[PATCH] crypto: chacha20poly1305

* [PATCH] crypto: chacha20poly1305 - prevent integer overflow on large input
       [not found] <20200213114647.cupaio6zmodix3fq@gondor.apana.org.au>
@ 2020-02-13 16:38 ` Jason A. Donenfeld
  0 siblings, 0 replies; only message in thread
From: Jason A. Donenfeld @ 2020-02-13 16:38 UTC (permalink / raw)
  To: linux-crypto; +Cc: Jason A. Donenfeld, Ard Biesheuvel, stable

This code assigns src_len (size_t) to sl (int), which causes problems
when src_len is very large. Probably nobody in the kernel should be
passing this much data to chacha20poly1305 all in one go anyway, so I
don't think we need to change the algorithm or introduce larger types
or anything. But we should at least error out early in this case and
print a warning so that we get reports if this does happen and can look
into why anybody is possibly passing it that much data or if they're
accidently passing -1 or similar.

Fixes: d95312a3ccc0 ("crypto: lib/chacha20poly1305 - reimplement crypt_from_sg() routine")
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: stable@vger.kernel.org # 5.5+
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
---
Due to the "stable" in the subject line prior, this patch missed
Herbert's filters. So, I'm simply resending it here so that they can get
picked up. Note that this is intended for the crypto-2.6.git tree rather
than cryptodev-2.6.git.

 lib/crypto/chacha20poly1305.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/crypto/chacha20poly1305.c b/lib/crypto/chacha20poly1305.c
index 6d83cafebc69..ad0699ce702f 100644
--- a/lib/crypto/chacha20poly1305.c
+++ b/lib/crypto/chacha20poly1305.c
@@ -235,6 +235,9 @@ bool chacha20poly1305_crypt_sg_inplace(struct scatterlist *src,
 		__le64 lens[2];
 	} b __aligned(16);
 
+	if (WARN_ON(src_len > INT_MAX))
+		return false;
+
 	chacha_load_key(b.k, key);
 
 	b.iv[0] = 0;
-- 
2.25.0


^ permalink raw reply related	[flat|nested] only message in thread