linux-crypto.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] crypto: nx: Fix memcpy() over-reading in nonce
@ 2021-06-16 20:34 Kees Cook
  2021-06-17  6:08 ` Michael Ellerman
  2021-06-24  7:36 ` Herbert Xu
  0 siblings, 2 replies; 4+ messages in thread
From: Kees Cook @ 2021-06-16 20:34 UTC (permalink / raw)
  To: Herbert Xu
  Cc: Kees Cook, stable, Breno Leitão, Nayna Jain,
	Paulo Flabiano Smorigo, Michael Ellerman, Benjamin Herrenschmidt,
	Paul Mackerras, David S. Miller, linux-kernel, linux-crypto,
	linuxppc-dev, linux-hardening

Fix typo in memcpy() where size should be CTR_RFC3686_NONCE_SIZE.

Fixes: 030f4e968741 ("crypto: nx - Fix reentrancy bugs")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 drivers/crypto/nx/nx-aes-ctr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/nx/nx-aes-ctr.c b/drivers/crypto/nx/nx-aes-ctr.c
index 13f518802343..6120e350ff71 100644
--- a/drivers/crypto/nx/nx-aes-ctr.c
+++ b/drivers/crypto/nx/nx-aes-ctr.c
@@ -118,7 +118,7 @@ static int ctr3686_aes_nx_crypt(struct skcipher_request *req)
 	struct nx_crypto_ctx *nx_ctx = crypto_skcipher_ctx(tfm);
 	u8 iv[16];
 
-	memcpy(iv, nx_ctx->priv.ctr.nonce, CTR_RFC3686_IV_SIZE);
+	memcpy(iv, nx_ctx->priv.ctr.nonce, CTR_RFC3686_NONCE_SIZE);
 	memcpy(iv + CTR_RFC3686_NONCE_SIZE, req->iv, CTR_RFC3686_IV_SIZE);
 	iv[12] = iv[13] = iv[14] = 0;
 	iv[15] = 1;
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] crypto: nx: Fix memcpy() over-reading in nonce
  2021-06-16 20:34 [PATCH] crypto: nx: Fix memcpy() over-reading in nonce Kees Cook
@ 2021-06-17  6:08 ` Michael Ellerman
  2021-06-18 23:49   ` Kees Cook
  2021-06-24  7:36 ` Herbert Xu
  1 sibling, 1 reply; 4+ messages in thread
From: Michael Ellerman @ 2021-06-17  6:08 UTC (permalink / raw)
  To: Kees Cook, Herbert Xu
  Cc: Kees Cook, stable, Breno Leitão, Nayna Jain,
	Paulo Flabiano Smorigo, Benjamin Herrenschmidt, Paul Mackerras,
	David S. Miller, linux-kernel, linux-crypto, linuxppc-dev,
	linux-hardening

Kees Cook <keescook@chromium.org> writes:
> Fix typo in memcpy() where size should be CTR_RFC3686_NONCE_SIZE.
>
> Fixes: 030f4e968741 ("crypto: nx - Fix reentrancy bugs")
> Cc: stable@vger.kernel.org
> Signed-off-by: Kees Cook <keescook@chromium.org>

Thanks.

> ---
>  drivers/crypto/nx/nx-aes-ctr.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/crypto/nx/nx-aes-ctr.c b/drivers/crypto/nx/nx-aes-ctr.c
> index 13f518802343..6120e350ff71 100644
> --- a/drivers/crypto/nx/nx-aes-ctr.c
> +++ b/drivers/crypto/nx/nx-aes-ctr.c
> @@ -118,7 +118,7 @@ static int ctr3686_aes_nx_crypt(struct skcipher_request *req)
>  	struct nx_crypto_ctx *nx_ctx = crypto_skcipher_ctx(tfm);
>  	u8 iv[16];
>  
> -	memcpy(iv, nx_ctx->priv.ctr.nonce, CTR_RFC3686_IV_SIZE);
> +	memcpy(iv, nx_ctx->priv.ctr.nonce, CTR_RFC3686_NONCE_SIZE);
>  	memcpy(iv + CTR_RFC3686_NONCE_SIZE, req->iv, CTR_RFC3686_IV_SIZE);
>  	iv[12] = iv[13] = iv[14] = 0;
>  	iv[15] = 1;

Where IV_SIZE is 8 and NONCE_SIZE is 4.

And iv is 16 bytes, so it's not a buffer overflow.

But priv.ctr.nonce is 4 bytes, and at the end of the struct, so it reads
4 bytes past the end of the nx_crypto_ctx, which is not good.

But then immediately overwrites whatever it read with req->iv.

So seems pretty harmless in practice?

cheers

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] crypto: nx: Fix memcpy() over-reading in nonce
  2021-06-17  6:08 ` Michael Ellerman
@ 2021-06-18 23:49   ` Kees Cook
  0 siblings, 0 replies; 4+ messages in thread
From: Kees Cook @ 2021-06-18 23:49 UTC (permalink / raw)
  To: Michael Ellerman
  Cc: Herbert Xu, stable, Breno Leitão, Nayna Jain,
	Paulo Flabiano Smorigo, Benjamin Herrenschmidt, Paul Mackerras,
	David S. Miller, linux-kernel, linux-crypto, linuxppc-dev,
	linux-hardening

On Thu, Jun 17, 2021 at 04:08:15PM +1000, Michael Ellerman wrote:
> Kees Cook <keescook@chromium.org> writes:
> > Fix typo in memcpy() where size should be CTR_RFC3686_NONCE_SIZE.
> >
> > Fixes: 030f4e968741 ("crypto: nx - Fix reentrancy bugs")
> > Cc: stable@vger.kernel.org
> > Signed-off-by: Kees Cook <keescook@chromium.org>
> 
> Thanks.
> 
> > ---
> >  drivers/crypto/nx/nx-aes-ctr.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/crypto/nx/nx-aes-ctr.c b/drivers/crypto/nx/nx-aes-ctr.c
> > index 13f518802343..6120e350ff71 100644
> > --- a/drivers/crypto/nx/nx-aes-ctr.c
> > +++ b/drivers/crypto/nx/nx-aes-ctr.c
> > @@ -118,7 +118,7 @@ static int ctr3686_aes_nx_crypt(struct skcipher_request *req)
> >  	struct nx_crypto_ctx *nx_ctx = crypto_skcipher_ctx(tfm);
> >  	u8 iv[16];
> >  
> > -	memcpy(iv, nx_ctx->priv.ctr.nonce, CTR_RFC3686_IV_SIZE);
> > +	memcpy(iv, nx_ctx->priv.ctr.nonce, CTR_RFC3686_NONCE_SIZE);
> >  	memcpy(iv + CTR_RFC3686_NONCE_SIZE, req->iv, CTR_RFC3686_IV_SIZE);
> >  	iv[12] = iv[13] = iv[14] = 0;
> >  	iv[15] = 1;
> 
> Where IV_SIZE is 8 and NONCE_SIZE is 4.
> 
> And iv is 16 bytes, so it's not a buffer overflow.
> 
> But priv.ctr.nonce is 4 bytes, and at the end of the struct, so it reads
> 4 bytes past the end of the nx_crypto_ctx, which is not good.
> 
> But then immediately overwrites whatever it read with req->iv.
> 
> So seems pretty harmless in practice?

Right -- there's no damage done, but future memcpy() FORTIFY work alerts
on this, so I'm going through cleaning all of these up. :)

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] crypto: nx: Fix memcpy() over-reading in nonce
  2021-06-16 20:34 [PATCH] crypto: nx: Fix memcpy() over-reading in nonce Kees Cook
  2021-06-17  6:08 ` Michael Ellerman
@ 2021-06-24  7:36 ` Herbert Xu
  1 sibling, 0 replies; 4+ messages in thread
From: Herbert Xu @ 2021-06-24  7:36 UTC (permalink / raw)
  To: Kees Cook
  Cc: stable, Breno Leitão, Nayna Jain, Paulo Flabiano Smorigo,
	Michael Ellerman, Benjamin Herrenschmidt, Paul Mackerras,
	David S. Miller, linux-kernel, linux-crypto, linuxppc-dev,
	linux-hardening

On Wed, Jun 16, 2021 at 01:34:59PM -0700, Kees Cook wrote:
> Fix typo in memcpy() where size should be CTR_RFC3686_NONCE_SIZE.
> 
> Fixes: 030f4e968741 ("crypto: nx - Fix reentrancy bugs")
> Cc: stable@vger.kernel.org
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
>  drivers/crypto/nx/nx-aes-ctr.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-06-24  7:36 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-16 20:34 [PATCH] crypto: nx: Fix memcpy() over-reading in nonce Kees Cook
2021-06-17  6:08 ` Michael Ellerman
2021-06-18 23:49   ` Kees Cook
2021-06-24  7:36 ` Herbert Xu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).