a7y18lte-ubports/android_kernel_samsung_universal7885
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
434ed4aff1
android_kernel_samsung_univ.../crypto
History
Laura Abbott 434ed4aff1 crypto: testmgr - Pad aes_ccm_enc_tv_template vector 
commit 1c68bb0f62bf8de8bb30123ea840d5168f25abea upstream.

Running with KASAN and crypto tests currently gives

 BUG: KASAN: global-out-of-bounds in __test_aead+0x9d9/0x2200 at addr ffffffff8212fca0
 Read of size 16 by task cryptomgr_test/1107
 Address belongs to variable 0xffffffff8212fca0
 CPU: 0 PID: 1107 Comm: cryptomgr_test Not tainted 4.10.0+ #45
 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.1-1.fc24 04/01/2014
 Call Trace:
  dump_stack+0x63/0x8a
  kasan_report.part.1+0x4a7/0x4e0
  ? __test_aead+0x9d9/0x2200
  ? crypto_ccm_init_crypt+0x218/0x3c0 [ccm]
  kasan_report+0x20/0x30
  check_memory_region+0x13c/0x1a0
  memcpy+0x23/0x50
  __test_aead+0x9d9/0x2200
  ? kasan_unpoison_shadow+0x35/0x50
  ? alg_test_akcipher+0xf0/0xf0
  ? crypto_skcipher_init_tfm+0x2e3/0x310
  ? crypto_spawn_tfm2+0x37/0x60
  ? crypto_ccm_init_tfm+0xa9/0xd0 [ccm]
  ? crypto_aead_init_tfm+0x7b/0x90
  ? crypto_alloc_tfm+0xc4/0x190
  test_aead+0x28/0xc0
  alg_test_aead+0x54/0xd0
  alg_test+0x1eb/0x3d0
  ? alg_find_test+0x90/0x90
  ? __sched_text_start+0x8/0x8
  ? __wake_up_common+0x70/0xb0
  cryptomgr_test+0x4d/0x60
  kthread+0x173/0x1c0
  ? crypto_acomp_scomp_free_ctx+0x60/0x60
  ? kthread_create_on_node+0xa0/0xa0
  ret_from_fork+0x2c/0x40
 Memory state around the buggy address:
  ffffffff8212fb80: 00 00 00 00 01 fa fa fa fa fa fa fa 00 00 00 00
  ffffffff8212fc00: 00 01 fa fa fa fa fa fa 00 00 00 00 01 fa fa fa
 >ffffffff8212fc80: fa fa fa fa 00 05 fa fa fa fa fa fa 00 00 00 00
                                   ^
  ffffffff8212fd00: 01 fa fa fa fa fa fa fa 00 00 00 00 01 fa fa fa
  ffffffff8212fd80: fa fa fa fa 00 00 00 00 00 05 fa fa fa fa fa fa

This always happens on the same IV which is less than 16 bytes.

Per Ard,

"CCM IVs are 16 bytes, but due to the way they are constructed
internally, the final couple of bytes of input IV are dont-cares.

Apparently, we do read all 16 bytes, which triggers the KASAN errors."

Fix this by padding the IV with null bytes to be at least 16 bytes.

