| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251007141852.726540-1-t-pratham@ti.com>
Date: Tue, 7 Oct 2025 19:27:51 +0530
From: T Pratham <t-pratham@...com>
To: Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller"
<davem@...emloft.net>
CC: T Pratham <t-pratham@...com>, Manorit Chawdhry <m-chawdhry@...com>,
Kamlesh Gurudasani <kamlesh@...com>,
Shiva Tripathi <s-tripathi1@...com>,
Kavitha Malarvizhi <k-malarvizhi@...com>,
Vishal Mahaveer <vishalm@...com>, Praneeth Bajjuri <praneeth@...com>,
<linux-crypto@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: [PATCH] crypto: api - fix reqsize handling for skciphers and aeads
Commit afddce13ce81d ("crypto: api - Add reqsize to crypto_alg")
introduced cra_reqsize field in crypto_alg struct to replace type
specific reqsize fields. It looks like this was introduced specifically
for ahash and acomp from the commit description as subsequent commits
add necessary changes in these alg frameworks.
However, this is being recommended for use in all crypto algs [1]
instead of setting reqsize using crypto_*_set_reqsize(). Using
cra_reqsize in skcipher and aead algorithms, hence, causes memory
corruptions and crashes as the underlying functions in the algorithm
framework have not been updated to set the reqsize properly from
cra_reqsize. [2]
Add proper set_reqsize calls in the skcipher and aead init functions to
properly initialize reqsize for these algorithms in the framework.
[1]: https://lore.kernel.org/linux-crypto/aCL8BxpHr5OpT04k@gondor.apana.org.au/
[2]: https://gist.github.com/Pratham-T/24247446f1faf4b7843e4014d5089f6b
Fixes: afddce13ce81d ("crypto: api - Add reqsize to crypto_alg")
Signed-off-by: T Pratham <t-pratham@...com>
---
Found this while developing TI DTHEv2 crypto driver. I narrowed that
these crashes in [2] are due to some upstream change and not my code as
the same driver is working fine in our internal 6.12 LTS version (with
daily CI builds not showing any regression from crypto subsystem). The
*only* change is replacing crypto_skcipher_set_reqsize() with
cra_reqsize in algorithms as this patch was introduced after 6.12.
Now, these crashes were not caught earlier because [3] split the
in-kernel self-tests into two configs (CRYPTO_SELFTESTS and
CRYPTO_SELFTESTS_FULL) which went unnoticed in my local development flow
and the CRYPTO_SELFTESTS_FULL config was not enabled till recently. [2]
shows after applying this patch, the driver passes all selftests
succssfully with CRYPTO_SELFTESTS_FULL=y.
[3]: https://lore.kernel.org/linux-crypto/20250612174709.26990-1-ebiggers@kernel.org/
---
crypto/aead.c | 1 +
crypto/skcipher.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/crypto/aead.c b/crypto/aead.c
index 5d14b775036ee..51ab3af691af2 100644
--- a/crypto/aead.c
+++ b/crypto/aead.c
@@ -120,6 +120,7 @@ static int crypto_aead_init_tfm(struct crypto_tfm *tfm)
struct aead_alg *alg = crypto_aead_alg(aead);
crypto_aead_set_flags(aead, CRYPTO_TFM_NEED_KEY);
+ crypto_aead_set_reqsize(aead, crypto_tfm_alg_reqsize(tfm));
aead->authsize = alg->maxauthsize;
diff --git a/crypto/skcipher.c b/crypto/skcipher.c
index de5fc91bba267..8fa5d9686d085 100644
--- a/crypto/skcipher.c
+++ b/crypto/skcipher.c
@@ -294,6 +294,8 @@ static int crypto_skcipher_init_tfm(struct crypto_tfm *tfm)
return crypto_init_lskcipher_ops_sg(tfm);
}
+ crypto_skcipher_set_reqsize(skcipher, crypto_tfm_alg_reqsize(tfm));
+
if (alg->exit)
skcipher->base.exit = crypto_skcipher_exit_tfm;
--
2.43.0
Powered by blists - more mailing lists