| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 Sep 2023 06:34:17 +0000
From: Gaurav Jain <gaurav.jain@....com>
To: Eric Biggers <ebiggers@...nel.org>
CC: Horia Geanta <horia.geanta@....com>,
Pankaj Gupta <pankaj.gupta@....com>,
Varun Sethi <V.Sethi@....com>,
Meenakshi Aggarwal <meenakshi.aggarwal@....com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S . Miller" <davem@...emloft.net>,
Aisheng Dong <aisheng.dong@....com>,
Silvano Di Ninno <silvano.dininno@....com>,
"linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
dl-linux-imx <linux-imx@....com>
Subject: RE: [EXT] Re: [PATCH] crypto: caam/jr - fix Chacha20 + Poly1305 self
test failure
Hi Eric
> -----Original Message-----
> From: Eric Biggers <ebiggers@...nel.org>
> Sent: Friday, September 22, 2023 8:11 AM
> To: Gaurav Jain <gaurav.jain@....com>
> Cc: Horia Geanta <horia.geanta@....com>; Pankaj Gupta
> <pankaj.gupta@....com>; Varun Sethi <V.Sethi@....com>; Meenakshi
> Aggarwal <meenakshi.aggarwal@....com>; Herbert Xu
> <herbert@...dor.apana.org.au>; David S . Miller <davem@...emloft.net>;
> Aisheng Dong <aisheng.dong@....com>; Silvano Di Ninno
> <silvano.dininno@....com>; linux-crypto@...r.kernel.org; linux-
> kernel@...r.kernel.org; dl-linux-imx <linux-imx@....com>
> Subject: [EXT] Re: [PATCH] crypto: caam/jr - fix Chacha20 + Poly1305 self test
> failure
>
> Caution: This is an external email. Please take care when clicking links or
> opening attachments. When in doubt, report the message using the 'Report this
> email' button
>
>
> On Thu, Sep 21, 2023 at 06:12:37PM +0530, Gaurav Jain wrote:
> > key buffer is not copied in chachapoly_setkey function, results in
> > wrong output for encryption/decryption operation.
> >
> > fix this by memcpy the key in caam_ctx key arrary
> >
> > Fixes: d6bbd4eea243 ("crypto: caam/jr - add support for Chacha20 +
> > Poly1305")
> > Signed-off-by: Gaurav Jain <gaurav.jain@....com>
> > ---
> > drivers/crypto/caam/caamalg.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/crypto/caam/caamalg.c
> > b/drivers/crypto/caam/caamalg.c index eba2d750c3b0..066f08a3a040
> > 100644
> > --- a/drivers/crypto/caam/caamalg.c
> > +++ b/drivers/crypto/caam/caamalg.c
> > @@ -575,7 +575,8 @@ static int chachapoly_setkey(struct crypto_aead *aead,
> const u8 *key,
> > if (keylen != CHACHA_KEY_SIZE + saltlen)
> > return -EINVAL;
> >
> > - ctx->cdata.key_virt = key;
> > + memcpy(ctx->key, key, keylen);
> > + ctx->cdata.key_virt = ctx->key;
> > ctx->cdata.keylen = keylen - saltlen;
> >
>
> Huh, so this driver just ignored the key? Is anyone using the ChaCha20Poly1305
> support in this driver? Based on this bug existing, that seems unlikely. If that's
> the case, wouldn't it be better just to remove the ChaCha20Poly1305 support
> from this driver so that the code doesn't need to be maintained?
This algorithm is used in IPSEC and we are also going to use ChaCha20Poly1305 support for Kernel TLS.
Gaurav
>
> - Eric
Powered by blists - more mailing lists