Hi:
While back-porting xcbc I found this little buglet.
[CRYPTO] xcbc: Fix algorithm leak when block size check fails
When the underlying algorithm has a block size other than 16 we abort
without freeing it. In fact, we try to return the algorithm itself
as an error!
This patch plugs the leak and makes it return -EINVAL instead.
Signed-off-by: Herbert Xu <[email protected]>
diff --git a/crypto/xcbc.c b/crypto/xcbc.c
index 789cdee..e3d9503 100644
--- a/crypto/xcbc.c
+++ b/crypto/xcbc.c
@@ -307,7 +307,8 @@ static struct crypto_instance *xcbc_alloc(struct rtattr **tb)
case 16:
break;
default:
- return ERR_PTR(PTR_ERR(alg));
+ inst = ERR_PTR(-EINVAL);
+ goto out_put_alg;
}
inst = crypto_alloc_instance("xcbc", alg);
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Tue, Jan 01, 2008 at 03:46:07PM +1100, Herbert Xu wrote:
>
> While back-porting xcbc I found this little buglet.
And here's another one:
[CRYPTO] xcbc: Remove bogus hash/cipher test
When setting the digest size xcbc tests to see if the underlying algorithm
is a hash. This is silly because we don't allow it to be a hash and we've
specifically requested for a cipher.
This patch removes the bogus test.
Signed-off-by: Herbert Xu <[email protected]>
diff --git a/crypto/xcbc.c b/crypto/xcbc.c
index e3d9503..a82959d 100644
--- a/crypto/xcbc.c
+++ b/crypto/xcbc.c
@@ -321,10 +321,7 @@ static struct crypto_instance *xcbc_alloc(struct rtattr **tb)
inst->alg.cra_alignmask = alg->cra_alignmask;
inst->alg.cra_type = &crypto_hash_type;
- inst->alg.cra_hash.digestsize =
- (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) ==
- CRYPTO_ALG_TYPE_HASH ? alg->cra_hash.digestsize :
- alg->cra_blocksize;
+ inst->alg.cra_hash.digestsize = alg->cra_blocksize;
inst->alg.cra_ctxsize = sizeof(struct crypto_xcbc_ctx) +
ALIGN(inst->alg.cra_blocksize * 3, sizeof(void *));
inst->alg.cra_init = xcbc_init_tfm;
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Tue, Jan 01, 2008 at 03:50:04PM +1100, Herbert Xu wrote:
>
> And here's another one:
In order to see if it still works:
[CRYPTO] tcrypt: Make xcbc available as a standalone test
Currently the gcm(aes) tests have to be taken together with all other
algorithms. This patch makes it available by itself at number 106.
Signed-off-by: Herbert Xu <[email protected]>
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 72073ef..6878526 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -1608,11 +1608,16 @@ static void do_test(void)
test_hash("hmac(sha512)", hmac_sha512_tv_template,
HMAC_SHA512_TEST_VECTORS);
break;
+
case 105:
test_hash("hmac(sha224)", hmac_sha224_tv_template,
HMAC_SHA224_TEST_VECTORS);
break;
+ case 106:
+ test_hash("xcbc(aes)", aes_xcbc128_tv_template,
+ XCBC_AES_TEST_VECTORS);
+
case 200:
test_cipher_speed("ecb(aes)", ENCRYPT, sec, NULL, 0,
aes_speed_template);
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Tue, Jan 01, 2008 at 03:58:21PM +1100, Herbert Xu wrote:
>
> In order to see if it still works:
>
> [CRYPTO] tcrypt: Make xcbc available as a standalone test
It helps to have a break:
[CRYPTO] tcrypt: Make xcbc available as a standalone test
Currently the gcm(aes) tests have to be taken together with all other
algorithms. This patch makes it available by itself at number 106.
Signed-off-by: Herbert Xu <[email protected]>
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 72073ef..1ab8c01 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -1608,11 +1608,17 @@ static void do_test(void)
test_hash("hmac(sha512)", hmac_sha512_tv_template,
HMAC_SHA512_TEST_VECTORS);
break;
+
case 105:
test_hash("hmac(sha224)", hmac_sha224_tv_template,
HMAC_SHA224_TEST_VECTORS);
break;
+ case 106:
+ test_hash("xcbc(aes)", aes_xcbc128_tv_template,
+ XCBC_AES_TEST_VECTORS);
+ break;
+
case 200:
test_cipher_speed("ecb(aes)", ENCRYPT, sec, NULL, 0,
aes_speed_template);
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt