git.baikalelectronics.ru Git - kernel.git/commit

crypto: x86/sha1 - Fix reads beyond the number of blocks passed

It was reported that the sha1 AVX2 function(sha1_transform_avx2) is
reading ahead beyond its intended data, and causing a crash if the next
block is beyond page boundary:
http://marc.info/?l=linux-crypto-vger&m=149373371023377

This patch makes sure that there is no overflow for any buffer length.

It passes the tests written by Jan Stancek that revealed this problem:
https://github.com/jstancek/sha1-avx2-crash

I have re-enabled sha1-avx2 by reverting commit
8047d2c5f01308ae558cbcb19178c7b87c3fc1ae

Cc: <stable@vger.kernel.org>
Fixes: 8047d2c5f013 ("crypto: sha1-ssse3 - Disable avx2")
Originally-by: Ilya Albrekht <ilya.albrekht@intel.com>
Tested-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Megha Dey <megha.dey@linux.intel.com>
Reported-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

author	megha.dey@linux.intel.com <megha.dey@linux.intel.com>
	Wed, 2 Aug 2017 20:49:09 +0000 (13:49 -0700)
committer	Herbert Xu <herbert@gondor.apana.org.au>
	Wed, 9 Aug 2017 12:01:37 +0000 (20:01 +0800)
commit	e8e9840c488b38f4f35863e0e457e50298dd2570
tree	1c79fc822f74626f9a8dbf80b17c93a8d3b59801	tree \| snapshot
parent	88e36209743f0a01ec218e260fcb4d2684089031	commit \| diff

arch/x86/crypto/sha1_avx2_x86_64_asm.S		diff \| blob \| history
arch/x86/crypto/sha1_ssse3_glue.c		diff \| blob \| history