From: Harald Freudenberger <freude@linux.ibm.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
linux-s390@vger.kernel.org,
Gerald Schaefer <gerald.schaefer@de.ibm.com>,
Jan Glauber <jang@linux.vnet.ibm.com>
Subject: Re: crypto: s390/aes - Fix buffer overread in CTR mode
Date: Tue, 28 Nov 2023 14:18:02 +0100 [thread overview]
Message-ID: <ce50a198e3c59f30376cf54e52d5e749@linux.ibm.com> (raw)
In-Reply-To: <ZWWHFeOPcW30OYo1@gondor.apana.org.au>
On 2023-11-28 07:22, Herbert Xu wrote:
> When processing the last block, the s390 ctr code will always read
> a whole block, even if there isn't a whole block of data left. Fix
> this by using the actual length left and copy it into a buffer first
> for processing.
>
> Fixes: 0200f3ecc196 ("crypto: s390 - add System z hardware support for
> CTR mode")
> Cc: <stable@vger.kernel.org>
> Reported-by: Guangwu Zhang <guazhang@redhat.com>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
>
> diff --git a/arch/s390/crypto/aes_s390.c b/arch/s390/crypto/aes_s390.c
> index c773820e4af9..c6fe5405de4a 100644
> --- a/arch/s390/crypto/aes_s390.c
> +++ b/arch/s390/crypto/aes_s390.c
> @@ -597,7 +597,9 @@ static int ctr_aes_crypt(struct skcipher_request
> *req)
> * final block may be < AES_BLOCK_SIZE, copy only nbytes
> */
> if (nbytes) {
> - cpacf_kmctr(sctx->fc, sctx->key, buf, walk.src.virt.addr,
> + memset(buf, 0, AES_BLOCK_SIZE);
> + memcpy(buf, walk.src.virt.addr, nbytes);
> + cpacf_kmctr(sctx->fc, sctx->key, buf, buf,
> AES_BLOCK_SIZE, walk.iv);
> memcpy(walk.dst.virt.addr, buf, nbytes);
> crypto_inc(walk.iv, AES_BLOCK_SIZE);
Here is a similar fix for the s390 paes ctr cipher. Compiles and is
tested. You may merge this with your patch for the s390 aes cipher.
--------------------------------------------------------------------------------
diff --git a/arch/s390/crypto/paes_s390.c b/arch/s390/crypto/paes_s390.c
index 8b541e44151d..55ee5567a5ea 100644
--- a/arch/s390/crypto/paes_s390.c
+++ b/arch/s390/crypto/paes_s390.c
@@ -693,9 +693,11 @@ static int ctr_paes_crypt(struct skcipher_request
*req)
* final block may be < AES_BLOCK_SIZE, copy only nbytes
*/
if (nbytes) {
+ memset(buf, 0, AES_BLOCK_SIZE);
+ memcpy(buf, walk.src.virt.addr, nbytes);
while (1) {
if (cpacf_kmctr(ctx->fc, ¶m, buf,
- walk.src.virt.addr,
AES_BLOCK_SIZE,
+ buf, AES_BLOCK_SIZE,
walk.iv) == AES_BLOCK_SIZE)
break;
if (__paes_convert_key(ctx))
next prev parent reply other threads:[~2023-11-28 13:18 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-28 6:22 crypto: s390/aes - Fix buffer overread in CTR mode Herbert Xu
2023-11-28 11:18 ` Harald Freudenberger
2023-11-28 13:18 ` Harald Freudenberger [this message]
2023-12-08 4:06 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ce50a198e3c59f30376cf54e52d5e749@linux.ibm.com \
--to=freude@linux.ibm.com \
--cc=gerald.schaefer@de.ibm.com \
--cc=herbert@gondor.apana.org.au \
--cc=jang@linux.vnet.ibm.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox