On Thu, Apr 18, 2019 at 02:44:27PM -0700, Eric Biggers wrote: > From: Eric Biggers <ebiggers@xxxxxxxxxx> > > CCM instances can be created by either the "ccm" template, which only > allows choosing the block cipher, e.g. "ccm(aes)"; or by "ccm_base", > which allows choosing the ctr and cbcmac implementations, e.g. > "ccm_base(ctr(aes-generic),cbcmac(aes-generic))". > > However, a "ccm_base" instance prevents a "ccm" instance from being > registered using the same implementations. Nor will the instance be > found by lookups of "ccm". This can be used as a denial of service. > Moreover, "ccm_base" instances are never tested by the crypto > self-tests, even if there are compatible "ccm" tests. > > The root cause of these problems is that instances of the two templates > use different cra_names. Therefore, fix these problems by making > "ccm_base" instances set the same cra_name as "ccm" instances, e.g. > "ccm(aes)" instead of "ccm_base(ctr(aes-generic),cbcmac(aes-generic))". > > This requires extracting the block cipher name from the name of the ctr > and cbcmac algorithms. It also requires starting to verify that the > algorithms are really ctr and cbcmac using the same block cipher, not > something else entirely. But it would be bizarre if anyone were > actually using non-ccm-compatible algorithms with ccm_base, so this > shouldn't break anyone in practice. > > Fixes: 4a49b499dfa0 ("[CRYPTO] ccm: Added CCM mode") > Cc: stable@xxxxxxxxxxxxxxx > Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> > --- > > Changed since v2: > - Leave check for ctr cra_blocksize == 1. > > Changed since v1: > - Verify that cbcmac is really cbcmac (based on name). > - Improved commit message. > > crypto/ccm.c | 44 ++++++++++++++++++-------------------------- > 1 file changed, 18 insertions(+), 26 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt