mirror of
https://github.com/torvalds/linux.git
synced 2024-11-08 21:21:47 +00:00
516280e735
Its a valid use case to have null associated data in a ccm vector, but this case isn't being handled properly right now. The following ccm decryption/verification test vector, using the rfc4309 implementation regularly triggers a panic, as will any other vector with null assoc data: * key: ab2f8a74b71cd2b1ff802e487d82f8b9 * iv: c6fb7d800d13abd8a6b2d8 * Associated Data: [NULL] * Tag Length: 8 * input: d5e8939fc7892e2b The resulting panic looks like so: Unable to handle kernel paging request at ffff810064ddaec0 RIP: [<ffffffff8864c4d7>] :ccm:get_data_to_compute+0x1a6/0x1d6 PGD 8063 PUD 0 Oops: 0002 [1] SMP last sysfs file: /module/libata/version CPU 0 Modules linked in: crypto_tester_kmod(U) seqiv krng ansi_cprng chainiv rng ctr aes_generic aes_x86_64 ccm cryptomgr testmgr_cipher testmgr aead crypto_blkcipher crypto_a lgapi des ipv6 xfrm_nalgo crypto_api autofs4 hidp l2cap bluetooth nfs lockd fscache nfs_acl sunrpc ip_conntrack_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink xt_ tcpudp iptable_filter ip_tables x_tables dm_mirror dm_log dm_multipath scsi_dh dm_mod video hwmon backlight sbs i2c_ec button battery asus_acpi acpi_memhotplug ac lp sg snd_intel8x0 snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss joydev snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss ide_cd snd_pcm floppy parport_p c shpchp e752x_edac snd_timer e1000 i2c_i801 edac_mc snd soundcore snd_page_alloc i2c_core cdrom parport serio_raw pcspkr ata_piix libata sd_mod scsi_mod ext3 jbd uhci_h cd ohci_hcd ehci_hcd Pid: 12844, comm: crypto-tester Tainted: G 2.6.18-128.el5.fips1 #1 RIP: 0010:[<ffffffff8864c4d7>] [<ffffffff8864c4d7>] :ccm:get_data_to_compute+0x1a6/0x1d6 RSP: 0018:ffff8100134434e8 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff8100104898b0 RCX: ffffffffab6aea10 RDX: 0000000000000010 RSI: ffff8100104898c0 RDI: ffff810064ddaec0 RBP: 0000000000000000 R08: ffff8100104898b0 R09: 0000000000000000 R10: ffff8100103bac84 R11: ffff8100104898b0 R12: ffff810010489858 R13: ffff8100104898b0 R14: ffff8100103bac00 R15: 0000000000000000 FS: 00002ab881adfd30(0000) GS:ffffffff803ac000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: ffff810064ddaec0 CR3: 0000000012a88000 CR4: 00000000000006e0 Process crypto-tester (pid: 12844, threadinfo ffff810013442000, task ffff81003d165860) Stack: ffff8100103bac00 ffff8100104898e8 ffff8100134436f8 ffffffff00000000 0000000000000000 ffff8100104898b0 0000000000000000 ffff810010489858 0000000000000000 ffff8100103bac00 ffff8100134436f8 ffffffff8864c634 Call Trace: [<ffffffff8864c634>] :ccm:crypto_ccm_auth+0x12d/0x140 [<ffffffff8864cf73>] :ccm:crypto_ccm_decrypt+0x161/0x23a [<ffffffff88633643>] :crypto_tester_kmod:cavs_test_rfc4309_ccm+0x4a5/0x559 [...] The above is from a RHEL5-based kernel, but upstream is susceptible too. The fix is trivial: in crypto/ccm.c:crypto_ccm_auth(), pctx->ilen contains whatever was in memory when pctx was allocated if assoclen is 0. The tested fix is to simply add an else clause setting pctx->ilen to 0 for the assoclen == 0 case, so that get_data_to_compute() doesn't try doing things its not supposed to. Signed-off-by: Jarod Wilson <jarod@redhat.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> |
||
---|---|---|
.. | ||
async_tx | ||
ablkcipher.c | ||
aead.c | ||
aes_generic.c | ||
ahash.c | ||
algapi.c | ||
algboss.c | ||
ansi_cprng.c | ||
anubis.c | ||
api.c | ||
arc4.c | ||
authenc.c | ||
blkcipher.c | ||
blowfish.c | ||
camellia.c | ||
cast5.c | ||
cast6.c | ||
cbc.c | ||
ccm.c | ||
chainiv.c | ||
cipher.c | ||
compress.c | ||
crc32c.c | ||
cryptd.c | ||
crypto_null.c | ||
ctr.c | ||
cts.c | ||
deflate.c | ||
des_generic.c | ||
digest.c | ||
ecb.c | ||
eseqiv.c | ||
fcrypt.c | ||
fips.c | ||
gcm.c | ||
gf128mul.c | ||
hash.c | ||
hmac.c | ||
internal.h | ||
Kconfig | ||
khazad.c | ||
krng.c | ||
lrw.c | ||
lzo.c | ||
Makefile | ||
md4.c | ||
md5.c | ||
michael_mic.c | ||
pcbc.c | ||
proc.c | ||
ripemd.h | ||
rmd128.c | ||
rmd160.c | ||
rmd256.c | ||
rmd320.c | ||
rng.c | ||
salsa20_generic.c | ||
scatterwalk.c | ||
seed.c | ||
seqiv.c | ||
serpent.c | ||
sha1_generic.c | ||
sha256_generic.c | ||
sha512_generic.c | ||
shash.c | ||
tcrypt.c | ||
tcrypt.h | ||
tea.c | ||
testmgr.c | ||
testmgr.h | ||
tgr192.c | ||
twofish_common.c | ||
twofish.c | ||
wp512.c | ||
xcbc.c | ||
xor.c | ||
xts.c |