korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-24 12:44:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
dcaca01a42
linux/crypto
History
Eric Biggers dcaca01a42 crypto: skcipher - don't WARN on unprocessed data after slow walk step 
skcipher_walk_done() assumes it's a bug if, after the "slow" path is
executed where the next chunk of data is processed via a bounce buffer,
the algorithm says it didn't process all bytes.  Thus it WARNs on this.

However, this can happen legitimately when the message needs to be
evenly divisible into "blocks" but isn't, and the algorithm has a
'walksize' greater than the block size.  For example, ecb-aes-neonbs
sets 'walksize' to 128 bytes and only supports messages evenly divisible
into 16-byte blocks.  If, say, 17 message bytes remain but they straddle
scatterlist elements, the skcipher_walk code will take the "slow" path
and pass the algorithm all 17 bytes in the bounce buffer.  But the
algorithm will only be able to process 16 bytes, triggering the WARN.

Fix this by just removing the WARN_ON().  Returning -EINVAL, as the code
already does, is the right behavior.

This bug was detected by my patches that improve testmgr to fuzz
algorithms against their generic implementation.

Fixes: b286d8b1a6 ("crypto: skcipher - Add skcipher walk interface")
Cc: <stable@vger.kernel.org> # v4.10+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-04-08 14:42:55 +08:00
..
asymmetric_keys KEYS: asym_tpm: Add support for the sign operation [ver #2] 2018-10-26 09:30:47 +01:00
async_tx async_pq: Remove VLA usage 2018-06-18 20:17:38 +05:30
842.c crypto: acomp - add support for 842 via scomp 2016-10-25 11:08:33 +08:00
ablkcipher.c crypto: skcipher - remove remnants of internal IV generators 2018-12-23 11:52:45 +08:00
acompress.c crypto: user - clean up report structure copying 2018-11-09 17:41:39 +08:00
adiantum.c crypto: adiantum - initialize crypto_spawn::inst 2019-01-10 21:37:31 +08:00
aead.c crypto: aead - set CRYPTO_TFM_NEED_KEY if ->setkey() fails 2019-01-18 18:40:24 +08:00
aegis128.c crypto: aegis - fix handling chunked inputs 2019-02-08 15:30:08 +08:00
aegis128l.c crypto: aegis - fix handling chunked inputs 2019-02-08 15:30:08 +08:00
aegis256.c crypto: aegis - fix handling chunked inputs 2019-02-08 15:30:08 +08:00
aegis.h crypto: aegis - Cleanup license mess 2019-01-25 18:41:51 +08:00
aes_generic.c crypto: aes - Use ___cacheline_aligned for aes data 2019-04-08 14:36:16 +08:00
aes_ti.c crypto: aes_ti - disable interrupts while accessing S-box 2018-11-09 17:36:48 +08:00
af_alg.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-03-05 09:09:55 -08:00
ahash.c crypto: ahash - fix another early termination in hash walk 2019-02-08 15:30:08 +08:00
akcipher.c crypto: user - clean up report structure copying 2018-11-09 17:41:39 +08:00
algapi.c crypto: api - add a helper to (un)register a array of templates 2019-01-25 18:41:52 +08:00
algboss.c crypto: api - Introduce notifier for new crypto algorithms 2018-09-04 11:37:04 +08:00
algif_aead.c crypto: null - Remove VLA usage of skcipher 2018-09-28 12:46:08 +08:00
algif_hash.c crypto: hash - Remove VLA usage 2018-09-04 11:35:03 +08:00
algif_rng.c net: remove sock_no_poll 2018-05-26 09:16:44 +02:00
algif_skcipher.c Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL 2018-06-28 10:40:47 -07:00
ansi_cprng.c crypto: ansi_cprng - Convert to new rng interface 2015-04-22 09:30:18 +08:00
