This push contains the following changes:

- Enforce rx socket buffer limit in af_alg.
 - Fix array overflow in af_alg_pull_tsgl.
 - Fix out-of-bounds access when parsing extensions in X.509.
 - Fix minimum rx size check in algif_aead.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEn51F/lCuNhUwmDeSxycdCkmxi6cFAmnbMEoACgkQxycdCkmx
 i6dfGhAAv9CfsRzOYAxDkfjiTm34qHJAWXluICDSkHzbATXIUldRSeArI0Y5aNij
 TPtYr/8gFX+WScIWIoaFtJJKdQodcy44Mn3YoUluaVHzsifOGhJPM/wGjq8q+kpp
 9jAZdAmF4EPL6mM787NZZfHtX6K9eJJ1OWs1XQREjZqJxBmBDltCUjHf1yYm4TUU
 ZKuEducqd9b/NGcIEOzsTkT5bo7HNj7kfjiY2AvXX55K0C2GIkmm8FLl9SQ5RBwJ
 8xpY/x8AKf37JjSuk+m07NP5unvfz50sG9m+Wl4VYMPuKDDT6YHTW/cdu+nZdOHd
 NAQm2+4hRabUsIzIWDA2iv0FhJMc8l79gnfVjXkRFBm1XDg2T+53FCAGP/s7UCa0
 DGnpEBlq61Cm4yOsXfmoo4irnSHpUZfSwNdxMMhFjdbv78WU3NAIkM26kZeBcxRJ
 7p9fh6+8Y09rPkbf8LRKX7ZpV1EWW01FNmVlzRGQfyc60tSAwAWcyuxNnqNmBK/k
 ssQlMcD4CIcNxVYGWWQaE0I6dxmJGMNQLKkANhjGjMZvGePnZb16XpDKjFNWUOt1
 BLoE4yohwSes5EUBE2mt7w1VcLsnZTePbH3DqeL8zZkBIza6NhBE96Z/JdCpvFFf
 157BBFPJ7/hy6pQwK9BpsPFT82gtSo2Y8plwJ30MvaS3sEv9sjg=
 =7lhB
 -----END PGP SIGNATURE-----

Merge tag 'v7.0-p5' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

Pull crypto fixes from Herbert Xu:

 - Enforce rx socket buffer limit in af_alg

 - Fix array overflow in af_alg_pull_tsgl

 - Fix out-of-bounds access when parsing extensions in X.509

 - Fix minimum rx size check in algif_aead

* tag 'v7.0-p5' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  crypto: algif_aead - Fix minimum RX size check for decryption
  X.509: Fix out-of-bounds access when parsing extensions
  crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
  crypto: af_alg - limit RX SG extraction by receive buffer budget

crypto/af_alg.c

@@ -705,8 +705,8 @@ void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst)
 			 * Assumption: caller created af_alg_count_tsgl(len)
 			 * SG entries in dst.
 			 */
-			if (dst) {
-				/* reassign page to dst after offset */
+			if (dst && plen) {
+				/* reassign page to dst */
 				get_page(page);
 				sg_set_page(dst + j, page, plen, sg[i].offset);
 				j++;
@@ -1229,6 +1229,8 @@ int af_alg_get_rsgl(struct sock *sk, struct msghdr *msg, int flags,
 
 		seglen = min_t(size_t, (maxsize - len),
 			       msg_data_left(msg));
+		/* Never pin more pages than the remaining RX accounting budget. */
+		seglen = min_t(size_t, seglen, af_alg_rcvbuf(sk));
 
 		if (list_empty(&areq->rsgl_list)) {
 			rsgl = &areq->first_rsgl;

crypto/algif_aead.c

@@ -144,7 +144,7 @@ static int _aead_recvmsg(struct socket *sock, struct msghdr *msg,
 	if (usedpages < outlen) {
 		size_t less = outlen - usedpages;
 
-		if (used < less) {
+		if (used < less + (ctx->enc ? 0 : as)) {
 			err = -EINVAL;
 			goto free;
 		}

crypto/algif_skcipher.c

@@ -130,6 +130,11 @@ static int _skcipher_recvmsg(struct socket *sock, struct msghdr *msg,
 	 * full block size buffers.
 	 */
 	if (ctx->more || len < ctx->used) {
+		if (len < bs) {
+			err = -EINVAL;
+			goto free;
+		}
+
 		len -= len % bs;
 		cflags |= CRYPTO_SKCIPHER_REQ_NOTFINAL;
 	}

crypto/asymmetric_keys/x509_cert_parser.c

@@ -609,10 +609,10 @@ int x509_process_extension(void *context, size_t hdrlen,
 		 *   0x04 is where keyCertSign lands in this bit string
 		 *   0x80 is where digitalSignature lands in this bit string
 		 */
-		if (v[0] != ASN1_BTS)
-			return -EBADMSG;
 		if (vlen < 4)
 			return -EBADMSG;
+		if (v[0] != ASN1_BTS)
+			return -EBADMSG;
 		if (v[2] >= 8)
 			return -EBADMSG;
 		if (v[3] & 0x80)
@@ -645,10 +645,10 @@ int x509_process_extension(void *context, size_t hdrlen,
 		 *	(Expect 0xFF if the CA is TRUE)
 		 * vlen should match the entire extension size
 		 */
-		if (v[0] != (ASN1_CONS_BIT | ASN1_SEQ))
-			return -EBADMSG;
 		if (vlen < 2)
 			return -EBADMSG;
+		if (v[0] != (ASN1_CONS_BIT | ASN1_SEQ))
+			return -EBADMSG;
 		if (v[1] != vlen - 2)
 			return -EBADMSG;
 		/* Empty SEQUENCE means CA:FALSE (default value omitted per DER) */