| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160926145934.GA5520@gondor.apana.org.au>
Date: Mon, 26 Sep 2016 22:59:34 +0800
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Jan Stancek <jstancek@...hat.com>
Cc: rui.y.wang@...el.com, mhcerri@...ux.vnet.ibm.com,
leosilva@...ux.vnet.ibm.com, pfsmorigo@...ux.vnet.ibm.com,
linux-crypto@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
linux-kernel@...r.kernel.org
Subject: Re: [bug] crypto/vmx/p8_ghash memory corruption in 4.8-rc7
On Fri, Sep 23, 2016 at 08:22:27PM -0400, Jan Stancek wrote:
>
> This seems to directly correspond with:
> p8_ghash_alg.descsize = sizeof(struct p8_ghash_desc_ctx) == 56
> shash_tfm->descsize = sizeof(struct p8_ghash_desc_ctx) + crypto_shash_descsize(fallback) == 56 + 20
> where 20 is presumably coming from "ghash_alg.descsize".
>
> My gut feeling was that these 2 should match, but I'd love to hear
> what crypto people think.
Indeed. The vmx driver is broken. It is allocating a fallback
but is not providing any space for the state of the fallback.
Unfortunately our interface doesn't really provide a way to provide
the state size dynamically. So what I'd suggest is to fix the
fallback to the generic ghash implementation and export its state
size like we do for md5/sha.
Cheers,
--
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Powered by blists - more mailing lists