1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright 2019 Google LLC
4 */
5
6 /*
7 * Regression test for commit ecaaab564978 ("crypto: salsa20 - fix
8 * blkcipher_walk API usage"), or CVE-2017-17805. This test verifies that an
9 * empty message can be encrypted with Salsa20 without crashing the kernel.
10 *
11 * Fix for kernels < 4.14:
12 * With kernels missing commit 2d97591ef43d ("crypto: af_alg - consolidation
13 * of duplicate code") read() does not return in this situation. The call is
14 * now moved to a child thread in order to cancel it in case read() takes an
15 * unusual long amount of time.
16 */
17
18 #include "tst_test.h"
19 #include "tst_af_alg.h"
20 #include "tst_safe_pthread.h"
21 #include <pthread.h>
22 #include <errno.h>
23
verify_encrypt(void * arg)24 static void *verify_encrypt(void *arg)
25 {
26 char buf[16];
27 int reqfd = tst_alg_setup_reqfd("skcipher", "salsa20", NULL, 16);
28
29 TST_CHECKPOINT_WAKE(0);
30
31 /* With the bug the kernel crashed here */
32 if (read(reqfd, buf, 16) == 0)
33 tst_res(TPASS, "Successfully \"encrypted\" an empty message");
34 else
35 tst_res(TFAIL, "read() didn't return 0");
36 return arg;
37 }
38
run(void)39 static void run(void)
40 {
41 pthread_t thr;
42
43 pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL);
44 SAFE_PTHREAD_CREATE(&thr, NULL, verify_encrypt, NULL);
45
46 TST_CHECKPOINT_WAIT(0);
47
48 while (pthread_kill(thr, 0) != ESRCH) {
49 if (tst_timeout_remaining() <= 10) {
50 pthread_cancel(thr);
51 tst_brk(TBROK,
52 "Timed out while reading from request socket.");
53 }
54 usleep(1000);
55 }
56 }
57
58 static struct tst_test test = {
59 .test_all = run,
60 .timeout = 20,
61 .needs_checkpoints = 1,
62 .tags = (const struct tst_tag[]) {
63 {"linux-git", "ecaaab564978"},
64 {"CVE", "2017-17805"},
65 {}
66 }
67 };
68