Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3474918imu; Sun, 11 Nov 2018 15:57:47 -0800 (PST) X-Google-Smtp-Source: AJdET5dRr/HaIHrSrlnnfMAM1q6cDHqn2rV0pS/gZEg+uidTZ9ceOydzAI9TEALzh+5zvTCqdtpz X-Received: by 2002:a63:c942:: with SMTP id y2mr15391105pgg.331.1541980667832; Sun, 11 Nov 2018 15:57:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541980667; cv=none; d=google.com; s=arc-20160816; b=ipVZ3siZfNEJho08ETBSVgQ6uSwPEW+3ZlR7lKg6zBA7Yc4PW+AeF/ju2DmB+xXKgu TbCXivzE52TuDD91jUeMGDCHR+RL44Do8X5pce+vViidwKK6WnYjf7cPgpfu8wk/Rr5H ejiMssMCiGtEDRoV1vNZcjSsBnQU5WSM8qDW3+CadcelO4ABbbHJ+dY9qLpXuXswDR3B ArjasB+pH7g2xguOlR1UZUd5v8R+MJkC2QE5ZnKWC2PAzx/gl8X3BGD5cOKzZFpuIWoM Ipb7JXFIDmHKc3ZLRgioxZ580+6eWlDcY1kA7lU4+qXwp6+2f6SsZnmjR6mHfC5xqtYq W6Jw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=wQIi1aN/oneDQgsY6U8L6EB3e3pkAYrPEmrJ1MLl41A=; b=HpPLQjYUOdFJe4E2plihNHyM9YisIjMvoAVtoJB/rm2x2kCCswYpFIE275Aqifqs6v IyC5rK1KRE9SSW4Rsw14fP+iuKhjtOYwUC+Afo5e/gSTSQzp6zJLLChgpsDKX8TwENX9 vF8PbZyTZk0HcbN3U16yxLGwqAI2eWwtvM0kxFyruufK8zMvC8mLcOuQEC2zs9nMgOyQ hfs2oKAkujRZ99x+IBxRAXomvlhSQrA9HGizMjEgUSHnfaFwQzv5eMGvu+exJ+w1m3lL 9AwHuS/ZyR4JeFiVX7Czl2WOOiprZF+bqduFCuua0AbVrwIeF+v8OUSfm90ej7rjPS6l HzRw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=cIZNuyWb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x187si14886808pgx.241.2018.11.11.15.57.32; Sun, 11 Nov 2018 15:57:47 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=cIZNuyWb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732524AbeKLISL (ORCPT + 99 others); Mon, 12 Nov 2018 03:18:11 -0500 Received: from mail.kernel.org ([198.145.29.99]:35400 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732498AbeKLISL (ORCPT ); Mon, 12 Nov 2018 03:18:11 -0500 Received: from localhost (unknown [206.108.79.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 291C9223CB; Sun, 11 Nov 2018 22:28:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1541975295; bh=6CHeaIbf4ncdZl2nQckCYLcz+sQ4Zva1J5vhusFRr5Y=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cIZNuyWbweoCVo4dPs8H1ChYAkOSsLzRU3Yob+LjmoLsxhIGX8PMK+sSvVX4sng6P 3o32hs924qLs3vmgy+9IbIvsZQMwRIeSa+D6myNkjMzSM6i9jG93krLucJGUXkRYQq 1xvSrhyhxKYsC4OVDP/VX/GBvb0QMvA8rblvegWQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Biggers , Ondrej Mosnacek , Herbert Xu Subject: [PATCH 4.19 242/361] crypto: lrw - Fix out-of bounds access on counter overflow Date: Sun, 11 Nov 2018 14:19:49 -0800 Message-Id: <20181111221652.446807546@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181111221619.915519183@linuxfoundation.org> References: <20181111221619.915519183@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.19-stable review patch. If anyone has any objections, please let me know. ------------------ From: Ondrej Mosnacek commit fbe1a850b3b1522e9fc22319ccbbcd2ab05328d2 upstream. When the LRW block counter overflows, the current implementation returns 128 as the index to the precomputed multiplication table, which has 128 entries. This patch fixes it to return the correct value (127). Fixes: 64470f1b8510 ("[CRYPTO] lrw: Liskov Rivest Wagner, a tweakable narrow block cipher mode") Cc: # 2.6.20+ Reported-by: Eric Biggers Signed-off-by: Ondrej Mosnacek Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- crypto/lrw.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/crypto/lrw.c +++ b/crypto/lrw.c @@ -143,7 +143,12 @@ static inline int get_index128(be128 *bl return x + ffz(val); } - return x; + /* + * If we get here, then x == 128 and we are incrementing the counter + * from all ones to all zeros. This means we must return index 127, i.e. + * the one corresponding to key2*{ 1,...,1 }. + */ + return 127; } static int post_crypt(struct skcipher_request *req)