Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp3319811yba;
        Sat, 18 May 2019 14:31:39 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzOiFD1JvW/5jHpx4NrfoUDGWjParCBiRUc6G7iVWsdsd6XHrqg+s6JYUn/sL9oQH3fmyIl
X-Received: by 2002:a65:4243:: with SMTP id d3mr55266529pgq.57.1558215099782;
        Sat, 18 May 2019 14:31:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1558215099; cv=none;
        d=google.com; s=arc-20160816;
        b=Kn17+Aia1xnBmxYMAxcC8s9GaYz8YARQdPweSdj1zJ1f1ipEeuAVE4LrBuuC478zGb
         Qr3Ld+BSKcLvt5+gmIpkGpEGEJZrabAezS/uusZV6G/MCL8CacmwpG5XJosH0UnepeSP
         E4xeZM1jNOPyn+HJpm4MRldZyRRi2ZOaUrPIyp+U2exI4pBlYNSRj24gy3881fr/kWua
         wJcVF+6UlXSWxsQVlPpfFZZYfPVP9gmUDYEX/rFH5vPJYWf0Gkdu3PWBNXYlBgpeK5f5
         hcEZ2R2ZRZ5Gu51kwXKjSYNHu4c7y/ChpmcNzgXi6ErcZoPG3Z9HZ+wF9Iz3w2B9pJYo
         SMxg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=t4Lqw/zQ80YlBBdOSp8JeAaKFNVuGR6IKzdNJI+IX3k=;
        b=X1B6AulEyopVniImoZsre6I7+jv08+onp6DvVTL+EPAfmr/SuV54aZE2fso1nU7XO8
         Vwr+PovZjtiRl+Nw8PSyPYdFeVPIQGIfj2kD4w52FE1JNmlrXn+DdSGgS+rUeen8Z5nz
         H4qPODAvAU//KRDXKl9z53T89t2JEtPWNnprI8DWjZqauvmtyMkG23DgwjOieCMkizEG
         GyG3OaEtP1PiPv7UYKKFi/wA+4lQ8usg26eWXxN1meAmfWvkwZrGOzQSlCUe6JsAHf5s
         kf/NZWunN9ScLsrLhkPmivj4twRSIPXw9x0x8GCNxOapsQK8rur/g3elXgGuOQi+PHd6
         SjpQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=GLKKZ6rr;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id p23si12820276plo.215.2019.05.18.14.31.25;
        Sat, 18 May 2019 14:31:39 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=GLKKZ6rr;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727958AbfERVaj (ORCPT <rfc822;nullstelllensatz@gmail.com>
        + 99 others); Sat, 18 May 2019 17:30:39 -0400
Received: from mail-wr1-f66.google.com ([209.85.221.66]:34716 "EHLO
        mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727926AbfERVaj (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Sat, 18 May 2019 17:30:39 -0400
Received: by mail-wr1-f66.google.com with SMTP id f8so4126344wrt.1
        for <linux-crypto@vger.kernel.org>; Sat, 18 May 2019 14:30:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=t4Lqw/zQ80YlBBdOSp8JeAaKFNVuGR6IKzdNJI+IX3k=;
        b=GLKKZ6rrDwzUC1CPKXR0pEgJLmhG2CgE5OABBZuODl6rJFNhcQHKL0bhUXKsxB0MtN
         zK1snAnezZaBbiI9ptNdSAHzGIndZfkKquVFtIkqLBmlWYqp7N07KLOGEOvcYtXuNJqy
         DqRdTWr+3nbBM02wCzGX4FdeNMvRzRQHIjXnW9AI0zipZSXmM5chM7ybaZ1BJxLsUKEP
         M5UG7bX8DVJi7W10VPtfbWNAxKnHpCCc3nCr7J4u+xSWaGMPkZNrEBTe2H/0iTpjRIz1
         v1cXznO6RaA5T4d18dZPxFjSaMZ2wQENPlXonHph5b98T6hjyXBiGhFDCUQ1gvGiL4W9
         dAMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=t4Lqw/zQ80YlBBdOSp8JeAaKFNVuGR6IKzdNJI+IX3k=;
        b=NZ4dzAfOrFWmvEaSRx/6rzIn5j6t+a90jpgjyN15Jikg4qC2XwO+iyDX1L7mRtwTaA
         h89/56jkSDE2CX0HGkClHJwc2Xg5gabV4Uzfqojc/HsPblh2PU4ekZt9cWaH4TdW2vv+
         OXi48Q+t6lmS5Cnrza0PD0njgCOWqYpRv8PWA36k9yyE95Dgku0GIjyHNFcs69cDoChJ
         C3CXjgygdIQJTue4flLjGdvF6JIaWJ/WyWBHuaVRDsi1f+5JQpt+/M9qAI3AmZWHZQCM
         c17JlZwxa7YwZObxootOgGqv7+aBYmtEV3JSyyAQ/mTCxOHk6M8RHl4kCGYovVi39buJ
         ZlNQ==
X-Gm-Message-State: APjAAAXYNcIKVrNuK/MNDT/wH3ynhcqfxLf0wbrQ4OxlvYXPFhOEdFwe
        VRXFVNHNiyE5AciI5KtoB33brdnG
X-Received: by 2002:adf:eb91:: with SMTP id t17mr22130166wrn.203.1558215036928;
        Sat, 18 May 2019 14:30:36 -0700 (PDT)
Received: from debian64.daheim (p4FD0962E.dip0.t-ipconnect.de. [79.208.150.46])
        by smtp.gmail.com with ESMTPSA id i15sm14510867wre.30.2019.05.18.14.30.36
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Sat, 18 May 2019 14:30:36 -0700 (PDT)
Received: from chuck by debian64.daheim with local (Exim 4.92)
        (envelope-from <chunkeey@gmail.com>)
        id 1hS6uZ-0005ej-TJ; Sat, 18 May 2019 23:30:35 +0200
From:   Christian Lamparter <chunkeey@gmail.com>
To:     linux-crypto@vger.kernel.org
Cc:     Eric Biggers <ebiggers@google.com>,
        Herbert Xu <herbert@gondor.apana.org.au>
Subject: [RFC PATCH] crypto: skcipher - perform len fits into blocksize check at the top
Date:   Sat, 18 May 2019 23:30:35 +0200
Message-Id: <20190518213035.21699-1-chunkeey@gmail.com>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

