From: Greg Kroah-Hartman Date: Fri, 16 Oct 2020 08:20:58 +0000 (+0200) Subject: 5.9-stable patches X-Git-Tag: v5.9.1~1 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fc7051dcf6322d6f08b553983d69ff171f9217a6;p=thirdparty%2Fkernel%2Fstable-queue.git 5.9-stable patches added patches: crypto-bcm-verify-gcm-ccm-key-length-in-setkey.patch crypto-qat-check-cipher-length-for-aead-aes-cbc-hmac-sha.patch --- diff --git a/queue-5.9/crypto-bcm-verify-gcm-ccm-key-length-in-setkey.patch b/queue-5.9/crypto-bcm-verify-gcm-ccm-key-length-in-setkey.patch new file mode 100644 index 00000000000..f6b6916053b --- /dev/null +++ b/queue-5.9/crypto-bcm-verify-gcm-ccm-key-length-in-setkey.patch @@ -0,0 +1,81 @@ +From 10a2f0b311094ffd45463a529a410a51ca025f27 Mon Sep 17 00:00:00 2001 +From: Herbert Xu +Date: Fri, 2 Oct 2020 17:55:22 +1000 +Subject: crypto: bcm - Verify GCM/CCM key length in setkey +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Herbert Xu + +commit 10a2f0b311094ffd45463a529a410a51ca025f27 upstream. + +The setkey function for GCM/CCM algorithms didn't verify the key +length before copying the key and subtracting the salt length. + +This patch delays the copying of the key til after the verification +has been done. It also adds checks on the key length to ensure +that it's at least as long as the salt. + +Fixes: 9d12ba86f818 ("crypto: brcm - Add Broadcom SPU driver") +Cc: +Reported-by: kiyin(尹亮) +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/crypto/bcm/cipher.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +--- a/drivers/crypto/bcm/cipher.c ++++ b/drivers/crypto/bcm/cipher.c +@@ -2930,7 +2930,6 @@ static int aead_gcm_ccm_setkey(struct cr + + ctx->enckeylen = keylen; + ctx->authkeylen = 0; +- memcpy(ctx->enckey, key, ctx->enckeylen); + + switch (ctx->enckeylen) { + case AES_KEYSIZE_128: +@@ -2946,6 +2945,8 @@ static int aead_gcm_ccm_setkey(struct cr + goto badkey; + } + ++ memcpy(ctx->enckey, key, ctx->enckeylen); ++ + flow_log(" enckeylen:%u authkeylen:%u\n", ctx->enckeylen, + ctx->authkeylen); + flow_dump(" enc: ", ctx->enckey, ctx->enckeylen); +@@ -3000,6 +3001,10 @@ static int aead_gcm_esp_setkey(struct cr + struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher); + + flow_log("%s\n", __func__); ++ ++ if (keylen < GCM_ESP_SALT_SIZE) ++ return -EINVAL; ++ + ctx->salt_len = GCM_ESP_SALT_SIZE; + ctx->salt_offset = GCM_ESP_SALT_OFFSET; + memcpy(ctx->salt, key + keylen - GCM_ESP_SALT_SIZE, GCM_ESP_SALT_SIZE); +@@ -3028,6 +3033,10 @@ static int rfc4543_gcm_esp_setkey(struct + struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher); + + flow_log("%s\n", __func__); ++ ++ if (keylen < GCM_ESP_SALT_SIZE) ++ return -EINVAL; ++ + ctx->salt_len = GCM_ESP_SALT_SIZE; + ctx->salt_offset = GCM_ESP_SALT_OFFSET; + memcpy(ctx->salt, key + keylen - GCM_ESP_SALT_SIZE, GCM_ESP_SALT_SIZE); +@@ -3057,6 +3066,10 @@ static int aead_ccm_esp_setkey(struct cr + struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher); + + flow_log("%s\n", __func__); ++ ++ if (keylen < CCM_ESP_SALT_SIZE) ++ return -EINVAL; ++ + ctx->salt_len = CCM_ESP_SALT_SIZE; + ctx->salt_offset = CCM_ESP_SALT_OFFSET; + memcpy(ctx->salt, key + keylen - CCM_ESP_SALT_SIZE, CCM_ESP_SALT_SIZE); diff --git a/queue-5.9/crypto-qat-check-cipher-length-for-aead-aes-cbc-hmac-sha.patch b/queue-5.9/crypto-qat-check-cipher-length-for-aead-aes-cbc-hmac-sha.patch new file mode 100644 index 00000000000..8bf0f215d05 --- /dev/null +++ b/queue-5.9/crypto-qat-check-cipher-length-for-aead-aes-cbc-hmac-sha.patch @@ -0,0 +1,59 @@ +From 45cb6653b0c355fc1445a8069ba78a4ce8720511 Mon Sep 17 00:00:00 2001 +From: Dominik Przychodni +Date: Mon, 31 Aug 2020 11:59:59 +0100 +Subject: crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA + +From: Dominik Przychodni + +commit 45cb6653b0c355fc1445a8069ba78a4ce8720511 upstream. + +Return -EINVAL for authenc(hmac(sha1),cbc(aes)), +authenc(hmac(sha256),cbc(aes)) and authenc(hmac(sha512),cbc(aes)) +if the cipher length is not multiple of the AES block. +This is to prevent an undefined device behaviour. + +Fixes: d370cec32194 ("crypto: qat - Intel(R) QAT crypto interface") +Cc: +Signed-off-by: Dominik Przychodni +[giovanni.cabiddu@intel.com: reworded commit message] +Signed-off-by: Giovanni Cabiddu +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/crypto/qat/qat_common/qat_algs.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +--- a/drivers/crypto/qat/qat_common/qat_algs.c ++++ b/drivers/crypto/qat/qat_common/qat_algs.c +@@ -828,6 +828,11 @@ static int qat_alg_aead_dec(struct aead_ + struct icp_qat_fw_la_bulk_req *msg; + int digst_size = crypto_aead_authsize(aead_tfm); + int ret, ctr = 0; ++ u32 cipher_len; ++ ++ cipher_len = areq->cryptlen - digst_size; ++ if (cipher_len % AES_BLOCK_SIZE != 0) ++ return -EINVAL; + + ret = qat_alg_sgl_to_bufl(ctx->inst, areq->src, areq->dst, qat_req); + if (unlikely(ret)) +@@ -842,7 +847,7 @@ static int qat_alg_aead_dec(struct aead_ + qat_req->req.comn_mid.src_data_addr = qat_req->buf.blp; + qat_req->req.comn_mid.dest_data_addr = qat_req->buf.bloutp; + cipher_param = (void *)&qat_req->req.serv_specif_rqpars; +- cipher_param->cipher_length = areq->cryptlen - digst_size; ++ cipher_param->cipher_length = cipher_len; + cipher_param->cipher_offset = areq->assoclen; + memcpy(cipher_param->u.cipher_IV_array, areq->iv, AES_BLOCK_SIZE); + auth_param = (void *)((u8 *)cipher_param + sizeof(*cipher_param)); +@@ -871,6 +876,9 @@ static int qat_alg_aead_enc(struct aead_ + u8 *iv = areq->iv; + int ret, ctr = 0; + ++ if (areq->cryptlen % AES_BLOCK_SIZE != 0) ++ return -EINVAL; ++ + ret = qat_alg_sgl_to_bufl(ctx->inst, areq->src, areq->dst, qat_req); + if (unlikely(ret)) + return ret; diff --git a/queue-5.9/series b/queue-5.9/series index 752cdef8d2f..646d6df7434 100644 --- a/queue-5.9/series +++ b/queue-5.9/series @@ -11,3 +11,5 @@ vt_ioctl-make-vt_resizex-behave-like-vt_resize.patch reiserfs-initialize-inode-keys-properly.patch reiserfs-fix-oops-during-mount.patch revert-drm-amdgpu-fix-null-dereference-in-dpm-sysfs-handlers.patch +crypto-bcm-verify-gcm-ccm-key-length-in-setkey.patch +crypto-qat-check-cipher-length-for-aead-aes-cbc-hmac-sha.patch