Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp237918yba; Mon, 20 May 2019 07:56:49 -0700 (PDT) X-Google-Smtp-Source: APXvYqw2I3H4GpJxb/rAeEJ5bF5j2UKJah2wFcuuWuJfda7K31/WSCjxl39KwuXhtBBuLVq2z5+a X-Received: by 2002:a62:7a8f:: with SMTP id v137mr80427953pfc.243.1558364209043; Mon, 20 May 2019 07:56:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558364209; cv=none; d=google.com; s=arc-20160816; b=zJY6Q5adLDaAV31stMRNHrfur01UWk0P7p9qj7HNycNfrocGebZN8xrruHMSrusqvJ OElJnBU5GBvcKL7FA+MwzZA4sblK/gcv/bBJE6I5UJhqy+KU34JZyT1dgHMYxRmmu9cX KemJTAnWUgR/nh+yfQ8EljxjEWVjHOI2GnY1VkXOf8ZLy501ZKw1p1ZfRJp4o144jRbT Ue54rIE6PL5fHj89H7Vz3UR322km3bQTZVWquTVTJUYtZyj16RFqHPvGRiFYN1QvTC7G zeHu88A3V8weLF3DiIibACKMf15v4le6N5ewc77mUYg2ScKx9Sd03n5NQBqAGmQSlVwN T6tA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=LYWKL0G5J5hr11AfF0wnBCChai09cfdTtElrMjrhLGg=; b=AiJC9PmG/HDd9WowRTUz3ZyF+FVK4CJyQYYNi1H86xnQNU+tX0b9auyV9lmb9n25sG uxPzRmjvjxLBjY4Lhrox19t+m7bubpuYo4Z1zpCEexJw4f+pfsBUDeDmtOy6Kxxaftno nBTXb9PEO4yY84lJGHAm/SrGSuz06TKyOvUkD8kxFvQxiM1w6mnlmV8JKlEL7hlOdpdo tHRf/AqR2SvsRsX3ypR/pS7H7ClDJAYnqhCwhBI9I3f45B/ARKYRM4UVfmv3uz6JTVwC h73A5NMtb8Zem3h/fOoRQP0JRRGGiozU2VQI6CHHapKIiHwaScY3CC9/qIIEPpQNnPaB 7Y0A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=uBvx0J2U; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c12si19329480pgh.191.2019.05.20.07.56.34; Mon, 20 May 2019 07:56:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=uBvx0J2U; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387566AbfETMRa (ORCPT + 99 others); Mon, 20 May 2019 08:17:30 -0400 Received: from mail.kernel.org ([198.145.29.99]:58476 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387523AbfETMR2 (ORCPT ); Mon, 20 May 2019 08:17:28 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A361921019; Mon, 20 May 2019 12:17:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1558354648; bh=Oew7obFmunycMIJ2UJPJdli7xmc7FLlH1V4LzxOuboI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=uBvx0J2Ux3gArt9ROzFeWrcLF7FJZFqRoSYkAKN5/fc2bOW3O61RJKPuuIKniHVt8 LDxyFomOgZFXznw7BXDuJUxrPdQk109v5j/pGuu6v0BASqidWwfizt5jmdlMmgw08X WS3z8ZonIbh/6+2gpZmlfsu82Q7X9Z0E7izPeMAk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Biggers , Herbert Xu Subject: [PATCH 4.9 37/44] crypto: arm/aes-neonbs - dont access already-freed walk.iv Date: Mon, 20 May 2019 14:14:26 +0200 Message-Id: <20190520115235.408291823@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190520115230.720347034@linuxfoundation.org> References: <20190520115230.720347034@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Eric Biggers commit 767f015ea0b7ab9d60432ff6cd06b664fd71f50f upstream. If the user-provided IV needs to be aligned to the algorithm's alignmask, then skcipher_walk_virt() copies the IV into a new aligned buffer walk.iv. But skcipher_walk_virt() can fail afterwards, and then if the caller unconditionally accesses walk.iv, it's a use-after-free. arm32 xts-aes-neonbs doesn't set an alignmask, so currently it isn't affected by this despite unconditionally accessing walk.iv. However this is more subtle than desired, and it was actually broken prior to the alignmask being removed by commit cc477bf64573 ("crypto: arm/aes - replace bit-sliced OpenSSL NEON code"). Thus, update xts-aes-neonbs to start checking the return value of skcipher_walk_virt(). Fixes: e4e7f10bfc40 ("ARM: add support for bit sliced AES using NEON instructions") Cc: # v3.13+ Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- arch/arm/crypto/aesbs-glue.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/arch/arm/crypto/aesbs-glue.c +++ b/arch/arm/crypto/aesbs-glue.c @@ -265,6 +265,8 @@ static int aesbs_xts_encrypt(struct blkc blkcipher_walk_init(&walk, dst, src, nbytes); err = blkcipher_walk_virt_block(desc, &walk, 8 * AES_BLOCK_SIZE); + if (err) + return err; /* generate the initial tweak */ AES_encrypt(walk.iv, walk.iv, &ctx->twkey); @@ -289,6 +291,8 @@ static int aesbs_xts_decrypt(struct blkc blkcipher_walk_init(&walk, dst, src, nbytes); err = blkcipher_walk_virt_block(desc, &walk, 8 * AES_BLOCK_SIZE); + if (err) + return err; /* generate the initial tweak */ AES_encrypt(walk.iv, walk.iv, &ctx->twkey);