* authenc: crash if key is not set
@ 2017-02-24 20:24 Stephan Müller
2017-04-10 10:41 ` Herbert Xu
0 siblings, 1 reply; 4+ messages in thread
From: Stephan Müller @ 2017-02-24 20:24 UTC (permalink / raw)
To: herbert; +Cc: linux-crypto
Hi Herbert,
I am working on fuzzing the AF_ALG interface.
The fuzzer reliably triggered the following type of bug when I use
authenc(hmac(sha256),cbc(aes)) or other types of authenc() but do not call
setkey.
Note, it works with gcm or ccm.
Is that bug similar in nature as the algif_skcipher and algif_hash bugs that
were fixed with the *nokey functions?
[ 3417.581670] BUG: unable to handle kernel NULL pointer dereference at
0000000000000008
[ 3417.582004] IP: skcipher_walk_skcipher+0x18/0xc0
[ 3417.582004] PGD 7a487067
[ 3417.582004] PUD 7b1a5067
[ 3417.582004] PMD 0
[ 3417.582004] Oops: 0000 [#13] SMP
[ 3417.582004] Modules linked in: algif_aead authenc ansi_cprng algif_rng ccm
gcm crypto_user des3_ede_x86_64 des_generic algif_hash algif_akcipher(E)
algif_skcipher(E) af_alg ip6t_rpfilter ip6t_REJECT nf_reject_ipv6
nf_conntrack_ipv6 nf_defrag_ipv6 nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack
nf_conntrack ip_set nfnetlink ebtable_broute bridge stp llc ebtable_nat
ip6table_raw ip6table_security ip6table_mangle iptable_raw iptable_security
iptable_mangle ebtable_filter ebtables ip6table_filter ip6_tables
crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcspkr i2c_piix4
virtio_balloon virtio_net acpi_cpufreq sch_fq_codel virtio_blk virtio_console
crc32c_intel serio_raw virtio_pci virtio_ring virtio [last unloaded:
algif_aead]
[ 3417.582004] CPU: 0 PID: 13092 Comm: kcapi Tainted: G D E 4.10.0-
rc3+ #371
[ 3417.582004] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.9.3-1.fc25 04/01/2014
[ 3417.582004] task: ffff931bfbd55940 task.stack: ffffa53e008ec000
[ 3417.582004] RIP: 0010:skcipher_walk_skcipher+0x18/0xc0
[ 3417.582004] RSP: 0018:ffffa53e008efb60 EFLAGS: 00010246
[ 3417.582004] RAX: 0000000000000000 RBX: ffffa53e008efba0 RCX:
0000000000000000
[ 3417.582004] RDX: ffff931bfa70f828 RSI: ffff931bfb0b7c28 RDI:
ffffa53e008efba0
[ 3417.582004] RBP: ffffa53e008efb80 R08: 0000000000000000 R09:
0000000000000000
[ 3417.582004] R10: ffffffffab809f80 R11: ffff931bfb0b7ca8 R12:
0000000000000001
[ 3417.582004] R13: ffff931bfb0b7c28 R14: ffff931bfb2a0548 R15:
0000000000000000
[ 3417.582004] FS: 00007f0f47460700(0000) GS:ffff931bffc00000(0000) knlGS:
0000000000000000
[ 3417.582004] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3417.582004] CR2: 0000000000000008 CR3: 000000007b113000 CR4:
00000000003406f0
[ 3417.582004] Call Trace:
[ 3417.582004] ? skcipher_walk_virt+0x1e/0x40
[ 3417.582004] cbc_decrypt+0x31/0xa0
[ 3417.582004] ? sha1_avx2_finup+0x15/0x20
[ 3417.582004] ? crypto_shash_finup+0x1f/0x30
[ 3417.582004] ? hmac_finup+0x9b/0xb0
[ 3417.582004] ? shash_ahash_finup+0x43/0x90
[ 3417.582004] ? shash_ahash_digest+0xf0/0xf0
[ 3417.582004] simd_skcipher_decrypt+0xb7/0xc0
[ 3417.582004] crypto_authenc_decrypt_tail.isra.3+0xf0/0x100 [authenc]
[ 3417.582004] crypto_authenc_decrypt+0x87/0x90 [authenc]
[ 3417.582004] aead_recvmsg+0x633/0x650 [algif_aead]
[ 3417.582004] ? selinux_socket_recvmsg+0x23/0x30
[ 3417.582004] ? security_socket_recvmsg+0x4b/0x70
[ 3417.582004] sock_recvmsg+0x3d/0x50
[ 3417.582004] sock_read_iter+0x86/0xc0
[ 3417.582004] __vfs_read+0xbf/0x110
[ 3417.582004] vfs_read+0x96/0x130
[ 3417.582004] SyS_read+0x46/0xa0
[ 3417.582004] entry_SYSCALL_64_fastpath+0x1e/0xad
[ 3417.582004] RIP: 0033:0x7f0f46f77bd0
