From: Eric Biggers ebiggers@google.com
If the user-provided IV needs to be aligned to the algorithm's alignmask, then skcipher_walk_virt() copies the IV into a new aligned buffer walk.iv. But skcipher_walk_virt() can fail afterwards, and then if the caller unconditionally accesses walk.iv, it's a use-after-free.
arm32 xts-aes-neonbs doesn't set an alignmask, so currently it isn't affected by this despite unconditionally accessing walk.iv. However this is more subtle than desired, and it was actually broken prior to the alignmask being removed by commit cc477bf64573 ("crypto: arm/aes - replace bit-sliced OpenSSL NEON code"). Thus, update xts-aes-neonbs to start checking the return value of skcipher_walk_virt().
Fixes: e4e7f10bfc40 ("ARM: add support for bit sliced AES using NEON instructions") Cc: stable@vger.kernel.org # v3.13+ Signed-off-by: Eric Biggers ebiggers@google.com --- arch/arm/crypto/aes-neonbs-glue.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/arch/arm/crypto/aes-neonbs-glue.c b/arch/arm/crypto/aes-neonbs-glue.c index 07e31941dc674..617c2c99ebfb3 100644 --- a/arch/arm/crypto/aes-neonbs-glue.c +++ b/arch/arm/crypto/aes-neonbs-glue.c @@ -278,6 +278,8 @@ static int __xts_crypt(struct skcipher_request *req, int err;
err = skcipher_walk_virt(&walk, req, true); + if (err) + return err;
crypto_cipher_encrypt_one(ctx->tweak_tfm, walk.iv, walk.iv);
Hi,
[This is an automated email]
This commit has been processed because it contains a "Fixes:" tag, fixing commit: e4e7f10bfc40 ARM: add support for bit sliced AES using NEON instructions.
The bot has tested the following trees: v5.0.7, v4.19.34, v4.14.111, v4.9.168, v4.4.178, v3.18.138.
v5.0.7: Build OK! v4.19.34: Build OK! v4.14.111: Build OK! v4.9.168: Failed to apply! Possible dependencies: 211f41af534a ("crypto: aesbs - Convert to skcipher") 585b5fa63da9 ("crypto: arm/aes - Select SIMD in Kconfig") 6fdf436fd854 ("crypto: arm/aes - Add missing SIMD select for aesbs") 81126d1a8bc2 ("crypto: arm/aesbs - fix brokenness after skcipher conversion") 81edb4262975 ("crypto: arm/aes - replace scalar AES cipher") cc477bf64573 ("crypto: arm/aes - replace bit-sliced OpenSSL NEON code")
v4.4.178: Failed to apply! Possible dependencies: 211f41af534a ("crypto: aesbs - Convert to skcipher") 28856a9e52c7 ("crypto: xts - consolidate sanity check for keys") 49abc0d2e19b ("crypto: xts - fix compile errors") 585b5fa63da9 ("crypto: arm/aes - Select SIMD in Kconfig") 6fdf436fd854 ("crypto: arm/aes - Add missing SIMD select for aesbs") 81126d1a8bc2 ("crypto: arm/aesbs - fix brokenness after skcipher conversion") 81edb4262975 ("crypto: arm/aes - replace scalar AES cipher") cc477bf64573 ("crypto: arm/aes - replace bit-sliced OpenSSL NEON code")
v3.18.138: Failed to apply! Possible dependencies: 006d0624fa0d ("crypto: arm - add support for SHA-224/256 using ARMv8 Crypto Extensions") 12ac3efe74f8 ("arm64/crypto: use crypto instructions to generate AES key schedule") 504c6143c53d ("crypto: powerpc/aes - kernel config") 585b5fa63da9 ("crypto: arm/aes - Select SIMD in Kconfig") 652ccae5cc4e ("crypto: arm - move ARM specific Kconfig definitions to a dedicated file") 6fdf436fd854 ("crypto: arm/aes - Add missing SIMD select for aesbs") 81edb4262975 ("crypto: arm/aes - replace scalar AES cipher") 86464859cc77 ("crypto: arm - AES in ECB/CBC/CTR/XTS modes using ARMv8 Crypto Extensions") 864cbeed4ab2 ("crypto: arm - add support for SHA1 using ARMv8 Crypto Instructions") cc477bf64573 ("crypto: arm/aes - replace bit-sliced OpenSSL NEON code")
How should we proceed with this patch?
-- Thanks, Sasha
linux-stable-mirror@lists.linaro.org
-
Eric Biggers -
Sasha Levin