Re: [PATCH 3/4] DRBG: fix memory corruption for AES192

From: Herbert Xu
Date: Thu Jul 03 2014 - 23:12:54 EST


On Tue, Jul 01, 2014 at 05:08:48PM +0200, Stephan Mueller wrote:
> For the CTR DRBG, the drbg_state->scratchpad temp buffer (i.e. the
> memory location immediately before the drbg_state->tfm variable
> is the buffer that the BCC function operates on. BCC operates
> blockwise. Making the temp buffer drbg_statelen(drbg) in size is
> sufficient when the DRBG state length is a multiple of the block
> size. For AES192 this is not the case and the length for temp is
> insufficient (yes, that also means for such ciphers, the final
> output of all BCC rounds are truncated before used to update the
> state of the DRBG!!).
>
> The patch enlarges the temp buffer from drbg_statelen to
> drbg_statelen + drbg_blocklen to have sufficient space.
>
> Reported-by: Fengguang Wu <fengguang.wu@xxxxxxxxx>
> Signed-off-by: Stephan Mueller <smueller@xxxxxxxxxx>

BTW your patches were all corrupted by your mailer so I had to
fix them by hand. Please check the cryptodev tree to ensure
that my fixes are correct.

In future please test your patches by applying your own patches
returned via the list.

Thanks,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/