lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu,  5 Mar 2020 12:22:55 +0200
From:   Andrei Botila <andrei.botila@....nxp.com>
To:     Herbert Xu <herbert@...dor.apana.org.au>,
        "David S. Miller" <davem@...emloft.net>
Cc:     linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [RFC] crypto: xts - add check for input length equal to zero

From: Andrei Botila <andrei.botila@....com>

Through this RFC we try to standardize the way input lengths equal to 0
are handled in all skcipher algorithms. Currently, in xts when an input
has a length smaller than XTS_BLOCK_SIZE it returns -EINVAL while the
other algorithms return 0 for input lengths equal to zero.
The algorithms that implement this check are CBC, ARC4, CFB, OFB, SALSA20,
CTR, ECB and PCBC, XTS being the outlier here. All of them call
skcipher_walk_virt() which returns 0 if skcipher_walk_skcipher() finds
that input length is equal to 0.
This case was discovered when fuzz testing was enabled since it generates
this input length.
This RFC wants to find out if the approach is ok before updating the
other xts implementations.

Signed-off-by: Andrei Botila <andrei.botila@....com>
---
 crypto/xts.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/crypto/xts.c b/crypto/xts.c
index 29efa15f1495..51eaf08603af 100644
--- a/crypto/xts.c
+++ b/crypto/xts.c
@@ -258,6 +258,9 @@ static int encrypt(struct skcipher_request *req)
 	struct skcipher_request *subreq = &rctx->subreq;
 	int err;
 
+	if (!req->cryptlen)
+		return 0;
+
 	err = init_crypt(req, encrypt_done) ?:
 	      xor_tweak_pre(req, true) ?:
 	      crypto_skcipher_encrypt(subreq) ?:
@@ -275,6 +278,9 @@ static int decrypt(struct skcipher_request *req)
 	struct skcipher_request *subreq = &rctx->subreq;
 	int err;
 
+	if (!req->cryptlen)
+		return 0;
+
 	err = init_crypt(req, decrypt_done) ?:
 	      xor_tweak_pre(req, false) ?:
 	      crypto_skcipher_decrypt(subreq) ?:
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