[PATCH 1/2] crypto: adiantum - initialize crypto

linux-crypto.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 1/2] crypto: adiantum - initialize crypto_spawn::inst
@ 2019-01-06 20:46 Eric Biggers
  2019-01-06 20:46 ` [PATCH 2/2] crypto: algapi - reject NULL crypto_spawn::inst Eric Biggers
  2019-01-10 14:05 ` [PATCH 1/2] crypto: adiantum - initialize crypto_spawn::inst Herbert Xu
  0 siblings, 2 replies; 4+ messages in thread
From: Eric Biggers @ 2019-01-06 20:46 UTC (permalink / raw)
  To: linux-crypto, Herbert Xu

From: Eric Biggers <ebiggers@google.com>

crypto_grab_*() doesn't set crypto_spawn::inst, so templates must set it
beforehand.  Otherwise it will be left NULL, which causes a crash in
certain cases where algorithms are dynamically loaded/unloaded.  E.g.
with CONFIG_CRYPTO_CHACHA20_X86_64=m, the following caused a crash:

    insmod chacha-x86_64.ko
    python -c 'import socket; socket.socket(socket.AF_ALG, 5, 0).bind(("skcipher", "adiantum(xchacha12,aes)"))'
    rmmod chacha-x86_64.ko
    python -c 'import socket; socket.socket(socket.AF_ALG, 5, 0).bind(("skcipher", "adiantum(xchacha12,aes)"))'

Fixes: 059c2a4d8e16 ("crypto: adiantum - add Adiantum support")
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 crypto/adiantum.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/crypto/adiantum.c b/crypto/adiantum.c
index 6651e713c45d6..5564e73266a6a 100644
--- a/crypto/adiantum.c
+++ b/crypto/adiantum.c
@@ -539,6 +539,8 @@ static int adiantum_create(struct crypto_template *tmpl, struct rtattr **tb)
 	ictx = skcipher_instance_ctx(inst);
 
 	/* Stream cipher, e.g. "xchacha12" */
+	crypto_set_skcipher_spawn(&ictx->streamcipher_spawn,
+				  skcipher_crypto_instance(inst));
 	err = crypto_grab_skcipher(&ictx->streamcipher_spawn, streamcipher_name,
 				   0, crypto_requires_sync(algt->type,
 							   algt->mask));
@@ -547,6 +549,8 @@ static int adiantum_create(struct crypto_template *tmpl, struct rtattr **tb)
 	streamcipher_alg = crypto_spawn_skcipher_alg(&ictx->streamcipher_spawn);
 
 	/* Block cipher, e.g. "aes" */
+	crypto_set_spawn(&ictx->blockcipher_spawn,
+			 skcipher_crypto_instance(inst));
 	err = crypto_grab_spawn(&ictx->blockcipher_spawn, blockcipher_name,
 				CRYPTO_ALG_TYPE_CIPHER, CRYPTO_ALG_TYPE_MASK);
 	if (err)
-- 
2.20.1

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [PATCH 2/2] crypto: algapi - reject NULL crypto_spawn::inst
  2019-01-06 20:46 [PATCH 1/2] crypto: adiantum - initialize crypto_spawn::inst Eric Biggers
@ 2019-01-06 20:46 ` Eric Biggers
  2019-01-11  6:34   ` Herbert Xu
  2019-01-10 14:05 ` [PATCH 1/2] crypto: adiantum - initialize crypto_spawn::inst Herbert Xu
  1 sibling, 1 reply; 4+ messages in thread
From: Eric Biggers @ 2019-01-06 20:46 UTC (permalink / raw)
  To: linux-crypto, Herbert Xu

From: Eric Biggers <ebiggers@google.com>

It took me a while to notice the bug where the adiantum template left
crypto_spawn::inst == NULL, because this only caused problems in certain
cases where algorithms are dynamically loaded/unloaded.

More improvements are needed, but for now make crypto_init_spawn()
reject this case and WARN(), so this type of bug will be noticed
immediately in the future.