anubis.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
api.c evm: Don't deadlock if a crypto algorithm is unavailable 2018-07-18 07:27:22 -04:00
arc4.c crypto: export arc4 defines 2019-02-15 13:21:55 +08:00
authenc.c crypto: authenc - fix parsing key with misaligned rta_len 2019-01-10 21:37:31 +08:00
authencesn.c crypto: authencesn - Avoid twice completion call in decrypt path 2019-01-10 21:37:31 +08:00
blkcipher.c crypto: skcipher - remove remnants of internal IV generators 2018-12-23 11:52:45 +08:00
blowfish_common.c
blowfish_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
camellia_generic.c crypto: replace FSF address with web source in license notices 2017-11-29 17:33:25 +11:00
cast5_generic.c crypto: replace FSF address with web source in license notices 2017-11-29 17:33:25 +11:00
cast6_generic.c crypto: replace FSF address with web source in license notices 2017-11-29 17:33:25 +11:00
cast_common.c crypto: make tables used from assembler __visible 2013-08-14 20:42:03 +10:00
cbc.c crypto: cbc - convert to skcipher_alloc_instance_simple() 2019-01-11 14:16:57 +08:00
ccm.c crypto: ccm - use template array registering API to simplify the code 2019-01-25 18:41:52 +08:00
cfb.c crypto: cfb - convert to skcipher_alloc_instance_simple() 2019-01-11 14:16:57 +08:00
chacha20poly1305.c crypto: chacha20poly1305 - use template array registering API to simplify the code 2019-01-25 18:41:52 +08:00
chacha_generic.c crypto: chacha-generic - use crypto_xor_cpy() 2019-03-22 20:57:28 +08:00
cipher.c crypto: remove several VLAs 2018-04-21 00:58:34 +08:00
cmac.c crypto: algapi - make crypto_xor() and crypto_inc() alignment agnostic 2017-02-11 17:52:28 +08:00
compress.c crypto: api - Remove no-op exit_ops code 2016-10-21 11:03:42 +08:00
crc32_generic.c crypto: crc32-generic - remove __crc32_le() 2018-05-27 00:12:09 +08:00
crc32c_generic.c crypto: crc32c-generic - remove cra_alignmask 2018-05-27 00:12:08 +08:00
crct10dif_common.c crypto: crct10dif - Add fallback for broken initrds 2013-09-12 15:31:34 +10:00
crct10dif_generic.c crypto: crct10dif-generic - fix use via crypto_shash_digest() 2019-04-08 14:42:54 +08:00
cryptd.c crypto: skcipher - remove remnants of internal IV generators 2018-12-23 11:52:45 +08:00
crypto_engine.c crypto: engine - Permit to enqueue all async requests 2018-02-15 23:26:50 +08:00
crypto_null.c crypto: null - convert ecb-cipher_null to skcipher API 2019-01-11 14:16:58 +08:00
crypto_user_base.c crypto: user - remove unused dump functions 2018-12-23 11:52:44 +08:00
crypto_user_stat.c crypto: stat - remove unused mutex 2019-01-18 18:43:43 +08:00
crypto_wq.c crypto: crypto_wq - Fix late crypto work queue initialization 2014-03-21 21:54:28 +08:00
ctr.c crypto: ctr - use template array registering API to simplify the code 2019-01-25 18:41:52 +08:00
cts.c crypto: remove several VLAs 2018-04-21 00:58:34 +08:00
deflate.c crypto: scomp - add support for deflate rfc1950 (zlib) 2017-04-24 18:11:08 +08:00
des_generic.c crypto: clarify name of WEAK_KEY request flag 2019-01-25 18:41:52 +08:00
dh_helper.c crypto: dh - make crypto_dh_encode_key() make robust 2018-08-03 18:06:06 +08:00
dh.c crypto: dh - fix memory leak 2018-07-20 13:51:21 +08:00
drbg.c crypto: drbg - in-place cipher operation for CTR 2018-08-03 18:05:48 +08:00
ecb.c crypto: ecb - convert to skcipher API 2019-01-11 14:16:58 +08:00
ecc_curve_defs.h crypto: ecdh - fix typo of P-192 b value 2018-07-20 13:51:22 +08:00
