[thirdparty/kernel/stable-queue.git] / releases / 2.6.27.14 / crypto-ccm-fix-handling-of-null-assoc-data.patch

From 516280e735b034216de97eb7ba080ec6acbfc58f Mon Sep 17 00:00:00 2001
From: Jarod Wilson <jarod@redhat.com>
Date: Thu, 22 Jan 2009 19:58:15 +1100
Subject: crypto: ccm - Fix handling of null assoc data

From: Jarod Wilson <jarod@redhat.com>

commit 516280e735b034216de97eb7ba080ec6acbfc58f upstream.

Its a valid use case to have null associated data in a ccm vector, but
this case isn't being handled properly right now.

The following ccm decryption/verification test vector, using the
rfc4309 implementation regularly triggers a panic, as will any
other vector with null assoc data:

* key: ab2f8a74b71cd2b1ff802e487d82f8b9
* iv: c6fb7d800d13abd8a6b2d8
* Associated Data: [NULL]
* Tag Length: 8
* input: d5e8939fc7892e2b

The resulting panic looks like so:

Unable to handle kernel paging request at ffff810064ddaec0 RIP:
 [<ffffffff8864c4d7>] :ccm:get_data_to_compute+0x1a6/0x1d6
PGD 8063 PUD 0
Oops: 0002 [1] SMP
last sysfs file: /module/libata/version
CPU 0
Modules linked in: crypto_tester_kmod(U) seqiv krng ansi_cprng chainiv rng ctr aes_generic aes_x86_64 ccm cryptomgr testmgr_cipher testmgr aead crypto_blkcipher crypto_a
lgapi des ipv6 xfrm_nalgo crypto_api autofs4 hidp l2cap bluetooth nfs lockd fscache nfs_acl sunrpc ip_conntrack_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink xt_
tcpudp iptable_filter ip_tables x_tables dm_mirror dm_log dm_multipath scsi_dh dm_mod video hwmon backlight sbs i2c_ec button battery asus_acpi acpi_memhotplug ac lp sg
snd_intel8x0 snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss joydev snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss ide_cd snd_pcm floppy parport_p
c shpchp e752x_edac snd_timer e1000 i2c_i801 edac_mc snd soundcore snd_page_alloc i2c_core cdrom parport serio_raw pcspkr ata_piix libata sd_mod scsi_mod ext3 jbd uhci_h
cd ohci_hcd ehci_hcd
Pid: 12844, comm: crypto-tester Tainted: G      2.6.18-128.el5.fips1 #1
RIP: 0010:[<ffffffff8864c4d7>]  [<ffffffff8864c4d7>] :ccm:get_data_to_compute+0x1a6/0x1d6
RSP: 0018:ffff8100134434e8  EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff8100104898b0 RCX: ffffffffab6aea10
RDX: 0000000000000010 RSI: ffff8100104898c0 RDI: ffff810064ddaec0
RBP: 0000000000000000 R08: ffff8100104898b0 R09: 0000000000000000
R10: ffff8100103bac84 R11: ffff8100104898b0 R12: ffff810010489858
R13: ffff8100104898b0 R14: ffff8100103bac00 R15: 0000000000000000
FS:  00002ab881adfd30(0000) GS:ffffffff803ac000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: ffff810064ddaec0 CR3: 0000000012a88000 CR4: 00000000000006e0
Process crypto-tester (pid: 12844, threadinfo ffff810013442000, task ffff81003d165860)
Stack:  ffff8100103bac00 ffff8100104898e8 ffff8100134436f8 ffffffff00000000
 0000000000000000 ffff8100104898b0 0000000000000000 ffff810010489858
 0000000000000000 ffff8100103bac00 ffff8100134436f8 ffffffff8864c634
Call Trace:
 [<ffffffff8864c634>] :ccm:crypto_ccm_auth+0x12d/0x140
 [<ffffffff8864cf73>] :ccm:crypto_ccm_decrypt+0x161/0x23a
 [<ffffffff88633643>] :crypto_tester_kmod:cavs_test_rfc4309_ccm+0x4a5/0x559
[...]

The above is from a RHEL5-based kernel, but upstream is susceptible too.

The fix is trivial: in crypto/ccm.c:crypto_ccm_auth(), pctx->ilen contains
whatever was in memory when pctx was allocated if assoclen is 0. The tested
fix is to simply add an else clause setting pctx->ilen to 0 for the
assoclen == 0 case, so that get_data_to_compute() doesn't try doing
things its not supposed to.

Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 crypto/ccm.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/crypto/ccm.c
+++ b/crypto/ccm.c
@@ -266,6 +266,8 @@ static int crypto_ccm_auth(struct aead_r
 	if (assoclen) {
 		pctx->ilen = format_adata(idata, assoclen);
 		get_data_to_compute(cipher, pctx, req->assoc, req->assoclen);
+	} else {
+		pctx->ilen = 0;
 	}
 
