From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Cc: "open list:HARDWARE RANDOM NUMBER GENERATOR CORE"
<linux-crypto@vger.kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Herbert Xu <herbert@gondor.apana.org.au>,
stable <stable@vger.kernel.org>
Subject: Re: [PATCH 1/2] crypto: fix cfb mode decryption
Date: Sun, 21 Oct 2018 09:07:42 +0100 [thread overview]
Message-ID: <1540109262.3023.6.camel@HansenPartnership.com> (raw)
In-Reply-To: <CAKv+Gu8eiFXoC2MWjGUG_AgDNq5rduWQN0CC4Q4BM0pjWW3B-w@mail.gmail.com>
On Sun, 2018-10-21 at 09:05 +0200, Ard Biesheuvel wrote:
> (+ James)
Thanks!
> On 20 October 2018 at 01:01, Dmitry Eremin-Solenikov
> <dbaryshkov@gmail.com> wrote:
> > crypto_cfb_decrypt_segment() incorrectly XOR'ed generated keystream
> > with
> > IV, rather than with data stream, resulting in incorrect
> > decryption.
> > Test vectors will be added in the next patch.
> >
> > Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
> > Cc: stable@vger.kernel.org
> > ---
> > crypto/cfb.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/crypto/cfb.c b/crypto/cfb.c
> > index a0d68c09e1b9..fd4e8500e121 100644
> > --- a/crypto/cfb.c
> > +++ b/crypto/cfb.c
> > @@ -144,7 +144,7 @@ static int crypto_cfb_decrypt_segment(struct
> > skcipher_walk *walk,
> >
> > do {
> > crypto_cfb_encrypt_one(tfm, iv, dst);
> > - crypto_xor(dst, iv, bsize);
> > + crypto_xor(dst, src, bsize);
This does look right. I think the reason the TPM code works is that it
always does encrypt/decrypt in-place, which is a separate piece of the
code which appears to be correct.
James
next prev parent reply other threads:[~2018-10-21 16:21 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-19 23:01 [PATCH 1/2] crypto: fix cfb mode decryption Dmitry Eremin-Solenikov
2018-10-19 23:01 ` [PATCH 2/2] crypto: testmgr: add AES-CFB tests Dmitry Eremin-Solenikov
2018-10-21 7:06 ` Ard Biesheuvel
2018-10-21 7:05 ` [PATCH 1/2] crypto: fix cfb mode decryption Ard Biesheuvel
2018-10-21 8:07 ` James Bottomley [this message]
2018-10-21 8:58 ` Ard Biesheuvel
2018-10-21 9:00 ` James Bottomley
2018-10-21 9:07 ` Ard Biesheuvel
2018-11-01 8:32 ` Dmitry Eremin-Solenikov
2018-11-01 8:41 ` Herbert Xu
2018-11-01 8:42 ` Dmitry Eremin-Solenikov
2018-11-09 9:52 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1540109262.3023.6.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=ard.biesheuvel@linaro.org \
--cc=davem@davemloft.net \
--cc=dbaryshkov@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.