| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Nov 2022 18:28:38 +0100
From: Borislav Petkov <bp@...e.de>
To: Peter Gonda <pgonda@...gle.com>
Cc: Tom Lendacky <thomas.lendacky@....com>,
Dionna Glaze <dionnaglaze@...gle.com>,
Michael Roth <michael.roth@....com>,
Haowen Bai <baihaowen@...zu.com>,
Yang Yingliang <yangyingliang@...wei.com>,
Marc Orr <marcorr@...gle.com>,
David Rientjes <rientjes@...gle.com>,
Ashish Kalra <Ashish.Kalra@....com>,
linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Subject: Re: [PATCH V4] virt: sev: Prevent IV reuse in SNP guest driver
On Wed, Nov 16, 2022 at 10:10:58AM -0700, Peter Gonda wrote:
> I think another comment above the first snp_issue_guest_request()
> could help too. Saying once we call this function we either need to
> increment the sequence number or wipe the VMPCK to ensure the
> encryption scheme is safe.
And make that explicit pls:
/*
* If the extended guest request fails due to having to small of a
* certificate data buffer retry the same guest request without the
* extended data request...
... in order to not have to reuse the IV.
I have to admit, the flow in that function is still not optimal but I
haven't stared at it long enough to have a better idea...
Thx.
--
Regards/Gruss,
Boris.
SUSE Software Solutions Germany GmbH
GF: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman
(HRB 36809, AG Nürnberg)
Powered by blists - more mailing lists