Re: [PATCH] crypto: chacha20poly1305 - validate the digest size

2017-12-22 Thread Herbert Xu 
On Mon, Dec 11, 2017 at 12:15:17PM -0800, Eric Biggers wrote:
> From: Eric Biggers 
> 
> If the rfc7539 template was instantiated with a hash algorithm with
> digest size larger than 16 bytes (POLY1305_DIGEST_SIZE), then the digest
> overran the 'tag' buffer in 'struct chachapoly_req_ctx', corrupting the
> subsequent memory, including 'cryptlen'.  This caused a crash during
> crypto_skcipher_decrypt().
> 
> Fix it by, when instantiating the template, requiring that the
> underlying hash algorithm has the digest size expected for Poly1305.
> 
> Reproducer:
> 
> #include 
> #include 
> #include 
> 
> int main()
> {
> int algfd, reqfd;
> struct sockaddr_alg addr = {
> .salg_type = "aead",
> .salg_name = "rfc7539(chacha20,sha256)",
> };
> unsigned char buf[32] = { 0 };
> 
> algfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
> bind(algfd, (void *), sizeof(addr));
> setsockopt(algfd, SOL_ALG, ALG_SET_KEY, buf, sizeof(buf));
> reqfd = accept(algfd, 0, 0);
> write(reqfd, buf, 16);
> read(reqfd, buf, 16);
> }
> 
> Reported-by: syzbot 
> Fixes: 71ebc4d1b27d ("crypto: chacha20poly1305 - Add a ChaCha20-Poly1305 AEAD 
> construction, RFC7539")
> Cc:  # v4.2+
> Signed-off-by: Eric Biggers 

Patch applied.  Thanks.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH] crypto: chacha20poly1305 - validate the digest size

2017-12-22 Thread Herbert Xu 
On Mon, Dec 11, 2017 at 12:15:17PM -0800, Eric Biggers wrote:
> From: Eric Biggers 
> 
> If the rfc7539 template was instantiated with a hash algorithm with
> digest size larger than 16 bytes (POLY1305_DIGEST_SIZE), then the digest
> overran the 'tag' buffer in 'struct chachapoly_req_ctx', corrupting the
> subsequent memory, including 'cryptlen'.  This caused a crash during
> crypto_skcipher_decrypt().
> 
> Fix it by, when instantiating the template, requiring that the
> underlying hash algorithm has the digest size expected for Poly1305.
> 
> Reproducer:
> 
> #include 
> #include 
> #include 
> 
> int main()
> {
> int algfd, reqfd;
> struct sockaddr_alg addr = {
> .salg_type = "aead",
> .salg_name = "rfc7539(chacha20,sha256)",
> };
> unsigned char buf[32] = { 0 };
> 
> algfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
> bind(algfd, (void *), sizeof(addr));
> setsockopt(algfd, SOL_ALG, ALG_SET_KEY, buf, sizeof(buf));
> reqfd = accept(algfd, 0, 0);
> write(reqfd, buf, 16);
> read(reqfd, buf, 16);
> }
> 
> Reported-by: syzbot 
> Fixes: 71ebc4d1b27d ("crypto: chacha20poly1305 - Add a ChaCha20-Poly1305 AEAD 
> construction, RFC7539")
> Cc:  # v4.2+
> Signed-off-by: Eric Biggers 

Patch applied.  Thanks.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt