RE: [PATCH] crypto: xts - Add support for Cipher Text Stealing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Milan,


> -----Original Message-----
> From: Milan Broz <gmazyland@xxxxxxxxx>
> Sent: Wednesday, August 7, 2019 1:20 PM
> To: Pascal Van Leeuwen <pvanleeuwen@xxxxxxxxxxxxxx>; Pascal van Leeuwen
> <pascalvanl@xxxxxxxxx>; linux-crypto@xxxxxxxxxxxxxxx
> Cc: rsnel@xxxxxxxxxxxxxxx; herbert@xxxxxxxxxxxxxxxxxxx; davem@xxxxxxxxxxxxx
> Subject: Re: [PATCH] crypto: xts - Add support for Cipher Text Stealing
> 
> Hi,
> 
> On 07/08/2019 10:15, Pascal Van Leeuwen wrote:
> > I went through the code a couple of times, but I cannot spot any mistakes in
> > the lengths I'm using. Is it possible that your application is supplying a
> > buffer that is just not large enough?
> 
> Seems there is no mistake in your code, it is some bug in aesni_intel implementation.
> If I disable this module, it works as expected (with aes generic and aes_i586).
> 
That's odd though, considering there is a dedicated xts-aes-ni implementation,
i.e. I would not expect that to end up at the generic xts wrapper at all?

> Seems something is rewritten in call
>   crypto_skcipher_encrypt(subreq);
> 
> (after that call, I see rctx->rem_bytes set to 32, that does not make sense...)
> 
Eh ... no, it should never become > 15 ... if it gets set to 32 somehow,
then I can at least explain why that would result in a buffer overflow :-)

> I'll check that, but not sure that understand that optimized code :)
> 
> Milan

Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
www.insidesecure.com





[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux