Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp685361ybv; Thu, 13 Feb 2020 07:44:52 -0800 (PST) X-Google-Smtp-Source: APXvYqwsu6JDNbEBy9ZKl1tYZfGfPJNTbjARU9ZA4LZEQnLlsvJGZsCnOI7DD9l6XcgETB36TVrV X-Received: by 2002:a9d:7f16:: with SMTP id j22mr13745787otq.256.1581608692825; Thu, 13 Feb 2020 07:44:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581608692; cv=none; d=google.com; s=arc-20160816; b=keBIJ7pg3PlhaAdZv0CW7ZK8/mrR3CsafnTvizbYYY+M5opK9JlW+HNR8zgJ/9qJSL L/mr2uUkgHPgSvq0LYecqw0JGGWifuFc6vGhYFce05Bk01fswMvH4qziULHNQRdS7z+q XRcIf6AudIBXAPfygNoDrMhmoS1e0JDHAQr+Q5+LnEr9RZwWaMe03+rltIDUDk7cr9Xg OnD+fWG2YBfcc6wGr3x3AvC2DTjUd4ZPvQ+ipCLSohmcJjFoXInNUlmcl1SrCQ2klVoB pgIkg85V/ZCVITRyz+oEO74j32NvgAppq64D4kfurLPDND4/iq3opeAkc9h/kn8Wv0Xh cpIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=L0BhjnkitO0OW0dmE4scdvJWbLWAqDMnBTeJSdW6vD4=; b=fHg8vQzuonUuDJfQVkcgSEdg4aVGW7xYLMZLsmnciAUNxrRhXpapUbgEHLjNrbyfOU ETn3UvQJojBE2enHZjrnByGlVClbFLYtvhAgoMmf97fv0VGqJF77LDzyABlO52ijk2PY hWmmHSqSO9VKgXtJgVvriRfFS3pQHjliDOV0nhqRe8YgGVrPLdhTzdqFjUuMXa4qwi7H ERou/iK3a3vIhxvHxIj/PSgEMh5p2wTOuD8Oniub3pPOAI2cMbU2cpbPjJa7MBMUZ9gK 2TVj+Qe5/XgLA5hRIq+SJTzqthEnRfF7rVLspu1Grd9K6kNkpGwNf3RadDPAmbCcHD7c LXwA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=X16IRlgr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w7si1339722otq.250.2020.02.13.07.44.40; Thu, 13 Feb 2020 07:44:52 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=X16IRlgr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729080AbgBMPnj (ORCPT + 99 others); Thu, 13 Feb 2020 10:43:39 -0500 Received: from mail.kernel.org ([198.145.29.99]:53022 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728929AbgBMP1w (ORCPT ); Thu, 13 Feb 2020 10:27:52 -0500 Received: from localhost (unknown [104.132.1.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5390A206DB; Thu, 13 Feb 2020 15:27:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1581607671; bh=u6ru0ReBZHKSYmSZDd7iySDmnsFxSlS+65fv0zpmsVc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=X16IRlgrQpb2B8uXb58wfpl1BFRXBKSryAnNK7YsZEeLdz4GkTwJjVlnYHdZL8S6w l6JA9H9yTzImWaaExJo8bCKA68mTjIMVf6jpB4i7wZYz8ZJoN/oRMSn86EpbQapKbB zIhg9mC7z9+A2Y6hPPOAWBGFgBwOEKLCVZhT5UGw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Pascal Van Leeuwen , Eric Biggers , Herbert Xu Subject: [PATCH 5.4 77/96] crypto: testmgr - dont try to decrypt uninitialized buffers Date: Thu, 13 Feb 2020 07:21:24 -0800 Message-Id: <20200213151908.336442211@linuxfoundation.org> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200213151839.156309910@linuxfoundation.org> References: <20200213151839.156309910@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Eric Biggers commit eb455dbd02cb1074b37872ffca30a81cb2a18eaa upstream. Currently if the comparison fuzz tests encounter an encryption error when generating an skcipher or AEAD test vector, they will still test the decryption side (passing it the uninitialized ciphertext buffer) and expect it to fail with the same error. This is sort of broken because it's not well-defined usage of the API to pass an uninitialized buffer, and furthermore in the AEAD case it's acceptable for the decryption error to be EBADMSG (meaning "inauthentic input") even if the encryption error was something else like EINVAL. Fix this for skcipher by explicitly initializing the ciphertext buffer on error, and for AEAD by skipping the decryption test on error. Reported-by: Pascal Van Leeuwen Fixes: d435e10e67be ("crypto: testmgr - fuzz skciphers against their generic implementation") Fixes: 40153b10d91c ("crypto: testmgr - fuzz AEADs against their generic implementation") Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- crypto/testmgr.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -2102,6 +2102,7 @@ static void generate_random_aead_testvec * If the key or authentication tag size couldn't be set, no need to * continue to encrypt. */ + vec->crypt_error = 0; if (vec->setkey_error || vec->setauthsize_error) goto done; @@ -2245,10 +2246,12 @@ static int test_aead_vs_generic_impl(con req, tsgls); if (err) goto out; - err = test_aead_vec_cfg(driver, DECRYPT, &vec, vec_name, cfg, - req, tsgls); - if (err) - goto out; + if (vec.crypt_error == 0) { + err = test_aead_vec_cfg(driver, DECRYPT, &vec, vec_name, + cfg, req, tsgls); + if (err) + goto out; + } cond_resched(); } err = 0; @@ -2678,6 +2681,15 @@ static void generate_random_cipher_testv skcipher_request_set_callback(req, 0, crypto_req_done, &wait); skcipher_request_set_crypt(req, &src, &dst, vec->len, iv); vec->crypt_error = crypto_wait_req(crypto_skcipher_encrypt(req), &wait); + if (vec->crypt_error != 0) { + /* + * The only acceptable error here is for an invalid length, so + * skcipher decryption should fail with the same error too. + * We'll test for this. But to keep the API usage well-defined, + * explicitly initialize the ciphertext buffer too. + */ + memset((u8 *)vec->ctext, 0, vec->len); + } done: snprintf(name, max_namelen, "\"random: len=%u klen=%u\"", vec->len, vec->klen);