www.infradead.org Git - users/jedix/linux-maple.git/commit

author	tim <tim.c.chen@linux.intel.com>
	Mon, 5 Dec 2016 19:46:31 +0000 (11:46 -0800)
committer	Chuck Anderson <chuck.anderson@oracle.com>
	Sun, 26 Feb 2017 21:53:53 +0000 (13:53 -0800)
commit	64d93b7710a476385e62dde73993986fa86d5dc2
tree	5f8f5788396f0c78aba6d6341592a547117ad13a	tree
parent	16db38cd53985208362f231da6433ace82f0b0ff	commit \| diff

crypto: mcryptd - Check mcryptd algorithm compatibility

Orabug: 25415629
CVE: CVE-2016-10147

Algorithms not compatible with mcryptd could be spawned by mcryptd
with a direct crypto_alloc_tfm invocation using a "mcryptd(alg)" name
construct. This causes mcryptd to crash the kernel if an arbitrary
"alg" is incompatible and not intended to be used with mcryptd. It is
an issue if AF_ALG tries to spawn mcryptd(alg) to expose it externally.
But such algorithms must be used internally and not be exposed.

We added a check to enforce that only internal algorithms are allowed
with mcryptd at the time mcryptd is spawning an algorithm.

Link: http://marc.info/?l=linux-crypto-vger&m=148063683310477&w=2
Cc: stable@vger.kernel.org
Reported-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 48a992727d82cb7db076fa15d372178743b1f4cd)
Signed-off-by: Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com>
Reviewed-by: Jack Vogel <jack.vogel@oracle.com>