[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5597906.Ka0eDGbAv1@myon.chronox.de>
Date: Fri, 04 Jul 2014 05:32:56 +0200
From: Stephan Mueller <smueller@...onox.de>
To: Herbert Xu <herbert@...dor.apana.org.au>
Cc: Rafael Aquini <aquini@...hat.com>, aris@...hat.com,
Fengguang Wu <fengguang.wu@...el.com>,
Jet Chen <jet.chen@...el.com>, Su Tao <tao.su@...el.com>,
Yuanhan Liu <yuanhan.liu@...el.com>, LKP <lkp@...org>,
linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 3/4] DRBG: fix memory corruption for AES192
Am Freitag, 4. Juli 2014, 11:08:10 schrieb Herbert Xu:
Hi Herbert,
> On Tue, Jul 01, 2014 at 05:08:48PM +0200, Stephan Mueller wrote:
> > For the CTR DRBG, the drbg_state->scratchpad temp buffer (i.e. the
> > memory location immediately before the drbg_state->tfm variable
> > is the buffer that the BCC function operates on. BCC operates
> > blockwise. Making the temp buffer drbg_statelen(drbg) in size is
> > sufficient when the DRBG state length is a multiple of the block
> > size. For AES192 this is not the case and the length for temp is
> > insufficient (yes, that also means for such ciphers, the final
> > output of all BCC rounds are truncated before used to update the
> > state of the DRBG!!).
> >
> > The patch enlarges the temp buffer from drbg_statelen to
> > drbg_statelen + drbg_blocklen to have sufficient space.
> >
> > Reported-by: Fengguang Wu <fengguang.wu@...el.com>
> > Signed-off-by: Stephan Mueller <smueller@...onox.de>
>
> I have applied just this patch out of your series. You patches
> depend on the previous four patches which I have not yet applied
> since there are still outstanding issues with two of them.
Thank you.
The raised issues are for patches [1] and [2].
The issue around [1] is whether there is Kconfig solution for the problem of
selecting at least one or more than one configure option from a set of
options. This should avoid having a module init function with returns an
error. The selection of DRBG cores shall allow the user to compile the DRBG to
suit his needs and reduce the footprint of the DRBG. Since at least one DRBG
core must be selected as otherwise the DRBG is meaningless. Unfortunately I
have not found a solution with Kconfig and all given suggestions also did not
lead to a solution. So, if anybody has a suggestion on how to solve the issue,
I will try it out.
Regarding [2], the issue is that ARRAY_SIZE returns different variable types
on different platforms (e.g. unsigned long on x86_64 vs unsigned int on i386).
Thus I have to use a type cast. This issue may be fixed by forcing a
particular type to ARRAY_SIZE. Such change, however, may have quite some
ripple effects throughout the kernel. Therefore, IMHO such a patch should not
be made in the realm of the DRBG patchset and the type cast should be allowed.
[1] https://lkml.org/lkml/2014/6/28/489
[2] https://lkml.org/lkml/2014/6/28/492
--
Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists