Re: [PATCH net] net/tls: fix slab-out-of-bounds bug in decrypt_internal

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 30 Mar 2022 13:24:06 -0700 Jakub Kicinski wrote:
> Noob question for crypto folks, ivsize for AES CCM is reported 
> as 16, but the real nonce size is 13 for TLS (q == 2, n == 13
> using NIST's variable names AFAICT). Are we required to zero out 
> the rest of the buffer?

I guess we don't, set_msg_len() explicitly clears the tail of 
the buffer. Hopefully KASAN won't be upset about the uninit
read in format_input(), since it memcpy()s the entire 16B of iv.

> In particular I think I've seen transient crypto failures with
> SM4 CCM in the past and zeroing the tail of the iv buffer seems
> to make the tests pass reliably.



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux