* [PATCH] crypto: Pad aes_ccm_enc_tv_template vector
@ 2017-02-28 22:07 Laura Abbott
2017-03-01 11:52 ` Herbert Xu
0 siblings, 1 reply; 2+ messages in thread
From: Laura Abbott @ 2017-02-28 22:07 UTC (permalink / raw)
To: Herbert Xu, David S. Miller
Cc: Laura Abbott, linux-crypto, linux-kernel, Ard Biesheuvel
Running with KASAN and crypto tests currently gives
BUG: KASAN: global-out-of-bounds in __test_aead+0x9d9/0x2200 at addr ffffffff8212fca0
Read of size 16 by task cryptomgr_test/1107
Address belongs to variable 0xffffffff8212fca0
CPU: 0 PID: 1107 Comm: cryptomgr_test Not tainted 4.10.0+ #45
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.1-1.fc24 04/01/2014
Call Trace:
dump_stack+0x63/0x8a
kasan_report.part.1+0x4a7/0x4e0
? __test_aead+0x9d9/0x2200
? crypto_ccm_init_crypt+0x218/0x3c0 [ccm]
kasan_report+0x20/0x30
check_memory_region+0x13c/0x1a0
memcpy+0x23/0x50
__test_aead+0x9d9/0x2200
? kasan_unpoison_shadow+0x35/0x50
? alg_test_akcipher+0xf0/0xf0
? crypto_skcipher_init_tfm+0x2e3/0x310
? crypto_spawn_tfm2+0x37/0x60
? crypto_ccm_init_tfm+0xa9/0xd0 [ccm]
? crypto_aead_init_tfm+0x7b/0x90
? crypto_alloc_tfm+0xc4/0x190
test_aead+0x28/0xc0
alg_test_aead+0x54/0xd0
alg_test+0x1eb/0x3d0
? alg_find_test+0x90/0x90
? __sched_text_start+0x8/0x8
? __wake_up_common+0x70/0xb0
cryptomgr_test+0x4d/0x60
kthread+0x173/0x1c0
? crypto_acomp_scomp_free_ctx+0x60/0x60
? kthread_create_on_node+0xa0/0xa0
ret_from_fork+0x2c/0x40
Memory state around the buggy address:
ffffffff8212fb80: 00 00 00 00 01 fa fa fa fa fa fa fa 00 00 00 00
ffffffff8212fc00: 00 01 fa fa fa fa fa fa 00 00 00 00 01 fa fa fa
>ffffffff8212fc80: fa fa fa fa 00 05 fa fa fa fa fa fa 00 00 00 00
^
ffffffff8212fd00: 01 fa fa fa fa fa fa fa 00 00 00 00 01 fa fa fa
ffffffff8212fd80: fa fa fa fa 00 00 00 00 00 05 fa fa fa fa fa fa
This always happens on the same IV which is less than 16 bytes.
Per Ard,
"CCM IVs are 16 bytes, but due to the way they are constructed
internally, the final couple of bytes of input IV are dont-cares.
Apparently, we do read all 16 bytes, which triggers the KASAN errors."
Fix this by padding the IV with null bytes to be at least 16 bytes.
Fixes: 0bc5a6c5c79a ("crypto: testmgr - Disable rfc4309 test and convert
test vectors")
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Laura Abbott <labbott@redhat.com>
---
crypto/testmgr.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 006ecc4..03f4731 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -22691,7 +22691,7 @@ static struct aead_testvec aes_ccm_enc_tv_template[] = {
"\x09\x75\x9a\x9b\x3c\x9b\x27\x39",
.klen = 32,
.iv = "\x03\xf9\xd9\x4e\x63\xb5\x3d\x9d"
- "\x43\xf6\x1e\x50",
+ "\x43\xf6\x1e\x50\0\0\0\0",
.assoc = "\x57\xf5\x6b\x8b\x57\x5c\x3d\x3b"
"\x13\x02\x01\x0c\x83\x4c\x96\x35"
"\x8e\xd6\x39\xcf\x7d\x14\x9b\x94"
--
2.7.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] crypto: Pad aes_ccm_enc_tv_template vector
2017-02-28 22:07 [PATCH] crypto: Pad aes_ccm_enc_tv_template vector Laura Abbott
@ 2017-03-01 11:52 ` Herbert Xu
0 siblings, 0 replies; 2+ messages in thread
From: Herbert Xu @ 2017-03-01 11:52 UTC (permalink / raw)
To: Laura Abbott; +Cc: David S. Miller, linux-crypto, linux-kernel, Ard Biesheuvel
On Tue, Feb 28, 2017 at 02:07:25PM -0800, Laura Abbott wrote:
> Running with KASAN and crypto tests currently gives
>
> BUG: KASAN: global-out-of-bounds in __test_aead+0x9d9/0x2200 at addr ffffffff8212fca0
> Read of size 16 by task cryptomgr_test/1107
> Address belongs to variable 0xffffffff8212fca0
> CPU: 0 PID: 1107 Comm: cryptomgr_test Not tainted 4.10.0+ #45
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.1-1.fc24 04/01/2014
> Call Trace:
> dump_stack+0x63/0x8a
> kasan_report.part.1+0x4a7/0x4e0
> ? __test_aead+0x9d9/0x2200
> ? crypto_ccm_init_crypt+0x218/0x3c0 [ccm]
> kasan_report+0x20/0x30
> check_memory_region+0x13c/0x1a0
> memcpy+0x23/0x50
> __test_aead+0x9d9/0x2200
> ? kasan_unpoison_shadow+0x35/0x50
> ? alg_test_akcipher+0xf0/0xf0
> ? crypto_skcipher_init_tfm+0x2e3/0x310
> ? crypto_spawn_tfm2+0x37/0x60
> ? crypto_ccm_init_tfm+0xa9/0xd0 [ccm]
> ? crypto_aead_init_tfm+0x7b/0x90
> ? crypto_alloc_tfm+0xc4/0x190
> test_aead+0x28/0xc0
> alg_test_aead+0x54/0xd0
> alg_test+0x1eb/0x3d0
> ? alg_find_test+0x90/0x90
> ? __sched_text_start+0x8/0x8
> ? __wake_up_common+0x70/0xb0
> cryptomgr_test+0x4d/0x60
> kthread+0x173/0x1c0
> ? crypto_acomp_scomp_free_ctx+0x60/0x60
> ? kthread_create_on_node+0xa0/0xa0
> ret_from_fork+0x2c/0x40
> Memory state around the buggy address:
> ffffffff8212fb80: 00 00 00 00 01 fa fa fa fa fa fa fa 00 00 00 00
> ffffffff8212fc00: 00 01 fa fa fa fa fa fa 00 00 00 00 01 fa fa fa
> >ffffffff8212fc80: fa fa fa fa 00 05 fa fa fa fa fa fa 00 00 00 00
> ^
> ffffffff8212fd00: 01 fa fa fa fa fa fa fa 00 00 00 00 01 fa fa fa
> ffffffff8212fd80: fa fa fa fa 00 00 00 00 00 05 fa fa fa fa fa fa
>
> This always happens on the same IV which is less than 16 bytes.
>
> Per Ard,
>
> "CCM IVs are 16 bytes, but due to the way they are constructed
> internally, the final couple of bytes of input IV are dont-cares.
>
> Apparently, we do read all 16 bytes, which triggers the KASAN errors."
>
> Fix this by padding the IV with null bytes to be at least 16 bytes.
>
> Fixes: 0bc5a6c5c79a ("crypto: testmgr - Disable rfc4309 test and convert
> test vectors")
> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Signed-off-by: Laura Abbott <labbott@redhat.com>
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-03-01 11:52 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-02-28 22:07 [PATCH] crypto: Pad aes_ccm_enc_tv_template vector Laura Abbott
2017-03-01 11:52 ` Herbert Xu
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.