Re: [PATCH] crypto: qat - fix out-of-bounds read

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Feb 03, 2023 at 09:04:59AM +0800, Herbert Xu wrote:
> On Wed, Feb 01, 2023 at 03:59:44PM +0000, Giovanni Cabiddu wrote:
> .
> > @@ -435,8 +435,8 @@ static void qat_alg_skcipher_init_com(struct qat_alg_skcipher_ctx *ctx,
> >  	} else if (aes_v2_capable && mode == ICP_QAT_HW_CIPHER_CTR_MODE) {
> >  		ICP_QAT_FW_LA_SLICE_TYPE_SET(header->serv_specif_flags,
> >  					     ICP_QAT_FW_LA_USE_UCS_SLICE_TYPE);
> > -		keylen = round_up(keylen, 16);
> >  		memcpy(cd->ucs_aes.key, key, keylen);
> > +		keylen = round_up(keylen, 16);
> 
> Now cd->ucs_aes.key contains potentially unitialised data, should
> we zero them?
The content descriptor structure (cd) is already initialized to zero
before the function qat_alg_skcipher_init_com() is called.
This is done in
  (1) qat_alg_skcipher_newkey() implicitly by dma_alloc_coherent(),
      the first time setkey() is called for a tfm or
  (2) qat_alg_skcipher_rekey() explicitly, for subsequent calls to
      sekey().

Regards,

-- 
Giovanni



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux