summaryrefslogtreecommitdiff
path: root/crypto
diff options
context:
space:
mode:
authorOndrej Mosnacek <omosnace@redhat.com>2018-09-13 10:51:31 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2018-11-13 11:15:07 -0800
commite86f4842f84a4494227aa4d1ab76acb68d86fb1a (patch)
tree7e12cd357c153fbd05722697de638752f907b6d4 /crypto
parent51f62e827191f4ba02c2a001b9e6f25605bfa649 (diff)
downloadlinux-exynos-e86f4842f84a4494227aa4d1ab76acb68d86fb1a.tar.gz
linux-exynos-e86f4842f84a4494227aa4d1ab76acb68d86fb1a.tar.bz2
linux-exynos-e86f4842f84a4494227aa4d1ab76acb68d86fb1a.zip
crypto: lrw - Fix out-of bounds access on counter overflow
commit fbe1a850b3b1522e9fc22319ccbbcd2ab05328d2 upstream. When the LRW block counter overflows, the current implementation returns 128 as the index to the precomputed multiplication table, which has 128 entries. This patch fixes it to return the correct value (127). Fixes: 64470f1b8510 ("[CRYPTO] lrw: Liskov Rivest Wagner, a tweakable narrow block cipher mode") Cc: <stable@vger.kernel.org> # 2.6.20+ Reported-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/lrw.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/crypto/lrw.c b/crypto/lrw.c
index fdba6dd6db63..886f91f2426c 100644
--- a/crypto/lrw.c
+++ b/crypto/lrw.c
@@ -139,7 +139,12 @@ static inline int get_index128(be128 *block)
return x + ffz(val);
}
- return x;
+ /*
+ * If we get here, then x == 128 and we are incrementing the counter
+ * from all ones to all zeros. This means we must return index 127, i.e.
+ * the one corresponding to key2*{ 1,...,1 }.
+ */
+ return 127;
}
static int post_crypt(struct skcipher_request *req)