Hi,
I'm trying to test AEAD based HMAC (sha1-96) with NULL encryption using a
modified tcrypt module.
I'm using a 2.6.27.4 kernel on an armv5te platform.
I hit a BUG() at crypto/scatterwalk.c:37 that indicates that the scatterlist
length is zero.
I've traced this back to crypto/authenc.c function crypto_authenc_genicv()...
There is a call to authenc_chain(cipher, dst, vdst == iv + ivsize);
It seems the test vdst == iv + ivsize fails. Does anyone know the purpose of
the test ? I think it is trying to check that the end of the IV field matches
something in the reg->dst scatterlist ?
authenc_chain() is...
static void authenc_chain(struct scatterlist *head, struct scatterlist *sg,
int chain)
{
if (chain) {
head->length += sg->length;
sg = scatterwalk_sg_next(sg);
}
if (sg)
scatterwalk_sg_chain(head, 2, sg);
else
sg_mark_end(head);
}
Therefore the value of chain is 0 and this causes authenc_chain() to not
update the length in head eg. chiper[0] scatterlist.
Can anyone please tell me what authenc_chain() is trying to do ?
Is there a "special" relationship to create the IV buffer with respect to the
dst scatterlist within tcrypt so that chain = 1 ? If I use ESP4 in IPsec
instead of tcrypt, then chain does equal 1.
Thanks for any info ?
Regards,
Dean Jenkins
MontaVista Software
Dean Jenkins <[email protected]> wrote:
>
> I'm using a 2.6.27.4 kernel on an armv5te platform.
>
> I hit a BUG() at crypto/scatterwalk.c:37 that indicates that the scatterlist
> length is zero.
>
> I've traced this back to crypto/authenc.c function crypto_authenc_genicv()...
Does this patch fix it?
commit 700aa8bfa071875cda833f44491d3548ad79951e
Author: Herbert Xu <[email protected]>
Date: Tue Jan 13 11:26:18 2009 +1100
crypto: authenc - Fix zero-length IV crash
As it is if an algorithm with a zero-length IV is used (e.g.,
NULL encryption) with authenc, authenc may generate an SG entry
of length zero, which will trigger a BUG check in the hash layer.
This patch fixes it by skipping the IV SG generation if the IV
size is zero.
Signed-off-by: Herbert Xu <[email protected]>
diff --git a/crypto/authenc.c b/crypto/authenc.c
index 40b6e9e..5793b64 100644
--- a/crypto/authenc.c
+++ b/crypto/authenc.c
@@ -158,16 +158,19 @@ static int crypto_authenc_genicv(struct aead_request *req, u8 *iv,
dstp = sg_page(dst);
vdst = PageHighMem(dstp) ? NULL : page_address(dstp) + dst->offset;
- sg_init_table(cipher, 2);
- sg_set_buf(cipher, iv, ivsize);
- authenc_chain(cipher, dst, vdst == iv + ivsize);
+ if (ivsize) {
+ sg_init_table(cipher, 2);
+ sg_set_buf(cipher, iv, ivsize);
+ authenc_chain(cipher, dst, vdst == iv + ivsize);
+ dst = cipher;
+ }
cryptlen = req->cryptlen + ivsize;
- hash = crypto_authenc_hash(req, flags, cipher, cryptlen);
+ hash = crypto_authenc_hash(req, flags, dst, cryptlen);
if (IS_ERR(hash))
return PTR_ERR(hash);
- scatterwalk_map_and_copy(hash, cipher, cryptlen,
+ scatterwalk_map_and_copy(hash, dst, cryptlen,
crypto_aead_authsize(authenc), 1);
return 0;
}
@@ -285,11 +288,14 @@ static int crypto_authenc_iverify(struct aead_request *req, u8 *iv,
srcp = sg_page(src);
vsrc = PageHighMem(srcp) ? NULL : page_address(srcp) + src->offset;
- sg_init_table(cipher, 2);
- sg_set_buf(cipher, iv, ivsize);
- authenc_chain(cipher, src, vsrc == iv + ivsize);
+ if (ivsize) {
+ sg_init_table(cipher, 2);
+ sg_set_buf(cipher, iv, ivsize);
+ authenc_chain(cipher, src, vsrc == iv + ivsize);
+ src = cipher;
+ }
- return crypto_authenc_verify(req, cipher, cryptlen + ivsize);
+ return crypto_authenc_verify(req, src, cryptlen + ivsize);
}
static int crypto_authenc_decrypt(struct aead_request *req)
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Hi Herbert,
Many thanks that fixed it.
Regards,
Dean Jenkins
MontaVista Software