash *hash;
int err;
essiv_cipher = crypto_alloc_cipher(ictx->essiv_cipher_name, 0, 0);
if (IS_ERR(essiv_cipher))
return PTR_ERR(essiv_cipher);
hash = crypto_alloc_shash(ictx->shash_driver_name, 0, 0);
if (IS_ERR(hash)) {
err = PTR_ERR(hash);
goto err_free_essiv_cipher;
}
tctx->essiv_cipher = essiv_cipher;
tctx->hash = hash;
return 0;
err_free_essiv_cipher:
crypto_free_cipher(essiv_cipher);
return err;
}
static int essiv_skcipher_init_tfm(struct crypto_skcipher *tfm)
{
struct skcipher_instance *inst = skcipher_alg_instance(tfm);
struct essiv_instance_ctx *ictx = skcipher_instance_ctx(inst);
struct essiv_tfm_ctx *tctx = crypto_skcipher_ctx(tfm);
struct crypto_skcipher *skcipher;
int err;
skcipher = crypto_spawn_skcipher(&ictx->u.skcipher_spawn);
if (IS_ERR(skcipher))
return PTR_ERR(skcipher);
crypto_skcipher_set_reqsize(tfm, sizeof(struct skcipher_request) +
crypto_skcipher_reqsize(skcipher));
err = essiv_init_tfm(ictx, tctx);
if (err) {
crypto_free_skcipher(skcipher);
return err;
}
tctx->u.skcipher = skcipher;
return 0;
}
static int essiv_aead_init_tfm(struct crypto_aead *tfm)
{
struct aead_instance *inst = aead_alg_instance(tfm);
struct essiv_instance_ctx *ictx = aead_instance_ctx(inst);
struct essiv_tfm_ctx *tctx = crypto_aead_ctx(tfm);
struct crypto_aead *aead;
unsigned int subreq_size;
int err;
BUILD_BUG_ON(offsetofend(struct essiv_aead_request_ctx, aead_req) !=
sizeof(struct essiv_aead_request_ctx));
aead = crypto_spawn_aead(&ictx->u.aead_spawn);
if (IS_ERR(aead))
return PTR_ERR(aead);
subreq_size = sizeof_field(struct essiv_aead_request_ctx, aead_req) +
crypto_aead_reqsize(aead);
tctx->ivoffset = offsetof(struct essiv_aead_request_ctx, aead_req) +
subreq_size;
crypto_aead_set_reqsize(tfm, tctx->ivoffset + crypto_aead_ivsize(aead));
err = essiv_init_tfm(ictx, tctx);
if (err) {
crypto_free_aead(aead);
return err;
}
tctx->u.aead = aead;
return 0;
}
static void essiv_skcipher_exit_tfm(struct crypto_skcipher *tfm)
{
struct essiv_tfm_ctx *tctx = crypto_skcipher_ctx(tfm);
crypto_free_skcipher(tctx->u.skcipher);
crypto_free_cipher(tctx->essiv_cipher);
crypto_free_shash(tctx->hash);
}
static void essiv_aead_exit_tfm(struct crypto_aead *tfm)
{
struct essiv_tfm_ctx *tctx = crypto_aead_ctx(tfm);
crypto_free_aead(tctx->u.aead);
crypto_free_cipher(tctx->essiv_cipher);
crypto_free_shash(tctx->hash);
}
static void essiv_skcipher_free_instance(struct skcipher_instance *inst)
{
struct essiv_instance_ctx *ictx = skcipher_instance_ctx(inst);
crypto_drop_skcipher(&ictx->u.skcipher_spawn);
kfree(inst);
}
static void essiv_aead_free_instance(struct aead_instance *inst)
{
struct essiv_instance_ctx *ictx = aead_instance_ctx(inst);
crypto_drop_aead(&ictx->u.aead_spawn);
kfree(inst);
}
static bool parse_cipher_name(char *essiv_cipher_name, const char *cra_name)
{
const char *p, *q;
int len;
/* find the last opening parens */
p = strrchr(cra_name, '(');
if (!p++)
return false;
/* find the first closing parens in the tail of the string */
q = strchr(p, ')');
if (!q)
return false;
len = q - p;
if (len >= CRYPTO_MAX_ALG_NAME)
return false;
memcpy(essiv_cipher_name, p, len);
essiv_cipher_name[len] = '\0';
return true;
}
static bool essiv_supported_algorithms(const char *essiv_cipher_name,
struct shash_alg *hash_alg,
int ivsize)
{
struct crypto_alg *alg;
bool ret = false;
alg = crypto_alg_mod_lookup(essiv_cipher_name,
CRYPTO_ALG_TYPE_CIPHER,
CRYPTO_ALG_TYPE_MASK);
if (IS_ERR(alg))
return false;
if (hash_alg->digestsize < alg->cra_cipher.cia_min_keysize ||
hash_alg->digestsize > alg->cra_cipher.cia_max_keysize)
goto out;
if (ivsize != alg->cra_blocksize)
goto out;