 	/* compute plaintext into mac */
Commit	Line	Data
5861a31d GKH	1	From 516280e735b034216de97eb7ba080ec6acbfc58f Mon Sep 17 00:00:00 2001
	2	From: Jarod Wilson <jarod@redhat.com>
	3	Date: Thu, 22 Jan 2009 19:58:15 +1100
	4	Subject: crypto: ccm - Fix handling of null assoc data
	5
	6	From: Jarod Wilson <jarod@redhat.com>
	7
	8	commit 516280e735b034216de97eb7ba080ec6acbfc58f upstream.
	9
	10	Its a valid use case to have null associated data in a ccm vector, but
	11	this case isn't being handled properly right now.
	12
	13	The following ccm decryption/verification test vector, using the
	14	rfc4309 implementation regularly triggers a panic, as will any
	15	other vector with null assoc data:
	16
	17	* key: ab2f8a74b71cd2b1ff802e487d82f8b9
	18	* iv: c6fb7d800d13abd8a6b2d8
	19	* Associated Data: [NULL]
	20	* Tag Length: 8
	21	* input: d5e8939fc7892e2b
	22
	23	The resulting panic looks like so:
	24
	25	Unable to handle kernel paging request at ffff810064ddaec0 RIP:
	26	[<ffffffff8864c4d7>] :ccm:get_data_to_compute+0x1a6/0x1d6
	27	PGD 8063 PUD 0
	28	Oops: 0002 [1] SMP
	29	last sysfs file: /module/libata/version
	30	CPU 0
	31	Modules linked in: crypto_tester_kmod(U) seqiv krng ansi_cprng chainiv rng ctr aes_generic aes_x86_64 ccm cryptomgr testmgr_cipher testmgr aead crypto_blkcipher crypto_a
	32	lgapi des ipv6 xfrm_nalgo crypto_api autofs4 hidp l2cap bluetooth nfs lockd fscache nfs_acl sunrpc ip_conntrack_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink xt_
	33	tcpudp iptable_filter ip_tables x_tables dm_mirror dm_log dm_multipath scsi_dh dm_mod video hwmon backlight sbs i2c_ec button battery asus_acpi acpi_memhotplug ac lp sg
	34	snd_intel8x0 snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss joydev snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss ide_cd snd_pcm floppy parport_p
	35	c shpchp e752x_edac snd_timer e1000 i2c_i801 edac_mc snd soundcore snd_page_alloc i2c_core cdrom parport serio_raw pcspkr ata_piix libata sd_mod scsi_mod ext3 jbd uhci_h
	36	cd ohci_hcd ehci_hcd
	37	Pid: 12844, comm: crypto-tester Tainted: G 2.6.18-128.el5.fips1 #1
	38	RIP: 0010:[<ffffffff8864c4d7>] [<ffffffff8864c4d7>] :ccm:get_data_to_compute+0x1a6/0x1d6
	39	RSP: 0018:ffff8100134434e8 EFLAGS: 00010246
	40	RAX: 0000000000000000 RBX: ffff8100104898b0 RCX: ffffffffab6aea10
	41	RDX: 0000000000000010 RSI: ffff8100104898c0 RDI: ffff810064ddaec0
	42	RBP: 0000000000000000 R08: ffff8100104898b0 R09: 0000000000000000
	43	R10: ffff8100103bac84 R11: ffff8100104898b0 R12: ffff810010489858
	44	R13: ffff8100104898b0 R14: ffff8100103bac00 R15: 0000000000000000
	45	FS: 00002ab881adfd30(0000) GS:ffffffff803ac000(0000) knlGS:0000000000000000
	46	CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
	47	CR2: ffff810064ddaec0 CR3: 0000000012a88000 CR4: 00000000000006e0
	48	Process crypto-tester (pid: 12844, threadinfo ffff810013442000, task ffff81003d165860)
	49	Stack: ffff8100103bac00 ffff8100104898e8 ffff8100134436f8 ffffffff00000000
	50	0000000000000000 ffff8100104898b0 0000000000000000 ffff810010489858
	51	0000000000000000 ffff8100103bac00 ffff8100134436f8 ffffffff8864c634
	52	Call Trace:
	53	[<ffffffff8864c634>] :ccm:crypto_ccm_auth+0x12d/0x140
	54	[<ffffffff8864cf73>] :ccm:crypto_ccm_decrypt+0x161/0x23a
	55	[<ffffffff88633643>] :crypto_tester_kmod:cavs_test_rfc4309_ccm+0x4a5/0x559
	56	[...]
	57
	58	The above is from a RHEL5-based kernel, but upstream is susceptible too.
	59
	60	The fix is trivial: in crypto/ccm.c:crypto_ccm_auth(), pctx->ilen contains
	61	whatever was in memory when pctx was allocated if assoclen is 0. The tested
	62	fix is to simply add an else clause setting pctx->ilen to 0 for the
	63	assoclen == 0 case, so that get_data_to_compute() doesn't try doing
	64	things its not supposed to.
65
66	Signed-off-by: Jarod Wilson <jarod@redhat.com>
67	Acked-by: Neil Horman <nhorman@tuxdriver.com>
68	Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
69	Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
70
71	---
72	crypto/ccm.c \| 2 ++
73	1 file changed, 2 insertions(+)
74
75	--- a/crypto/ccm.c
76	+++ b/crypto/ccm.c
77	@@ -266,6 +266,8 @@ static int crypto_ccm_auth(struct aead_r
78	if (assoclen) {
79	pctx->ilen = format_adata(idata, assoclen);
80	get_data_to_compute(cipher, pctx, req->assoc, req->assoclen);
81	+ } else {
82	+ pctx->ilen = 0;
83	}
84
85	/* compute plaintext into mac */