From: Eric Biggers <ebiggers@kernel.org>
To: linux-crypto@vger.kernel.org, Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Subject: [PATCH v2 06/15] crypto: ahash - fix another early termination in hash walk
Date: Thu, 31 Jan 2019 23:51:41 -0800 [thread overview]
Message-ID: <20190201075150.18644-7-ebiggers@kernel.org> (raw)
In-Reply-To: <20190201075150.18644-1-ebiggers@kernel.org>
From: Eric Biggers <ebiggers@google.com>
Hash algorithms with an alignmask set, e.g. "xcbc(aes-aesni)" and
"michael_mic", fail the improved hash tests because they sometimes
produce the wrong digest. The bug is that in the case where a
scatterlist element crosses pages, not all the data is actually hashed
because the scatterlist walk terminates too early. This happens because
the 'nbytes' variable in crypto_hash_walk_done() is assigned the number
of bytes remaining in the page, then later interpreted as the number of
bytes remaining in the scatterlist element. Fix it.
Fixes: 900a081f6912 ("crypto: ahash - Fix early termination in hash walk")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
crypto/ahash.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/crypto/ahash.c b/crypto/ahash.c
index ca0d3e281fefb..81e2767e2164e 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c
@@ -86,17 +86,17 @@ static int hash_walk_new_entry(struct crypto_hash_walk *walk)
int crypto_hash_walk_done(struct crypto_hash_walk *walk, int err)
{
unsigned int alignmask = walk->alignmask;
- unsigned int nbytes = walk->entrylen;
walk->data -= walk->offset;
- if (nbytes && walk->offset & alignmask && !err) {
- walk->offset = ALIGN(walk->offset, alignmask + 1);
- nbytes = min(nbytes,
- ((unsigned int)(PAGE_SIZE)) - walk->offset);
- walk->entrylen -= nbytes;
+ if (walk->entrylen && (walk->offset & alignmask) && !err) {
+ unsigned int nbytes;
+ walk->offset = ALIGN(walk->offset, alignmask + 1);
+ nbytes = min(walk->entrylen,
+ (unsigned int)(PAGE_SIZE - walk->offset));
if (nbytes) {
+ walk->entrylen -= nbytes;
walk->data += walk->offset;
return nbytes;
}
@@ -116,7 +116,7 @@ int crypto_hash_walk_done(struct crypto_hash_walk *walk, int err)
if (err)
return err;
- if (nbytes) {
+ if (walk->entrylen) {
walk->offset = 0;
walk->pg++;
return hash_walk_next(walk);
--
2.20.1
next prev parent reply other threads:[~2019-02-01 7:53 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-01 7:51 [PATCH v2 00/15] crypto: improved skcipher, aead, and hash tests Eric Biggers
2019-02-01 7:51 ` [PATCH v2 01/15] crypto: aegis - fix handling chunked inputs Eric Biggers
2019-02-05 9:31 ` Ondrej Mosnacek
2019-02-01 7:51 ` [PATCH v2 02/15] crypto: morus " Eric Biggers
2019-02-05 9:30 ` Ondrej Mosnacek
2019-02-01 7:51 ` [PATCH v2 03/15] crypto: x86/aegis - fix handling chunked inputs and MAY_SLEEP Eric Biggers
2019-02-05 9:31 ` Ondrej Mosnacek
2019-02-01 7:51 ` [PATCH v2 04/15] crypto: x86/morus " Eric Biggers
2019-02-05 9:32 ` Ondrej Mosnacek
2019-02-01 7:51 ` [PATCH v2 05/15] crypto: x86/aesni-gcm - fix crash on empty plaintext Eric Biggers
2019-02-01 7:51 ` Eric Biggers [this message]
2019-02-01 7:51 ` [PATCH v2 07/15] crypto: arm64/aes-neonbs - fix returning final keystream block Eric Biggers
2019-02-01 7:51 ` [PATCH v2 08/15] crypto: testmgr - add testvec_config struct and helper functions Eric Biggers
2019-02-01 7:51 ` [PATCH v2 09/15] crypto: testmgr - introduce CONFIG_CRYPTO_MANAGER_EXTRA_TESTS Eric Biggers
2019-02-01 7:51 ` [PATCH v2 10/15] crypto: testmgr - implement random testvec_config generation Eric Biggers
2019-02-01 7:51 ` [PATCH v2 11/15] crypto: testmgr - convert skcipher testing to use testvec_configs Eric Biggers
2019-02-01 7:51 ` [PATCH v2 12/15] crypto: testmgr - convert aead " Eric Biggers
2019-02-01 7:51 ` [PATCH v2 13/15] crypto: testmgr - convert hash " Eric Biggers
2019-08-29 15:32 ` Christophe Leroy
2019-08-29 15:58 ` Eric Biggers
2019-02-01 7:51 ` [PATCH v2 14/15] crypto: testmgr - check for skcipher_request corruption Eric Biggers
2019-02-01 7:51 ` [PATCH v2 15/15] crypto: testmgr - check for aead_request corruption Eric Biggers
2019-02-08 7:47 ` [PATCH v2 00/15] crypto: improved skcipher, aead, and hash tests Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190201075150.18644-7-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).