| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210705051039.npwagq2xd2r35v2u@kernel.org>
Date: Mon, 5 Jul 2021 08:10:39 +0300
From: Jarkko Sakkinen <jarkko@...nel.org>
To: Shuah Khan <shuah@...nel.org>
Cc: linux-kselftest@...r.kernel.org, linux-sgx@...r.kernel.org,
Reinette Chatre <reinette.chatre@...el.com>,
Borislav Petkov <bp@...en8.de>,
Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] selftests/sgx: Fix Q1 and Q2 calculation in
sigstruct.c
On Mon, Jul 05, 2021 at 08:09:21AM +0300, Jarkko Sakkinen wrote:
> From: Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>
>
> Q1 and Q2 are numbers with *maximum* length of 384 bytes. If the calculated
> length of Q1 and Q2 is less than 384 bytes, things will go wrong.
>
> E.g. if Q2 is 383 bytes, then
>
> 1. The bytes of q2 are copied to sigstruct->q2 in calc_q1q2().
> 2. The entire sigstruct->q2 is reversed, which results it being
> 256 * Q2, given that the last byte of sigstruct->q2 is added
> to before the bytes given by calc_q1q2().
>
> Either change in key or measurement can trigger the bug. E.g. an unmeasured
> heap could cause a devastating change in Q1 or Q2.
>
> Reverse exactly the bytes of Q1 and Q2 in calc_q1q2() before returning to
> the caller.
>
> Fixes: dedde2634570 ("selftests/sgx: Trigger the reclaimer in the selftests")
Oops :-(
Was meant to be
Fixes: 2adcba79e69d ("selftests/x86: Add a selftest for SGX")
/Jarkko
Powered by blists - more mailing lists