Fixes: 0bc5a6c5c7 ("crypto: testmgr - Disable rfc4309 test and convert test vectors")
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Laura Abbott <labbott@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-03-12 06:37:28 +01:00
..
asymmetric_keys PKCS#7: Don't require SpcSpOpusInfo in Authenticode pkcs7 signatures 2016-10-28 03:01:33 -04:00
async_tx async_pq_val: fix DMA memory leak 2016-10-22 12:26:55 +02:00
.gitignore crypto: rsa - add .gitignore for crypto/*.-asn1.[ch] files 2015-06-25 23:29:24 +08:00
842.c crypto: 842 - change 842 alg to use software 2015-05-11 15:06:43 +08:00
ablk_helper.c
ablkcipher.c crypto: skcipher - Copy iv from desc even for 0-len walks 2015-12-09 20:16:22 +08:00
aead.c crypto: aead - Remove CRYPTO_ALG_AEAD_NEW flag 2015-08-17 16:53:53 +08:00
aes_generic.c
af_alg.c crypto: af_alg - Forbid bind(2) when nokey child sockets are present 2016-02-17 12:31:04 -08:00
ahash.c crypto: hash - Fix page length clamping in hash walk 2016-05-18 17:06:45 -07:00
akcipher.c crypto: akcipher - Don't #include crypto/public_key.h as the contents aren't used 2015-10-20 22:14:01 +08:00
algapi.c crypto: api - Clear CRYPTO_ALG_DEAD bit before registering an alg 2017-02-09 08:02:44 +01:00
algboss.c crypto: algboss - Remove reference to nivaead 2015-08-17 16:53:41 +08:00
algif_aead.c net: rename SOCK_ASYNC_NOSPACE and SOCK_ASYNC_WAITDATA 2015-12-01 15:45:05 -05:00
algif_hash.c crypto: algif_hash - wait for crypto_ahash_init() to complete 2016-02-17 12:31:04 -08:00
algif_rng.c
algif_skcipher.c crypto: algif_skcipher - Do not set MAY_BACKLOG on the async path 2016-02-17 12:31:05 -08:00
ansi_cprng.c
anubis.c
api.c crypto: api - Only abort operations on fatal signal 2015-10-20 21:59:25 +08:00
arc4.c
authenc.c crypto: aead - Remove CRYPTO_ALG_AEAD_NEW flag 2015-08-17 16:53:53 +08:00
authencesn.c crypto: aead - Remove CRYPTO_ALG_AEAD_NEW flag 2015-08-17 16:53:53 +08:00
blkcipher.c crypto: skcipher - Fix blkcipher walk OOM crash 2016-09-30 10:18:34 +02:00
blowfish_common.c
blowfish_generic.c
camellia_generic.c
cast5_generic.c
cast6_generic.c
cast_common.c
cbc.c
ccm.c crypto: replace scatterwalk_sg_chain with sg_chain 2015-08-17 08:12:54 -06:00
chacha20_generic.c crypto: chacha20 - Export common ChaCha20 helpers 2015-07-17 21:20:21 +08:00
chacha20poly1305.c crypto: aead - Remove CRYPTO_ALG_AEAD_NEW flag 2015-08-17 16:53:53 +08:00
chainiv.c crypto: chainiv - Offer normal cipher functionality without RNG 2015-06-22 15:49:28 +08:00
cipher.c
cmac.c
compress.c
crc32.c
crc32c_generic.c crypto: crc32c - Fix crc32c soft dependency 2016-02-17 12:31:04 -08:00
crct10dif_common.c
crct10dif_generic.c
cryptd.c crypto: cryptd - initialize child shash_desc on import 2016-09-24 10:07:41 +02:00
crypto_null.c crypto: null - Add default null skcipher 2015-05-22 11:25:55 +08:00
crypto_user.c crypto: user - re-add size check for CRYPTO_MSG_GETALG 2016-07-11 09:31:12 -07:00
crypto_wq.c
ctr.c
cts.c
deflate.c
des_generic.c
drbg.c crypto: drbg - report backend_cra_name when allocation fails 2015-06-11 21:55:28 +08:00
ecb.c
echainiv.c crypto: echainiv - Replace chaining with multiplication 2016-09-30 10:18:34 +02:00
eseqiv.c crypto: eseqiv - Offer normal cipher functionality without RNG 2015-06-22 15:49:28 +08:00
fcrypt.c
fips.c
gcm.c crypto: gcm - Fix IV buffer size in crypto_gcm_setkey 2016-10-31 04:13:59 -06:00
gf128mul.c
ghash-generic.c crypto: ghash-generic - move common definitions to a new header file 2016-10-22 12:26:56 +02:00
hash_info.c
hmac.c
internal.h
jitterentropy-kcapi.c crypto: jitterentropy - remove unnecessary information from a comment 2015-10-14 22:23:16 +08:00
jitterentropy.c crypto: jitterentropy - Delete unnecessary checks before the function call "kzfree" 2015-06-25 23:18:33 +08:00
Kconfig crypto: keywrap - enable compilation 2015-10-15 21:05:06 +08:00
keywrap.c crypto: keywrap - memzero the correct memory 2016-04-12 09:08:45 -07:00
khazad.c
lrw.c
lz4.c
lz4hc.c
lzo.c
Makefile crypto: rsa - Add Makefile dependencies to fix parallel builds 2016-12-15 08:49:23 -08:00
mcryptd.c crypto: mcryptd - Check mcryptd algorithm compatibility 2016-12-15 08:49:22 -08:00
md4.c
md5.c crypto: md5 - use md5 IV MD5_HX instead of their raw value 2015-05-18 12:20:18 +08:00
memneq.c
michael_mic.c
pcbc.c
pcompress.c
pcrypt.c crypto: aead - Remove CRYPTO_ALG_AEAD_NEW flag 2015-08-17 16:53:53 +08:00
poly1305_generic.c crypto: poly1305 - Export common Poly1305 helpers 2015-07-17 21:20:26 +08:00
proc.c
ripemd.h
rmd128.c
rmd160.c
rmd256.c
rmd320.c
rng.c crypto: rng - Do not free default RNG when it becomes unused 2015-06-22 15:49:18 +08:00
rsa_helper.c crypto: akcipher - Changes to asymmetric key API 2015-10-14 22:23:16 +08:00
rsa.c crypto: akcipher - Changes to asymmetric key API 2015-10-14 22:23:16 +08:00
rsaprivkey.asn1 crypto: akcipher - Changes to asymmetric key API 2015-10-14 22:23:16 +08:00
rsapubkey.asn1 crypto: akcipher - Changes to asymmetric key API 2015-10-14 22:23:16 +08:00
salsa20_generic.c
scatterwalk.c crypto: scatterwalk - Fix test in scatterwalk_done 2016-08-16 09:30:50 +02:00
seed.c
seqiv.c crypto: seqiv - Use generic geniv init/exit helpers 2015-08-17 16:53:46 +08:00
serpent_generic.c
sha1_generic.c
sha256_generic.c
sha512_generic.c
shash.c crypto: shash - Fix has_key setting 2016-02-17 12:31:04 -08:00
skcipher.c crypto: skcipher - Add crypto_skcipher_has_setkey 2016-02-17 12:31:03 -08:00
tcrypt.c crypto: tcrypt - avoid mapping from module image addresses 2015-09-21 22:00:36 +08:00
tcrypt.h crypto: tcrypt - Add ChaCha20/Poly1305 speed tests 2015-07-17 21:20:20 +08:00
tea.c
testmgr.c crypto: testmgr - Use kmalloc memory for RSA input 2016-05-18 17:06:45 -07:00
testmgr.h crypto: testmgr - Pad aes_ccm_enc_tv_template vector 2017-03-12 06:37:28 +01:00
tgr192.c
twofish_common.c
twofish_generic.c
vmac.c
wp512.c
xcbc.c
xor.c
xts.c
zlib.c