| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <18039.1481704679@warthog.procyon.org.uk>
Date: Wed, 14 Dec 2016 08:37:59 +0000
From: David Howells <dhowells@...hat.com>
To: Andy Lutomirski <luto@...capital.net>
Cc: dhowells@...hat.com, Andy Lutomirski <luto@...nel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
USB list <linux-usb@...r.kernel.org>, keyrings@...r.kernel.org,
Eric Biggers <ebiggers3@...il.com>,
linux-crypto@...r.kernel.org,
Herbert Xu <herbert@...dor.apana.org.au>,
Stephan Mueller <smueller@...onox.de>
Subject: Re: [PATCH v2] keys/encrypted: Fix two crypto-on-the-stack bugs
Andy Lutomirski <luto@...capital.net> wrote:
> > - sg_set_buf(&sg_out[1], pad, sizeof pad);
> > + sg_set_buf(&sg_out[1], empty_zero_page, 16);
>
> My fix here is obviously bogus (I meant to use ZERO_PAGE(0)), but what
> exactly is the code trying to do? The old code makes no sense. It's
> setting the *output* buffer to zeroed padding.
Padding goes into the encrypt function and is going to come out of the decrypt
function. Possibly derived_key_decrypt() should be checking that the padding
that comes out is actually a bunch of zeros. Maybe we don't actually need to
get the padding out, but I'm not sure whether the crypto layer will
malfunction if we don't give it a buffer for the padding.
David
Powered by blists - more mailing lists