From: Greg Kroah-Hartman Date: Wed, 14 Feb 2018 19:36:33 +0000 (+0100) Subject: drop 4.9 and 3.18 patches that broke the build X-Git-Tag: v4.15.4~28 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fd0ca0050268e9428f66cd01e1e6bf65679577ec;p=thirdparty%2Fkernel%2Fstable-queue.git drop 4.9 and 3.18 patches that broke the build --- diff --git a/queue-3.18/crypto-mcryptd-pass-through-absence-of-setkey.patch b/queue-3.18/crypto-mcryptd-pass-through-absence-of-setkey.patch deleted file mode 100644 index d9347dccd65..00000000000 --- a/queue-3.18/crypto-mcryptd-pass-through-absence-of-setkey.patch +++ /dev/null @@ -1,34 +0,0 @@ -From fa59b92d299f2787e6bae1ff078ee0982e80211f Mon Sep 17 00:00:00 2001 -From: Eric Biggers -Date: Wed, 3 Jan 2018 11:16:24 -0800 -Subject: crypto: mcryptd - pass through absence of ->setkey() - -From: Eric Biggers - -commit fa59b92d299f2787e6bae1ff078ee0982e80211f upstream. - -When the mcryptd template is used to wrap an unkeyed hash algorithm, -don't install a ->setkey() method to the mcryptd instance. This change -is necessary for mcryptd to keep working with unkeyed hash algorithms -once we start enforcing that ->setkey() is called when present. - -Signed-off-by: Eric Biggers -Signed-off-by: Herbert Xu -Signed-off-by: Greg Kroah-Hartman - ---- - crypto/mcryptd.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - ---- a/crypto/mcryptd.c -+++ b/crypto/mcryptd.c -@@ -514,7 +514,8 @@ static int mcryptd_create_hash(struct cr - inst->alg.finup = mcryptd_hash_finup_enqueue; - inst->alg.export = mcryptd_hash_export; - inst->alg.import = mcryptd_hash_import; -- inst->alg.setkey = mcryptd_hash_setkey; -+ if (crypto_hash_alg_has_setkey(halg)) -+ inst->alg.setkey = mcryptd_hash_setkey; - inst->alg.digest = mcryptd_hash_digest_enqueue; - - err = ahash_register_instance(tmpl, inst); diff --git a/queue-3.18/series b/queue-3.18/series index 3e0077dbc73..121bc50daf8 100644 --- a/queue-3.18/series +++ b/queue-3.18/series @@ -30,4 +30,3 @@ nfs-commit-direct-writes-even-if-they-fail-partially.patch kernfs-fix-regression-in-kernfs_fop_write-caused-by-wrong-type.patch crypto-hash-introduce-crypto_hash_alg_has_setkey.patch crypto-cryptd-pass-through-absence-of-setkey.patch -crypto-mcryptd-pass-through-absence-of-setkey.patch diff --git a/queue-4.9/crypto-hash-prevent-using-keyed-hashes-without-setting-key.patch b/queue-4.9/crypto-hash-prevent-using-keyed-hashes-without-setting-key.patch deleted file mode 100644 index db01796bbd5..00000000000 --- a/queue-4.9/crypto-hash-prevent-using-keyed-hashes-without-setting-key.patch +++ /dev/null @@ -1,368 +0,0 @@ -From 9fa68f620041be04720d0cbfb1bd3ddfc6310b24 Mon Sep 17 00:00:00 2001 -From: Eric Biggers -Date: Wed, 3 Jan 2018 11:16:27 -0800 -Subject: crypto: hash - prevent using keyed hashes without setting key - -From: Eric Biggers - -commit 9fa68f620041be04720d0cbfb1bd3ddfc6310b24 upstream. - -Currently, almost none of the keyed hash algorithms check whether a key -has been set before proceeding. Some algorithms are okay with this and -will effectively just use a key of all 0's or some other bogus default. -However, others will severely break, as demonstrated using -"hmac(sha3-512-generic)", the unkeyed use of which causes a kernel crash -via a (potentially exploitable) stack buffer overflow. - -A while ago, this problem was solved for AF_ALG by pairing each hash -transform with a 'has_key' bool. However, there are still other places -in the kernel where userspace can specify an arbitrary hash algorithm by -name, and the kernel uses it as unkeyed hash without checking whether it -is really unkeyed. Examples of this include: - - - KEYCTL_DH_COMPUTE, via the KDF extension - - dm-verity - - dm-crypt, via the ESSIV support - - dm-integrity, via the "internal hash" mode with no key given - - drbd (Distributed Replicated Block Device) - -This bug is especially bad for KEYCTL_DH_COMPUTE as that requires no -privileges to call. - -Fix the bug for all users by adding a flag CRYPTO_TFM_NEED_KEY to the -->crt_flags of each hash transform that indicates whether the transform -still needs to be keyed or not. Then, make the hash init, import, and -digest functions return -ENOKEY if the key is still needed. - -The new flag also replaces the 'has_key' bool which algif_hash was -previously using, thereby simplifying the algif_hash implementation. - -Reported-by: syzbot -Signed-off-by: Eric Biggers -Signed-off-by: Herbert Xu -Signed-off-by: Greg Kroah-Hartman - ---- - crypto/ahash.c | 22 ++++++++++++++++---- - crypto/algif_hash.c | 52 ++++++++++--------------------------------------- - crypto/shash.c | 25 +++++++++++++++++++---- - include/crypto/hash.h | 34 ++++++++++++++++++++++---------- - include/linux/crypto.h | 2 + - 5 files changed, 75 insertions(+), 60 deletions(-) - ---- a/crypto/ahash.c -+++ b/crypto/ahash.c -@@ -192,11 +192,18 @@ int crypto_ahash_setkey(struct crypto_ah - unsigned int keylen) - { - unsigned long alignmask = crypto_ahash_alignmask(tfm); -+ int err; - - if ((unsigned long)key & alignmask) -- return ahash_setkey_unaligned(tfm, key, keylen); -+ err = ahash_setkey_unaligned(tfm, key, keylen); -+ else -+ err = tfm->setkey(tfm, key, keylen); -+ -+ if (err) -+ return err; - -- return tfm->setkey(tfm, key, keylen); -+ crypto_ahash_clear_flags(tfm, CRYPTO_TFM_NEED_KEY); -+ return 0; - } - EXPORT_SYMBOL_GPL(crypto_ahash_setkey); - -@@ -369,7 +376,12 @@ EXPORT_SYMBOL_GPL(crypto_ahash_finup); - - int crypto_ahash_digest(struct ahash_request *req) - { -- return crypto_ahash_op(req, crypto_ahash_reqtfm(req)->digest); -+ struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); -+ -+ if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) -+ return -ENOKEY; -+ -+ return crypto_ahash_op(req, tfm->digest); - } - EXPORT_SYMBOL_GPL(crypto_ahash_digest); - -@@ -455,7 +467,6 @@ static int crypto_ahash_init_tfm(struct - struct ahash_alg *alg = crypto_ahash_alg(hash); - - hash->setkey = ahash_nosetkey; -- hash->has_setkey = false; - hash->export = ahash_no_export; - hash->import = ahash_no_import; - -@@ -470,7 +481,8 @@ static int crypto_ahash_init_tfm(struct - - if (alg->setkey) { - hash->setkey = alg->setkey; -- hash->has_setkey = true; -+ if (!(alg->halg.base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY)) -+ crypto_ahash_set_flags(hash, CRYPTO_TFM_NEED_KEY); - } - if (alg->export) - hash->export = alg->export; ---- a/crypto/algif_hash.c -+++ b/crypto/algif_hash.c -@@ -34,11 +34,6 @@ struct hash_ctx { - struct ahash_request req; - }; - --struct algif_hash_tfm { -- struct crypto_ahash *hash; -- bool has_key; --}; -- - static int hash_alloc_result(struct sock *sk, struct hash_ctx *ctx) - { - unsigned ds; -@@ -308,7 +303,7 @@ static int hash_check_key(struct socket - int err = 0; - struct sock *psk; - struct alg_sock *pask; -- struct algif_hash_tfm *tfm; -+ struct crypto_ahash *tfm; - struct sock *sk = sock->sk; - struct alg_sock *ask = alg_sk(sk); - -@@ -322,7 +317,7 @@ static int hash_check_key(struct socket - - err = -ENOKEY; - lock_sock_nested(psk, SINGLE_DEPTH_NESTING); -- if (!tfm->has_key) -+ if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) - goto unlock; - - if (!pask->refcnt++) -@@ -413,41 +408,17 @@ static struct proto_ops algif_hash_ops_n - - static void *hash_bind(const char *name, u32 type, u32 mask) - { -- struct algif_hash_tfm *tfm; -- struct crypto_ahash *hash; -- -- tfm = kzalloc(sizeof(*tfm), GFP_KERNEL); -- if (!tfm) -- return ERR_PTR(-ENOMEM); -- -- hash = crypto_alloc_ahash(name, type, mask); -- if (IS_ERR(hash)) { -- kfree(tfm); -- return ERR_CAST(hash); -- } -- -- tfm->hash = hash; -- -- return tfm; -+ return crypto_alloc_ahash(name, type, mask); - } - - static void hash_release(void *private) - { -- struct algif_hash_tfm *tfm = private; -- -- crypto_free_ahash(tfm->hash); -- kfree(tfm); -+ crypto_free_ahash(private); - } - - static int hash_setkey(void *private, const u8 *key, unsigned int keylen) - { -- struct algif_hash_tfm *tfm = private; -- int err; -- -- err = crypto_ahash_setkey(tfm->hash, key, keylen); -- tfm->has_key = !err; -- -- return err; -+ return crypto_ahash_setkey(private, key, keylen); - } - - static void hash_sock_destruct(struct sock *sk) -@@ -462,11 +433,10 @@ static void hash_sock_destruct(struct so - - static int hash_accept_parent_nokey(void *private, struct sock *sk) - { -- struct hash_ctx *ctx; -+ struct crypto_ahash *tfm = private; - struct alg_sock *ask = alg_sk(sk); -- struct algif_hash_tfm *tfm = private; -- struct crypto_ahash *hash = tfm->hash; -- unsigned len = sizeof(*ctx) + crypto_ahash_reqsize(hash); -+ struct hash_ctx *ctx; -+ unsigned int len = sizeof(*ctx) + crypto_ahash_reqsize(tfm); - - ctx = sock_kmalloc(sk, len, GFP_KERNEL); - if (!ctx) -@@ -479,7 +449,7 @@ static int hash_accept_parent_nokey(void - - ask->private = ctx; - -- ahash_request_set_tfm(&ctx->req, hash); -+ ahash_request_set_tfm(&ctx->req, tfm); - ahash_request_set_callback(&ctx->req, CRYPTO_TFM_REQ_MAY_BACKLOG, - af_alg_complete, &ctx->completion); - -@@ -490,9 +460,9 @@ static int hash_accept_parent_nokey(void - - static int hash_accept_parent(void *private, struct sock *sk) - { -- struct algif_hash_tfm *tfm = private; -+ struct crypto_ahash *tfm = private; - -- if (!tfm->has_key && crypto_ahash_has_setkey(tfm->hash)) -+ if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) - return -ENOKEY; - - return hash_accept_parent_nokey(private, sk); ---- a/crypto/shash.c -+++ b/crypto/shash.c -@@ -57,11 +57,18 @@ int crypto_shash_setkey(struct crypto_sh - { - struct shash_alg *shash = crypto_shash_alg(tfm); - unsigned long alignmask = crypto_shash_alignmask(tfm); -+ int err; - - if ((unsigned long)key & alignmask) -- return shash_setkey_unaligned(tfm, key, keylen); -+ err = shash_setkey_unaligned(tfm, key, keylen); -+ else -+ err = shash->setkey(tfm, key, keylen); -+ -+ if (err) -+ return err; - -- return shash->setkey(tfm, key, keylen); -+ crypto_shash_clear_flags(tfm, CRYPTO_TFM_NEED_KEY); -+ return 0; - } - EXPORT_SYMBOL_GPL(crypto_shash_setkey); - -@@ -180,6 +187,9 @@ int crypto_shash_digest(struct shash_des - struct shash_alg *shash = crypto_shash_alg(tfm); - unsigned long alignmask = crypto_shash_alignmask(tfm); - -+ if (crypto_shash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) -+ return -ENOKEY; -+ - if (((unsigned long)data | (unsigned long)out) & alignmask) - return shash_digest_unaligned(desc, data, len, out); - -@@ -359,7 +369,8 @@ int crypto_init_shash_ops_async(struct c - crt->digest = shash_async_digest; - crt->setkey = shash_async_setkey; - -- crt->has_setkey = alg->setkey != shash_no_setkey; -+ crypto_ahash_set_flags(crt, crypto_shash_get_flags(shash) & -+ CRYPTO_TFM_NEED_KEY); - - if (alg->export) - crt->export = shash_async_export; -@@ -374,8 +385,14 @@ int crypto_init_shash_ops_async(struct c - static int crypto_shash_init_tfm(struct crypto_tfm *tfm) - { - struct crypto_shash *hash = __crypto_shash_cast(tfm); -+ struct shash_alg *alg = crypto_shash_alg(hash); -+ -+ hash->descsize = alg->descsize; -+ -+ if (crypto_shash_alg_has_setkey(alg) && -+ !(alg->base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY)) -+ crypto_shash_set_flags(hash, CRYPTO_TFM_NEED_KEY); - -- hash->descsize = crypto_shash_alg(hash)->descsize; - return 0; - } - ---- a/include/crypto/hash.h -+++ b/include/crypto/hash.h -@@ -205,7 +205,6 @@ struct crypto_ahash { - unsigned int keylen); - - unsigned int reqsize; -- bool has_setkey; - struct crypto_tfm base; - }; - -@@ -399,11 +398,6 @@ static inline void *ahash_request_ctx(st - int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key, - unsigned int keylen); - --static inline bool crypto_ahash_has_setkey(struct crypto_ahash *tfm) --{ -- return tfm->has_setkey; --} -- - /** - * crypto_ahash_finup() - update and finalize message digest - * @req: reference to the ahash_request handle that holds all information -@@ -475,7 +469,12 @@ static inline int crypto_ahash_export(st - */ - static inline int crypto_ahash_import(struct ahash_request *req, const void *in) - { -- return crypto_ahash_reqtfm(req)->import(req, in); -+ struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); -+ -+ if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) -+ return -ENOKEY; -+ -+ return tfm->import(req, in); - } - - /** -@@ -492,7 +491,12 @@ static inline int crypto_ahash_import(st - */ - static inline int crypto_ahash_init(struct ahash_request *req) - { -- return crypto_ahash_reqtfm(req)->init(req); -+ struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); -+ -+ if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) -+ return -ENOKEY; -+ -+ return tfm->init(req); - } - - /** -@@ -845,7 +849,12 @@ static inline int crypto_shash_export(st - */ - static inline int crypto_shash_import(struct shash_desc *desc, const void *in) - { -- return crypto_shash_alg(desc->tfm)->import(desc, in); -+ struct crypto_shash *tfm = desc->tfm; -+ -+ if (crypto_shash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) -+ return -ENOKEY; -+ -+ return crypto_shash_alg(tfm)->import(desc, in); - } - - /** -@@ -861,7 +870,12 @@ static inline int crypto_shash_import(st - */ - static inline int crypto_shash_init(struct shash_desc *desc) - { -- return crypto_shash_alg(desc->tfm)->init(desc); -+ struct crypto_shash *tfm = desc->tfm; -+ -+ if (crypto_shash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) -+ return -ENOKEY; -+ -+ return crypto_shash_alg(tfm)->init(desc); - } - - /** ---- a/include/linux/crypto.h -+++ b/include/linux/crypto.h -@@ -105,6 +105,8 @@ - /* - * Transform masks and values (for crt_flags). - */ -+#define CRYPTO_TFM_NEED_KEY 0x00000001 -+ - #define CRYPTO_TFM_REQ_MASK 0x000fff00 - #define CRYPTO_TFM_RES_MASK 0xfff00000 - diff --git a/queue-4.9/series b/queue-4.9/series index 213cba53e72..37e864772dd 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -32,4 +32,3 @@ crypto-hash-introduce-crypto_hash_alg_has_setkey.patch crypto-cryptd-pass-through-absence-of-setkey.patch crypto-mcryptd-pass-through-absence-of-setkey.patch crypto-poly1305-remove-setkey-method.patch -crypto-hash-prevent-using-keyed-hashes-without-setting-key.patch