Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-12-29 17:25:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux-2.6.27.y
linux-stable/crypto
History
Jarod Wilson f2c89cc2a9 crypto: ccm - Fix handling of null assoc data 
commit 516280e735 upstream.

Its a valid use case to have null associated data in a ccm vector, but
this case isn't being handled properly right now.

The following ccm decryption/verification test vector, using the
rfc4309 implementation regularly triggers a panic, as will any
other vector with null assoc data:

* key: ab2f8a74b71cd2b1ff802e487d82f8b9
* iv: c6fb7d800d13abd8a6b2d8
* Associated Data: [NULL]
* Tag Length: 8
* input: d5e8939fc7892e2b

The resulting panic looks like so:

Unable to handle kernel paging request at ffff810064ddaec0 RIP:
 [<ffffffff8864c4d7>] :ccm:get_data_to_compute+0x1a6/0x1d6
PGD 8063 PUD 0
Oops: 0002 [1] SMP
last sysfs file: /module/libata/version
CPU 0
Modules linked in: crypto_tester_kmod(U) seqiv krng ansi_cprng chainiv rng ctr aes_generic aes_x86_64 ccm cryptomgr testmgr_cipher testmgr aead crypto_blkcipher crypto_a
lgapi des ipv6 xfrm_nalgo crypto_api autofs4 hidp l2cap bluetooth nfs lockd fscache nfs_acl sunrpc ip_conntrack_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink xt_
tcpudp iptable_filter ip_tables x_tables dm_mirror dm_log dm_multipath scsi_dh dm_mod video hwmon backlight sbs i2c_ec button battery asus_acpi acpi_memhotplug ac lp sg
snd_intel8x0 snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss joydev snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss ide_cd snd_pcm floppy parport_p
c shpchp e752x_edac snd_timer e1000 i2c_i801 edac_mc snd soundcore snd_page_alloc i2c_core cdrom parport serio_raw pcspkr ata_piix libata sd_mod scsi_mod ext3 jbd uhci_h
cd ohci_hcd ehci_hcd
Pid: 12844, comm: crypto-tester Tainted: G      2.6.18-128.el5.fips1 #1
RIP: 0010:[<ffffffff8864c4d7>]  [<ffffffff8864c4d7>] :ccm:get_data_to_compute+0x1a6/0x1d6
RSP: 0018:ffff8100134434e8  EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff8100104898b0 RCX: ffffffffab6aea10
RDX: 0000000000000010 RSI: ffff8100104898c0 RDI: ffff810064ddaec0
RBP: 0000000000000000 R08: ffff8100104898b0 R09: 0000000000000000
R10: ffff8100103bac84 R11: ffff8100104898b0 R12: ffff810010489858
R13: ffff8100104898b0 R14: ffff8100103bac00 R15: 0000000000000000
FS:  00002ab881adfd30(0000) GS:ffffffff803ac000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: ffff810064ddaec0 CR3: 0000000012a88000 CR4: 00000000000006e0
Process crypto-tester (pid: 12844, threadinfo ffff810013442000, task ffff81003d165860)
Stack:  ffff8100103bac00 ffff8100104898e8 ffff8100134436f8 ffffffff00000000
 0000000000000000 ffff8100104898b0 0000000000000000 ffff810010489858
 0000000000000000 ffff8100103bac00 ffff8100134436f8 ffffffff8864c634
Call Trace:
 [<ffffffff8864c634>] :ccm:crypto_ccm_auth+0x12d/0x140
 [<ffffffff8864cf73>] :ccm:crypto_ccm_decrypt+0x161/0x23a
 [<ffffffff88633643>] :crypto_tester_kmod:cavs_test_rfc4309_ccm+0x4a5/0x559
[...]

The above is from a RHEL5-based kernel, but upstream is susceptible too.

The fix is trivial: in crypto/ccm.c:crypto_ccm_auth(), pctx->ilen contains
whatever was in memory when pctx was allocated if assoclen is 0. The tested
fix is to simply add an else clause setting pctx->ilen to 0 for the
assoclen == 0 case, so that get_data_to_compute() doesn't try doing
things its not supposed to.

Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-02-02 08:28:13 -08:00
..
async_tx async_xor: dma_map destination DMA_BIDIRECTIONAL 2009-01-14 09:44:03 -08:00
ablkcipher.c [CRYPTO] skcipher: Move chainiv/seqiv into crypto_blkcipher module 2008-02-23 11:12:06 +08:00
aead.c [CRYPTO] api: Show async type 2008-01-11 08:16:56 +11:00
aes_generic.c [CRYPTO] aes: Export generic setkey 2008-04-21 10:19:34 +08:00
ahash.c crypto: hash - Added scatter list walking helper 2008-07-10 20:35:18 +08:00
algapi.c [CRYPTO] api: Add crypto_attr_alg_name 2008-01-11 08:16:40 +11:00
anubis.c [CRYPTO] all: Clean up init()/fini() 2008-04-21 10:19:34 +08:00
api.c [CRYPTO] hash: Add asynchronous hash support 2008-07-10 20:35:13 +08:00
arc4.c [CRYPTO] api: Get rid of flags argument to setkey 2006-09-21 11:41:02 +10:00
authenc.c crypto: authenc - Fix zero-length IV crash 2009-02-02 08:28:12 -08:00
blkcipher.c [CRYPTO] skcipher: Move chainiv/seqiv into crypto_blkcipher module 2008-02-23 11:12:06 +08:00
blowfish.c [CRYPTO] all: Clean up init()/fini() 2008-04-21 10:19:34 +08:00
camellia.c Revert "crypto: camellia - Use kernel-provided bitops, unaligned access helpers" 2008-09-08 14:29:54 +10:00
cast5.c [CRYPTO] all: Clean up init()/fini() 2008-04-21 10:19:34 +08:00
cast6.c [CRYPTO] all: Clean up init()/fini() 2008-04-21 10:19:34 +08:00
cbc.c Convert ERR_PTR(PTR_ERR(p)) instances to ERR_CAST(p) 2008-02-07 08:42:26 -08:00
ccm.c crypto: ccm - Fix handling of null assoc data 2009-02-02 08:28:13 -08:00
chainiv.c crypto: chainiv - Invoke completion function 2008-07-10 20:34:38 +08:00
cipher.c [CRYPTO] api: Add missing headers for setkey_unaligned 2007-10-10 16:55:40 -07:00
compress.c cleanup asm/scatterlist.h includes 2007-11-02 08:47:06 +01:00
crc32c.c crypto: crc32c - Add ahash implementation 2008-07-10 20:35:18 +08:00
cryptd.c crypto: hash - Move ahash functions into crypto/hash.h 2008-07-10 20:35:18 +08:00
crypto_null.c [CRYPTO] all: Clean up init()/fini() 2008-04-21 10:19:34 +08:00
cryptomgr.c [CRYPTO] cryptomgr: Fix parsing of recursive algorithms 2007-10-10 16:55:45 -07:00
ctr.c [CRYPTO] seqiv: Add Sequence Number IV Generator 2008-01-11 08:16:48 +11:00
cts.c [CRYPTO] cts: Init SG tables 2008-06-02 15:46:51 +10:00
deflate.c [CRYPTO] all: Clean up init()/fini() 2008-04-21 10:19:34 +08:00
des_generic.c [CRYPTO] all: Clean up init()/fini() 2008-04-21 10:19:34 +08:00
digest.c crypto: hash - Fix digest size check for digest type 2008-08-13 20:08:38 +10:00
ecb.c Convert ERR_PTR(PTR_ERR(p)) instances to ERR_CAST(p) 2008-02-07 08:42:26 -08:00
eseqiv.c [CRYPTO] eseqiv: Fix off-by-one encryption 2008-05-01 18:22:28 +08:00
fcrypt.c [CRYPTO] all: Clean up init()/fini() 2008-04-21 10:19:34 +08:00
gcm.c [CRYPTO] gcm: Introduce rfc4106 2008-01-11 08:16:56 +11:00
gf128mul.c [CRYPTO] xts: XTS blockcipher mode implementation without partial blocks 2007-10-10 16:55:45 -07:00
hash.c crypto: hash - Move ahash functions into crypto/hash.h 2008-07-10 20:35:18 +08:00
hmac.c crypto: hash - Fixed digest size check 2008-07-10 20:35:17 +08:00
internal.h [CRYPTO] hash: Add asynchronous hash support 2008-07-10 20:35:13 +08:00
Kconfig Revert crypto: prng - Deterministic CPRNG 2008-07-15 23:46:24 +08:00
khazad.c [CRYPTO] all: Clean up init()/fini() 2008-04-21 10:19:34 +08:00
lrw.c [CRYPTO] lrw: Replace all adds to big endians variables with be*_add_cpu 2008-04-21 10:19:22 +08:00
lzo.c [CRYPTO] all: Clean up init()/fini() 2008-04-21 10:19:34 +08:00
Makefile Revert crypto: prng - Deterministic CPRNG 2008-07-15 23:46:24 +08:00
md4.c [CRYPTO] all: Clean up init()/fini() 2008-04-21 10:19:34 +08:00
md5.c [CRYPTO] all: Clean up init()/fini() 2008-04-21 10:19:34 +08:00
michael_mic.c [PATCH] Update my email address from jkmaline@cc.hut.fi to j@w1.fi 2007-04-28 11:01:01 -04:00
pcbc.c Convert ERR_PTR(PTR_ERR(p)) instances to ERR_CAST(p) 2008-02-07 08:42:26 -08:00
proc.c [CRYPTO] api: Constify function pointer tables 2008-04-21 10:19:22 +08:00
ripemd.h [CRYPTO] ripemd: Put all common RIPEMD values in header file 2008-07-10 20:35:12 +08:00
rmd128.c crypto: rmd128 - sparse annotations 2008-07-10 20:35:17 +08:00
rmd160.c crypto: rmd - sparse annotations 2008-07-10 20:35:17 +08:00
rmd256.c crypto: rmd - sparse annotations 2008-07-10 20:35:17 +08:00
rmd320.c crypto: rmd - sparse annotations 2008-07-10 20:35:17 +08:00
salsa20_generic.c [CRYPTO] all: Clean up init()/fini() 2008-04-21 10:19:34 +08:00
scatterwalk.c [CRYPTO] scatterwalk: Handle zero nbytes in scatterwalk_map_and_copy 2008-01-11 08:16:54 +11:00
seed.c [CRYPTO] seed: New cipher algorithm 2007-10-10 16:55:38 -07:00
seqiv.c [CRYPTO] seqiv: Add AEAD support 2008-01-11 08:16:52 +11:00
serpent.c [CRYPTO] all: Clean up init()/fini() 2008-04-21 10:19:34 +08:00
sha1_generic.c [CRYPTO] all: Clean up init()/fini() 2008-04-21 10:19:34 +08:00
sha256_generic.c [CRYPTO] all: Clean up init()/fini() 2008-04-21 10:19:34 +08:00
sha512_generic.c [CRYPTO] all: Clean up init()/fini() 2008-04-21 10:19:34 +08:00
tcrypt.c crypto: tcrypt - Fix AEAD chunk testing 2008-08-13 20:08:36 +10:00
tcrypt.h [CRYPTO] tcrypt: Add self test for des3_ebe cipher operating in cbc mode 2008-07-10 20:35:16 +08:00
tea.c [CRYPTO] all: Clean up init()/fini() 2008-04-21 10:19:34 +08:00
tgr192.c [CRYPTO] all: Clean up init()/fini() 2008-04-21 10:19:34 +08:00
twofish_common.c [CRYPTO] twofish: Do not unroll big stuff in twofish key setup 2008-01-11 08:16:06 +11:00
twofish.c [CRYPTO] all: Clean up init()/fini() 2008-04-21 10:19:34 +08:00
wp512.c [CRYPTO] all: Clean up init()/fini() 2008-04-21 10:19:34 +08:00
xcbc.c [CRYPTO] xcbc: Fix crash when ipsec uses xcbc-mac with big data chunk 2008-04-02 14:36:09 +08:00
xor.c async_tx: add the async_tx api 2007-07-13 08:06:14 -07:00
xts.c [CRYPTO] xts: Use proper alignment 2008-03-06 18:56:19 +08:00