]>
Commit | Line | Data |
---|---|---|
5861a31d GKH |
1 | From 516280e735b034216de97eb7ba080ec6acbfc58f Mon Sep 17 00:00:00 2001 |
2 | From: Jarod Wilson <jarod@redhat.com> | |
3 | Date: Thu, 22 Jan 2009 19:58:15 +1100 | |
4 | Subject: crypto: ccm - Fix handling of null assoc data | |
5 | ||
6 | From: Jarod Wilson <jarod@redhat.com> | |
7 | ||
8 | commit 516280e735b034216de97eb7ba080ec6acbfc58f upstream. | |
9 | ||
10 | Its a valid use case to have null associated data in a ccm vector, but | |
11 | this case isn't being handled properly right now. | |
12 | ||
13 | The following ccm decryption/verification test vector, using the | |
14 | rfc4309 implementation regularly triggers a panic, as will any | |
15 | other vector with null assoc data: | |
16 | ||
17 | * key: ab2f8a74b71cd2b1ff802e487d82f8b9 | |
18 | * iv: c6fb7d800d13abd8a6b2d8 | |
19 | * Associated Data: [NULL] | |
20 | * Tag Length: 8 | |
21 | * input: d5e8939fc7892e2b | |
22 | ||
23 | The resulting panic looks like so: | |
24 | ||
25 | Unable to handle kernel paging request at ffff810064ddaec0 RIP: | |
26 | [<ffffffff8864c4d7>] :ccm:get_data_to_compute+0x1a6/0x1d6 | |
27 | PGD 8063 PUD 0 | |
28 | Oops: 0002 [1] SMP | |
29 | last sysfs file: /module/libata/version | |
30 | CPU 0 | |
31 | Modules linked in: crypto_tester_kmod(U) seqiv krng ansi_cprng chainiv rng ctr aes_generic aes_x86_64 ccm cryptomgr testmgr_cipher testmgr aead crypto_blkcipher crypto_a | |
32 | lgapi des ipv6 xfrm_nalgo crypto_api autofs4 hidp l2cap bluetooth nfs lockd fscache nfs_acl sunrpc ip_conntrack_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink xt_ | |
33 | tcpudp iptable_filter ip_tables x_tables dm_mirror dm_log dm_multipath scsi_dh dm_mod video hwmon backlight sbs i2c_ec button battery asus_acpi acpi_memhotplug ac lp sg | |
34 | snd_intel8x0 snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss joydev snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss ide_cd snd_pcm floppy parport_p | |
35 | c shpchp e752x_edac snd_timer e1000 i2c_i801 edac_mc snd soundcore snd_page_alloc i2c_core cdrom parport serio_raw pcspkr ata_piix libata sd_mod scsi_mod ext3 jbd uhci_h | |
36 | cd ohci_hcd ehci_hcd | |
37 | Pid: 12844, comm: crypto-tester Tainted: G 2.6.18-128.el5.fips1 #1 | |
38 | RIP: 0010:[<ffffffff8864c4d7>] [<ffffffff8864c4d7>] :ccm:get_data_to_compute+0x1a6/0x1d6 | |
39 | RSP: 0018:ffff8100134434e8 EFLAGS: 00010246 | |
40 | RAX: 0000000000000000 RBX: ffff8100104898b0 RCX: ffffffffab6aea10 | |
41 | RDX: 0000000000000010 RSI: ffff8100104898c0 RDI: ffff810064ddaec0 | |
42 | RBP: 0000000000000000 R08: ffff8100104898b0 R09: 0000000000000000 | |
43 | R10: ffff8100103bac84 R11: ffff8100104898b0 R12: ffff810010489858 | |
44 | R13: ffff8100104898b0 R14: ffff8100103bac00 R15: 0000000000000000 | |
45 | FS: 00002ab881adfd30(0000) GS:ffffffff803ac000(0000) knlGS:0000000000000000 | |
46 | CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b | |
47 | CR2: ffff810064ddaec0 CR3: 0000000012a88000 CR4: 00000000000006e0 | |
48 | Process crypto-tester (pid: 12844, threadinfo ffff810013442000, task ffff81003d165860) | |
49 | Stack: ffff8100103bac00 ffff8100104898e8 ffff8100134436f8 ffffffff00000000 | |
50 | 0000000000000000 ffff8100104898b0 0000000000000000 ffff810010489858 | |
51 | 0000000000000000 ffff8100103bac00 ffff8100134436f8 ffffffff8864c634 | |
52 | Call Trace: | |
53 | [<ffffffff8864c634>] :ccm:crypto_ccm_auth+0x12d/0x140 | |
54 | [<ffffffff8864cf73>] :ccm:crypto_ccm_decrypt+0x161/0x23a | |
55 | [<ffffffff88633643>] :crypto_tester_kmod:cavs_test_rfc4309_ccm+0x4a5/0x559 | |
56 | [...] | |
57 | ||
58 | The above is from a RHEL5-based kernel, but upstream is susceptible too. | |
59 | ||
60 | The fix is trivial: in crypto/ccm.c:crypto_ccm_auth(), pctx->ilen contains | |
61 | whatever was in memory when pctx was allocated if assoclen is 0. The tested | |
62 | fix is to simply add an else clause setting pctx->ilen to 0 for the | |
63 | assoclen == 0 case, so that get_data_to_compute() doesn't try doing | |
64 | things its not supposed to. | |
65 | ||
66 | Signed-off-by: Jarod Wilson <jarod@redhat.com> | |
67 | Acked-by: Neil Horman <nhorman@tuxdriver.com> | |
68 | Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | |
69 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
70 | ||
71 | --- | |
72 | crypto/ccm.c | 2 ++ | |
73 | 1 file changed, 2 insertions(+) | |
74 | ||
75 | --- a/crypto/ccm.c | |
76 | +++ b/crypto/ccm.c | |
77 | @@ -266,6 +266,8 @@ static int crypto_ccm_auth(struct aead_r | |
78 | if (assoclen) { | |
79 | pctx->ilen = format_adata(idata, assoclen); | |
80 | get_data_to_compute(cipher, pctx, req->assoc, req->assoclen); | |
81 | + } else { | |
82 | + pctx->ilen = 0; | |
83 | } | |
84 | ||
85 | /* compute plaintext into mac */ |