Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp1420199ybv; Thu, 6 Feb 2020 03:49:56 -0800 (PST) X-Google-Smtp-Source: APXvYqyXURxgbc14GcKc7hXH5TijmWtoxDjdqh5Xh3+btdJddNcZqeIYkHnHoNl4sZ8Us/DCMuM/ X-Received: by 2002:aca:90f:: with SMTP id 15mr6663514oij.18.1580989796439; Thu, 06 Feb 2020 03:49:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1580989796; cv=none; d=google.com; s=arc-20160816; b=ODLWiU8A3nL7CRgVvKPoiy/t+ZZeZ3sJIDaLyI8yH+7b/vEq/Qqtymmdf+G2H/FBCl 2YZFJnWnFhjOhD+V4R6Ze2yBKkQ2lggN6/JARntaJeiYIzt+engRytEllfMQ8s8TCaQk lID9spse7LdkPDkLY1r0w1dPoNc2zCxyFYEP9pnvgMVejp4FTsU0URDbraLqVtFwFTEo ajZRep+BNsdV4HGtTud+ux+ukV2Kn+e4kTk1S/xQDD1s9epkOVHtD/rTnVG8GKvLEZ7s oJwVcjtNEx7srVaYDsMkoCeBQW7bpHK5H2Ndvvcb1JiM4ieaWCG/MTdTL+3+W/wI1QXe 0+QA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=GQckgGH6kTntFT30z+SozTi6b4HoZCGc9DxLtjnCcgA=; b=tGmlymw33HJ8RfkXK8dQlgoMCuuPX4X0fHQyNPmLzmX9OrFPgE4R8DWjCiAl1Q1Dw7 3maFOam6flLxaKwfX1VW3IlYnHNShcJo0ErVxoJHG6scHYPoJTUw9Z/1gBtk7i1TD7n+ FKgOE/4PkC9RDocCJCBh7wF/qSy0i6BWvbqGc6qG5n5DB2VM7nsJJ4cNd1uJvT9C1dpX EyijBmX9Tp0Ce8A3JkWVYQc5lz8mReFXHZuwYDXbeXFAdAKMMbBZPcCuP2NGyq2g5vsr nJuMJxdwHpnjcZpcvxMCaKqfKyCjJVhPxcHU0DsUO5TWhIDLmqtjiAIAlJBEztgetKVU grfQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b="gVIA+J/d"; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r26si1663452otk.79.2020.02.06.03.49.39; Thu, 06 Feb 2020 03:49:56 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b="gVIA+J/d"; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727415AbgBFLmn (ORCPT + 99 others); Thu, 6 Feb 2020 06:42:43 -0500 Received: from frisell.zx2c4.com ([192.95.5.64]:56295 "EHLO frisell.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727111AbgBFLmn (ORCPT ); Thu, 6 Feb 2020 06:42:43 -0500 Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id e4934e92; Thu, 6 Feb 2020 11:41:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=from:to:cc :subject:date:message-id:mime-version:content-transfer-encoding; s=mail; bh=t4Len6Fa4vj2dKk9fEebpyLi4CE=; b=gVIA+J/d6t0WzqD5VlPR 4w6WZ87s2rKNhWLtVh+9JdsL0UBtVrBOp/aqteq81+fh0aBD6NAvbvnn9l0HpG2b re8DQv4++vlATlZg/CK7vA8so7svhSkexO8Fxvhr/XBeX4dsjqYmc9pgnFHfyHXY xbt/AQdk7gHgR22e9HZ3IvvAeqUtT36kUjjPBQ812ZqST0nSsDTdWL2+GgiI4D/x 7lnuGtM2rRTe5SMKemBlEzGfS4OUDmeKHzFWgCbQjfx/2yWKKLpMsYjrxor15IHh xXp9675M9a8316r3dJU2PDlMGE4HkM/tpVM6ZCe0i+bJHlJNw463S50e4WbzpbFe DQ== Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 242809b6 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Thu, 6 Feb 2020 11:41:36 +0000 (UTC) From: "Jason A. Donenfeld" To: linux-crypto@vger.kernel.org Cc: "Jason A. Donenfeld" , Ard Biesheuvel , stable@vger.kernel.org Subject: [PATCH stable] crypto: chacha20poly1305 - prevent integer overflow on large input Date: Thu, 6 Feb 2020 12:42:01 +0100 Message-Id: <20200206114201.25438-1-Jason@zx2c4.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org This code assigns src_len (size_t) to sl (int), which causes problems when src_len is very large. Probably nobody in the kernel should be passing this much data to chacha20poly1305 all in one go anyway, so I don't think we need to change the algorithm or introduce larger types or anything. But we should at least error out early in this case and print a warning so that we get reports if this does happen and can look into why anybody is possibly passing it that much data or if they're accidently passing -1 or similar. Fixes: d95312a3ccc0 ("crypto: lib/chacha20poly1305 - reimplement crypt_from_sg() routine") Cc: Ard Biesheuvel Cc: stable@vger.kernel.org # 5.5+ Signed-off-by: Jason A. Donenfeld --- lib/crypto/chacha20poly1305.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/crypto/chacha20poly1305.c b/lib/crypto/chacha20poly1305.c index 6d83cafebc69..ad0699ce702f 100644 --- a/lib/crypto/chacha20poly1305.c +++ b/lib/crypto/chacha20poly1305.c @@ -235,6 +235,9 @@ bool chacha20poly1305_crypt_sg_inplace(struct scatterlist *src, __le64 lens[2]; } b __aligned(16); + if (WARN_ON(src_len > INT_MAX)) + return false; + chacha_load_key(b.k, key); b.iv[0] = 0; -- 2.25.0