From: Eric Biggers <ebiggers@kernel.org>
To: linux-crypto@vger.kernel.org, Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Subject: [PATCH v2 06/15] crypto: ahash - fix another early termination in hash walk
Date: Thu, 31 Jan 2019 23:51:41 -0800 [thread overview]
Message-ID: <20190201075150.18644-7-ebiggers@kernel.org> (raw)
In-Reply-To: <20190201075150.18644-1-ebiggers@kernel.org>
From: Eric Biggers <ebiggers@google.com>
Hash algorithms with an alignmask set, e.g. "xcbc(aes-aesni)" and
"michael_mic", fail the improved hash tests because they sometimes
produce the wrong digest. The bug is that in the case where a
scatterlist element crosses pages, not all the data is actually hashed
because the scatterlist walk terminates too early. This happens because
the 'nbytes' variable in crypto_hash_walk_done() is assigned the number
of bytes remaining in the page, then later interpreted as the number of
bytes remaining in the scatterlist element. Fix it.
Fixes: 900a081f6912 ("crypto: ahash - Fix early termination in hash walk")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
crypto/ahash.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/crypto/ahash.c b/crypto/ahash.c
index ca0d3e281fefb..81e2767e2164e 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c
@@ -86,17 +86,17 @@ static int hash_walk_new_entry(struct crypto_hash_walk *walk)
int crypto_hash_walk_done(struct crypto_hash_walk *walk, int err)
{
unsigned int alignmask = walk->alignmask;
- unsigned int nbytes = walk->entrylen;
walk->data -= walk->offset;
- if (nbytes && walk->offset & alignmask && !err) {
- walk->offset = ALIGN(walk->offset, alignmask + 1);
- nbytes = min(nbytes,
- ((unsigned int)(PAGE_SIZE)) - walk->offset);
- walk->entrylen -= nbytes;
+ if (walk->entrylen && (walk->offset & alignmask) && !err) {
+ unsigned int nbytes;
+ walk->offset = ALIGN(walk->offset, alignmask + 1);
+ nbytes = min(walk->entrylen,
+ (unsigned int)(PAGE_SIZE - walk->offset));
if (nbytes) {
+ walk->entrylen -= nbytes;
walk->data += walk->offset;
return nbytes;
}
@@ -116,7 +116,7 @@ int crypto_hash_walk_done(struct crypto_hash_walk *walk, int err)
if (err)
return err;
- if (nbytes) {
+ if (walk->entrylen) {
walk->offset = 0;
walk->pg++;
return hash_walk_next(walk);
--
2.20.1
next prev parent reply other threads:[~2019-02-01 7:53 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-01 7:51 [PATCH v2 00/15] crypto: improved skcipher, aead, and hash tests Eric Biggers
2019-02-01 7:51 ` [PATCH v2 01/15] crypto: aegis - fix handling chunked inputs Eric Biggers
2019-02-05 9:31 ` Ondrej Mosnacek
2019-02-01 7:51 ` [PATCH v2 02/15] crypto: morus " Eric Biggers
2019-02-05 9:30 ` Ondrej Mosnacek
2019-02-01 7:51 ` [PATCH v2 03/15] crypto: x86/aegis - fix handling chunked inputs and MAY_SLEEP Eric Biggers
2019-02-05 9:31 ` Ondrej Mosnacek
2019-02-01 7:51 ` [PATCH v2 04/15] crypto: x86/morus " Eric Biggers
2019-02-05 9:32 ` Ondrej Mosnacek
2019-02-01 7:51 ` [PATCH v2 05/15] crypto: x86/aesni-gcm - fix crash on empty plaintext Eric Biggers
2019-02-01 7:51 ` Eric Biggers [this message]
2019-02-01 7:51 ` [PATCH v2 07/15] crypto: arm64/aes-neonbs - fix returning final keystream block Eric Biggers
2019-02-01 7:51 ` [PATCH v2 08/15] crypto: testmgr - add testvec_config struct and helper functions Eric Biggers
2019-02-01 7:51 ` [PATCH v2 09/15] crypto: testmgr - introduce CONFIG_CRYPTO_MANAGER_EXTRA_TESTS Eric Biggers
2019-02-01 7:51 ` [PATCH v2 10/15] crypto: testmgr - implement random testvec_config generation Eric Biggers
2019-02-01 7:51 ` [PATCH v2 11/15] crypto: testmgr - convert skcipher testing to use testvec_configs Eric Biggers
2019-02-01 7:51 ` [PATCH v2 12/15] crypto: testmgr - convert aead " Eric Biggers
2019-02-01 7:51 ` [PATCH v2 13/15] crypto: testmgr - convert hash " Eric Biggers
2019-08-29 15:32 ` Christophe Leroy
2019-08-29 15:58 ` Eric Biggers
2019-02-01 7:51 ` [PATCH v2 14/15] crypto: testmgr - check for skcipher_request corruption Eric Biggers
2019-02-01 7:51 ` [PATCH v2 15/15] crypto: testmgr - check for aead_request corruption Eric Biggers
2019-02-08 7:47 ` [PATCH v2 00/15] crypto: improved skcipher, aead, and hash tests Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190201075150.18644-7-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.