* [RFC] crypto: xts - add check for input length equal to zero
@ 2020-03-05 10:22 Andrei Botila
2020-03-05 10:33 ` Stephan Mueller
0 siblings, 1 reply; 2+ messages in thread
From: Andrei Botila @ 2020-03-05 10:22 UTC (permalink / raw)
To: Herbert Xu, David S. Miller; +Cc: linux-crypto, linux-kernel
From: Andrei Botila <andrei.botila@nxp.com>
Through this RFC we try to standardize the way input lengths equal to 0
are handled in all skcipher algorithms. Currently, in xts when an input
has a length smaller than XTS_BLOCK_SIZE it returns -EINVAL while the
other algorithms return 0 for input lengths equal to zero.
The algorithms that implement this check are CBC, ARC4, CFB, OFB, SALSA20,
CTR, ECB and PCBC, XTS being the outlier here. All of them call
skcipher_walk_virt() which returns 0 if skcipher_walk_skcipher() finds
that input length is equal to 0.
This case was discovered when fuzz testing was enabled since it generates
this input length.
This RFC wants to find out if the approach is ok before updating the
other xts implementations.
Signed-off-by: Andrei Botila <andrei.botila@nxp.com>
---
crypto/xts.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/crypto/xts.c b/crypto/xts.c
index 29efa15f1495..51eaf08603af 100644
--- a/crypto/xts.c
+++ b/crypto/xts.c
@@ -258,6 +258,9 @@ static int encrypt(struct skcipher_request *req)
struct skcipher_request *subreq = &rctx->subreq;
int err;
+ if (!req->cryptlen)
+ return 0;
+
err = init_crypt(req, encrypt_done) ?:
xor_tweak_pre(req, true) ?:
crypto_skcipher_encrypt(subreq) ?:
@@ -275,6 +278,9 @@ static int decrypt(struct skcipher_request *req)
struct skcipher_request *subreq = &rctx->subreq;
int err;
+ if (!req->cryptlen)
+ return 0;
+
err = init_crypt(req, decrypt_done) ?:
xor_tweak_pre(req, false) ?:
crypto_skcipher_decrypt(subreq) ?:
--
2.17.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [RFC] crypto: xts - add check for input length equal to zero
2020-03-05 10:22 [RFC] crypto: xts - add check for input length equal to zero Andrei Botila
@ 2020-03-05 10:33 ` Stephan Mueller
0 siblings, 0 replies; 2+ messages in thread
From: Stephan Mueller @ 2020-03-05 10:33 UTC (permalink / raw)
To: Andrei Botila; +Cc: Herbert Xu, David S. Miller, linux-crypto, linux-kernel
Am Donnerstag, 5. März 2020, 11:22:55 CET schrieb Andrei Botila:
Hi Andrei,
> From: Andrei Botila <andrei.botila@nxp.com>
>
> Through this RFC we try to standardize the way input lengths equal to 0
> are handled in all skcipher algorithms. Currently, in xts when an input
> has a length smaller than XTS_BLOCK_SIZE it returns -EINVAL while the
> other algorithms return 0 for input lengths equal to zero.
> The algorithms that implement this check are CBC, ARC4, CFB, OFB, SALSA20,
> CTR, ECB and PCBC, XTS being the outlier here. All of them call
> skcipher_walk_virt() which returns 0 if skcipher_walk_skcipher() finds
> that input length is equal to 0.
> This case was discovered when fuzz testing was enabled since it generates
> this input length.
> This RFC wants to find out if the approach is ok before updating the
> other xts implementations.
It may be a good idea to consolidate that. However, changing only one
implementation is not good.
All XTS implementations would need to be converted then.
Ciao
Stephan
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-03-05 10:33 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-05 10:22 [RFC] crypto: xts - add check for input length equal to zero Andrei Botila
2020-03-05 10:33 ` Stephan Mueller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).