[ 3417.582004] RSP: 002b:00007ffed6bbd278 EFLAGS: 00000246 ORIG_RAX:
0000000000000000
[ 3417.582004] RAX: ffffffffffffffda RBX: 0000000000000006 RCX:
00007f0f46f77bd0
[ 3417.582004] RDX: 0000000000001000 RSI: 00007ffed6bbe330 RDI:
0000000000000006
[ 3417.582004] RBP: 00007ffed6bbbfa0 R08: 00000000025c6530 R09:
0000000000000000
[ 3417.582004] R10: 0000000000000001 R11: 0000000000000246 R12:
00007ffed6bbc1f8
[ 3417.582004] R13: 00007ffed6bbbf10 R14: 00007ffed6bbf4d0 R15:
0000000000000000
[ 3417.582004] Code: ff ff ff e9 16 ff ff ff 90 66 2e 0f 1f 84 00 00 00 00 00
0f 1f 44 00 00 48 8b 46 10 48 8b 56 40 55 8b 8f 84 00 00 00 48 89 47 20 <8b>
40 08 48 89 e5 83 e1 ef 89 47 28 48 8b 46 18 48 89 47 38 8b
[ 3417.582004] RIP: skcipher_walk_skcipher+0x18/0xc0 RSP: ffffa53e008efb60
[ 3417.582004] CR2: 0000000000000008
[ 3417.582004] ---[ end trace 2a142ea12ab5141a ]---
Ciao
Stephan
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: authenc: crash if key is not set
2017-02-24 20:24 authenc: crash if key is not set Stephan Müller
@ 2017-04-10 10:41 ` Herbert Xu
2017-04-10 10:49 ` Stephan Müller
0 siblings, 1 reply; 4+ messages in thread
From: Herbert Xu @ 2017-04-10 10:41 UTC (permalink / raw)
To: Stephan Müller; +Cc: linux-crypto
On Fri, Feb 24, 2017 at 09:24:34PM +0100, Stephan Müller wrote:
> Hi Herbert,
>
> I am working on fuzzing the AF_ALG interface.
>
> The fuzzer reliably triggered the following type of bug when I use
> authenc(hmac(sha256),cbc(aes)) or other types of authenc() but do not call
> setkey.
>
> Note, it works with gcm or ccm.
>
> Is that bug similar in nature as the algif_skcipher and algif_hash bugs that
> were fixed with the *nokey functions?
Yes we need to add the same thing to AEAD.
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: authenc: crash if key is not set
2017-04-10 10:41 ` Herbert Xu
@ 2017-04-10 10:49 ` Stephan Müller
2017-04-10 10:54 ` Herbert Xu
0 siblings, 1 reply; 4+ messages in thread
From: Stephan Müller @ 2017-04-10 10:49 UTC (permalink / raw)
To: Herbert Xu; +Cc: linux-crypto
Am Montag, 10. April 2017, 12:41:25 CEST schrieb Herbert Xu:
Hi Herbert,
> >
> > Is that bug similar in nature as the algif_skcipher and algif_hash bugs
> > that were fixed with the *nokey functions?
>
> Yes we need to add the same thing to AEAD.
May I ask that we agree on the memory management fix prior to handling this
issue? When consolidating the common code, I plan to have common code for the
nokey logic which then is automatically applicable to aead too.
Thanks.
Ciao
Stephan
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: authenc: crash if key is not set
2017-04-10 10:49 ` Stephan Müller
@ 2017-04-10 10:54 ` Herbert Xu
0 siblings, 0 replies; 4+ messages in thread
From: Herbert Xu @ 2017-04-10 10:54 UTC (permalink / raw)
To: Stephan Müller; +Cc: linux-crypto
On Mon, Apr 10, 2017 at 12:49:16PM +0200, Stephan Müller wrote:
>
> May I ask that we agree on the memory management fix prior to handling this
> issue? When consolidating the common code, I plan to have common code for the
> nokey logic which then is automatically applicable to aead too.
I think we should fix this first. Mixing this with the other
issue is going to make backporting harder.
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-04-10 10:54 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-02-24 20:24 authenc: crash if key is not set Stephan Müller
2017-04-10 10:41 ` Herbert Xu
2017-04-10 10:49 ` Stephan Müller
2017-04-10 10:54 ` Herbert Xu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).