This patch adds early check to test the given data length
is aligned with the supported ciphers blocksize, or abort
with -EINVAL in case the supplied chunk size does not fit
without padding into the blocksize for block ciphers.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>

---

This will also work instead of the
"crypto: crypto4xx - blockciphers should only accept complete blocks"
It will fix all potential driver issues in other drivers as well as
break the drivers that don't have the correct blocksize set. it will
also make the extra checks scattered around in the drivers make
redundand as well as the extra tests that do send incomplete blocks
to the hardware drivers.
---
 include/crypto/skcipher.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h
index e555294ed77f..971294602a41 100644
--- a/include/crypto/skcipher.h
+++ b/include/crypto/skcipher.h
@@ -494,6 +494,8 @@ static inline int crypto_skcipher_encrypt(struct skcipher_request *req)
 	crypto_stats_get(alg);
 	if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
 		ret = -ENOKEY;
+	else if (!IS_ALIGNED(cryptlen, crypto_skcipher_blocksize(tfm)))
+		ret = -EINVAL;
 	else
 		ret = tfm->encrypt(req);
 	crypto_stats_skcipher_encrypt(cryptlen, ret, alg);
@@ -521,6 +523,8 @@ static inline int crypto_skcipher_decrypt(struct skcipher_request *req)
 	crypto_stats_get(alg);
 	if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
 		ret = -ENOKEY;
+	else if (!IS_ALIGNED(cryptlen, crypto_skcipher_blocksize(tfm)))
+		ret = -EINVAL;
 	else
 		ret = tfm->decrypt(req);
 	crypto_stats_skcipher_decrypt(cryptlen, ret, alg);
-- 
2.20.1