Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3430717imu; Sun, 11 Nov 2018 14:57:17 -0800 (PST) X-Google-Smtp-Source: AJdET5dVD6E3nVwl4xVbv4/IhawixuNQnyzz/0DcnnpHBcycDB5R9saqrzhJrN7uBmZLVyn3Zjjm X-Received: by 2002:a63:4566:: with SMTP id u38mr15278515pgk.4.1541977037443; Sun, 11 Nov 2018 14:57:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541977037; cv=none; d=google.com; s=arc-20160816; b=QIXmC82REZY9MJb2jHfnq472QMZfwphclQ+B/99OKox/IudnNeITXp4oLSYmzkInaF gu5VuAdOfF2+/c5z1z1TVot+s9W7NckrM7GBRbNh4/s1RuUGETbYqKZOqLaflsffn17Z vZPQF1+CTRaqrC+xTD+sSKAYsNNJDh/1Xjh/EHKkZUhhQnzVD9nISOHMzVRpSOMK2jcK 7UdRJ/hDDeujdOdd3NSP1BStXTj/2zw9Y36Ihfuucr+rRDEgKHfEG4bn1x4oJBS6Df6e yHte7mGBuiO64BAMSLI+85JNDw6kusgau7stxnGA1+j1tLHG6xofK3P6tEDwA2i/jqbL 6UjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=pbnUqp6ZfBIbS0KDsv9oqGc6ltGTj1XALgr/eMFZQ2E=; b=CG415dnE82KoCPc61vagMTBCK1cXcuygjKkmm6s9/pD2xE7uM3VWhjTa1ki5ghN8ZK RAgjuBfa3FV/3Xaq73I2rUp3kHhPM5prgSRUGeoHfJYlLsQtXR4Uk3arcXk2aGW7WCz2 k0y0n9GcrDJyk9NKCTs9iysptW8pB7YMfDZIQ2CTmRUSJAblHzE3gClB88dPAmeRdmmz mHY2ic+jpbwNgiR6UNSQe+BR71NzswSXboriP+L8Wpm+dV0VHKNlS1MnvZU3U5/MFgA0 dWZSsIW4Y/fc/8Z/hmD6MGZlClQsjCjJ75/YHdqtOmvMGsGXMYANQuHufGcB+BTXYNYv E2Ew== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=eBFR6GTA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o1-v6si16319249pld.229.2018.11.11.14.57.02; Sun, 11 Nov 2018 14:57:17 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=eBFR6GTA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390922AbeKLIqp (ORCPT + 99 others); Mon, 12 Nov 2018 03:46:45 -0500 Received: from mail.kernel.org ([198.145.29.99]:54620 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2403866AbeKLIWv (ORCPT ); Mon, 12 Nov 2018 03:22:51 -0500 Received: from localhost (unknown [206.108.79.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id DE5C2223C7; Sun, 11 Nov 2018 22:32:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1541975573; bh=Vg9LKaFqG0UbUsyVhhOorBp4CmIg0v8uKBUWsVqaAT8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=eBFR6GTAfs5vmQK4cMv1fV/+d5wgMuUg26sUEGpSgkY7yYBFs0F8bVjOOdbRWQDU2 iYsCgqkbC+vISrxeho4OhYWumNk5L+RYtUgFWffzMtrrQpnQZKfbb8GrzK+ImB2NJ1 7D/pcoHWkjGN8lhBiEGv/4clyCqo5ulcIJQgau/0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Biggers , Ondrej Mosnacek , Herbert Xu Subject: [PATCH 4.14 151/222] crypto: lrw - Fix out-of bounds access on counter overflow Date: Sun, 11 Nov 2018 14:24:08 -0800 Message-Id: <20181111221700.902130024@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181111221647.665769131@linuxfoundation.org> References: <20181111221647.665769131@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Ondrej Mosnacek commit fbe1a850b3b1522e9fc22319ccbbcd2ab05328d2 upstream. When the LRW block counter overflows, the current implementation returns 128 as the index to the precomputed multiplication table, which has 128 entries. This patch fixes it to return the correct value (127). Fixes: 64470f1b8510 ("[CRYPTO] lrw: Liskov Rivest Wagner, a tweakable narrow block cipher mode") Cc: # 2.6.20+ Reported-by: Eric Biggers Signed-off-by: Ondrej Mosnacek Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- crypto/lrw.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/crypto/lrw.c +++ b/crypto/lrw.c @@ -139,7 +139,12 @@ static inline int get_index128(be128 *bl return x + ffz(val); } - return x; + /* + * If we get here, then x == 128 and we are incrementing the counter + * from all ones to all zeros. This means we must return index 127, i.e. + * the one corresponding to key2*{ 1,...,1 }. + */ + return 127; } static int post_crypt(struct skcipher_request *req)