OSDN Git Service

(root) / sagit-ice-cold / kernel_xiaomi_msm8998.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 04f4f73) | patch
crypto: x86/sha1 - Fix reads beyond the number of blocks passed
authormegha.dey@linux.intel.com <megha.dey@linux.intel.com>
Wed, 2 Aug 2017 20:49:09 +0000 (13:49 -0700)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 25 Aug 2017 00:02:35 +0000 (17:02 -0700)
commit4362533a04680de13acd3e6f5a16c3d81502f589
treeecfd9fa9a39e6bbd8bb9ea78906b646524386085tree | snapshot
parent04f4f73ffe9383921794b833346911bd1e19b228commit | diff
crypto: x86/sha1 - Fix reads beyond the number of blocks passed

commit 8861249c740fc4af9ddc5aee321eafefb960d7c6 upstream.

It was reported that the sha1 AVX2 function(sha1_transform_avx2) is
reading ahead beyond its intended data, and causing a crash if the next
block is beyond page boundary:
http://marc.info/?l=linux-crypto-vger&m=149373371023377

This patch makes sure that there is no overflow for any buffer length.

It passes the tests written by Jan Stancek that revealed this problem:
https://github.com/jstancek/sha1-avx2-crash

I have re-enabled sha1-avx2 by reverting commit
b82ce24426a4071da9529d726057e4e642948667

Fixes: b82ce24426a4 ("crypto: sha1-ssse3 - Disable avx2")
Originally-by: Ilya Albrekht <ilya.albrekht@intel.com>
Tested-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Megha Dey <megha.dey@linux.intel.com>
Reported-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
arch/x86/crypto/sha1_avx2_x86_64_asm.S diff | blob | history
arch/x86/crypto/sha1_ssse3_glue.c diff | blob | history
Mirror: https://github.com/0ranko0P/kernel_xiaomi_msm8998/
About OSDN
Find Software
Develop Software
Help