| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 31 Jan 2010 03:11:22 +0100
From: Wolfgang Walter <wolfgang.walter@...m.de>
To: Herbert Xu <herbert@...dor.apana.org.au>
Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
Linux Crypto Mailing List <linux-crypto@...r.kernel.org>
Subject: Re: 2.6.32: padlock_sha1 and hmac broken?
Am Samstag, 30. Januar 2010 schrieb Herbert Xu:
> On Sat, Jan 30, 2010 at 05:34:45PM +0100, Wolfgang Walter wrote:
> > > Please also try "modprobe tcrypt mode=101".
> >
> > [ 474.947508] alg: hash: Failed to load transform for hmac(sha1): -2
> > [ 474.952660] alg: hash: Failed to load transform for hmac(sha1): -2
> > [ 474.952737] tcrypt: one or more tests failed!
>
> Oops, it looks like this has been broken ever since we added
> prehashing to hmac.
>
> Please try this patch and let me know whether it makes it work
> again.
>
> diff --git a/drivers/crypto/padlock-sha.c b/drivers/crypto/padlock-sha.c
> index 0af8057..a1180ca 100644
> --- a/drivers/crypto/padlock-sha.c
> +++ b/drivers/crypto/padlock-sha.c
> @@ -57,6 +57,20 @@ static int padlock_sha_update(struct shash_desc *desc,
> return crypto_shash_update(&dctx->fallback, data, length);
> }
>
> +static int padlock_sha_export(struct shash_desc *desc, void *out)
> +{
> + struct padlock_sha_desc *dctx = shash_desc_ctx(desc);
> +
> + return crypto_shash_export(&dctx->fallback, out);
> +}
> +
> +static int padlock_sha_import(struct shash_desc *desc, const void *in)
> +{
> + struct padlock_sha_desc *dctx = shash_desc_ctx(desc);
> +
> + return crypto_shash_import(&dctx->fallback, in);
> +}
> +
> static inline void padlock_output_block(uint32_t *src,
> uint32_t *dst, size_t count)
> {
> @@ -235,7 +249,10 @@ static struct shash_alg sha1_alg = {
> .update = padlock_sha_update,
> .finup = padlock_sha1_finup,
> .final = padlock_sha1_final,
> + .export = padlock_sha_export,
> + .import = padlock_sha_import,
> .descsize = sizeof(struct padlock_sha_desc),
> + .statesize = sizeof(struct sha1_state),
> .base = {
> .cra_name = "sha1",
> .cra_driver_name = "sha1-padlock",
> @@ -256,7 +273,10 @@ static struct shash_alg sha256_alg = {
> .update = padlock_sha_update,
> .finup = padlock_sha256_finup,
> .final = padlock_sha256_final,
> + .export = padlock_sha_export,
> + .import = padlock_sha_import,
> .descsize = sizeof(struct padlock_sha_desc),
> + .statesize = sizeof(struct sha256_state),
> .base = {
> .cra_name = "sha256",
> .cra_driver_name = "sha256-padlock",
>
> Thanks,
Not sure.
