| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 04 Jul 2014 05:32:56 +0200 From: Stephan Mueller <smueller@...onox.de> To: Herbert Xu <herbert@...dor.apana.org.au> Cc: Rafael Aquini <aquini@...hat.com>, aris@...hat.com, Fengguang Wu <fengguang.wu@...el.com>, Jet Chen <jet.chen@...el.com>, Su Tao <tao.su@...el.com>, Yuanhan Liu <yuanhan.liu@...el.com>, LKP <lkp@...org>, linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH 3/4] DRBG: fix memory corruption for AES192 Am Freitag, 4. Juli 2014, 11:08:10 schrieb Herbert Xu: Hi Herbert, > On Tue, Jul 01, 2014 at 05:08:48PM +0200, Stephan Mueller wrote: > > For the CTR DRBG, the drbg_state->scratchpad temp buffer (i.e. the > > memory location immediately before the drbg_state->tfm variable > > is the buffer that the BCC function operates on. BCC operates > > blockwise. Making the temp buffer drbg_statelen(drbg) in size is > > sufficient when the DRBG state length is a multiple of the block > > size. For AES192 this is not the case and the length for temp is > > insufficient (yes, that also means for such ciphers, the final > > output of all BCC rounds are truncated before used to update the > > state of the DRBG!!). > > > > The patch enlarges the temp buffer from drbg_statelen to > > drbg_statelen + drbg_blocklen to have sufficient space. > > > > Reported-by: Fengguang Wu <fengguang.wu@...el.com> > > Signed-off-by: Stephan Mueller <smueller@...onox.de> > > I have applied just this patch out of your series. You patches > depend on the previous four patches which I have not yet applied > since there are still outstanding issues with two of them. Thank you. The raised issues are for patches [1] and [2]. The issue around [1] is whether there is Kconfig solution for the problem of selecting at least one or more than one configure option from a set of options. This should avoid having a module init function with returns an error. The selection of DRBG cores shall allow the user to compile the DRBG to suit his needs and reduce the footprint of the DRBG. Since at least one DRBG core must be selected as otherwise the DRBG is meaningless. Unfortunately I have not found a solution with Kconfig and all given suggestions also did not lead to a solution. So, if anybody has a suggestion on how to solve the issue, I will try it out. Regarding [2], the issue is that ARRAY_SIZE returns different variable types on different platforms (e.g. unsigned long on x86_64 vs unsigned int on i386). Thus I have to use a type cast. This issue may be fixed by forcing a particular type to ARRAY_SIZE. Such change, however, may have quite some ripple effects throughout the kernel. Therefore, IMHO such a patch should not be made in the realm of the DRBG patchset and the type cast should be allowed. [1] https://lkml.org/lkml/2014/6/28/489 [2] https://lkml.org/lkml/2014/6/28/492 -- Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists