• Eric Biggers's avatar
    crypto: skcipher - set walk.iv for zero-length inputs · 2b4f27c3
    Eric Biggers authored
    All the ChaCha20 algorithms as well as the ARM bit-sliced AES-XTS
    algorithms call skcipher_walk_virt(), then access the IV (walk.iv)
    before checking whether any bytes need to be processed (walk.nbytes).
    
    But if the input is empty, then skcipher_walk_virt() doesn't set the IV,
    and the algorithms crash trying to use the uninitialized IV pointer.
    
    Fix it by setting the IV earlier in skcipher_walk_virt().  Also fix it
    for the AEAD walk functions.
    
    This isn't a perfect solution because we can't actually align the IV to
    ->cra_alignmask unless there are bytes to process, for one because the
    temporary buffer for the aligned IV is freed by skcipher_walk_done(),
    which is only called when there are bytes to process.  Thus, algorithms
    that require aligned IVs will still need to avoid accessing the IV when
    walk.nbytes == 0.  Still, many algorithms/architectures are fine with
    IVs having any alignment, and even for those that aren't, a misaligned
    pointer bug is much less severe than an uninitialized pointer bug.
    
    This change also matches the behavior of the older blkcipher_walk API.
    
    Fixes: 0cabf2af ("crypto: skcipher - Fix crash on zero-length input")
    Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
    Cc: <stable@vger.kernel.org> # v4.14+
    Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    2b4f27c3
Name
Last commit
Last update
Documentation Loading commit data...
arch Loading commit data...
block Loading commit data...
certs Loading commit data...
crypto Loading commit data...
drivers Loading commit data...
firmware Loading commit data...
fs Loading commit data...
include Loading commit data...
init Loading commit data...
ipc Loading commit data...
kernel Loading commit data...
lib Loading commit data...
mm Loading commit data...
net Loading commit data...
samples Loading commit data...
scripts Loading commit data...
security Loading commit data...
sound Loading commit data...
tools Loading commit data...
usr Loading commit data...
virt Loading commit data...
.cocciconfig Loading commit data...
.get_maintainer.ignore Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
COPYING Loading commit data...
CREDITS Loading commit data...
Kbuild Loading commit data...
Kconfig Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
README Loading commit data...