linux/arch/arm64/crypto
Ard Biesheuvel 1c0cf6d196 crypto: arm64/neonbs - fix out-of-bounds access on short input
The bit-sliced implementation of AES-CTR operates on blocks of 128
bytes, and will fall back to the plain NEON version for tail blocks or
inputs that are shorter than 128 bytes to begin with.

It will call straight into the plain NEON asm helper, which performs all
memory accesses in granules of 16 bytes (the size of a NEON register).
For this reason, the associated plain NEON glue code will copy inputs
shorter than 16 bytes into a temporary buffer, given that this is a rare
occurrence and it is not worth the effort to work around this in the asm
code.

The fallback from the bit-sliced NEON version fails to take this into
account, potentially resulting in out-of-bounds accesses. So clone the
same workaround, and use a temp buffer for short in/outputs.

Fixes: fc074e1300 ("crypto: arm64/aes-neonbs-ctr - fallback to plain NEON for final chunk")
Cc: <stable@vger.kernel.org>
Reported-by: syzbot+f1ceaa1a09ab891e1934@syzkaller.appspotmail.com
Reviewed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2024-02-24 08:37:24 +08:00
..
.gitignore SPDX patches for 5.7-rc1. 2020-04-03 13:12:26 -07:00
aes-ce-ccm-core.S crypto: arm64/aes-ccm - avoid by-ref argument for ce_aes_ccm_auth_data 2021-09-17 11:05:11 +08:00
aes-ce-ccm-glue.c crypto: arm64/aes-ccm - Rewrite skcipher walker loop 2023-02-10 17:20:19 +08:00
aes-ce-core.S crypto: arm64 - Use modern annotations for assembly functions 2019-12-20 14:58:35 +08:00
aes-ce-glue.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
aes-ce-setkey.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
aes-ce.S arm64: crypto: Modernize names for AES function macros 2020-03-09 17:35:04 +00:00
aes-cipher-core.S crypto: arm64 - Use modern annotations for assembly functions 2019-12-20 14:58:35 +08:00
aes-cipher-glue.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
aes-glue-ce.c crypto: arm64/aes - remove Makefile hack 2023-08-11 19:19:27 +08:00
aes-glue-neon.c crypto: arm64/aes - remove Makefile hack 2023-08-11 19:19:27 +08:00
aes-glue.c crypto: arm64/aes-xctr - Improve readability of XCTR and CTR modes 2022-06-10 16:40:17 +08:00
aes-modes.S crypto: arm64/aes-modes - use frame_push/pop macros consistently 2022-12-09 18:45:00 +08:00
aes-neon.S crypto: arm64/aes-neon - Fix typo in comment 2022-06-30 15:56:57 +08:00
aes-neonbs-core.S crypto: arm64/aes-neonbs - fix crash with CFI enabled 2023-03-14 17:06:44 +08:00
aes-neonbs-glue.c crypto: arm64/neonbs - fix out-of-bounds access on short input 2024-02-24 08:37:24 +08:00
chacha-neon-core.S crypto: arm64/chacha - simplify tail block handling 2020-11-13 20:38:55 +11:00
chacha-neon-glue.c crypto: arch/lib - limit simd usage to 4k chunks 2020-04-30 15:16:59 +10:00
crct10dif-ce-core.S crypto: arm64/crct10dif - use frame_push/pop macros consistently 2022-12-09 18:45:00 +08:00
crct10dif-ce-glue.c crypto: arm64/crc-t10dif - move NEON yield to C code 2021-02-10 17:55:58 +11:00
ghash-ce-core.S crypto: arm64/ghash-ce - use frame_push/pop macros consistently 2022-12-09 18:45:00 +08:00
ghash-ce-glue.c crypto: arm64/gcm - add RFC4106 support 2023-01-20 18:29:31 +08:00
Kconfig crypto: arm64/sm4 - Remove cfb(sm4) 2023-12-08 11:59:45 +08:00
