[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200128025551.GE960@sol.localdomain>
Date: Mon, 27 Jan 2020 18:55:51 -0800
From: Eric Biggers <ebiggers@...nel.org>
To: Gilad Ben-Yossef <gilad@...yossef.com>
Cc: Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
Ofir Drang <ofir.drang@....com>,
Geert Uytterhoeven <geert@...ux-m68k.org>,
linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC v3] crypto: ccree - protect against short scatterlists
On Mon, Jan 27, 2020 at 05:08:21PM +0200, Gilad Ben-Yossef wrote:
> Deal gracefully with the event of being handed a scatterlist
> which is shorter than expected.
>
> This mitigates a crash in some cases due to
> attempt to map empty (but not NULL) scatterlists with none
> zero lengths.
>
> Signed-off-by: Gilad Ben-Yossef <gilad@...yossef.com>
> Reported-by: Geert Uytterhoeven <geert@...ux-m68k.org>
It's definitely wrong use of the crypto API to pass a scatterlist that's too
short. Note that this is *not* what the test code is doing.
So I don't think you should be hacking around it here.
It is possible the bug is actually in cc_aead_chain_data()? It looks like it's
adding the authentication tag size to the source data size for encryption, which
is not correct. The authentication tag is part of the destination only.
size_for_map += (direct == DRV_CRYPTO_DIRECTION_ENCRYPT) ?
authsize : 0;
src_mapped_nents = cc_get_sgl_nents(dev, req->src, size_for_map,
&src_last_bytes);
- Eric
Powered by blists - more mailing lists