When I do
modprobe tcrypt mode=101
I get a kernel oops:
[ 113.074210] BUG: unable to handle kernel NULL pointer dereference at
00000034
[ 113.074375] IP: [<dfc92042>] padlock_sha_import+0xa/0x15 [padlock_sha]
[ 113.074493] *pde = 00000000
[ 113.074590] Oops: 0000 [#1] PREEMPT
[ 113.074727] last sysfs file: /sys/module/vt/parameters/default_utf8
[ 113.074792] Modules linked in: tcrypt(+) padlock_sha nf_conntrack_tftp
nf_conntrack_sip nf_conntrack_sane nf_conntrack_ftp xt_connlimit xt_connbytes
xt_CONNMARK xt_connmark xt_helper xt_NOTRACK xt_conntrack nf_conntrack_ipv4
nf_conntrack nf_defrag_ipv4
[ 113.075595]
[ 113.075653] Pid: 1701, comm: cryptomgr_test Not tainted (2.6.32.7 #1)
[ 113.075722] EIP: 0060:[<dfc92042>] EFLAGS: 00010246 CPU: 0
[ 113.075789] EIP is at padlock_sha_import+0xa/0x15 [padlock_sha]
[ 113.075855] EAX: 00000000 EBX: d74619f8 ECX: dfc925d4 EDX: cd280238
[ 113.075923] ESI: dc0d2a2c EDI: d74619f0 EBP: cdb77d80 ESP: cdb77d7c
[ 113.075990] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
[ 113.076057] Process cryptomgr_test (pid: 1701, ti=cdb76000 task=d97d3b80
task.ti=cdb76000)
[ 113.076133] Stack:
[ 113.076187] cd280238 cdb77d94 c01ec148 00000000 d74619c0 d74619e8 cdb77d9c
c01ec165
[ 113.076671] <0> cdb77db4 c01e9581 00000008 d74619c0 00000000 00000000
cdb77dbc c01e95b6
[ 113.076671] <0> cdb77dd4 c01e89c5 c01e959c c056fdd8 00000000 cd489008
cdb77ddc c01e89dd
[ 113.076671] Call Trace:
[ 113.076671] [<c01ec148>] ? hmac_import+0x3b/0x40
[ 113.076671] [<c01ec165>] ? hmac_init+0x18/0x1a
[ 113.076671] [<c01e9581>] ? shash_ahash_digest+0x8c/0xa7
[ 113.076671] [<c01e95b6>] ? shash_async_digest+0x1a/0x1c
[ 113.076671] [<c01e89c5>] ? crypto_ahash_op+0x8f/0x99
[ 113.076671] [<c01e959c>] ? shash_async_digest+0x0/0x1c
[ 113.076671] [<c01e89dd>] ? crypto_ahash_digest+0xe/0x10
[ 113.076671] [<c01ea4cb>] ? test_hash+0x17c/0x4fd
[ 113.076671] [<c01e4643>] ? crypto_larval_lookup+0x30/0xfe
[ 113.076671] [<c01e4278>] ? crypto_alloc_tfm+0x3d/0x71
[ 113.076671] [<c01e9114>] ? crypto_alloc_shash+0x10/0x12
[ 113.076671] [<dfc92429>] ? padlock_cra_init+0x1c/0x4b [padlock_sha]
[ 113.076671] [<c01e420c>] ? crypto_create_tfm+0x59/0x88
[ 113.076671] [<c01e4eb4>] ? crypto_spawn_tfm2+0x20/0x37
[ 113.076671] [<c01ec551>] ? hmac_init_tfm+0x1b/0x46
[ 113.076671] [<c01e420c>] ? crypto_create_tfm+0x59/0x88
[ 113.076671] [<c01ea88b>] ? alg_test_hash+0x3f/0x55
[ 113.076671] [<c01ec06b>] ? alg_test+0x168/0x1e9
[ 113.076671] [<c011c37e>] ? pick_next_task_fair+0x8b/0xb5
[ 113.076671] [<c0440b4e>] ? schedule+0x1db/0x382
[ 113.076671] [<c01e9a0e>] ? cryptomgr_test+0x0/0x3e
[ 113.076671] [<c01e9a30>] ? cryptomgr_test+0x22/0x3e
[ 113.076671] [<c01308ef>] ? kthread+0x60/0x65
[ 113.076671] [<c013088f>] ? kthread+0x0/0x65
[ 113.076671] [<c0103147>] ? kernel_thread_helper+0x7/0x10
[ 113.076671] Code: 41 04 89 c8 8b 52 34 ff 52 d4 5d c3 55 89 e5 53 8d 58 08
8b 40 08 8b 48 34 89 d8 ff 51 e8 5b 5d c3 55 89 e5 53 8d 58 08 8b 40 08 <8b>
48 34 89 d8 ff 51 ec 5b 5d c3 55 89 e5 53 8d 58 08 8b 40 04
[ 113.076671] EIP: [<dfc92042>] padlock_sha_import+0xa/0x15 [padlock_sha]
SS:ESP 0068:cdb77d7c
[ 113.076671] CR2: 0000000000000034
[ 113.092662] ---[ end trace d25b6d64215b111e ]---
[ 123.233370] alg: hash: Failed to load transform for hmac(sha1): -4
[ 123.233472] alg: hash: Failed to load transform for hmac(sha1): -4
[ 123.233538] tcrypt: one or more tests failed!
Regards,
--
Wolfgang Walter
Studentenwerk München
Anstalt des öffentlichen Rechts
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists