lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 7 Mar 2016 09:05:16 +0000
From:	Cristian Stoica <cristian.stoica@....com>
To:	Tadeusz Struk <tadeusz.struk@...el.com>,
	"herbert@...dor.apana.org.au" <herbert@...dor.apana.org.au>
CC:	"linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"davem@...emloft.net" <davem@...emloft.net>
Subject: Re: [PATCH 1/3] crypto: authenc - add TLS type encryption

Hi Tadeusz,


+static int crypto_encauth_dgst_verify(struct aead_request *req,
+                                     unsigned int flags)
+{
+       struct crypto_aead *tfm = crypto_aead_reqtfm(req);
+       unsigned int authsize = crypto_aead_authsize(tfm);
+       struct aead_instance *inst = aead_alg_instance(tfm);
+       struct crypto_encauth_ctx *ctx = crypto_aead_ctx(tfm);
+       struct encauth_instance_ctx *ictx = aead_instance_ctx(inst);
+       struct crypto_ahash *auth = ctx->auth;
+       struct encauth_request_ctx *areq_ctx = aead_request_ctx(req);
+       struct ahash_request *ahreq = (void *)(areq_ctx->tail + ictx->reqoff);
+       u8 *hash = areq_ctx->tail;
+       int i, err = 0, padd_err = 0;
+       u8 paddlen, *ihash;
+       u8 padd[255];
+
+       scatterwalk_map_and_copy(&paddlen, req->dst, req->assoclen +
+                                req->cryptlen - 1, 1, 0);
+
+       if (paddlen > 255 || paddlen > req->cryptlen) {
+               paddlen = 1;
+               padd_err = -EBADMSG;
+       }
+
+       scatterwalk_map_and_copy(padd, req->dst, req->assoclen +
+                                req->cryptlen - paddlen, paddlen, 0);
+
+       for (i = 0; i < paddlen; i++) {
+               if (padd[i] != paddlen)
+                       padd_err = -EBADMSG;
+       }


This part seems to have the same issue my TLS patch has.
See for reference what Andy Lutomirski had to say about it:

http://www.mail-archive.com/linux-crypto%40vger.kernel.org/msg11719.html


Cristian S.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