Re: [PATCH v3 1/2] crypto: Implement a generic crypto statistics

On Wed, Sep 19, 2018 at 10:10:54AM +, Corentin Labbe wrote: > diff --git a/include/uapi/linux/cryptouser.h b/include/uapi/linux/cryptouser.h > index 19bf0ca6d635..6dafbc3e4414 100644 > --- a/include/uapi/linux/cryptouser.h > +++ b/include/uapi/linux/cryptouser.h > @@ -29,6 +29,7 @@ enum { >

Re: KASAN: use-after-free Read in skcipher_recvmsg

[+cla...@baylibre.com] Hi Corentin, I think this is a bug in the new crypto statistics feature. In the skcipher_decrypt case the code is (but this applies elsewhere too!): static inline void crypto_stat_skcipher_decrypt(struct skcipher_request *req,

Re: [PATCH v3 1/2] crypto: Implement a generic crypto statistics

Hi Corentin, On Wed, Sep 19, 2018 at 10:10:54AM +, Corentin Labbe wrote: > This patch implement a generic way to get statistics about all crypto > usages. > > Signed-off-by: Corentin Labbe > --- > crypto/Kconfig | 11 + > crypto/Makefile

Re: [PATCH] crypto: crypto_user_stat: Zeroize whole structure given to user space

On Fri, Oct 19, 2018 at 12:27:25PM +, Corentin Labbe wrote: > For preventing un-initilized data to be given to user-space (and so leak > potential useful data), the crypto_stat structure must be correctly > initialised. > > Reported-by: Dan Carpenter > Fixes: cac5818c25d0 ("crypto: user - Imp

[PATCH 4/4] crypto: crypto_user - clean up report structure copying

From: Eric Biggers There have been a pretty ridiculous number of issues with initializing the report structures that are copied to userspace by NETLINK_CRYPTO. Commit 4473710df1f8 ("crypto: user - Prepare for CRYPTO_MAX_ALG_NAME expansion") replaced some strncpy()s with strlcpy()s, thereby introd

[PATCH 0/4] crypto: crypto_user reporting fixes and cleanups

This series fixes all the information leaks in crypto_user reporting, removes some redundant reporting functions, and makes some changes to reduce the chance of similar information leaks in the future. Patch 2 is based on a patch already sent by Corentin Labbe, but it was incomplete so I fixed it.

[PATCH 1/4] crypto: crypto_user - fix leaking uninitialized memory to userspace

From: Eric Biggers All bytes of the NETLINK_CRYPTO report structures must be initialized, since they are copied to userspace. The change from strncpy() to strlcpy() broke this. As a minimal fix, change it back. Fixes: 4473710df1f8 ("crypto: user - Prepare for CRYPTO_MAX_ALG_NAME expansion") Cc

[PATCH 3/4] crypto: crypto_user - remove redundant reporting functions

From: Eric Biggers The acomp, akcipher, and kpp algorithm types already have .report methods defined, so there's no need to duplicate this functionality in crypto_user itself; the duplicate functions are actually never executed. Remove the unused code. Signed-off-by: Eric Biggers --- crypto/cr

[PATCH 2/4] crypto: crypto_user_stat - Zeroize whole structure given to user space

From: Corentin Labbe For preventing uninitialized data to be given to user-space (and so leak potential useful data), the crypto_stat structure must be correctly initialized. Reported-by: Dan Carpenter Fixes: cac5818c25d0 ("crypto: user - Implement a generic crypto statistics") Signed-off-by: C