lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5597906.Ka0eDGbAv1@myon.chronox.de>
Date:	Fri, 04 Jul 2014 05:32:56 +0200
From:	Stephan Mueller <smueller@...onox.de>
To:	Herbert Xu <herbert@...dor.apana.org.au>
Cc:	Rafael Aquini <aquini@...hat.com>, aris@...hat.com,
	Fengguang Wu <fengguang.wu@...el.com>,
	Jet Chen <jet.chen@...el.com>, Su Tao <tao.su@...el.com>,
	Yuanhan Liu <yuanhan.liu@...el.com>, LKP <lkp@...org>,
	linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 3/4] DRBG: fix memory corruption for AES192

Am Freitag, 4. Juli 2014, 11:08:10 schrieb Herbert Xu:

Hi Herbert,

> On Tue, Jul 01, 2014 at 05:08:48PM +0200, Stephan Mueller wrote:
> > For the CTR DRBG, the drbg_state->scratchpad temp buffer (i.e. the
> > memory location immediately before the drbg_state->tfm variable
> > is the buffer that the BCC function operates on. BCC operates
> > blockwise. Making the temp buffer drbg_statelen(drbg) in size is
> > sufficient when the DRBG state length is a multiple of the block
> > size. For AES192 this is not the case and the length for temp is
> > insufficient (yes, that also means for such ciphers, the final
> > output of all BCC rounds are truncated before used to update the
> > state of the DRBG!!).
> > 
> > The patch enlarges the temp buffer from drbg_statelen to
> > drbg_statelen + drbg_blocklen to have sufficient space.
> > 
> > Reported-by: Fengguang Wu <fengguang.wu@...el.com>
> > Signed-off-by: Stephan Mueller <smueller@...onox.de>
> 
> I have applied just this patch out of your series.  You patches
> depend on the previous four patches which I have not yet applied
> since there are still outstanding issues with two of them.

Thank you.

The raised issues are for patches [1] and [2].

The issue around [1] is whether there is Kconfig solution for the problem of 
selecting at least one or more than one configure option from a set of 
options. This should avoid having a module init function with returns an 
error. The selection of DRBG cores shall allow the user to compile the DRBG to 
suit his needs and reduce the footprint of the DRBG. Since at least one DRBG 
core must be selected as otherwise the DRBG is meaningless. Unfortunately I 
have not found a solution with Kconfig and all given suggestions also did not 
lead to a solution. So, if anybody has a suggestion on how to solve the issue, 
I will try it out.

Regarding [2], the issue is that ARRAY_SIZE returns different variable types 
on different platforms (e.g. unsigned long on x86_64 vs unsigned int on i386). 
Thus I have to use a type cast. This issue may be fixed by forcing a 
particular type to ARRAY_SIZE. Such change, however, may have quite some 
ripple effects throughout the kernel. Therefore, IMHO such a patch should not 
be made in the realm of the DRBG patchset and the type cast should be allowed.

[1] https://lkml.org/lkml/2014/6/28/489

[2] https://lkml.org/lkml/2014/6/28/492

-- 
Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