AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-03-11 23:27:42 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
c508c46e6e
linux_dsm_epyc7002/arch/x86/crypto
History
Eric Biggers ecaaab5649 crypto: salsa20 - fix blkcipher_walk API usage 
When asked to encrypt or decrypt 0 bytes, both the generic and x86
implementations of Salsa20 crash in blkcipher_walk_done(), either when
doing 'kfree(walk->buffer)' or 'free_page((unsigned long)walk->page)',
because walk->buffer and walk->page have not been initialized.

The bug is that Salsa20 is calling blkcipher_walk_done() even when
nothing is in 'walk.nbytes'.  But blkcipher_walk_done() is only meant to
be called when a nonzero number of bytes have been provided.

The broken code is part of an optimization that tries to make only one
call to salsa20_encrypt_bytes() to process inputs that are not evenly
divisible by 64 bytes.  To fix the bug, just remove this "optimization"
and use the blkcipher_walk API the same way all the other users do.

Reproducer:

    #include <linux/if_alg.h>
    #include <sys/socket.h>
    #include <unistd.h>

    int main()
    {
            int algfd, reqfd;
            struct sockaddr_alg addr = {
                    .salg_type = "skcipher",
                    .salg_name = "salsa20",
            };
            char key[16] = { 0 };

            algfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
            bind(algfd, (void *)&addr, sizeof(addr));
            reqfd = accept(algfd, 0, 0);
            setsockopt(algfd, SOL_ALG, ALG_SET_KEY, key, sizeof(key));
            read(reqfd, key, sizeof(key));
    }

Reported-by: syzbot <syzkaller@googlegroups.com>
Fixes: eb6f13eb9f ("[CRYPTO] salsa20_generic: Fix multi-page processing")
Cc: <stable@vger.kernel.org> # v2.6.25+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-11-29 16:25:58 +11:00
..
sha1-mb Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2017-11-06 09:05:03 -08:00
sha256-mb Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2017-11-06 09:05:03 -08:00
sha512-mb License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
aes_ctrby8_avx-x86_64.S
aes_glue.c
aes-i586-asm_32.S
aes-x86_64-asm_64.S crypto: x86/aes - Don't use %rbp as temporary register 2017-05-23 12:52:05 +08:00
aesni-intel_asm.S crypto: aesni - make non-AVX AES-GCM work with all valid auth_tag_len 2017-05-18 13:19:53 +08:00
aesni-intel_avx-x86_64.S crypto: aesni - make AVX2 AES-GCM work with all valid auth_tag_len 2017-05-18 13:19:55 +08:00
aesni-intel_glue.c crypto: aesni - Use GCM IV size constant 2017-09-22 17:43:14 +08:00
blowfish_glue.c crypto: algapi - make crypto_xor() take separate dst and src arguments 2017-08-04 09:27:15 +08:00
blowfish-x86_64-asm_64.S crypto: x86/blowfish - Fix RBP usage 2017-09-20 17:42:31 +08:00
camellia_aesni_avx2_glue.c
camellia_aesni_avx_glue.c
camellia_glue.c crypto: gf128mul - switch gf128mul_x_ble to le128 2017-04-05 21:58:37 +08:00
camellia-aesni-avx2-asm_64.S
camellia-aesni-avx-asm_64.S
camellia-x86_64-asm_64.S crypto: x86/camellia - Fix RBP usage 2017-09-20 17:42:31 +08:00
cast5_avx_glue.c crypto: algapi - make crypto_xor() take separate dst and src arguments 2017-08-04 09:27:15 +08:00
cast5-avx-x86_64-asm_64.S crypto: x86/cast5 - Fix RBP usage 2017-09-20 17:42:32 +08:00
cast6_avx_glue.c
cast6-avx-x86_64-asm_64.S crypto: x86/cast6 - Fix RBP usage 2017-09-20 17:42:33 +08:00
chacha20_glue.c
chacha20-avx2-x86_64.S crypto: x86/chacha20 - satisfy stack validation 2.0 2017-10-12 22:51:16 +08:00
chacha20-ssse3-x86_64.S crypto: x86/chacha20 - satisfy stack validation 2.0 2017-10-12 22:51:16 +08:00
crc32-pclmul_asm.S crypto: crc32-pclmul - remove useless relative addressing 2017-10-07 12:10:30 +08:00
crc32-pclmul_glue.c
crc32c-intel_glue.c
crc32c-pcl-intel-asm_64.S
crct10dif-pcl-asm_64.S
crct10dif-pclmul_glue.c
des3_ede_glue.c crypto: algapi - make crypto_xor() take separate dst and src arguments 2017-08-04 09:27:15 +08:00
des3_ede-asm_64.S crypto: x86/des3_ede - Fix RBP usage 2017-09-20 17:42:34 +08:00
fpu.c
ghash-clmulni-intel_asm.S
ghash-clmulni-intel_glue.c
glue_helper-asm-avx2.S
glue_helper-asm-avx.S
glue_helper.c crypto: glue_helper - Delete some dead code 2017-06-19 14:11:54 +08:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
poly1305_glue.c
poly1305-avx2-x86_64.S
poly1305-sse2-x86_64.S
salsa20_glue.c crypto: salsa20 - fix blkcipher_walk API usage 2017-11-29 16:25:58 +11:00
salsa20-i586-asm_32.S
salsa20-x86_64-asm_64.S License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
serpent_avx2_glue.c
serpent_avx_glue.c
serpent_sse2_glue.c crypto: gf128mul - switch gf128mul_x_ble to le128 2017-04-05 21:58:37 +08:00
serpent-avx2-asm_64.S
serpent-avx-x86_64-asm_64.S
serpent-sse2-i586-asm_32.S
serpent-sse2-x86_64-asm_64.S
sha1_avx2_x86_64_asm.S crypto: x86/sha1-avx2 - Fix RBP usage 2017-09-20 17:42:34 +08:00
sha1_ni_asm.S
sha1_ssse3_asm.S crypto: x86/sha1-ssse3 - Fix RBP usage 2017-09-20 17:42:35 +08:00
sha1_ssse3_glue.c crypto: x86/sha1 - Fix reads beyond the number of blocks passed 2017-08-09 20:01:37 +08:00
sha256_ni_asm.S
sha256_ssse3_glue.c
sha256-avx2-asm.S crypto: x86/sha256-avx2 - Fix RBP usage 2017-09-20 17:42:36 +08:00
sha256-avx-asm.S crypto: x86/sha256-avx - Fix RBP usage 2017-09-20 17:42:36 +08:00
sha256-ssse3-asm.S crypto: x86/sha256-ssse3 - Fix RBP usage 2017-09-20 17:42:37 +08:00
sha512_ssse3_glue.c
sha512-avx2-asm.S crypto: sha512-avx2 - Fix RBP usage 2017-09-20 17:42:37 +08:00
sha512-avx-asm.S
sha512-ssse3-asm.S
twofish_avx_glue.c
twofish_glue_3way.c crypto: gf128mul - switch gf128mul_x_ble to le128 2017-04-05 21:58:37 +08:00
twofish_glue.c
twofish-avx-x86_64-asm_64.S crypto: x86/twofish - Fix RBP usage 2017-09-20 17:42:38 +08:00
twofish-i586-asm_32.S
twofish-x86_64-asm_64-3way.S
twofish-x86_64-asm_64.S