• Jarod Wilson's avatar
    crypto: ccm - Fix handling of null assoc data · 516280e7
    Jarod Wilson authored
    Its a valid use case to have null associated data in a ccm vector, but
    this case isn't being handled properly right now.
    
    The following ccm decryption/verification test vector, using the
    rfc4309 implementation regularly triggers a panic, as will any
    other vector with null assoc data:
    
    * key: ab2f8a74b71cd2b1ff802e487d82f8b9
    * iv: c6fb7d800d13abd8a6b2d8
    * Associated Data: [NULL]
    * Tag Length: 8
    * input: d5e8939fc7892e2b
    
    The resulting panic looks like so:
    
    Unable to handle kernel paging request at ffff810064ddaec0 RIP: 
     [<ffffffff8864c4d7>] :ccm:get_data_to_compute+0x1a6/0x1d6
    PGD 8063 PUD 0 
    Oops: 0002 [1] SMP 
    last sysfs file: /module/libata/version
    CPU 0
    Modules linked in: crypto_tester_kmod(U) seqiv krng ansi_cprng chainiv rng ctr aes_generic aes_x86_64 ccm cryptomgr testmgr_cipher testmgr aead crypto_blkcipher crypto_a
    lgapi des ipv6 xfrm_nalgo crypto_api autofs4 hidp l2cap bluetooth nfs lockd fscache nfs_acl sunrpc ip_conntrack_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink xt_
    tcpudp iptable_filter ip_tables x_tables dm_mirror dm_log dm_multipath scsi_dh dm_mod video hwmon backlight sbs i2c_ec button battery asus_acpi acpi_memhotplug ac lp sg 
    snd_intel8x0 snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss joydev snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss ide_cd snd_pcm floppy parport_p
    c shpchp e752x_edac snd_timer e1000 i2c_i801 edac_mc snd soundcore snd_page_alloc i2c_core cdrom parport serio_raw pcspkr ata_piix libata sd_mod scsi_mod ext3 jbd uhci_h
    cd ohci_hcd ehci_hcd
    Pid: 12844, comm: crypto-tester Tainted: G      2.6.18-128.el5.fips1 #1
    RIP: 0010:[<ffffffff8864c4d7>]  [<ffffffff8864c4d7>] :ccm:get_data_to_compute+0x1a6/0x1d6
    RSP: 0018:ffff8100134434e8  EFLAGS: 00010246
    RAX: 0000000000000000 RBX: ffff8100104898b0 RCX: ffffffffab6aea10
    RDX: 0000000000000010 RSI: ffff8100104898c0 RDI: ffff810064ddaec0
    RBP: 0000000000000000 R08: ffff8100104898b0 R09: 0000000000000000
    R10: ffff8100103bac84 R11: ffff8100104898b0 R12: ffff810010489858
    R13: ffff8100104898b0 R14: ffff8100103bac00 R15: 0000000000000000
    FS:  00002ab881adfd30(0000) GS:ffffffff803ac000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
    CR2: ffff810064ddaec0 CR3: 0000000012a88000 CR4: 00000000000006e0
    Process crypto-tester (pid: 12844, threadinfo ffff810013442000, task ffff81003d165860)
    Stack:  ffff8100103bac00 ffff8100104898e8 ffff8100134436f8 ffffffff00000000
     0000000000000000 ffff8100104898b0 0000000000000000 ffff810010489858
     0000000000000000 ffff8100103bac00 ffff8100134436f8 ffffffff8864c634
    Call Trace:
     [<ffffffff8864c634>] :ccm:crypto_ccm_auth+0x12d/0x140
     [<ffffffff8864cf73>] :ccm:crypto_ccm_decrypt+0x161/0x23a
     [<ffffffff88633643>] :crypto_tester_kmod:cavs_test_rfc4309_ccm+0x4a5/0x559
    [...]
    
    The above is from a RHEL5-based kernel, but upstream is susceptible too.
    
    The fix is trivial: in crypto/ccm.c:crypto_ccm_auth(), pctx->ilen contains
    whatever was in memory when pctx was allocated if assoclen is 0. The tested
    fix is to simply add an else clause setting pctx->ilen to 0 for the
    assoclen == 0 case, so that get_data_to_compute() doesn't try doing
    things its not supposed to.
    Signed-off-by: default avatarJarod Wilson <jarod@redhat.com>
    Acked-by: default avatarNeil Horman <nhorman@tuxdriver.com>
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    516280e7
Name
Last commit
Last update
Documentation Loading commit data...
arch Loading commit data...
block Loading commit data...
crypto Loading commit data...
drivers Loading commit data...
firmware Loading commit data...
fs Loading commit data...
include Loading commit data...
init Loading commit data...
ipc Loading commit data...
kernel Loading commit data...
lib Loading commit data...
mm Loading commit data...
net Loading commit data...
samples Loading commit data...
scripts Loading commit data...
security Loading commit data...
sound Loading commit data...
usr Loading commit data...
virt/kvm Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
COPYING Loading commit data...
CREDITS Loading commit data...
Kbuild Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
README Loading commit data...
REPORTING-BUGS Loading commit data...