if (crypto_shash_alg_needs_key(hash_alg))
goto out;
ret = true;
out:
crypto_mod_put(alg);
return ret;
}
static int essiv_create(struct crypto_template *tmpl, struct rtattr **tb)
{
struct crypto_attr_type *algt;
const char *inner_cipher_name;
const char *shash_name;
struct skcipher_instance *skcipher_inst = NULL;
struct aead_instance *aead_inst = NULL;
struct crypto_instance *inst;
struct crypto_alg *base, *block_base;
struct essiv_instance_ctx *ictx;
struct skcipher_alg *skcipher_alg = NULL;
struct aead_alg *aead_alg = NULL;
struct crypto_alg *_hash_alg;
struct shash_alg *hash_alg;
int ivsize;
u32 type;
u32 mask;
int err;
algt = crypto_get_attr_type(tb);
if (IS_ERR(algt))
return PTR_ERR(algt);
inner_cipher_name = crypto_attr_alg_name(tb[1]);
if (IS_ERR(inner_cipher_name))
return PTR_ERR(inner_cipher_name);
shash_name = crypto_attr_alg_name(tb[2]);
if (IS_ERR(shash_name))
return PTR_ERR(shash_name);
type = algt->type & algt->mask;
mask = crypto_algt_inherited_mask(algt);
switch (type) {
case CRYPTO_ALG_TYPE_SKCIPHER:
skcipher_inst = kzalloc(sizeof(*skcipher_inst) +
sizeof(*ictx), GFP_KERNEL);
if (!skcipher_inst)
return -ENOMEM;
inst = skcipher_crypto_instance(skcipher_inst);
base = &skcipher_inst->alg.base;
ictx = crypto_instance_ctx(inst);
/* Symmetric cipher, e.g., "cbc(aes)" */
err = crypto_grab_skcipher(&ictx->u.skcipher_spawn, inst,
inner_cipher_name, 0, mask);
if (err)
goto out_free_inst;
skcipher_alg = crypto_spawn_skcipher_alg(&ictx->u.skcipher_spawn);
block_base = &skcipher_alg->base;
ivsize = crypto_skcipher_alg_ivsize(skcipher_alg);
break;
case CRYPTO_ALG_TYPE_AEAD:
aead_inst = kzalloc(sizeof(*aead_inst) +
sizeof(*ictx), GFP_KERNEL);
if (!aead_inst)
return -ENOMEM;
inst = aead_crypto_instance(aead_inst);
base = &aead_inst->alg.base;
ictx = crypto_instance_ctx(inst);
/* AEAD cipher, e.g., "authenc(hmac(sha256),cbc(aes))" */
err = crypto_grab_aead(&ictx->u.aead_spawn, inst,
inner_cipher_name, 0, mask);
if (err)
goto out_free_inst;
aead_alg = crypto_spawn_aead_alg(&ictx->u.aead_spawn);
block_base = &aead_alg->base;
if (!strstarts(block_base->cra_name, "authenc(")) {
pr_warn("Only authenc() type AEADs are supported by ESSIV\n");
err = -EINVAL;
goto out_drop_skcipher;
}
ivsize = aead_alg->ivsize;
break;
default:
return -EINVAL;
}
if (!parse_cipher_name(ictx->essiv_cipher_name, block_base->cra_name)) {
pr_warn("Failed to parse ESSIV cipher name from skcipher cra_name\n");
err = -EINVAL;
goto out_drop_skcipher;
}
/* Synchronous hash, e.g., "sha256" */
_hash_alg = crypto_alg_mod_lookup(shash_name,
CRYPTO_ALG_TYPE_SHASH,
CRYPTO_ALG_TYPE_MASK | mask);
if (IS_ERR(_hash_alg)) {
err = PTR_ERR(_hash_alg);
goto out_drop_skcipher;
}
hash_alg = __crypto_shash_alg(_hash_alg);
/* Check the set of algorithms */
if (!essiv_supported_algorithms(ictx->essiv_cipher_name, hash_alg,
ivsize)) {
pr_warn("Unsupported essiv instantiation: essiv(%s,%s)\n",
block_base->cra_name, hash_alg->base.cra_name);
err = -EINVAL;
goto out_free_hash;
}
/* record the driver name so we can instantiate this exact algo later */
strlcpy(ictx->shash_driver_name, hash_alg->base.cra_driver_name,
CRYPTO_MAX_ALG_NAME);
/* Instance fields */
err = -ENAMETOOLONG;
if (snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME,
"essiv(%s,%s)", block_base->cra_name,
hash_alg->base.cra_name) >= CRYPTO_MAX_ALG_NAME)
goto out_free_hash;
if (snprintf(base->cra_driver_name, CRYPTO_MAX_ALG_NAME,
"essiv(%s,%s)", block_base->cra_driver_name,
hash_alg->base.cra_driver_name) >= CRYPTO_MAX_ALG_NAME)
goto out_free_hash;
/*
* hash_alg wasn't gotten via crypto_grab*(), so we need to inherit its
* flags manually.
*/
base->cra_flags |= (hash_alg->base.cra_flags &
CRYPTO_ALG_INHERITED_FLAGS);
base->cra_blocksize = block_base->cra_blocksize;
base->cra_ctxsize = sizeof(struct essiv_tfm_ctx);
base->cra_alignmask = block_base->cra_alignmask;
base->cra_priority = block_base->cra_priority;
if (type == CRYPTO_ALG_TYPE_SKCIPHER) {
skcipher_inst->alg.setkey = essiv_skcipher_setkey;
skcipher_inst->alg.encrypt = essiv_skcipher_encrypt;
skcipher_inst->alg.decrypt = essiv_skcipher_decrypt;
skcipher_inst->alg.init = essiv_skcipher_init_tfm;
skcipher_inst->alg.exit = essiv_skcipher_exit_tfm;
skcipher_inst->alg.min_keysize = crypto_skcipher_alg_min_keysize(skcipher_alg);
skcipher_inst->alg.max_keysize = crypto_skcipher_alg_max_keysize(skcipher_alg);
skcipher_inst->alg.ivsize = ivsize;
skcipher_inst->alg.chunksize = crypto_skcipher_alg_chunksize(skcipher_alg);
skcipher_inst->alg.walksize = crypto_skcipher_alg_walksize(skcipher_alg);
skcipher_inst->free = essiv_skcipher_free_instance;
err = skcipher_register_instance(tmpl, skcipher_inst);
} else {
aead_inst->alg.setkey = essiv_aead_setkey;
aead_inst->alg.setauthsize = essiv_aead_setauthsize;
aead_inst->alg.encrypt = essiv_aead_encrypt;
aead_inst->alg.decrypt = essiv_aead_decrypt;
aead_inst->alg.init = essiv_aead_init_tfm;
aead_inst->alg.exit = essiv_aead_exit_tfm;
aead_inst->alg.ivsize = ivsize;
aead_inst->alg.maxauthsize = crypto_aead_alg_maxauthsize(aead_alg);
aead_inst->alg.chunksize = crypto_aead_alg_chunksize(aead_alg);
aead_inst->free = essiv_aead_free_instance;
err = aead_register_instance(tmpl, aead_inst);
}
if (err)
goto out_free_hash;
crypto_mod_put(_hash_alg);
return 0;
out_free_hash:
crypto_mod_put(_hash_alg);
out_drop_skcipher:
if (type == CRYPTO_ALG_TYPE_SKCIPHER)
crypto_drop_skcipher(&ictx->u.skcipher_spawn);
else
crypto_drop_aead(&ictx->u.aead_spawn);
out_free_inst:
kfree(skcipher_inst);
kfree(aead_inst);
return err;
}
/* essiv(cipher_name, shash_name) */
static struct crypto_template essiv_tmpl = {
.name = "essiv",
.create = essiv_create,
.module = THIS_MODULE,
};
static int __init essiv_module_init(void)
{
return crypto_register_template(&essiv_tmpl);
}
static void __exit essiv_module_exit(void)
{
crypto_unregister_template(&essiv_tmpl);
}
subsys_initcall(essiv_module_init);
module_exit(essiv_module_exit);
MODULE_DESCRIPTION("ESSIV skcipher/aead wrapper for block encryption");
MODULE_LICENSE("GPL v2");
MODULE_ALIAS_CRYPTO("essiv");
MODULE_IMPORT_NS(CRYPTO_INTERNAL);
Reference in New Issue View Git Blame Copy Permalink