ecc.c crypto: ecc - regularize scalar for scalar multiplication 2018-11-16 14:11:04 +08:00
ecc.h crypto: ecc - Actually remove stack VLA usage 2018-04-21 00:58:29 +08:00
ecdh_helper.c crypto: ecdh - return unsigned value for crypto_ecdh_key_len() 2017-10-12 22:55:00 +08:00
ecdh.c crypto: ecc - Actually remove stack VLA usage 2018-04-21 00:58:29 +08:00
echainiv.c crypto: null - Remove VLA usage of skcipher 2018-09-28 12:46:08 +08:00
fcrypt.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
fips.c crypto: fips - Move fips_enabled sysctl into fips.c 2015-04-23 14:18:09 +08:00
gcm.c crypto: gcm - use template array registering API to simplify the code 2019-01-25 18:41:52 +08:00
gf128mul.c crypto: gf128mul - remove incorrect comment 2017-12-22 19:52:40 +11:00
ghash-generic.c crypto: shash - remove useless setting of type flags 2018-07-09 00:30:24 +08:00
hash_info.c crypto: streebog - register Streebog in hash info for IMA 2018-11-16 14:09:40 +08:00
hmac.c crypto: hmac - require that the underlying hash algorithm is unkeyed 2017-11-29 13:39:15 +11:00
internal.h crypto: api - Introduce notifier for new crypto algorithms 2018-09-04 11:37:04 +08:00
jitterentropy-kcapi.c crypto: jitterentropy - drop duplicate header module.h 2016-11-17 23:34:52 +08:00
jitterentropy.c crypto: jitterentropy - Delete unnecessary checks before the function call "kzfree" 2015-06-25 23:18:33 +08:00
Kconfig crypto: fips - Grammar s/options/option/, s/to/the/ 2019-03-28 13:55:34 +08:00
keywrap.c crypto: keywrap - convert to skcipher API 2019-01-11 14:16:58 +08:00
khazad.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
kpp.c crypto: user - clean up report structure copying 2018-11-09 17:41:39 +08:00
lrw.c crypto: lrw - fix rebase error after out of bounds fix 2018-10-05 10:22:48 +08:00
lz4.c crypto: remove useless initializations of cra_list 2018-11-20 14:26:55 +08:00
lz4hc.c crypto: remove useless initializations of cra_list 2018-11-20 14:26:55 +08:00
lzo-rle.c lib/lzo: separate lzo-rle from lzo 2019-03-07 18:32:03 -08:00
lzo.c treewide: use kv[mz]alloc* rather than opencoded variants 2017-05-08 17:15:13 -07:00
Makefile lib/lzo: separate lzo-rle from lzo 2019-03-07 18:32:03 -08:00
md4.c crypto: shash - remove useless setting of type flags 2018-07-09 00:30:24 +08:00
md5.c crypto: shash - remove useless setting of type flags 2018-07-09 00:30:24 +08:00
memneq.c crypto: memneq - fix for archs without efficient unaligned access 2013-12-09 20:09:12 +08:00
michael_mic.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
morus640.c crypto: morus - fix handling chunked inputs 2019-02-08 15:30:08 +08:00
morus1280.c crypto: morus - fix handling chunked inputs 2019-02-08 15:30:08 +08:00
nhpoly1305.c crypto: adiantum - adjust some comments to match latest paper 2018-12-13 18:24:59 +08:00
ofb.c crypto: ofb - convert to skcipher_alloc_instance_simple() 2019-01-11 14:16:58 +08:00
pcbc.c crypto: pcbc - convert to skcipher_alloc_instance_simple() 2019-01-11 14:16:58 +08:00
pcrypt.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-12-27 13:53:32 -08:00
poly1305_generic.c crypto: poly1305 - add Poly1305 core API 2018-11-20 14:26:56 +08:00
proc.c proc: introduce proc_create_seq{,_data} 2018-05-16 07:23:35 +02:00
ripemd.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rmd128.c crypto: shash - remove useless setting of type flags 2018-07-09 00:30:24 +08:00
rmd160.c crypto: shash - remove useless setting of type flags 2018-07-09 00:30:24 +08:00
