From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: "open list:HARDWARE RANDOM NUMBER GENERATOR CORE"
<linux-crypto@vger.kernel.org>, Ard Biesheuvel <ardb@kernel.org>,
stable <stable@vger.kernel.org>
Subject: Re: [PATCH stable] crypto: chacha20poly1305 - prevent integer overflow on large input
Date: Thu, 6 Feb 2020 11:47:14 +0000 [thread overview]
Message-ID: <CAKv+Gu8Zh3XmZVySHxHNX4Tgh22JFd0C7mJUGz5YBSEhxfCF6g@mail.gmail.com> (raw)
In-Reply-To: <20200206114201.25438-1-Jason@zx2c4.com>
On Thu, 6 Feb 2020 at 11:42, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>
> This code assigns src_len (size_t) to sl (int), which causes problems
> when src_len is very large. Probably nobody in the kernel should be
> passing this much data to chacha20poly1305 all in one go anyway, so I
> don't think we need to change the algorithm or introduce larger types
> or anything. But we should at least error out early in this case and
> print a warning so that we get reports if this does happen and can look
> into why anybody is possibly passing it that much data or if they're
> accidently passing -1 or similar.
>
> Fixes: d95312a3ccc0 ("crypto: lib/chacha20poly1305 - reimplement crypt_from_sg() routine")
> Cc: Ard Biesheuvel <ardb@kernel.org>
> Cc: stable@vger.kernel.org # 5.5+
> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
> ---
> lib/crypto/chacha20poly1305.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/lib/crypto/chacha20poly1305.c b/lib/crypto/chacha20poly1305.c
> index 6d83cafebc69..ad0699ce702f 100644
> --- a/lib/crypto/chacha20poly1305.c
> +++ b/lib/crypto/chacha20poly1305.c
> @@ -235,6 +235,9 @@ bool chacha20poly1305_crypt_sg_inplace(struct scatterlist *src,
> __le64 lens[2];
> } b __aligned(16);
>
> + if (WARN_ON(src_len > INT_MAX))
> + return false;
> +
> chacha_load_key(b.k, key);
>
> b.iv[0] = 0;
> --
> 2.25.0
>
next prev parent reply other threads:[~2020-02-06 11:47 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-06 11:42 [PATCH stable] crypto: chacha20poly1305 - prevent integer overflow on large input Jason A. Donenfeld
2020-02-06 11:47 ` Ard Biesheuvel [this message]
2020-02-14 6:50 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAKv+Gu8Zh3XmZVySHxHNX4Tgh22JFd0C7mJUGz5YBSEhxfCF6g@mail.gmail.com \
--to=ard.biesheuvel@linaro.org \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.