From: Ondrej Mosnacek <omosnace@redhat.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org, dm-devel@redhat.com,
Mikulas Patocka <mpatocka@redhat.com>,
Eric Biggers <ebiggers@kernel.org>,
Ondrej Mosnacek <omosnace@redhat.com>,
stable@vger.kernel.org
Subject: [PATCH v4 1/4] crypto: lrw - Fix out-of bounds access on counter overflow
Date: Thu, 13 Sep 2018 10:51:31 +0200 [thread overview]
Message-ID: <20180913085134.11694-2-omosnace@redhat.com> (raw)
In-Reply-To: <20180913085134.11694-1-omosnace@redhat.com>
When the LRW block counter overflows, the current implementation returns
128 as the index to the precomputed multiplication table, which has 128
entries. This patch fixes it to return the correct value (127).
Fixes: 64470f1b8510 ("[CRYPTO] lrw: Liskov Rivest Wagner, a tweakable narrow block cipher mode")
Cc: <stable@vger.kernel.org> # 2.6.20+
Reported-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
crypto/lrw.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/crypto/lrw.c b/crypto/lrw.c
index 393a782679c7..5504d1325a56 100644
--- a/crypto/lrw.c
+++ b/crypto/lrw.c
@@ -143,7 +143,12 @@ static inline int get_index128(be128 *block)
return x + ffz(val);
}
- return x;
+ /*
+ * If we get here, then x == 128 and we are incrementing the counter
+ * from all ones to all zeros. This means we must return index 127, i.e.
+ * the one corresponding to key2*{ 1,...,1 }.
+ */
+ return 127;
}
static int post_crypt(struct skcipher_request *req)
--
2.17.1
next prev parent reply other threads:[~2018-09-13 8:51 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-13 8:51 [PATCH v4 0/4] crypto: lrw - Fixes and improvements Ondrej Mosnacek
2018-09-13 8:51 ` Ondrej Mosnacek [this message]
2018-09-13 8:51 ` [PATCH v4 2/4] crypto: testmgr - Add test for LRW counter wrap-around Ondrej Mosnacek
2018-09-13 8:51 ` [PATCH v4 3/4] crypto: lrw - Optimize tweak computation Ondrej Mosnacek
2018-09-13 8:51 ` [PATCH v4 4/4] crypto: lrw - Do not use auxiliary buffer Ondrej Mosnacek
2018-09-21 5:45 ` [PATCH v4 0/4] crypto: lrw - Fixes and improvements Herbert Xu
2018-09-30 19:00 ` Ard Biesheuvel
2018-09-30 19:40 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180913085134.11694-2-omosnace@redhat.com \
--to=omosnace@redhat.com \
--cc=dm-devel@redhat.com \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=mpatocka@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).