| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200922160328.28926-8-andrei.botila@oss.nxp.com>
Date: Tue, 22 Sep 2020 19:03:25 +0300
From: Andrei Botila <andrei.botila@....nxp.com>
To: Horia Geanta <horia.geanta@....com>,
Aymen Sghaier <aymen.sghaier@....com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>
Cc: linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH v3 07/10] crypto: caam - add xts check for block length equal to zero
From: Andrei Botila <andrei.botila@....com>
XTS should not return succes when dealing with block length equal to zero.
This is different than the rest of the skcipher algorithms.
Fixes: 31bb2f0da1b50 ("crypto: caam - check zero-length input")
Cc: <stable@...r.kernel.org> # v5.4+
Signed-off-by: Andrei Botila <andrei.botila@....com>
---
drivers/crypto/caam/caamalg.c | 7 ++++++-
drivers/crypto/caam/caamalg_qi.c | 7 ++++++-
drivers/crypto/caam/caamalg_qi2.c | 14 ++++++++++++--
3 files changed, 24 insertions(+), 4 deletions(-)
diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c
index a79b26f84169..e72aa3e2e065 100644
--- a/drivers/crypto/caam/caamalg.c
+++ b/drivers/crypto/caam/caamalg.c
@@ -1787,7 +1787,12 @@ static inline int skcipher_crypt(struct skcipher_request *req, bool encrypt)
u32 *desc;
int ret = 0;
- if (!req->cryptlen)
+ /*
+ * XTS is expected to return an error even for input length = 0
+ * Note that the case input length < block size will be caught during
+ * HW offloading and return an error.
+ */
+ if (!req->cryptlen && !ctx->fallback)
return 0;
if (ctx->fallback && (xts_skcipher_ivsize(req) ||
diff --git a/drivers/crypto/caam/caamalg_qi.c b/drivers/crypto/caam/caamalg_qi.c
index 30aceaf325d7..efcc7cb050fc 100644
--- a/drivers/crypto/caam/caamalg_qi.c
+++ b/drivers/crypto/caam/caamalg_qi.c
@@ -1405,7 +1405,12 @@ static inline int skcipher_crypt(struct skcipher_request *req, bool encrypt)
struct caam_ctx *ctx = crypto_skcipher_ctx(skcipher);
int ret;
- if (!req->cryptlen)
+ /*
+ * XTS is expected to return an error even for input length = 0
+ * Note that the case input length < block size will be caught during
+ * HW offloading and return an error.
+ */
+ if (!req->cryptlen && !ctx->fallback)
return 0;
if (ctx->fallback && (xts_skcipher_ivsize(req) ||
diff --git a/drivers/crypto/caam/caamalg_qi2.c b/drivers/crypto/caam/caamalg_qi2.c
index 255b818c82b2..4cbd7e834888 100644
--- a/drivers/crypto/caam/caamalg_qi2.c
+++ b/drivers/crypto/caam/caamalg_qi2.c
@@ -1472,7 +1472,12 @@ static int skcipher_encrypt(struct skcipher_request *req)
struct caam_request *caam_req = skcipher_request_ctx(req);
int ret;
- if (!req->cryptlen)
+ /*
+ * XTS is expected to return an error even for input length = 0
+ * Note that the case input length < block size will be caught during
+ * HW offloading and return an error.
+ */
+ if (!req->cryptlen && !ctx->fallback)
return 0;
if (ctx->fallback && (xts_skcipher_ivsize(req) ||
@@ -1516,7 +1521,12 @@ static int skcipher_decrypt(struct skcipher_request *req)
struct caam_request *caam_req = skcipher_request_ctx(req);
int ret;
- if (!req->cryptlen)
+ /*
+ * XTS is expected to return an error even for input length = 0
+ * Note that the case input length < block size will be caught during
+ * HW offloading and return an error.
+ */
+ if (!req->cryptlen && !ctx->fallback)
return 0;
if (ctx->fallback && (xts_skcipher_ivsize(req) ||
--
2.17.1
Powered by blists - more mailing lists