[PATCH] crypto: drbg: fix crypto api abuse

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



the drbg code was binding the same buffer to two different
scatter gather lists and submitting those as source and
destination to a crypto api operation, thus potentially
causing HW crypto drivers to perform overlapping DMA
mappings which are not aware it is the same buffer.

This can have serious consequences of data corruption of
internal DRBG buffers and wrong RNG output.

Fix this by reusing the same scatter gatther list for both
src and dst.

Signed-off-by: Gilad Ben-Yossef <gilad@xxxxxxxxxxxxx>
Reported-by: Corentin Labbe <clabbe.montjoie@xxxxxxxxx>
Tested-by: Corentin Labbe <clabbe.montjoie@xxxxxxxxx>
Tested-on: r8a7795-salvator-x
Tested-on: xilinx-zc706
Fixes: 43490e8046b5d ("crypto: drbg - in-place cipher operation for CTR")
Cc: stable@xxxxxxxxxxxxxxx
---
 crypto/drbg.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/drbg.c b/crypto/drbg.c
index 177983b6ae38..13824fd27627 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -1851,7 +1851,7 @@ static int drbg_kcapi_sym_ctr(struct drbg_state *drbg,
 		/* Use scratchpad for in-place operation */
 		inlen = scratchpad_use;
 		memset(drbg->outscratchpad, 0, scratchpad_use);
-		sg_set_buf(sg_in, drbg->outscratchpad, scratchpad_use);
+		sg_in = sg_out;
 	}
 
 	while (outlen) {
-- 
2.25.1




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux