linux_dsm_epyc7002/drivers/crypto
Wenwen Wang f16b613ca8 crypto: chtls - fix a missing-check bug
In do_chtls_setsockopt(), the tls crypto info is first copied from the
poiner 'optval' in userspace and saved to 'tmp_crypto_info'. Then the
'version' of the crypto info is checked. If the version is not as expected,
i.e., TLS_1_2_VERSION, error code -ENOTSUPP is returned to indicate that
the provided crypto info is not supported yet. Then, the 'cipher_type'
field of the 'tmp_crypto_info' is also checked to see if it is
TLS_CIPHER_AES_GCM_128. If it is, the whole struct of
tls12_crypto_info_aes_gcm_128 is copied from the pointer 'optval' and then
the function chtls_setkey() is invoked to set the key.

Given that the 'optval' pointer resides in userspace, a malicious userspace
process can race to change the data pointed by 'optval' between the two
copies. For example, a user can provide a crypto info with TLS_1_2_VERSION
and TLS_CIPHER_AES_GCM_128. After the first copy, the user can modify the
'version' and the 'cipher_type' fields to any versions and/or cipher types
that are not allowed. This way, the user can bypass the checks, inject
bad data to the kernel, cause chtls_setkey() to set a wrong key or other
issues.

This patch reuses the data copied in the first try so as to ensure these
checks will not be bypassed.

Signed-off-by: Wenwen Wang <wang6495@umn.edu>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-27 00:12:04 +08:00
..
amcc crypto: crypto4xx - put temporary dst sg into request ctx 2018-04-28 16:09:45 +08:00
axis crypto: axis - remove unnecessary platform_get_resource() error check 2018-01-26 01:10:29 +11:00
bcm crypto: brcm - explicitly cast cipher to hash type 2018-03-31 01:33:14 +08:00
caam crypto: caam - fix size of RSA prime factor q 2018-05-05 14:52:56 +08:00
cavium crypto: cavium - Remove unnecessary parentheses 2018-04-28 16:09:38 +08:00
ccp crypto: ccp - Validate buffer lengths for copy operations 2018-03-16 23:35:52 +08:00
ccree crypto: ccree - use proper printk format 2018-05-05 14:52:44 +08:00
chelsio crypto: chtls - fix a missing-check bug 2018-05-27 00:12:04 +08:00
inside-secure crypto: inside-secure - authenc(hmac(sha1), cbc(aes)) support 2018-05-27 00:12:01 +08:00
marvell crypto: marvell/cesa - Clean up redundant #include 2018-03-03 00:03:13 +08:00
mediatek crypto: mediatek - move to generic async completion 2017-11-03 22:11:23 +08:00
nx crypto: nx - fix spelling mistake: "seqeunce" -> "sequence" 2018-05-19 00:13:55 +08:00
qat .gitignore: move *-asn1.[ch] patterns to the top-level .gitignore 2018-04-07 19:04:02 +09:00
qce Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2017-11-14 10:52:09 -08:00
rockchip License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
stm32 crypto: stm32/cryp - add stm32mp1 support 2018-02-15 23:26:57 +08:00
sunxi-ss crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss 2018-02-22 22:16:15 +08:00
ux500 crypto: ux500 - Delete two unnecessary variable initialisations in ux500_cryp_probe() 2018-02-22 22:16:34 +08:00
virtio crypto: virtio - remove dependency on CRYPTO_AUTHENC 2018-03-16 23:35:51 +08:00
vmx crypto: vmx - Remove overly verbose printk from AES XTS init 2018-05-12 00:13:16 +08:00
atmel-aes-regs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
atmel-aes.c crypto: atmel-aes - fix the keys zeroing on errors 2018-03-03 00:03:40 +08:00
atmel-authenc.h crypto: atmel-authenc - add support to authenc(hmac(shaX), Y(aes)) modes 2017-02-03 18:16:14 +08:00
atmel-ecc.c crypto: atmel-ecc - fix signed integer to u8 assignment 2017-08-03 13:47:23 +08:00
atmel-ecc.h crypto: atmel-ecc - introduce Microchip / Atmel ECC driver 2017-07-18 17:50:58 +08:00
atmel-sha-regs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
atmel-sha.c crypto: atmel - Delete error messages for a failed memory allocation in six functions 2018-02-22 22:17:00 +08:00
atmel-tdes-regs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
atmel-tdes.c crypto: atmel - Delete error messages for a failed memory allocation in six functions 2018-02-22 22:17:00 +08:00
exynos-rng.c crypto: drivers - simplify getting .drvdata 2018-04-28 16:09:35 +08:00
geode-aes.c crypto: geode-aes - fixed coding style warnings and error 2017-07-18 18:15:57 +08:00
geode-aes.h crypto: geode - Consistently use AES_KEYSIZE_128 2014-05-22 21:03:12 +08:00
hifn_795x.c crypto: hifn_795x - Fix a memory leak in the error handling path of 'hifn_probe()' 2017-11-29 17:33:30 +11:00
img-hash.c crypto: img-hash - remove unnecessary static in img_hash_remove() 2017-08-03 13:47:18 +08:00
ixp4xx_crypto.c crypto: ixp4xx - don't leak pointers to authenc keys 2018-03-31 01:33:12 +08:00
Kconfig crypto: inside-secure - authenc(hmac(sha256), cbc(aes)) support 2018-05-27 00:11:59 +08:00
Makefile crypto: bfin_crc - remove blackfin CRC driver 2018-03-23 23:48:37 +08:00
mxc-scc.c crypto: mxc-scc - fix error code in mxc_scc_probe() 2017-07-18 17:50:54 +08:00
mxs-dcp.c crypto: mxs-dcp - Add empty hash export and import 2018-02-15 23:23:44 +08:00
n2_asm.S License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
n2_core.c crypto: n2 - Add empty hash export and import 2018-02-15 23:23:45 +08:00
n2_core.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
omap-aes-gcm.c crypto: omap-aes - pr_err() strings should end with newlines 2017-10-12 22:54:51 +08:00
omap-aes.c crypto: omap-aes - make queue length configurable 2018-03-09 22:45:39 +08:00
omap-aes.h crypto: omap - convert to new crypto engine API 2018-02-15 23:26:51 +08:00
omap-crypto.c crypto: omap-crypto - Verify page zone scatterlists before starting DMA 2018-03-09 22:45:36 +08:00
omap-crypto.h crypto: omap - add base support library for common routines 2017-06-10 12:04:15 +08:00
omap-des.c crypto: omap - convert to new crypto engine API 2018-02-15 23:26:51 +08:00
omap-sham.c crypto: omap-sham - fix memleak 2018-04-28 16:09:35 +08:00
padlock-aes.c x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping 2018-02-15 01:15:52 +01:00
padlock-sha.c crypto: padlock-sha - constify x86_cpu_id 2017-09-22 17:43:20 +08:00
picoxcell_crypto_regs.h crypto: picoxcell - add support for the picoxcell crypto engines 2011-02-21 22:42:40 +11:00
picoxcell_crypto.c crypto: drivers - simplify getting .drvdata 2018-04-28 16:09:35 +08:00
s5p-sss.c crypto: s5p-sss - Constify pointed data (arguments and local variables) 2018-03-09 22:45:47 +08:00
sahara.c crypto: sahara - Improve a size determination in sahara_probe() 2018-02-22 22:16:38 +08:00
talitos.c crypto: talitos - don't leak pointers to authenc keys 2018-03-31 01:33:14 +08:00
talitos.h crypto: talitos - chain in buffered data for ahash on SEC1 2017-10-12 22:55:38 +08:00