setkey() in {cipher,blkcipher,ablkcipher,hash}.c does not respect the
requested alignment by the algorithm. This patch fixes it.
Signed-off-by: Sebastian Siewior <[email protected]>
Index: linux/crypto/cipher.c
===================================================================
--- linux.orig/crypto/cipher.c
+++ linux/crypto/cipher.c
@@ -20,16 +20,32 @@
#include <linux/string.h>
#include "internal.h"
+static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen,
+ unsigned long alignmask)
+{
+ struct cipher_alg *cia = &tfm->__crt_alg->cra_cipher;
+ u8 buffer[keylen + alignmask];
+ u8 *alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
+
+ memcpy(alignbuffer, key, keylen);
+ return cia->cia_setkey(tfm, alignbuffer, keylen);
+}
+
static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen)
{
struct cipher_alg *cia = &tfm->__crt_alg->cra_cipher;
-
+ unsigned long alignmask = crypto_tfm_alg_alignmask(tfm);
+
tfm->crt_flags &= ~CRYPTO_TFM_RES_MASK;
if (keylen < cia->cia_min_keysize || keylen > cia->cia_max_keysize) {
tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
return -EINVAL;
- } else
- return cia->cia_setkey(tfm, key, keylen);
+ }
+
+ if (unlikely((unsigned long) key & alignmask))
+ return setkey_unaligned(tfm, key, keylen, alignmask);
+
+ return cia->cia_setkey(tfm, key, keylen);
}
static void cipher_crypt_unaligned(void (*fn)(struct crypto_tfm *, u8 *,
Index: linux/crypto/ablkcipher.c
===================================================================
--- linux.orig/crypto/ablkcipher.c
+++ linux/crypto/ablkcipher.c
@@ -19,16 +19,31 @@
#include <linux/module.h>
#include <linux/seq_file.h>
+static int setkey_unaligned(struct crypto_ablkcipher *tfm, const u8 *key, unsigned int keylen,
+ unsigned long alignmask)
+{
+ struct ablkcipher_alg *cipher = crypto_ablkcipher_alg(tfm);
+ u8 buffer[keylen + alignmask];
+ u8 *alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
+
+ memcpy(alignbuffer, key, keylen);
+ return cipher->setkey(tfm, alignbuffer, keylen);
+}
+
static int setkey(struct crypto_ablkcipher *tfm, const u8 *key,
unsigned int keylen)
{
struct ablkcipher_alg *cipher = crypto_ablkcipher_alg(tfm);
+ unsigned long alignmask = crypto_ablkcipher_alignmask(tfm);
if (keylen < cipher->min_keysize || keylen > cipher->max_keysize) {
crypto_ablkcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
return -EINVAL;
}
+ if (unlikely((unsigned long) key & alignmask))
+ return setkey_unaligned(tfm, key, keylen, alignmask);
+
return cipher->setkey(tfm, key, keylen);
}
Index: linux/crypto/blkcipher.c
===================================================================
--- linux.orig/crypto/blkcipher.c
+++ linux/crypto/blkcipher.c
@@ -336,16 +336,31 @@ static int blkcipher_walk_first(struct b
return blkcipher_walk_next(desc, walk);
}
+static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen,
+ unsigned long alignmask)
+{
+ struct blkcipher_alg *cipher = &tfm->__crt_alg->cra_blkcipher;
+ u8 buffer[keylen + alignmask];
+ u8 *alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
+
+ memcpy(alignbuffer, key, keylen);
+ return cipher->setkey(tfm, alignbuffer, keylen);
+}
+
static int setkey(struct crypto_tfm *tfm, const u8 *key,
unsigned int keylen)
{
struct blkcipher_alg *cipher = &tfm->__crt_alg->cra_blkcipher;
+ unsigned long alignmask = crypto_tfm_alg_alignmask(tfm);
if (keylen < cipher->min_keysize || keylen > cipher->max_keysize) {
tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
return -EINVAL;
}
+ if (unlikely((unsigned long) key & alignmask))
+ return setkey_unaligned(tfm, key, keylen, alignmask);
+
return cipher->setkey(tfm, key, keylen);
}
Index: linux/crypto/hash.c
===================================================================
--- linux.orig/crypto/hash.c
+++ linux/crypto/hash.c
@@ -22,6 +22,31 @@ static unsigned int crypto_hash_ctxsize(
return alg->cra_ctxsize;
}
+static int hash_setkey_unaligned(struct crypto_hash *crt, const u8 *key,
+ unsigned int keylen, unsigned int alignmask)
+{
+ struct crypto_tfm *tfm = crypto_hash_tfm(crt);
+ struct hash_alg *alg = &tfm->__crt_alg->cra_hash;
+ u8 buffer[keylen + alignmask];
+ u8 *alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
+
+ memcpy(alignbuffer, key, keylen);
+ return alg->setkey(crt, alignbuffer, keylen);
+}
+
+static int hash_setkey(struct crypto_hash *crt, const u8 *key,
+ unsigned int keylen)
+{
+ struct crypto_tfm *tfm = crypto_hash_tfm(crt);
+ struct hash_alg *alg = &tfm->__crt_alg->cra_hash;
+ unsigned int alignmask = crypto_hash_alignmask(crt);
+
+ if (unlikely((unsigned long) key & alignmask))
+ return hash_setkey_unaligned(crt, key, keylen, alignmask);
+
+ return alg->setkey(crt, key, keylen);
+}
+
static int crypto_init_hash_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
{
struct hash_tfm *crt = &tfm->crt_hash;
@@ -34,7 +59,7 @@ static int crypto_init_hash_ops(struct c
crt->update = alg->update;
crt->final = alg->final;
crt->digest = alg->digest;
- crt->setkey = alg->setkey;
+ crt->setkey = hash_setkey;
crt->digestsize = alg->digestsize;
return 0;
On Thu, May 10, 2007 at 11:57:17AM +0200, Sebastian Siewior wrote:
> setkey() in {cipher,blkcipher,ablkcipher,hash}.c does not respect the
> requested alignment by the algorithm. This patch fixes it.
Thanks for the patch!
> +static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen,
> + unsigned long alignmask)
> +{
> + struct cipher_alg *cia = &tfm->__crt_alg->cra_cipher;
> + u8 buffer[keylen + alignmask];
Hmm, I'm not comfortable with this since keylen could be unbounded,
especially for hash algorithms. How about getting the memory via
kmalloc instead?
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
* Herbert Xu | 2007-05-18 16:30:01 [+1000]:
>> +static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen,
>> + unsigned long alignmask)
>> +{
>> + struct cipher_alg *cia = &tfm->__crt_alg->cra_cipher;
>> + u8 buffer[keylen + alignmask];
>
>Hmm, I'm not comfortable with this since keylen could be unbounded,
>especially for hash algorithms. How about getting the memory via
>kmalloc instead?
Good point. I take kmalloc() with GFP_KERNEL (the caller should not be
atomic at this point). Additionaly I zero the temporary key (I don't
think the setkey() path is performace critical).
>Cheers,
Sebastian
On Fri, May 18, 2007 at 03:43:41PM +0200, Sebastian Siewior wrote:
>
> Good point. I take kmalloc() with GFP_KERNEL (the caller should not be
> atomic at this point). Additionaly I zero the temporary key (I don't
> think the setkey() path is performace critical).
They shouldn't be. But it would be good if you could do a grep to see
if any of them are doing it in an atomic context since we've not tested
for this before.
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
* Herbert Xu | 2007-05-18 23:46:32 [+1000]:
>> Good point. I take kmalloc() with GFP_KERNEL (the caller should not be
>> atomic at this point). Additionaly I zero the temporary key (I don't
>
>They shouldn't be. But it would be good if you could do a grep to see
>if any of them are doing it in an atomic context since we've not tested
>for this before.
Huh, this was too fast. I greped after sending the patch...
drivers/net/ppp_mppe.c: can't tell, probably not.
net/mac80211/wep.c: caller is requesting memory with GFP_ATOMIC. The
code might get called from a tasklet handler but can't really say. There
are some skbs around.
The others are pretty easy to tell and they don't, just the mac80211.
Do you s/GFP_KERNEL/GFP_ATOMIC/ ?
>Thanks,
Sebastian