Note: I checked all callers and the adiantum template was the only place
that had this wrong.  So this WARN shouldn't trigger anymore.

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 crypto/algapi.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crypto/algapi.c b/crypto/algapi.c
index f3d766312bd96..713baabeb6438 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -608,6 +608,9 @@ int crypto_init_spawn(struct crypto_spawn *spawn, struct crypto_alg *alg,
 {
 	int err = -EAGAIN;

+	if (WARN_ON_ONCE(inst == NULL))
+		return -EINVAL;
+
 	spawn->inst = inst;
 	spawn->mask = mask;

-- 
2.20.1

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH 1/2] crypto: adiantum - initialize crypto_spawn::inst
  2019-01-06 20:46 [PATCH 1/2] crypto: adiantum - initialize crypto_spawn::inst Eric Biggers
  2019-01-06 20:46 ` [PATCH 2/2] crypto: algapi - reject NULL crypto_spawn::inst Eric Biggers
@ 2019-01-10 14:05 ` Herbert Xu
  1 sibling, 0 replies; 4+ messages in thread
From: Herbert Xu @ 2019-01-10 14:05 UTC (permalink / raw)
  To: Eric Biggers; +Cc: linux-crypto

On Sun, Jan 06, 2019 at 12:46:05PM -0800, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
> 
> crypto_grab_*() doesn't set crypto_spawn::inst, so templates must set it
> beforehand.  Otherwise it will be left NULL, which causes a crash in
> certain cases where algorithms are dynamically loaded/unloaded.  E.g.
> with CONFIG_CRYPTO_CHACHA20_X86_64=m, the following caused a crash:
> 
>     insmod chacha-x86_64.ko
>     python -c 'import socket; socket.socket(socket.AF_ALG, 5, 0).bind(("skcipher", "adiantum(xchacha12,aes)"))'
>     rmmod chacha-x86_64.ko
>     python -c 'import socket; socket.socket(socket.AF_ALG, 5, 0).bind(("skcipher", "adiantum(xchacha12,aes)"))'
> 
> Fixes: 059c2a4d8e16 ("crypto: adiantum - add Adiantum support")
> Signed-off-by: Eric Biggers <ebiggers@google.com>
> ---
>  crypto/adiantum.c | 4 ++++
>  1 file changed, 4 insertions(+)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH 2/2] crypto: algapi - reject NULL crypto_spawn::inst
  2019-01-06 20:46 ` [PATCH 2/2] crypto: algapi - reject NULL crypto_spawn::inst Eric Biggers
@ 2019-01-11  6:34   ` Herbert Xu
  0 siblings, 0 replies; 4+ messages in thread
From: Herbert Xu @ 2019-01-11  6:34 UTC (permalink / raw)
  To: Eric Biggers; +Cc: linux-crypto

On Sun, Jan 06, 2019 at 12:46:06PM -0800, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
> 
> It took me a while to notice the bug where the adiantum template left
> crypto_spawn::inst == NULL, because this only caused problems in certain
> cases where algorithms are dynamically loaded/unloaded.
> 
> More improvements are needed, but for now make crypto_init_spawn()
> reject this case and WARN(), so this type of bug will be noticed
> immediately in the future.
> 
> Note: I checked all callers and the adiantum template was the only place
> that had this wrong.  So this WARN shouldn't trigger anymore.
> 
> Signed-off-by: Eric Biggers <ebiggers@google.com>
> ---
>  crypto/algapi.c | 3 +++
>  1 file changed, 3 insertions(+)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2019-01-11  6:34 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-01-06 20:46 [PATCH 1/2] crypto: adiantum - initialize crypto_spawn::inst Eric Biggers
2019-01-06 20:46 ` [PATCH 2/2] crypto: algapi - reject NULL crypto_spawn::inst Eric Biggers
2019-01-11  6:34   ` Herbert Xu
2019-01-10 14:05 ` [PATCH 1/2] crypto: adiantum - initialize crypto_spawn::inst Herbert Xu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).