• Eric Biggers's avatar
    crypto: cts - fix crash on short inputs · 6b22de54
    Eric Biggers authored
    [It's a minimal fix for a bug that was fixed incidentally by a large
    refactoring in v4.8.]
    
    In the CTS template, when the input length is <= one block cipher block
    (e.g. <= 16 bytes for AES) pass the correct length to the underlying CBC
    transform rather than one block.  This matches the upstream behavior and
    makes the encryption/decryption operation correctly return -EINVAL when
    1 <= nbytes < bsize or succeed when nbytes == 0, rather than crashing.
    
    This was fixed upstream incidentally by a large refactoring,
    commit 0605c41c ("crypto: cts - Convert to skcipher").  But
    syzkaller easily trips over this when running on older kernels, as it's
    easily reachable via AF_ALG.  Therefore, this patch makes the minimal
    fix for older kernels.
    
    Cc: linux-crypto@vger.kernel.org
    Fixes: 76cb9521 ("[CRYPTO] cts: Add CTS mode required for Kerberos AES support")
    Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    6b22de54
cts.c 9.84 KB