X-Received: by 2002:a63:e403:0:b0:365:5657:7b4d with SMTP id a3-20020a63e403000000b0036556577b4dmr616193pgi.130.1645639272973; Wed, 23 Feb 2022 10:01:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645639272; cv=none; d=google.com; s=arc-20160816; b=Am9JeOK1O7PqaTgYcB+Gba4oML2NhoFH1UfFE+ao221uYKOZ9Ww6p8+Cv9A87995Mb CnZBVI59xyUgXEFEx0GSXAx1goqbhdizziI8bhxh1Rj9AQY2KqdcfwmRvomeeS/Nx+8t UTHHgQ9fd0E2SIAcGMmIibER/hHwIWnUA7dhSgAxhFVTbYMNz75B6Fgk4AxZpHxLN31G +YAiEvpHslsZs1i33QuLNUxLx+vU+3R/lvrwPO6jH+JYd2QAliB+mKyYzXHAty9apaRz Ll9zU5XzmvnayJZJNRqsLXqhBAI7qoa9HiZwucOWuNjGFGwwcWYIzoi5/SlXmJHj9yEy kAhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=hr9ALL5yS8mDBonaTuRWZPMdynXGVrQ16XqG3hQQ6DY=; b=Dh14Ucz+hO2DNvMvxrQLPCdy+XO5acP1QTqygfO3PTPbBLxe7FFi56qXcatrK/8uXg RNgSQ7dJ70Yb/9v4hULRyArE/P+zd9ceUj09+PGwCabGBM7leISh3Is68gcs+EcEBSUU ielwHaXFH1acEDvhkRdnwjG9TRrnGO4mN4lmCbhBpGISYEoVDiOQsW5MLOYEEagldGIX d7xLXV8WNN72YAc+XTqrnHDFTGeI+q3hdV80cnLaSF2jhvGKKNBYqy75BDeP/oeyF1SQ NZi4fZaQ0KgkroP8itv22xyVnbvnnncocKHhMr90gxfVNMevPBHmoNs5eBu6vyaSx1Ji Xy0Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f64si184284pfa.327.2022.02.23.10.00.53; Wed, 23 Feb 2022 10:01:12 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238934AbiBWIEk (ORCPT + 99 others); Wed, 23 Feb 2022 03:04:40 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44272 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233116AbiBWIEi (ORCPT ); Wed, 23 Feb 2022 03:04:38 -0500 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 1BF467A99C; Wed, 23 Feb 2022 00:04:12 -0800 (PST) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id B412BED1; Wed, 23 Feb 2022 00:04:11 -0800 (PST) Received: from e122247.kfn.arm.com (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id A356B3F5A1; Wed, 23 Feb 2022 00:04:09 -0800 (PST) From: Gilad Ben-Yossef To: Herbert Xu , "David S. Miller" Cc: Ofir Drang , Gilad Ben-Yossef , Corentin Labbe , stable@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] crypto: drbg: fix crypto api abuse Date: Wed, 23 Feb 2022 10:04:00 +0200 Message-Id: <20220223080400.139367-1-gilad@benyossef.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org the drbg code was binding the same buffer to two different scatter gather lists and submitting those as source and destination to a crypto api operation, thus potentially causing HW crypto drivers to perform overlapping DMA mappings which are not aware it is the same buffer. This can have serious consequences of data corruption of internal DRBG buffers and wrong RNG output. Fix this by reusing the same scatter gatther list for both src and dst. Signed-off-by: Gilad Ben-Yossef Reported-by: Corentin Labbe Tested-by: Corentin Labbe Tested-on: r8a7795-salvator-x Tested-on: xilinx-zc706 Fixes: 43490e8046b5d ("crypto: drbg - in-place cipher operation for CTR") Cc: stable@vger.kernel.org --- crypto/drbg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/drbg.c b/crypto/drbg.c index 177983b6ae38..13824fd27627 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c @@ -1851,7 +1851,7 @@ static int drbg_kcapi_sym_ctr(struct drbg_state *drbg, /* Use scratchpad for in-place operation */ inlen = scratchpad_use; memset(drbg->outscratchpad, 0, scratchpad_use); - sg_set_buf(sg_in, drbg->outscratchpad, scratchpad_use); + sg_in = sg_out; } while (outlen) { -- 2.25.1