lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 6 Feb 2018 13:11:35 +0100
From:   Krzysztof Kozlowski <krzk@...nel.org>
To:     Kamil Konieczny <k.konieczny@...tner.samsung.com>
Cc:     Herbert Xu <herbert@...dor.apana.org.au>,
        Vladimir Zapolskiy <vz@...ia.com>,
        "David S. Miller" <davem@...emloft.net>,
        Bartlomiej Zolnierkiewicz <b.zolnierkie@...sung.com>,
        Marek Szyprowski <m.szyprowski@...sung.com>,
        Anand Moon <linux.amoon@...il.com>,
        linux-crypto@...r.kernel.org, linux-samsung-soc@...r.kernel.org,
        linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] crypto: s5p-sss.c: Fix kernel Oops in AES-ECB mode

On Mon, Feb 5, 2018 at 6:40 PM, Kamil Konieczny
<k.konieczny@...tner.samsung.com> wrote:
>
> In AES-ECB mode crypt is done with key only, so any use of IV
> can cause kernel Oops, as reported by Anand Moon.
> Fixed it by using IV only in AES-CBC and AES-CTR.
>
> Signed-off-by: Kamil Konieczny <k.konieczny@...tner.samsung.com>
> Reported-by: Anand Moon <linux.amoon@...il.com>
> ---
> Tested on Odroid XU4/HC1, kernel 4.15 with following command:
>
> fallocate -l 128MiB /tmp/test.bin
> dd if=/dev/urandom of=/tmp/testkey.key bs=128 count=1
> sync
> cryptsetup luksFormat --debug -q -d /tmp/testkey.key \
>   --cipher aes-cbc-essiv:sha256 -h sha256 -s 128 /tmp/test.bin
>
> The original report by Anand Moon:
> https://www.spinics.net/lists/linux-crypto/msg31180.html
>
> Oops reproduced with cryptsetup 2.0.0, kernel 4.15,
> in .config in crypto API ECB support was turned off, and s5p-sss AES driver on.
>
> cryptsetup is using aes-ecb and has req->info in aes_ctx set to 0x10,
> which caused Oops:
>
> [ 2078.683779] Internal error: Oops: 17 [#1] PREEMPT SMP ARM
> [ 2078.689148] Modules linked in: algif_skcipher af_alg sd_mod sg
> evdev uas usb_storage scsi_mod gpio_keys fbtft(C) spidev spi_s3c64xx
> ipv6
> [ 2078.701377] CPU: 1 PID: 15 Comm: ksoftirqd/1 Tainted: G         C
>     4.15.0-rc9-xu4krck #1
> [ 2078.709861] Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
> [ 2078.715932] PC is at memcpy+0x80/0x330
> [ 2078.719652] LR is at s5p_tasklet_cb+0x19c/0x328
>
>  drivers/crypto/s5p-sss.c | 12 +++++++++---
>  1 file changed, 9 insertions(+), 3 deletions(-)

Fixes and cc-stable?

Reviewed-by: Krzysztof Kozlowski <krzk@...nel.org>

Best regards,
Krzysztof

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