Re: [PATCH] crypto: ccp - Fix AES XTS error for request sizes above 4096

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, May 20, 2016 at 05:33:03PM -0500, Tom Lendacky wrote:
> The ccp-crypto module for AES XTS support has a bug that can allow requests
> greater than 4096 bytes in size to be passed to the CCP hardware. The CCP
> hardware does not support request sizes larger than 4096, resulting in
> incorrect output. The request should actually be handled by the fallback
> mechanism instantiated by the ccp-crypto module.
> 
> Add a check to insure the request size is less than or equal to the maximum
> supported size and use the fallback mechanism if it is not.
> 
> Cc: <stable@xxxxxxxxxxxxxxx> # 3.14.x-
> Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx>

I'm OK with this patch but I think it doesn't always need to go into
the fallback.  I made a test vector split as 4064 bytes + 48 bytes
and ccp handled it just fine.  It appears that the bug is actually
in the handling of a single SG entry that's longer than a page,
presumably because sg_next is used unconditionally instead of
checking whether there is more in the current SG entry.

But I'll merge your fix as it fixes a real problem.

Thanks,
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux