aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'crypto')
-rw-r--r--crypto/af_alg.c44
-rw-r--r--crypto/algapi.c12
-rw-r--r--crypto/algif_aead.c66
-rw-r--r--crypto/algif_skcipher.c31
-rw-r--r--crypto/asymmetric_keys/pkcs7_parser.c4
-rw-r--r--crypto/asymmetric_keys/pkcs7_trust.c2
-rw-r--r--crypto/asymmetric_keys/pkcs7_verify.c9
-rw-r--r--crypto/asymmetric_keys/public_key.c7
-rw-r--r--crypto/asymmetric_keys/x509_cert_parser.c2
-rw-r--r--crypto/asymmetric_keys/x509_public_key.c8
-rw-r--r--crypto/chacha20poly1305.c6
-rw-r--r--crypto/hmac.c6
-rw-r--r--crypto/mcryptd.c23
-rw-r--r--crypto/pcrypt.c19
-rw-r--r--crypto/rsa_helper.c2
-rw-r--r--crypto/salsa20_generic.c7
-rw-r--r--crypto/shash.c5
-rw-r--r--crypto/skcipher.c11
18 files changed, 154 insertions, 110 deletions
diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index 85cea9de324a..35d4dcea381f 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -664,7 +664,7 @@ void af_alg_free_areq_sgls(struct af_alg_async_req *areq)
664 unsigned int i; 664 unsigned int i;
665 665
666 list_for_each_entry_safe(rsgl, tmp, &areq->rsgl_list, list) { 666 list_for_each_entry_safe(rsgl, tmp, &areq->rsgl_list, list) {
667 ctx->rcvused -= rsgl->sg_num_bytes; 667 atomic_sub(rsgl->sg_num_bytes, &ctx->rcvused);
668 af_alg_free_sg(&rsgl->sgl); 668 af_alg_free_sg(&rsgl->sgl);
669 list_del(&rsgl->list); 669 list_del(&rsgl->list);
670 if (rsgl != &areq->first_rsgl) 670 if (rsgl != &areq->first_rsgl)
@@ -672,14 +672,15 @@ void af_alg_free_areq_sgls(struct af_alg_async_req *areq)
672 } 672 }
673 673
674 tsgl = areq->tsgl; 674 tsgl = areq->tsgl;
675 for_each_sg(tsgl, sg, areq->tsgl_entries, i) { 675 if (tsgl) {
676 if (!sg_page(sg)) 676 for_each_sg(tsgl, sg, areq->tsgl_entries, i) {
677 continue; 677 if (!sg_page(sg))
678 put_page(sg_page(sg)); 678 continue;
679 } 679 put_page(sg_page(sg));
680 }
680 681
681 if (areq->tsgl && areq->tsgl_entries)
682 sock_kfree_s(sk, tsgl, areq->tsgl_entries * sizeof(*tsgl)); 682 sock_kfree_s(sk, tsgl, areq->tsgl_entries * sizeof(*tsgl));
683 }
683} 684}
684EXPORT_SYMBOL_GPL(af_alg_free_areq_sgls); 685EXPORT_SYMBOL_GPL(af_alg_free_areq_sgls);
685 686
@@ -1021,6 +1022,18 @@ unlock:
1021EXPORT_SYMBOL_GPL(af_alg_sendpage); 1022EXPORT_SYMBOL_GPL(af_alg_sendpage);
1022 1023
1023/** 1024/**
1025 * af_alg_free_resources - release resources required for crypto request
1026 */
1027void af_alg_free_resources(struct af_alg_async_req *areq)
1028{
1029 struct sock *sk = areq->sk;
1030
1031 af_alg_free_areq_sgls(areq);
1032 sock_kfree_s(sk, areq, areq->areqlen);
1033}
1034EXPORT_SYMBOL_GPL(af_alg_free_resources);
1035
1036/**
1024 * af_alg_async_cb - AIO callback handler 1037 * af_alg_async_cb - AIO callback handler
1025 * 1038 *
1026 * This handler cleans up the struct af_alg_async_req upon completion of the 1039 * This handler cleans up the struct af_alg_async_req upon completion of the
@@ -1036,18 +1049,13 @@ void af_alg_async_cb(struct crypto_async_request *_req, int err)
1036 struct kiocb *iocb = areq->iocb; 1049 struct kiocb *iocb = areq->iocb;
1037 unsigned int resultlen; 1050 unsigned int resultlen;
1038 1051
1039 lock_sock(sk);
1040
1041 /* Buffer size written by crypto operation. */ 1052 /* Buffer size written by crypto operation. */
1042 resultlen = areq->outlen; 1053 resultlen = areq->outlen;
1043 1054
1044 af_alg_free_areq_sgls(areq); 1055 af_alg_free_resources(areq);
1045 sock_kfree_s(sk, areq, areq->areqlen); 1056 sock_put(sk);
1046 __sock_put(sk);
1047 1057
1048 iocb->ki_complete(iocb, err ? err : resultlen, 0); 1058 iocb->ki_complete(iocb, err ? err : resultlen, 0);
1049
1050 release_sock(sk);
1051} 1059}
1052EXPORT_SYMBOL_GPL(af_alg_async_cb); 1060EXPORT_SYMBOL_GPL(af_alg_async_cb);
1053 1061
@@ -1130,12 +1138,6 @@ int af_alg_get_rsgl(struct sock *sk, struct msghdr *msg, int flags,
1130 if (!af_alg_readable(sk)) 1138 if (!af_alg_readable(sk))
1131 break; 1139 break;
1132 1140
1133 if (!ctx->used) {
1134 err = af_alg_wait_for_data(sk, flags);
1135 if (err)
1136 return err;
1137 }
1138
1139 seglen = min_t(size_t, (maxsize - len), 1141 seglen = min_t(size_t, (maxsize - len),
1140 msg_data_left(msg)); 1142 msg_data_left(msg));
1141 1143
@@ -1161,7 +1163,7 @@ int af_alg_get_rsgl(struct sock *sk, struct msghdr *msg, int flags,
1161 1163
1162 areq->last_rsgl = rsgl; 1164 areq->last_rsgl = rsgl;
1163 len += err; 1165 len += err;
1164 ctx->rcvused += err; 1166 atomic_add(err, &ctx->rcvused);
1165 rsgl->sg_num_bytes = err; 1167 rsgl->sg_num_bytes = err;
1166 iov_iter_advance(&msg->msg_iter, err); 1168 iov_iter_advance(&msg->msg_iter, err);
1167 } 1169 }
diff --git a/crypto/algapi.c b/crypto/algapi.c
index 60d7366ed343..9a636f961572 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -167,6 +167,18 @@ void crypto_remove_spawns(struct crypto_alg *alg, struct list_head *list,
167 167
168 spawn->alg = NULL; 168 spawn->alg = NULL;
169 spawns = &inst->alg.cra_users; 169 spawns = &inst->alg.cra_users;
170
171 /*
172 * We may encounter an unregistered instance here, since
173 * an instance's spawns are set up prior to the instance
174 * being registered. An unregistered instance will have
175 * NULL ->cra_users.next, since ->cra_users isn't
176 * properly initialized until registration. But an
177 * unregistered instance cannot have any users, so treat
178 * it the same as ->cra_users being empty.
179 */
180 if (spawns->next == NULL)
181 break;
170 } 182 }
171 } while ((spawns = crypto_more_spawns(alg, &stack, &top, 183 } while ((spawns = crypto_more_spawns(alg, &stack, &top,
172 &secondary_spawns))); 184 &secondary_spawns)));
diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c
index aacae0837aff..e9885a35ef6e 100644
--- a/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -101,16 +101,22 @@ static int _aead_recvmsg(struct socket *sock, struct msghdr *msg,
101 struct aead_tfm *aeadc = pask->private; 101 struct aead_tfm *aeadc = pask->private;
102 struct crypto_aead *tfm = aeadc->aead; 102 struct crypto_aead *tfm = aeadc->aead;
103 struct crypto_skcipher *null_tfm = aeadc->null_tfm; 103 struct crypto_skcipher *null_tfm = aeadc->null_tfm;
104 unsigned int as = crypto_aead_authsize(tfm); 104 unsigned int i, as = crypto_aead_authsize(tfm);
105 struct af_alg_async_req *areq; 105 struct af_alg_async_req *areq;
106 struct af_alg_tsgl *tsgl; 106 struct af_alg_tsgl *tsgl, *tmp;
107 struct scatterlist *src; 107 struct scatterlist *rsgl_src, *tsgl_src = NULL;
108 int err = 0; 108 int err = 0;
109 size_t used = 0; /* [in] TX bufs to be en/decrypted */ 109 size_t used = 0; /* [in] TX bufs to be en/decrypted */
110 size_t outlen = 0; /* [out] RX bufs produced by kernel */ 110 size_t outlen = 0; /* [out] RX bufs produced by kernel */
111 size_t usedpages = 0; /* [in] RX bufs to be used from user */ 111 size_t usedpages = 0; /* [in] RX bufs to be used from user */
112 size_t processed = 0; /* [in] TX bufs to be consumed */ 112 size_t processed = 0; /* [in] TX bufs to be consumed */
113 113
114 if (!ctx->used) {
115 err = af_alg_wait_for_data(sk, flags);
116 if (err)
117 return err;
118 }
119
114 /* 120 /*
115 * Data length provided by caller via sendmsg/sendpage that has not 121 * Data length provided by caller via sendmsg/sendpage that has not
116 * yet been processed. 122 * yet been processed.
@@ -178,7 +184,22 @@ static int _aead_recvmsg(struct socket *sock, struct msghdr *msg,
178 } 184 }
179 185
180 processed = used + ctx->aead_assoclen; 186 processed = used + ctx->aead_assoclen;
181 tsgl = list_first_entry(&ctx->tsgl_list, struct af_alg_tsgl, list); 187 list_for_each_entry_safe(tsgl, tmp, &ctx->tsgl_list, list) {
188 for (i = 0; i < tsgl->cur; i++) {
189 struct scatterlist *process_sg = tsgl->sg + i;
190
191 if (!(process_sg->length) || !sg_page(process_sg))
192 continue;
193 tsgl_src = process_sg;
194 break;
195 }
196 if (tsgl_src)
197 break;
198 }
199 if (processed && !tsgl_src) {
200 err = -EFAULT;
201 goto free;
202 }
182 203
183 /* 204 /*
184 * Copy of AAD from source to destination 205 * Copy of AAD from source to destination
@@ -194,7 +215,7 @@ static int _aead_recvmsg(struct socket *sock, struct msghdr *msg,
194 */ 215 */
195 216
196 /* Use the RX SGL as source (and destination) for crypto op. */ 217 /* Use the RX SGL as source (and destination) for crypto op. */
197 src = areq->first_rsgl.sgl.sg; 218 rsgl_src = areq->first_rsgl.sgl.sg;
198 219
199 if (ctx->enc) { 220 if (ctx->enc) {
200 /* 221 /*
@@ -207,7 +228,7 @@ static int _aead_recvmsg(struct socket *sock, struct msghdr *msg,
207 * v v 228 * v v
208 * RX SGL: AAD || PT || Tag 229 * RX SGL: AAD || PT || Tag
209 */ 230 */
210 err = crypto_aead_copy_sgl(null_tfm, tsgl->sg, 231 err = crypto_aead_copy_sgl(null_tfm, tsgl_src,
211 areq->first_rsgl.sgl.sg, processed); 232 areq->first_rsgl.sgl.sg, processed);
212 if (err) 233 if (err)
213 goto free; 234 goto free;
@@ -225,7 +246,7 @@ static int _aead_recvmsg(struct socket *sock, struct msghdr *msg,
225 */ 246 */
226 247
227 /* Copy AAD || CT to RX SGL buffer for in-place operation. */ 248 /* Copy AAD || CT to RX SGL buffer for in-place operation. */
228 err = crypto_aead_copy_sgl(null_tfm, tsgl->sg, 249 err = crypto_aead_copy_sgl(null_tfm, tsgl_src,
229 areq->first_rsgl.sgl.sg, outlen); 250 areq->first_rsgl.sgl.sg, outlen);
230 if (err) 251 if (err)
231 goto free; 252 goto free;
@@ -257,23 +278,34 @@ static int _aead_recvmsg(struct socket *sock, struct msghdr *msg,
257 areq->tsgl); 278 areq->tsgl);
258 } else 279 } else
259 /* no RX SGL present (e.g. authentication only) */ 280 /* no RX SGL present (e.g. authentication only) */
260 src = areq->tsgl; 281 rsgl_src = areq->tsgl;
261 } 282 }
262 283
263 /* Initialize the crypto operation */ 284 /* Initialize the crypto operation */
264 aead_request_set_crypt(&areq->cra_u.aead_req, src, 285 aead_request_set_crypt(&areq->cra_u.aead_req, rsgl_src,
265 areq->first_rsgl.sgl.sg, used, ctx->iv); 286 areq->first_rsgl.sgl.sg, used, ctx->iv);
266 aead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen); 287 aead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen);
267 aead_request_set_tfm(&areq->cra_u.aead_req, tfm); 288 aead_request_set_tfm(&areq->cra_u.aead_req, tfm);
268 289
269 if (msg->msg_iocb && !is_sync_kiocb(msg->msg_iocb)) { 290 if (msg->msg_iocb && !is_sync_kiocb(msg->msg_iocb)) {
270 /* AIO operation */ 291 /* AIO operation */
292 sock_hold(sk);
271 areq->iocb = msg->msg_iocb; 293 areq->iocb = msg->msg_iocb;
294
295 /* Remember output size that will be generated. */
296 areq->outlen = outlen;
297
272 aead_request_set_callback(&areq->cra_u.aead_req, 298 aead_request_set_callback(&areq->cra_u.aead_req,
273 CRYPTO_TFM_REQ_MAY_BACKLOG, 299 CRYPTO_TFM_REQ_MAY_BACKLOG,
274 af_alg_async_cb, areq); 300 af_alg_async_cb, areq);
275 err = ctx->enc ? crypto_aead_encrypt(&areq->cra_u.aead_req) : 301 err = ctx->enc ? crypto_aead_encrypt(&areq->cra_u.aead_req) :
276 crypto_aead_decrypt(&areq->cra_u.aead_req); 302 crypto_aead_decrypt(&areq->cra_u.aead_req);
303
304 /* AIO operation in progress */
305 if (err == -EINPROGRESS || err == -EBUSY)
306 return -EIOCBQUEUED;
307
308 sock_put(sk);
277 } else { 309 } else {
278 /* Synchronous operation */ 310 /* Synchronous operation */
279 aead_request_set_callback(&areq->cra_u.aead_req, 311 aead_request_set_callback(&areq->cra_u.aead_req,
@@ -285,19 +317,9 @@ static int _aead_recvmsg(struct socket *sock, struct msghdr *msg,
285 &ctx->wait); 317 &ctx->wait);
286 } 318 }
287 319
288 /* AIO operation in progress */
289 if (err == -EINPROGRESS) {
290 sock_hold(sk);
291
292 /* Remember output size that will be generated. */
293 areq->outlen = outlen;
294
295 return -EIOCBQUEUED;
296 }
297 320
298free: 321free:
299 af_alg_free_areq_sgls(areq); 322 af_alg_free_resources(areq);
300 sock_kfree_s(sk, areq, areq->areqlen);
301 323
302 return err ? err : outlen; 324 return err ? err : outlen;
303} 325}
@@ -487,6 +509,7 @@ static void aead_release(void *private)
487 struct aead_tfm *tfm = private; 509 struct aead_tfm *tfm = private;
488 510
489 crypto_free_aead(tfm->aead); 511 crypto_free_aead(tfm->aead);
512 crypto_put_default_null_skcipher2();
490 kfree(tfm); 513 kfree(tfm);
491} 514}
492 515
@@ -519,7 +542,6 @@ static void aead_sock_destruct(struct sock *sk)
519 unsigned int ivlen = crypto_aead_ivsize(tfm); 542 unsigned int ivlen = crypto_aead_ivsize(tfm);
520 543
521 af_alg_pull_tsgl(sk, ctx->used, NULL, 0); 544 af_alg_pull_tsgl(sk, ctx->used, NULL, 0);
522 crypto_put_default_null_skcipher2();
523 sock_kzfree_s(sk, ctx->iv, ivlen); 545 sock_kzfree_s(sk, ctx->iv, ivlen);
524 sock_kfree_s(sk, ctx, ctx->len); 546 sock_kfree_s(sk, ctx, ctx->len);
525 af_alg_release_parent(sk); 547 af_alg_release_parent(sk);
@@ -549,7 +571,7 @@ static int aead_accept_parent_nokey(void *private, struct sock *sk)
549 INIT_LIST_HEAD(&ctx->tsgl_list); 571 INIT_LIST_HEAD(&ctx->tsgl_list);
550 ctx->len = len; 572 ctx->len = len;
551 ctx->used = 0; 573 ctx->used = 0;
552 ctx->rcvused = 0; 574 atomic_set(&ctx->rcvused, 0);
553 ctx->more = 0; 575 ctx->more = 0;
554 ctx->merge = 0; 576 ctx->merge = 0;
555 ctx->enc = 0; 577 ctx->enc = 0;
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index 9954b078f0b9..c5c47b680152 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -72,6 +72,12 @@ static int _skcipher_recvmsg(struct socket *sock, struct msghdr *msg,
72 int err = 0; 72 int err = 0;
73 size_t len = 0; 73 size_t len = 0;
74 74
75 if (!ctx->used) {
76 err = af_alg_wait_for_data(sk, flags);
77 if (err)
78 return err;
79 }
80
75 /* Allocate cipher request for current operation. */ 81 /* Allocate cipher request for current operation. */
76 areq = af_alg_alloc_areq(sk, sizeof(struct af_alg_async_req) + 82 areq = af_alg_alloc_areq(sk, sizeof(struct af_alg_async_req) +
77 crypto_skcipher_reqsize(tfm)); 83 crypto_skcipher_reqsize(tfm));
@@ -117,13 +123,24 @@ static int _skcipher_recvmsg(struct socket *sock, struct msghdr *msg,
117 123
118 if (msg->msg_iocb && !is_sync_kiocb(msg->msg_iocb)) { 124 if (msg->msg_iocb && !is_sync_kiocb(msg->msg_iocb)) {
119 /* AIO operation */ 125 /* AIO operation */
126 sock_hold(sk);
120 areq->iocb = msg->msg_iocb; 127 areq->iocb = msg->msg_iocb;
128
129 /* Remember output size that will be generated. */
130 areq->outlen = len;
131
121 skcipher_request_set_callback(&areq->cra_u.skcipher_req, 132 skcipher_request_set_callback(&areq->cra_u.skcipher_req,
122 CRYPTO_TFM_REQ_MAY_SLEEP, 133 CRYPTO_TFM_REQ_MAY_SLEEP,
123 af_alg_async_cb, areq); 134 af_alg_async_cb, areq);
124 err = ctx->enc ? 135 err = ctx->enc ?
125 crypto_skcipher_encrypt(&areq->cra_u.skcipher_req) : 136 crypto_skcipher_encrypt(&areq->cra_u.skcipher_req) :
126 crypto_skcipher_decrypt(&areq->cra_u.skcipher_req); 137 crypto_skcipher_decrypt(&areq->cra_u.skcipher_req);
138
139 /* AIO operation in progress */
140 if (err == -EINPROGRESS || err == -EBUSY)
141 return -EIOCBQUEUED;
142
143 sock_put(sk);
127 } else { 144 } else {
128 /* Synchronous operation */ 145 /* Synchronous operation */
129 skcipher_request_set_callback(&areq->cra_u.skcipher_req, 146 skcipher_request_set_callback(&areq->cra_u.skcipher_req,
@@ -136,19 +153,9 @@ static int _skcipher_recvmsg(struct socket *sock, struct msghdr *msg,
136 &ctx->wait); 153 &ctx->wait);
137 } 154 }
138 155
139 /* AIO operation in progress */
140 if (err == -EINPROGRESS) {
141 sock_hold(sk);
142
143 /* Remember output size that will be generated. */
144 areq->outlen = len;
145
146 return -EIOCBQUEUED;
147 }
148 156
149free: 157free:
150 af_alg_free_areq_sgls(areq); 158 af_alg_free_resources(areq);
151 sock_kfree_s(sk, areq, areq->areqlen);
152 159
153 return err ? err : len; 160 return err ? err : len;
154} 161}
@@ -383,7 +390,7 @@ static int skcipher_accept_parent_nokey(void *private, struct sock *sk)
383 INIT_LIST_HEAD(&ctx->tsgl_list); 390 INIT_LIST_HEAD(&ctx->tsgl_list);
384 ctx->len = len; 391 ctx->len = len;
385 ctx->used = 0; 392 ctx->used = 0;
386 ctx->rcvused = 0; 393 atomic_set(&ctx->rcvused, 0);
387 ctx->more = 0; 394 ctx->more = 0;
388 ctx->merge = 0; 395 ctx->merge = 0;
389 ctx->enc = 0; 396 ctx->enc = 0;
diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c
index c1ca1e86f5c4..a6dcaa659aa8 100644
--- a/crypto/asymmetric_keys/pkcs7_parser.c
+++ b/crypto/asymmetric_keys/pkcs7_parser.c
@@ -148,8 +148,10 @@ struct pkcs7_message *pkcs7_parse_message(const void *data, size_t datalen)
148 } 148 }
149 149
150 ret = pkcs7_check_authattrs(ctx->msg); 150 ret = pkcs7_check_authattrs(ctx->msg);
151 if (ret < 0) 151 if (ret < 0) {
152 msg = ERR_PTR(ret);
152 goto out; 153 goto out;
154 }
153 155
154 msg = ctx->msg; 156 msg = ctx->msg;
155 ctx->msg = NULL; 157 ctx->msg = NULL;
diff --git a/crypto/asymmetric_keys/pkcs7_trust.c b/crypto/asymmetric_keys/pkcs7_trust.c
index f6a009d88a33..1f4e25f10049 100644
--- a/crypto/asymmetric_keys/pkcs7_trust.c
+++ b/crypto/asymmetric_keys/pkcs7_trust.c
@@ -69,7 +69,7 @@ static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
69 /* Self-signed certificates form roots of their own, and if we 69 /* Self-signed certificates form roots of their own, and if we
70 * don't know them, then we can't accept them. 70 * don't know them, then we can't accept them.
71 */ 71 */
72 if (x509->next == x509) { 72 if (x509->signer == x509) {
73 kleave(" = -ENOKEY [unknown self-signed]"); 73 kleave(" = -ENOKEY [unknown self-signed]");
74 return -ENOKEY; 74 return -ENOKEY;
75 } 75 }
diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
index 2d93d9eccb4d..39e6de0c2761 100644
--- a/crypto/asymmetric_keys/pkcs7_verify.c
+++ b/crypto/asymmetric_keys/pkcs7_verify.c
@@ -59,11 +59,8 @@ static int pkcs7_digest(struct pkcs7_message *pkcs7,
59 desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; 59 desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
60 60
61 /* Digest the message [RFC2315 9.3] */ 61 /* Digest the message [RFC2315 9.3] */
62 ret = crypto_shash_init(desc); 62 ret = crypto_shash_digest(desc, pkcs7->data, pkcs7->data_len,
63 if (ret < 0) 63 sig->digest);
64 goto error;
65 ret = crypto_shash_finup(desc, pkcs7->data, pkcs7->data_len,
66 sig->digest);
67 if (ret < 0) 64 if (ret < 0)
68 goto error; 65 goto error;
69 pr_devel("MsgDigest = [%*ph]\n", 8, sig->digest); 66 pr_devel("MsgDigest = [%*ph]\n", 8, sig->digest);
@@ -150,7 +147,7 @@ static int pkcs7_find_key(struct pkcs7_message *pkcs7,
150 pr_devel("Sig %u: Found cert serial match X.509[%u]\n", 147 pr_devel("Sig %u: Found cert serial match X.509[%u]\n",
151 sinfo->index, certix); 148 sinfo->index, certix);
152 149
153 if (x509->pub->pkey_algo != sinfo->sig->pkey_algo) { 150 if (strcmp(x509->pub->pkey_algo, sinfo->sig->pkey_algo) != 0) {
154 pr_warn("Sig %u: X.509 algo and PKCS#7 sig algo don't match\n", 151 pr_warn("Sig %u: X.509 algo and PKCS#7 sig algo don't match\n",
155 sinfo->index); 152 sinfo->index);
156 continue; 153 continue;
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index bc3035ef27a2..de996586762a 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -73,7 +73,7 @@ int public_key_verify_signature(const struct public_key *pkey,
73 char alg_name_buf[CRYPTO_MAX_ALG_NAME]; 73 char alg_name_buf[CRYPTO_MAX_ALG_NAME];
74 void *output; 74 void *output;
75 unsigned int outlen; 75 unsigned int outlen;
76 int ret = -ENOMEM; 76 int ret;
77 77
78 pr_devel("==>%s()\n", __func__); 78 pr_devel("==>%s()\n", __func__);
79 79
@@ -99,6 +99,7 @@ int public_key_verify_signature(const struct public_key *pkey,
99 if (IS_ERR(tfm)) 99 if (IS_ERR(tfm))
100 return PTR_ERR(tfm); 100 return PTR_ERR(tfm);
101 101
102 ret = -ENOMEM;
102 req = akcipher_request_alloc(tfm, GFP_KERNEL); 103 req = akcipher_request_alloc(tfm, GFP_KERNEL);
103 if (!req) 104 if (!req)
104 goto error_free_tfm; 105 goto error_free_tfm;
@@ -127,7 +128,7 @@ int public_key_verify_signature(const struct public_key *pkey,
127 * signature and returns that to us. 128 * signature and returns that to us.
128 */ 129 */
129 ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait); 130 ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
130 if (ret < 0) 131 if (ret)
131 goto out_free_output; 132 goto out_free_output;
132 133
133 /* Do the actual verification step. */ 134 /* Do the actual verification step. */
@@ -142,6 +143,8 @@ error_free_req:
142error_free_tfm: 143error_free_tfm:
143 crypto_free_akcipher(tfm); 144 crypto_free_akcipher(tfm);
144 pr_devel("<==%s() = %d\n", __func__, ret); 145 pr_devel("<==%s() = %d\n", __func__, ret);
146 if (WARN_ON_ONCE(ret > 0))
147 ret = -EINVAL;
145 return ret; 148 return ret;
146} 149}
147EXPORT_SYMBOL_GPL(public_key_verify_signature); 150EXPORT_SYMBOL_GPL(public_key_verify_signature);
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index dd03fead1ca3..ce2df8c9c583 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -409,6 +409,8 @@ int x509_extract_key_data(void *context, size_t hdrlen,
409 ctx->cert->pub->pkey_algo = "rsa"; 409 ctx->cert->pub->pkey_algo = "rsa";
410 410
411 /* Discard the BIT STRING metadata */ 411 /* Discard the BIT STRING metadata */
412 if (vlen < 1 || *(const u8 *)value != 0)
413 return -EBADMSG;
412 ctx->key = value + 1; 414 ctx->key = value + 1;
413 ctx->key_size = vlen - 1; 415 ctx->key_size = vlen - 1;
414 return 0; 416 return 0;
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index c9013582c026..9338b4558cdc 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -79,11 +79,7 @@ int x509_get_sig_params(struct x509_certificate *cert)
79 desc->tfm = tfm; 79 desc->tfm = tfm;
80 desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; 80 desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
81 81
82 ret = crypto_shash_init(desc); 82 ret = crypto_shash_digest(desc, cert->tbs, cert->tbs_size, sig->digest);
83 if (ret < 0)
84 goto error_2;
85 might_sleep();
86 ret = crypto_shash_finup(desc, cert->tbs, cert->tbs_size, sig->digest);
87 if (ret < 0) 83 if (ret < 0)
88 goto error_2; 84 goto error_2;
89 85
@@ -135,7 +131,7 @@ int x509_check_for_self_signed(struct x509_certificate *cert)
135 } 131 }
136 132
137 ret = -EKEYREJECTED; 133 ret = -EKEYREJECTED;
138 if (cert->pub->pkey_algo != cert->sig->pkey_algo) 134 if (strcmp(cert->pub->pkey_algo, cert->sig->pkey_algo) != 0)
139 goto out; 135 goto out;
140 136
141 ret = public_key_verify_signature(cert->pub, cert->sig); 137 ret = public_key_verify_signature(cert->pub, cert->sig);
diff --git a/crypto/chacha20poly1305.c b/crypto/chacha20poly1305.c
index db1bc3147bc4..600afa99941f 100644
--- a/crypto/chacha20poly1305.c
+++ b/crypto/chacha20poly1305.c
@@ -610,6 +610,11 @@ static int chachapoly_create(struct crypto_template *tmpl, struct rtattr **tb,
610 algt->mask)); 610 algt->mask));
611 if (IS_ERR(poly)) 611 if (IS_ERR(poly))
612 return PTR_ERR(poly); 612 return PTR_ERR(poly);
613 poly_hash = __crypto_hash_alg_common(poly);
614
615 err = -EINVAL;
616 if (poly_hash->digestsize != POLY1305_DIGEST_SIZE)
617 goto out_put_poly;
613 618
614 err = -ENOMEM; 619 err = -ENOMEM;
615 inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL); 620 inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);
@@ -618,7 +623,6 @@ static int chachapoly_create(struct crypto_template *tmpl, struct rtattr **tb,
618 623
619 ctx = aead_instance_ctx(inst); 624 ctx = aead_instance_ctx(inst);
620 ctx->saltlen = CHACHAPOLY_IV_SIZE - ivsize; 625 ctx->saltlen = CHACHAPOLY_IV_SIZE - ivsize;
621 poly_hash = __crypto_hash_alg_common(poly);
622 err = crypto_init_ahash_spawn(&ctx->poly, poly_hash, 626 err = crypto_init_ahash_spawn(&ctx->poly, poly_hash,
623 aead_crypto_instance(inst)); 627 aead_crypto_instance(inst));
624 if (err) 628 if (err)
diff --git a/crypto/hmac.c b/crypto/hmac.c
index 92871dc2a63e..e74730224f0a 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -195,11 +195,15 @@ static int hmac_create(struct crypto_template *tmpl, struct rtattr **tb)
195 salg = shash_attr_alg(tb[1], 0, 0); 195 salg = shash_attr_alg(tb[1], 0, 0);
196 if (IS_ERR(salg)) 196 if (IS_ERR(salg))
197 return PTR_ERR(salg); 197 return PTR_ERR(salg);
198 alg = &salg->base;
198 199
200 /* The underlying hash algorithm must be unkeyed */
199 err = -EINVAL; 201 err = -EINVAL;
202 if (crypto_shash_alg_has_setkey(salg))
203 goto out_put_alg;
204
200 ds = salg->digestsize; 205 ds = salg->digestsize;
201 ss = salg->statesize; 206 ss = salg->statesize;
202 alg = &salg->base;
203 if (ds > alg->cra_blocksize || 207 if (ds > alg->cra_blocksize ||
204 ss < alg->cra_blocksize) 208 ss < alg->cra_blocksize)
205 goto out_put_alg; 209 goto out_put_alg;
diff --git a/crypto/mcryptd.c b/crypto/mcryptd.c
index 4e6472658852..eca04d3729b3 100644
--- a/crypto/mcryptd.c
+++ b/crypto/mcryptd.c
@@ -81,6 +81,7 @@ static int mcryptd_init_queue(struct mcryptd_queue *queue,
81 pr_debug("cpu_queue #%d %p\n", cpu, queue->cpu_queue); 81 pr_debug("cpu_queue #%d %p\n", cpu, queue->cpu_queue);
82 crypto_init_queue(&cpu_queue->queue, max_cpu_qlen); 82 crypto_init_queue(&cpu_queue->queue, max_cpu_qlen);
83 INIT_WORK(&cpu_queue->work, mcryptd_queue_worker); 83 INIT_WORK(&cpu_queue->work, mcryptd_queue_worker);
84 spin_lock_init(&cpu_queue->q_lock);
84 } 85 }
85 return 0; 86 return 0;
86} 87}
@@ -104,15 +105,16 @@ static int mcryptd_enqueue_request(struct mcryptd_queue *queue,
104 int cpu, err; 105 int cpu, err;
105 struct mcryptd_cpu_queue *cpu_queue; 106 struct mcryptd_cpu_queue *cpu_queue;
106 107
107 cpu = get_cpu(); 108 cpu_queue = raw_cpu_ptr(queue->cpu_queue);
108 cpu_queue = this_cpu_ptr(queue->cpu_queue); 109 spin_lock(&cpu_queue->q_lock);
109 rctx->tag.cpu = cpu; 110 cpu = smp_processor_id();
111 rctx->tag.cpu = smp_processor_id();
110 112
111 err = crypto_enqueue_request(&cpu_queue->queue, request); 113 err = crypto_enqueue_request(&cpu_queue->queue, request);
112 pr_debug("enqueue request: cpu %d cpu_queue %p request %p\n", 114 pr_debug("enqueue request: cpu %d cpu_queue %p request %p\n",
113 cpu, cpu_queue, request); 115 cpu, cpu_queue, request);
116 spin_unlock(&cpu_queue->q_lock);
114 queue_work_on(cpu, kcrypto_wq, &cpu_queue->work); 117 queue_work_on(cpu, kcrypto_wq, &cpu_queue->work);
115 put_cpu();
116 118
117 return err; 119 return err;
118} 120}
@@ -161,16 +163,11 @@ static void mcryptd_queue_worker(struct work_struct *work)
161 cpu_queue = container_of(work, struct mcryptd_cpu_queue, work); 163 cpu_queue = container_of(work, struct mcryptd_cpu_queue, work);
162 i = 0; 164 i = 0;
163 while (i < MCRYPTD_BATCH || single_task_running()) { 165 while (i < MCRYPTD_BATCH || single_task_running()) {
164 /* 166
165 * preempt_disable/enable is used to prevent 167 spin_lock_bh(&cpu_queue->q_lock);
166 * being preempted by mcryptd_enqueue_request()
167 */
168 local_bh_disable();
169 preempt_disable();
170 backlog = crypto_get_backlog(&cpu_queue->queue); 168 backlog = crypto_get_backlog(&cpu_queue->queue);
171 req = crypto_dequeue_request(&cpu_queue->queue); 169 req = crypto_dequeue_request(&cpu_queue->queue);
172 preempt_enable(); 170 spin_unlock_bh(&cpu_queue->q_lock);
173 local_bh_enable();
174 171
175 if (!req) { 172 if (!req) {
176 mcryptd_opportunistic_flush(); 173 mcryptd_opportunistic_flush();
@@ -185,7 +182,7 @@ static void mcryptd_queue_worker(struct work_struct *work)
185 ++i; 182 ++i;
186 } 183 }
187 if (cpu_queue->queue.qlen) 184 if (cpu_queue->queue.qlen)
188 queue_work(kcrypto_wq, &cpu_queue->work); 185 queue_work_on(smp_processor_id(), kcrypto_wq, &cpu_queue->work);
189} 186}
190 187
191void mcryptd_flusher(struct work_struct *__work) 188void mcryptd_flusher(struct work_struct *__work)
diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c
index ee9cfb99fe25..f8ec3d4ba4a8 100644
--- a/crypto/pcrypt.c
+++ b/crypto/pcrypt.c
@@ -254,6 +254,14 @@ static void pcrypt_aead_exit_tfm(struct crypto_aead *tfm)
254 crypto_free_aead(ctx->child); 254 crypto_free_aead(ctx->child);
255} 255}
256 256
257static void pcrypt_free(struct aead_instance *inst)
258{
259 struct pcrypt_instance_ctx *ctx = aead_instance_ctx(inst);
260
261 crypto_drop_aead(&ctx->spawn);
262 kfree(inst);
263}
264
257static int pcrypt_init_instance(struct crypto_instance *inst, 265static int pcrypt_init_instance(struct crypto_instance *inst,
258 struct crypto_alg *alg) 266 struct crypto_alg *alg)
259{ 267{
@@ -319,6 +327,8 @@ static int pcrypt_create_aead(struct crypto_template *tmpl, struct rtattr **tb,
319 inst->alg.encrypt = pcrypt_aead_encrypt; 327 inst->alg.encrypt = pcrypt_aead_encrypt;
320 inst->alg.decrypt = pcrypt_aead_decrypt; 328 inst->alg.decrypt = pcrypt_aead_decrypt;
321 329
330 inst->free = pcrypt_free;
331
322 err = aead_register_instance(tmpl, inst); 332 err = aead_register_instance(tmpl, inst);
323 if (err) 333 if (err)
324 goto out_drop_aead; 334 goto out_drop_aead;
@@ -349,14 +359,6 @@ static int pcrypt_create(struct crypto_template *tmpl, struct rtattr **tb)
349 return -EINVAL; 359 return -EINVAL;
350} 360}
351 361
352static void pcrypt_free(struct crypto_instance *inst)
353{
354 struct pcrypt_instance_ctx *ctx = crypto_instance_ctx(inst);
355
356 crypto_drop_aead(&ctx->spawn);
357 kfree(inst);
358}
359
360static int pcrypt_cpumask_change_notify(struct notifier_block *self, 362static int pcrypt_cpumask_change_notify(struct notifier_block *self,