rmd256.c crypto: rmd256 - use swap macro in rmd256_transform 2018-07-27 19:28:36 +08:00
rmd320.c crypto: rmd320 - use swap macro in rmd320_transform 2018-07-27 19:28:36 +08:00
rng.c crypto: user - fix use_after_free of struct xxx_request 2018-12-07 14:15:00 +08:00
rsa_helper.c kbuild: rename *-asn1.[ch] to *.asn1.[ch] 2018-04-07 19:04:02 +09:00
rsa-pkcs1pad.c crypto: rsa-pkcs1pad - include <crypto/internal/rsa.h> 2019-01-18 18:43:42 +08:00
rsa.c crypto: rsa - Remove unneeded error assignment 2018-04-21 00:58:37 +08:00
rsaprivkey.asn1 crypto: rsa - Store rest of the private key components 2016-07-05 23:05:26 +08:00
rsapubkey.asn1 crypto: akcipher - Changes to asymmetric key API 2015-10-14 22:23:16 +08:00
salsa20_generic.c crypto: salsa20-generic - use crypto_xor_cpy() 2019-03-22 20:57:28 +08:00
scatterwalk.c crypto: scatterwalk - remove 'chain' argument from scatterwalk_crypto_chain() 2018-08-03 18:06:03 +08:00
scompress.c crypto: scompress - Use per-CPU struct instead multiple variables 2019-04-08 14:36:16 +08:00
seed.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
seqiv.c crypto: seqiv - Use kmemdup in seqiv_aead_encrypt() 2019-02-01 14:42:03 +08:00
serpent_generic.c crypto: serpent - improve __serpent_setkey with UBSAN 2017-08-09 20:17:54 +08:00
sha1_generic.c crypto: shash - remove useless setting of type flags 2018-07-09 00:30:24 +08:00
sha3_generic.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux 2018-08-03 17:55:12 +08:00
sha256_generic.c crypto: shash - remove useless setting of type flags 2018-07-09 00:30:24 +08:00
sha512_generic.c crypto: shash - remove useless setting of type flags 2018-07-09 00:30:24 +08:00
shash.c crypto: shash - remove pointless checks of shash_alg::{export,import} 2019-01-18 18:40:24 +08:00
simd.c crypto: simd - convert to use crypto_simd_usable() 2019-03-22 20:57:27 +08:00
skcipher.c crypto: skcipher - don't WARN on unprocessed data after slow walk step 2019-04-08 14:42:55 +08:00
sm3_generic.c crypto: sm3 - fix undefined shift by >= width of value 2019-01-10 21:37:32 +08:00
sm4_generic.c crypto: sm4 - export encrypt/decrypt routines to other drivers 2018-05-05 14:52:51 +08:00
streebog_generic.c crypto: streebog - use correct endianness type 2019-01-18 18:43:43 +08:00
tcrypt.c lib/lzo: separate lzo-rle from lzo 2019-03-07 18:32:03 -08:00
tcrypt.h crypto: testmgr - update sm4 test vectors 2018-09-28 12:46:26 +08:00
tea.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
testmgr.c crypto: testmgr - test the !may_use_simd() fallback code 2019-03-22 20:57:28 +08:00
testmgr.h crypto: adiantum - add 1536 and 4096-byte test vectors 2019-02-22 12:47:27 +08:00
tgr192.c crypto: tgr192 - fix unaligned memory access 2019-01-18 18:43:43 +08:00
twofish_common.c crypto: replace FSF address with web source in license notices 2017-11-29 17:33:25 +11:00
twofish_generic.c crypto: replace FSF address with web source in license notices 2017-11-29 17:33:25 +11:00
vmac.c crypto: vmac - remove insecure version with hardcoded nonce 2018-07-01 21:00:44 +08:00
wp512.c crypto: shash - remove useless setting of type flags 2018-07-09 00:30:24 +08:00
xcbc.c crypto: xcbc - Remove VLA usage 2018-09-04 11:35:03 +08:00
xor.c kmemcheck: stop using GFP_NOTRACK and SLAB_NOTRACK 2017-11-15 18:21:04 -08:00
xts.c crypto: xts - Drop use of auxiliary buffer 2018-09-21 13:24:50 +08:00
zstd.c crypto: zstd - Add zstd support 2018-04-21 00:58:30 +08:00