releases/4.19.103/dm-crypt-fix-benbi-iv-constructor-crash-if-used-in-authenticated-mode.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 4ea9471fbd1addb25a4d269991dc724e200ca5b5 Mon Sep 17 00:00:00 2001
 From: Milan Broz <gmazyland@gmail.com>
 Date: Mon, 6 Jan 2020 10:11:47 +0100
 Subject: dm crypt: fix benbi IV constructor crash if used in authenticated mode

 From: Milan Broz <gmazyland@gmail.com>

 commit 4ea9471fbd1addb25a4d269991dc724e200ca5b5 upstream.

 If benbi IV is used in AEAD construction, for example:
   cryptsetup luksFormat <device> --cipher twofish-xts-benbi --key-size 512 --integrity=hmac-sha256
 the constructor uses wrong skcipher function and crashes:

  BUG: kernel NULL pointer dereference, address: 00000014
  ...
  EIP: crypt_iv_benbi_ctr+0x15/0x70 [dm_crypt]
  Call Trace:
   ? crypt_subkey_size+0x20/0x20 [dm_crypt]
   crypt_ctr+0x567/0xfc0 [dm_crypt]
   dm_table_add_target+0x15f/0x340 [dm_mod]

 Fix this by properly using crypt_aead_blocksize() in this case.

 Fixes: ef43aa38063a6 ("dm crypt: add cryptographic data integrity protection (authenticated encryption)")
 Cc: stable@vger.kernel.org # v4.12+
 Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941051
 Reported-by: Jerad Simpson <jbsimpson@gmail.com>
 Signed-off-by: Milan Broz <gmazyland@gmail.com>
 Signed-off-by: Mike Snitzer <snitzer@redhat.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 ---
  drivers/md/dm-crypt.c |   10 ++++++++--
  1 file changed, 8 insertions(+), 2 deletions(-)

 --- a/drivers/md/dm-crypt.c
 +++ b/drivers/md/dm-crypt.c
 @@ -482,8 +482,14 @@ static int crypt_iv_essiv_gen(struct cry
  static int crypt_iv_benbi_ctr(struct crypt_config *cc, struct dm_target *ti,
  			      const char *opts)
  {
 -	unsigned bs = crypto_skcipher_blocksize(any_tfm(cc));
 -	int log = ilog2(bs);
 +	unsigned bs;
 +	int log;
 +
 +	if (test_bit(CRYPT_MODE_INTEGRITY_AEAD, &cc->cipher_flags))
 +		bs = crypto_aead_blocksize(any_tfm_aead(cc));
 +	else
 +		bs = crypto_skcipher_blocksize(any_tfm(cc));
 +	log = ilog2(bs);

  	/* we need to calculate how far we must shift the sector count
  	 * to get the cipher block count, we use this shift in _gen */
	From 4ea9471fbd1addb25a4d269991dc724e200ca5b5 Mon Sep 17 00:00:00 2001
	From: Milan Broz <gmazyland@gmail.com>
	Date: Mon, 6 Jan 2020 10:11:47 +0100
	Subject: dm crypt: fix benbi IV constructor crash if used in authenticated mode

	From: Milan Broz <gmazyland@gmail.com>

	commit 4ea9471fbd1addb25a4d269991dc724e200ca5b5 upstream.

	If benbi IV is used in AEAD construction, for example:
	cryptsetup luksFormat <device> --cipher twofish-xts-benbi --key-size 512 --integrity=hmac-sha256
	the constructor uses wrong skcipher function and crashes:

	BUG: kernel NULL pointer dereference, address: 00000014
	...
	EIP: crypt_iv_benbi_ctr+0x15/0x70 [dm_crypt]
	Call Trace:
	? crypt_subkey_size+0x20/0x20 [dm_crypt]
	crypt_ctr+0x567/0xfc0 [dm_crypt]
	dm_table_add_target+0x15f/0x340 [dm_mod]

	Fix this by properly using crypt_aead_blocksize() in this case.

	Fixes: ef43aa38063a6 ("dm crypt: add cryptographic data integrity protection (authenticated encryption)")
	Cc: stable@vger.kernel.org # v4.12+
	Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941051
	Reported-by: Jerad Simpson <jbsimpson@gmail.com>
	Signed-off-by: Milan Broz <gmazyland@gmail.com>
	Signed-off-by: Mike Snitzer <snitzer@redhat.com>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

	---
	drivers/md/dm-crypt.c \| 10 ++++++++--
	1 file changed, 8 insertions(+), 2 deletions(-)

	--- a/drivers/md/dm-crypt.c
	+++ b/drivers/md/dm-crypt.c
	@@ -482,8 +482,14 @@ static int crypt_iv_essiv_gen(struct cry
	static int crypt_iv_benbi_ctr(struct crypt_config cc, struct dm_target ti,
	const char *opts)
	{
	- unsigned bs = crypto_skcipher_blocksize(any_tfm(cc));
	- int log = ilog2(bs);
	+ unsigned bs;
	+ int log;
	+
	+ if (test_bit(CRYPT_MODE_INTEGRITY_AEAD, &cc->cipher_flags))
	+ bs = crypto_aead_blocksize(any_tfm_aead(cc));
	+ else
	+ bs = crypto_skcipher_blocksize(any_tfm(cc));
	+ log = ilog2(bs);

	/* we need to calculate how far we must shift the sector count
	* to get the cipher block count, we use this shift in _gen */