361 unsigned long val, void *data) 363 unsigned long val, void *data)
362{ 364{
@@ -469,7 +471,6 @@ static void pcrypt_fini_padata(struct padata_pcrypt *pcrypt)
469static struct crypto_template pcrypt_tmpl = { 471static struct crypto_template pcrypt_tmpl = {
470 .name = "pcrypt", 472 .name = "pcrypt",
471 .create = pcrypt_create, 473 .create = pcrypt_create,
472 .free = pcrypt_free,
473 .module = THIS_MODULE, 474 .module = THIS_MODULE,
474}; 475};
475 476
diff --git a/crypto/rsa_helper.c b/crypto/rsa_helper.c
index 0b66dc824606..cad395d70d78 100644
--- a/crypto/rsa_helper.c
+++ b/crypto/rsa_helper.c
@@ -30,7 +30,7 @@ int rsa_get_n(void *context, size_t hdrlen, unsigned char tag,
30 return -EINVAL; 30 return -EINVAL;
31 31
32 if (fips_enabled) { 32 if (fips_enabled) {
33 while (!*ptr && n_sz) { 33 while (n_sz && !*ptr) {
34 ptr++; 34 ptr++;
35 n_sz--; 35 n_sz--;
36 } 36 }
diff --git a/crypto/salsa20_generic.c b/crypto/salsa20_generic.c
index f550b5d94630..d7da0eea5622 100644
--- a/crypto/salsa20_generic.c
+++ b/crypto/salsa20_generic.c
@@ -188,13 +188,6 @@ static int encrypt(struct blkcipher_desc *desc,
188 188
189 salsa20_ivsetup(ctx, walk.iv); 189 salsa20_ivsetup(ctx, walk.iv);
190 190
191 if (likely(walk.nbytes == nbytes))
192 {
193 salsa20_encrypt_bytes(ctx, walk.dst.virt.addr,
194 walk.src.virt.addr, nbytes);
195 return blkcipher_walk_done(desc, &walk, 0);
196 }
197
198 while (walk.nbytes >= 64) { 191 while (walk.nbytes >= 64) {
199 salsa20_encrypt_bytes(ctx, walk.dst.virt.addr, 192 salsa20_encrypt_bytes(ctx, walk.dst.virt.addr,
200 walk.src.virt.addr, 193 walk.src.virt.addr,
diff --git a/crypto/shash.c b/crypto/shash.c
index 325a14da5827..e849d3ee2e27 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -25,11 +25,12 @@
25 25
26static const struct crypto_type crypto_shash_type; 26static const struct crypto_type crypto_shash_type;
27 27
28static int shash_no_setkey(struct crypto_shash *tfm, const u8 *key, 28int shash_no_setkey(struct crypto_shash *tfm, const u8 *key,
29 unsigned int keylen) 29 unsigned int keylen)
30{ 30{
31 return -ENOSYS; 31 return -ENOSYS;
32} 32}
33EXPORT_SYMBOL_GPL(shash_no_setkey);
33 34
34static int shash_setkey_unaligned(struct crypto_shash *tfm, const u8 *key, 35static int shash_setkey_unaligned(struct crypto_shash *tfm, const u8 *key,
35 unsigned int keylen) 36 unsigned int keylen)
diff --git a/crypto/skcipher.c b/crypto/skcipher.c
index d5692e35fab1..11af5fd6a443 100644
--- a/crypto/skcipher.c
+++ b/crypto/skcipher.c
@@ -449,6 +449,8 @@ static int skcipher_walk_skcipher(struct skcipher_walk *walk,
449 449
450 walk->total = req->cryptlen; 450 walk->total = req->cryptlen;
451 walk->nbytes = 0; 451 walk->nbytes = 0;
452 walk->iv = req->iv;
453 walk->oiv = req->iv;
452 454
453 if (unlikely(!walk->total)) 455 if (unlikely(!walk->total))
454 return 0; 456 return 0;
@@ -456,9 +458,6 @@ static int skcipher_walk_skcipher(struct skcipher_walk *walk,
456 scatterwalk_start(&walk->in, req->src); 458 scatterwalk_start(&walk->in, req->src);
457 scatterwalk_start(&walk->out, req->dst); 459 scatterwalk_start(&walk->out, req->dst);
458 460
459 walk->iv = req->iv;
460 walk->oiv = req->iv;
461
462 walk->flags &= ~SKCIPHER_WALK_SLEEP; 461 walk->flags &= ~SKCIPHER_WALK_SLEEP;
463 walk->flags |= req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP ? 462 walk->flags |= req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP ?
464 SKCIPHER_WALK_SLEEP : 0; 463 SKCIPHER_WALK_SLEEP : 0;
@@ -510,6 +509,8 @@ static int skcipher_walk_aead_common(struct skcipher_walk *walk,
510 int err; 509 int err;
511 510
512 walk->nbytes = 0; 511 walk->nbytes = 0;
512 walk->iv = req->iv;
513 walk->oiv = req->iv;
513 514
514 if (unlikely(!walk->total)) 515 if (unlikely(!walk->total))
515 return 0; 516 return 0;
@@ -522,8 +523,8 @@ static int skcipher_walk_aead_common(struct skcipher_walk *walk,
522 scatterwalk_copychunks(NULL, &walk->in, req->assoclen, 2); 523 scatterwalk_copychunks(NULL, &walk->in, req->assoclen, 2);
523 scatterwalk_copychunks(NULL, &walk->out, req->assoclen, 2); 524 scatterwalk_copychunks(NULL, &walk->out, req->assoclen, 2);
524 525
525 walk->iv = req->iv; 526 scatterwalk_done(&walk->in, 0, walk->total);
526 walk->oiv = req->iv; 527 scatterwalk_done(&walk->out, 0, walk->total);
527 528
528 if (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) 529 if (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP)
529 walk->flags |= SKCIPHER_WALK_SLEEP; 530 walk->flags |= SKCIPHER_WALK_SLEEP;
generated by cgit v1.2.2 (git 2.25.0) at 2026-01-07 08:15:51 -0500