Makefile crypto: arm64/aes - remove Makefile hack 2023-08-11 19:19:27 +08:00
nh-neon-core.S crypto: arm64/nhpoly1305 - eliminate unnecessary CFI wrapper 2022-11-25 17:39:19 +08:00
nhpoly1305-neon-glue.c crypto: arm64/nhpoly1305 - implement ->digest 2023-10-20 13:39:25 +08:00
poly1305-armv8.pl crypto: arm64/poly1305-neon - reorder PAC authentication with SP update 2020-11-06 14:29:11 +11:00
poly1305-glue.c crypto: arm64/poly1305 - fix a read out-of-bound 2022-07-29 18:29:17 +08:00
polyval-ce-core.S crypto: arm64/polyval - Add PMULL accelerated implementation of POLYVAL 2022-06-10 16:40:18 +08:00
polyval-ce-glue.c crypto: arm64/polyval - Add PMULL accelerated implementation of POLYVAL 2022-06-10 16:40:18 +08:00
sha1-ce-core.S crypto: arm64/sha1-ce - clean up backwards function names 2023-10-20 13:39:25 +08:00
sha1-ce-glue.c crypto: arm64/sha1-ce - clean up backwards function names 2023-10-20 13:39:25 +08:00
sha2-ce-core.S crypto: arm64/sha2-ce - clean up backwards function names 2023-10-20 13:39:25 +08:00
sha2-ce-glue.c crypto: arm64/sha2-ce - clean up backwards function names 2023-10-20 13:39:25 +08:00
sha3-ce-core.S arm64: fpsimd: run kernel mode NEON with softirqs disabled 2021-04-12 11:55:34 +01:00
sha3-ce-glue.c crypto: arm64 - cleanup comments 2022-03-09 15:12:32 +12:00
sha256-glue.c crypto: arm64/sha256 - clean up backwards function names 2023-10-20 13:39:26 +08:00
sha512-armv8.pl crypto: arm64 - cleanup comments 2022-03-09 15:12:32 +12:00
sha512-ce-core.S crypto: arm64/sha512-ce - clean up backwards function names 2023-10-20 13:39:25 +08:00
sha512-ce-glue.c crypto: arm64/sha512-ce - clean up backwards function names 2023-10-20 13:39:25 +08:00
sha512-glue.c crypto: arm64/sha512 - clean up backwards function names 2023-10-20 13:39:26 +08:00
sm3-ce-core.S arm64: Add types to indirect called assembly functions 2022-09-26 10:13:13 -07:00
sm3-ce-glue.c crypto: arm64/sm3 - raise the priority of the CE implementation 2022-11-04 17:33:22 +08:00
sm3-neon-core.S crypto: arm64/sm3 - fix possible crash with CFI enabled 2022-11-25 17:39:19 +08:00
sm3-neon-glue.c crypto: arm64/sm3 - add NEON assembly implementation 2022-11-04 17:34:21 +08:00
sm4-ce-asm.h crypto: arm64/sm4 - refactor and simplify CE implementation 2022-11-04 17:34:31 +08:00
sm4-ce-ccm-core.S crypto: arm64/sm4 - fix possible crash with CFI enabled 2022-12-30 17:57:42 +08:00
sm4-ce-ccm-glue.c crypto: arm64/sm4-ccm - Rewrite skcipher walker loop 2023-02-10 17:20:19 +08:00
sm4-ce-cipher-core.S crypto: arm64/sm4-ce - rename to sm4-ce-cipher 2022-04-08 16:12:47 +08:00
sm4-ce-cipher-glue.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
sm4-ce-core.S crypto: arm64/sm4 - Remove cfb(sm4) 2023-12-08 11:59:45 +08:00
sm4-ce-gcm-core.S crypto: arm64/sm4 - fix possible crash with CFI enabled 2022-12-30 17:57:42 +08:00
sm4-ce-gcm-glue.c crypto: arm64/sm4-gcm - Fix possible crash in GCM cryption 2023-02-10 17:20:19 +08:00
sm4-ce-glue.c crypto: arm64/sm4 - Remove cfb(sm4) 2023-12-08 11:59:45 +08:00
sm4-ce.h crypto: arm64/sm4 - Remove cfb(sm4) 2023-12-08 11:59:45 +08:00
sm4-neon-core.S crypto: arm64/sm4 - Remove cfb(sm4) 2023-12-08 11:59:45 +08:00
sm4-neon-glue.c crypto: arm64/sm4 - Remove cfb(sm4) 2023-12-08 11:59:45 +08:00