Linux-Crypto Archive on
 help / color / Atom feed
* [PATCH] crypto: chacha20poly1305 - prevent integer overflow on large input
       [not found] <>
@ 2020-02-13 16:38 ` Jason A. Donenfeld
  0 siblings, 0 replies; only message in thread
From: Jason A. Donenfeld @ 2020-02-13 16:38 UTC (permalink / raw)
  To: linux-crypto; +Cc: Jason A. Donenfeld, Ard Biesheuvel, stable

This code assigns src_len (size_t) to sl (int), which causes problems
when src_len is very large. Probably nobody in the kernel should be
passing this much data to chacha20poly1305 all in one go anyway, so I
don't think we need to change the algorithm or introduce larger types
or anything. But we should at least error out early in this case and
print a warning so that we get reports if this does happen and can look
into why anybody is possibly passing it that much data or if they're
accidently passing -1 or similar.

Fixes: d95312a3ccc0 ("crypto: lib/chacha20poly1305 - reimplement crypt_from_sg() routine")
Cc: Ard Biesheuvel <>
Cc: # 5.5+
Signed-off-by: Jason A. Donenfeld <>
Acked-by: Ard Biesheuvel <>
Due to the "stable" in the subject line prior, this patch missed
Herbert's filters. So, I'm simply resending it here so that they can get
picked up. Note that this is intended for the crypto-2.6.git tree rather
than cryptodev-2.6.git.

 lib/crypto/chacha20poly1305.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/crypto/chacha20poly1305.c b/lib/crypto/chacha20poly1305.c
index 6d83cafebc69..ad0699ce702f 100644
--- a/lib/crypto/chacha20poly1305.c
+++ b/lib/crypto/chacha20poly1305.c
@@ -235,6 +235,9 @@ bool chacha20poly1305_crypt_sg_inplace(struct scatterlist *src,
 		__le64 lens[2];
 	} b __aligned(16);
+	if (WARN_ON(src_len > INT_MAX))
+		return false;
 	chacha_load_key(b.k, key);
 	b.iv[0] = 0;

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, back to index

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <>
2020-02-13 16:38 ` [PATCH] crypto: chacha20poly1305 - prevent integer overflow on large input Jason A. Donenfeld

Linux-Crypto Archive on

Archives are clonable:
	git clone --mirror linux-crypto/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-crypto linux-crypto/ \
	public-inbox-index linux-crypto

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone