| From 433dde116fd9cd6f9d5abbecdcc51186d1a9d987 Mon Sep 17 00:00:00 2001 |
| From: Milan Broz <gmazyland@gmail.com> |
| Date: Mon, 6 Jan 2020 10:11:47 +0100 |
| Subject: [PATCH] dm crypt: fix benbi IV constructor crash if used in |
| authenticated mode |
| |
| commit 4ea9471fbd1addb25a4d269991dc724e200ca5b5 upstream. |
| |
| If benbi IV is used in AEAD construction, for example: |
| cryptsetup luksFormat <device> --cipher twofish-xts-benbi --key-size 512 --integrity=hmac-sha256 |
| the constructor uses wrong skcipher function and crashes: |
| |
| BUG: kernel NULL pointer dereference, address: 00000014 |
| ... |
| EIP: crypt_iv_benbi_ctr+0x15/0x70 [dm_crypt] |
| Call Trace: |
| ? crypt_subkey_size+0x20/0x20 [dm_crypt] |
| crypt_ctr+0x567/0xfc0 [dm_crypt] |
| dm_table_add_target+0x15f/0x340 [dm_mod] |
| |
| Fix this by properly using crypt_aead_blocksize() in this case. |
| |
| Fixes: ef43aa38063a6 ("dm crypt: add cryptographic data integrity protection (authenticated encryption)") |
| Cc: stable@vger.kernel.org # v4.12+ |
| Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941051 |
| Reported-by: Jerad Simpson <jbsimpson@gmail.com> |
| Signed-off-by: Milan Broz <gmazyland@gmail.com> |
| Signed-off-by: Mike Snitzer <snitzer@redhat.com> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c |
| index e78e4d3d3352..c47f495adce7 100644 |
| --- a/drivers/md/dm-crypt.c |
| +++ b/drivers/md/dm-crypt.c |
| @@ -481,8 +481,14 @@ static int crypt_iv_essiv_gen(struct crypt_config *cc, u8 *iv, |
| static int crypt_iv_benbi_ctr(struct crypt_config *cc, struct dm_target *ti, |
| const char *opts) |
| { |
| - unsigned bs = crypto_skcipher_blocksize(any_tfm(cc)); |
| - int log = ilog2(bs); |
| + unsigned bs; |
| + int log; |
| + |
| + if (test_bit(CRYPT_MODE_INTEGRITY_AEAD, &cc->cipher_flags)) |
| + bs = crypto_aead_blocksize(any_tfm_aead(cc)); |
| + else |
| + bs = crypto_skcipher_blocksize(any_tfm(cc)); |
| + log = ilog2(bs); |
| |
| /* we need to calculate how far we must shift the sector count |
| * to get the cipher block count, we use this shift in _gen */ |
| -- |
| 2.7.4 |
| |