lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1257301423.22519.172.camel@yhuang-dev.sh.intel.com>
Date:	Wed, 04 Nov 2009 10:23:43 +0800
From:	Huang Ying <ying.huang@...el.com>
To:	Herbert Xu <herbert@...dor.apana.org.au>
Cc:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>
Subject: Re: [BUGFIX for .32] crypto, gcm, fix another complete call in
 complete fuction

On Tue, 2009-11-03 at 23:53 +0800, Herbert Xu wrote: 
> On Tue, Nov 03, 2009 at 10:40:17AM +0800, Huang Ying wrote:
> > The flow of the complete function (xxx_done) in gcm.c is as follow:
> > 
> > void complete(struct crypto_async_request *areq, int err)
> > {
> > 	if (!err) {
> > 		err = async_next_step();
> > 		if (err == -EINPROGRESS || err == -EBUSY)
> > 			return;
> > 	}
> > 
> > 	complete_for_next_step(areq, err);
> > }
> > 
> > But *areq may be destroyed in async_next_step(), this makes
> > complete_for_next_step() can not work properly. To fix this, one of
> > following methods is used for each complete function.
> 
> So why is async_next_step destroying areq? Can you give me a
> concrete example?

I have seen one example, in gcm_encrypt_done, which is called when
encryption phase finished in asynchronous mode. The areq passed in may
be in the context of pctx->u.abreq (due to cryptd etc). Then hash phase
begin, and ghash is called, which operates on pctx->u.ahreq (share same
memory of pctx->u.abreq) and its context. Now, *areq may be destroyed.

To avoid similar issue in the future, I add protective processing in
every xxx_done function. Let complete_for_next_step() uses areq setup
for async_next_step().

Best Regards,
Huang Ying

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