Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp4197564ybl; Mon, 27 Jan 2020 18:56:25 -0800 (PST) X-Google-Smtp-Source: APXvYqzhO46sUao7UUEQHobZ4mj0ArnbPWVuJ+tKVC6mXGOIaBEQQaV9veFoxYR9LiEdkNO6fq/t X-Received: by 2002:a05:6830:1251:: with SMTP id s17mr14712651otp.108.1580180185234; Mon, 27 Jan 2020 18:56:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1580180185; cv=none; d=google.com; s=arc-20160816; b=I7N5Jf80R2NmHnR+mZRtIDxR0dMFRi/keYdiXxhAlivLtJU2KBnnLHZNLhMmR/kcNi N7hyI3i7xVZ2MxguuqIMonU3VfdNeg1gGAFYPFaQWdufjNgukhrXh3eghI4kbLXvYuPz vxSdKZ0r2+4amiD/0jhuAFuLlIaFTrQI7Psg/RRQ3o/oPslnjdfhwjWU9Sc/1XTnr053 f73Pfeihp2dw+cHnAhF2YFVkrRs8ghbOgGFM9PWGTsWmdNU5pdM4V/AaWpL1zB4FJjKj i6iIoZ9BtjObTPpUqkh4uLJycKXDDPR7cuqbWvwKSWUosatU2HBOUjqZ/hTHTQ4QqdTj lqZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=I0QLO1dxqd5hTCfgnG08Xa+/GV2HMT9gOGYpnaeREk0=; b=Q+3XrTNE9bjOLIfN+THBCipDvMRMX53D3WX3o7ZuPSkuh/Hp3GBb5TwvS8tl45tlDA hyCQ94U7/IoCRGH15zcZLnc7VE5tGj8/ENpV8iJAPyLDv+ns5TwrJSNlE5jSHBRy/xfx +M6NtymdflayYPh3bEcV9H5f6rgzWMb+aY/AuEbD4cX/jodDi2ugP0q9BDobpZncgh1m LRRMHnQnEbxxs1WsWFi+S8Ec/2BLFCgwiK6/J05tN33oQZQB9C5s1D2FBk27CSi/aHK0 TCv7Q1pxtMS9K0zfKtLmnyVT4J3a7SpGwrWh+kzNZbgbsr4RUgQNqC2ScfDDXOmDORPr 4RTQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=gc3If7w0; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g72si2338147oib.157.2020.01.27.18.55.56; Mon, 27 Jan 2020 18:56:25 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=gc3If7w0; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726173AbgA1Czy (ORCPT + 99 others); Mon, 27 Jan 2020 21:55:54 -0500 Received: from mail.kernel.org ([198.145.29.99]:43798 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726101AbgA1Czy (ORCPT ); Mon, 27 Jan 2020 21:55:54 -0500 Received: from sol.localdomain (c-107-3-166-239.hsd1.ca.comcast.net [107.3.166.239]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 41F17205F4; Tue, 28 Jan 2020 02:55:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1580180153; bh=nPCZMW+ucFeiAv6PJ0U8u697QhEtA9gfg4X/lUBIuMg=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=gc3If7w0LF7yAxCopVwnRIO5+0+XPmE6sk1dSxYZ+sf6FnYXihS4av0uh+j6AiIRj euGTuMghRQSyMoTWeytrVrZvbzQs2HrmShyuotyYRW0D5dThKQeFenuYkc4a7991ht jF5pBjamiP1U1mW980hGfSFw+yTyWD4Ix8hbA3nM= Date: Mon, 27 Jan 2020 18:55:51 -0800 From: Eric Biggers To: Gilad Ben-Yossef Cc: Herbert Xu , "David S. Miller" , Ofir Drang , Geert Uytterhoeven , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [RFC v3] crypto: ccree - protect against short scatterlists Message-ID: <20200128025551.GE960@sol.localdomain> References: <20200127150822.12126-1-gilad@benyossef.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200127150822.12126-1-gilad@benyossef.com> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Mon, Jan 27, 2020 at 05:08:21PM +0200, Gilad Ben-Yossef wrote: > Deal gracefully with the event of being handed a scatterlist > which is shorter than expected. > > This mitigates a crash in some cases due to > attempt to map empty (but not NULL) scatterlists with none > zero lengths. > > Signed-off-by: Gilad Ben-Yossef > Reported-by: Geert Uytterhoeven It's definitely wrong use of the crypto API to pass a scatterlist that's too short. Note that this is *not* what the test code is doing. So I don't think you should be hacking around it here. It is possible the bug is actually in cc_aead_chain_data()? It looks like it's adding the authentication tag size to the source data size for encryption, which is not correct. The authentication tag is part of the destination only. size_for_map += (direct == DRV_CRYPTO_DIRECTION_ENCRYPT) ? authsize : 0; src_mapped_nents = cc_get_sgl_nents(dev, req->src, size_for_map, &src_last_bytes); - Eric