| From fbe1a850b3b1522e9fc22319ccbbcd2ab05328d2 Mon Sep 17 00:00:00 2001 |
| From: Ondrej Mosnacek <omosnace@redhat.com> |
| Date: Thu, 13 Sep 2018 10:51:31 +0200 |
| Subject: crypto: lrw - Fix out-of bounds access on counter overflow |
| |
| From: Ondrej Mosnacek <omosnace@redhat.com> |
| |
| commit fbe1a850b3b1522e9fc22319ccbbcd2ab05328d2 upstream. |
| |
| When the LRW block counter overflows, the current implementation returns |
| 128 as the index to the precomputed multiplication table, which has 128 |
| entries. This patch fixes it to return the correct value (127). |
| |
| Fixes: 64470f1b8510 ("[CRYPTO] lrw: Liskov Rivest Wagner, a tweakable narrow block cipher mode") |
| Cc: <stable@vger.kernel.org> # 2.6.20+ |
| Reported-by: Eric Biggers <ebiggers@kernel.org> |
| Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> |
| Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| crypto/lrw.c | 7 ++++++- |
| 1 file changed, 6 insertions(+), 1 deletion(-) |
| |
| --- a/crypto/lrw.c |
| +++ b/crypto/lrw.c |
| @@ -132,7 +132,12 @@ static inline int get_index128(be128 *bl |
| return x + ffz(val); |
| } |
| |
| - return x; |
| + /* |
| + * If we get here, then x == 128 and we are incrementing the counter |
| + * from all ones to all zeros. This means we must return index 127, i.e. |
| + * the one corresponding to key2*{ 1,...,1 }. |
| + */ |
| + return 127; |
| } |
| |
| static int crypt(struct blkcipher_desc *d, |