mirror of
https://github.com/torvalds/linux.git
synced 2024-11-18 01:51:53 +00:00
9a5467bf7b
Three errors resulting in kernel memory disclosure: 1/ The structures used for the netlink based crypto algorithm report API are located on the stack. As snprintf() does not fill the remainder of the buffer with null bytes, those stack bytes will be disclosed to users of the API. Switch to strncpy() to fix this. 2/ crypto_report_one() does not initialize all field of struct crypto_user_alg. Fix this to fix the heap info leak. 3/ For the module name we should copy only as many bytes as module_name() returns -- not as much as the destination buffer could hold. But the current code does not and therefore copies random data from behind the end of the module name, as the module name is always shorter than CRYPTO_MAX_ALG_NAME. Also switch to use strncpy() to copy the algorithm's name and driver_name. They are strings, after all. Signed-off-by: Mathias Krause <minipli@googlemail.com> Cc: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
155 lines
3.3 KiB
C
155 lines
3.3 KiB
C
/*
|
|
* Cryptographic API.
|
|
*
|
|
* RNG operations.
|
|
*
|
|
* Copyright (c) 2008 Neil Horman <nhorman@tuxdriver.com>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License as published by the Free
|
|
* Software Foundation; either version 2 of the License, or (at your option)
|
|
* any later version.
|
|
*
|
|
*/
|
|
|
|
#include <linux/atomic.h>
|
|
#include <crypto/internal/rng.h>
|
|
#include <linux/err.h>
|
|
#include <linux/module.h>
|
|
#include <linux/mutex.h>
|
|
#include <linux/random.h>
|
|
#include <linux/seq_file.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/string.h>
|
|
#include <linux/cryptouser.h>
|
|
#include <net/netlink.h>
|
|
|
|
static DEFINE_MUTEX(crypto_default_rng_lock);
|
|
struct crypto_rng *crypto_default_rng;
|
|
EXPORT_SYMBOL_GPL(crypto_default_rng);
|
|
static int crypto_default_rng_refcnt;
|
|
|
|
static int rngapi_reset(struct crypto_rng *tfm, u8 *seed, unsigned int slen)
|
|
{
|
|
u8 *buf = NULL;
|
|
int err;
|
|
|
|
if (!seed && slen) {
|
|
buf = kmalloc(slen, GFP_KERNEL);
|
|
if (!buf)
|
|
return -ENOMEM;
|
|
|
|
get_random_bytes(buf, slen);
|
|
seed = buf;
|
|
}
|
|
|
|
err = crypto_rng_alg(tfm)->rng_reset(tfm, seed, slen);
|
|
|
|
kfree(buf);
|
|
return err;
|
|
}
|
|
|
|
static int crypto_init_rng_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
|
|
{
|
|
struct rng_alg *alg = &tfm->__crt_alg->cra_rng;
|
|
struct rng_tfm *ops = &tfm->crt_rng;
|
|
|
|
ops->rng_gen_random = alg->rng_make_random;
|
|
ops->rng_reset = rngapi_reset;
|
|
|
|
return 0;
|
|
}
|
|
|
|
#ifdef CONFIG_NET
|
|
static int crypto_rng_report(struct sk_buff *skb, struct crypto_alg *alg)
|
|
{
|
|
struct crypto_report_rng rrng;
|
|
|
|
strncpy(rrng.type, "rng", sizeof(rrng.type));
|
|
|
|
rrng.seedsize = alg->cra_rng.seedsize;
|
|
|
|
if (nla_put(skb, CRYPTOCFGA_REPORT_RNG,
|
|
sizeof(struct crypto_report_rng), &rrng))
|
|
goto nla_put_failure;
|
|
return 0;
|
|
|
|
nla_put_failure:
|
|
return -EMSGSIZE;
|
|
}
|
|
#else
|
|
static int crypto_rng_report(struct sk_buff *skb, struct crypto_alg *alg)
|
|
{
|
|
return -ENOSYS;
|
|
}
|
|
#endif
|
|
|
|
static void crypto_rng_show(struct seq_file *m, struct crypto_alg *alg)
|
|
__attribute__ ((unused));
|
|
static void crypto_rng_show(struct seq_file *m, struct crypto_alg *alg)
|
|
{
|
|
seq_printf(m, "type : rng\n");
|
|
seq_printf(m, "seedsize : %u\n", alg->cra_rng.seedsize);
|
|
}
|
|
|
|
static unsigned int crypto_rng_ctxsize(struct crypto_alg *alg, u32 type,
|
|
u32 mask)
|
|
{
|
|
return alg->cra_ctxsize;
|
|
}
|
|
|
|
const struct crypto_type crypto_rng_type = {
|
|
.ctxsize = crypto_rng_ctxsize,
|
|
.init = crypto_init_rng_ops,
|
|
#ifdef CONFIG_PROC_FS
|
|
.show = crypto_rng_show,
|
|
#endif
|
|
.report = crypto_rng_report,
|
|
};
|
|
EXPORT_SYMBOL_GPL(crypto_rng_type);
|
|
|
|
int crypto_get_default_rng(void)
|
|
{
|
|
struct crypto_rng *rng;
|
|
int err;
|
|
|
|
mutex_lock(&crypto_default_rng_lock);
|
|
if (!crypto_default_rng) {
|
|
rng = crypto_alloc_rng("stdrng", 0, 0);
|
|
err = PTR_ERR(rng);
|
|
if (IS_ERR(rng))
|
|
goto unlock;
|
|
|
|
err = crypto_rng_reset(rng, NULL, crypto_rng_seedsize(rng));
|
|
if (err) {
|
|
crypto_free_rng(rng);
|
|
goto unlock;
|
|
}
|
|
|
|
crypto_default_rng = rng;
|
|
}
|
|
|
|
crypto_default_rng_refcnt++;
|
|
err = 0;
|
|
|
|
unlock:
|
|
mutex_unlock(&crypto_default_rng_lock);
|
|
|
|
return err;
|
|
}
|
|
EXPORT_SYMBOL_GPL(crypto_get_default_rng);
|
|
|
|
void crypto_put_default_rng(void)
|
|
{
|
|
mutex_lock(&crypto_default_rng_lock);
|
|
if (!--crypto_default_rng_refcnt) {
|
|
crypto_free_rng(crypto_default_rng);
|
|
crypto_default_rng = NULL;
|
|
}
|
|
mutex_unlock(&crypto_default_rng_lock);
|
|
}
|
|
EXPORT_SYMBOL_GPL(crypto_put_default_rng);
|
|
|
|
MODULE_LICENSE("GPL");
|
|
MODULE_DESCRIPTION("Random Number Generator");
|