Re: [PATCH v2] keys/encrypted: Fix two crypto-on-the-stack bugs

From: David Howells
Date: Wed Dec 14 2016 - 03:38:25 EST

Next message: tip-bot for Josh Poimboeuf: "[tip:x86/urgent] x86/boot/64: Use 'push' instead of 'call' in start_cpu()"
Previous message: Ingo Molnar: "Re: linux-next: build warning after merge of the tip tree"
In reply to: Eric Biggers: "Re: [PATCH v2] keys/encrypted: Fix two crypto-on-the-stack bugs"
Next in thread: Andy Lutomirski: "Re: [PATCH v2] keys/encrypted: Fix two crypto-on-the-stack bugs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:

> > - sg_set_buf(&sg_out[1], pad, sizeof pad);
> > + sg_set_buf(&sg_out[1], empty_zero_page, 16);
>
> My fix here is obviously bogus (I meant to use ZERO_PAGE(0)), but what
> exactly is the code trying to do? The old code makes no sense. It's
> setting the *output* buffer to zeroed padding.

Padding goes into the encrypt function and is going to come out of the decrypt
function. Possibly derived_key_decrypt() should be checking that the padding
that comes out is actually a bunch of zeros. Maybe we don't actually need to
get the padding out, but I'm not sure whether the crypto layer will
malfunction if we don't give it a buffer for the padding.

David

Next message: tip-bot for Josh Poimboeuf: "[tip:x86/urgent] x86/boot/64: Use 'push' instead of 'call' in start_cpu()"
Previous message: Ingo Molnar: "Re: linux-next: build warning after merge of the tip tree"
In reply to: Eric Biggers: "Re: [PATCH v2] keys/encrypted: Fix two crypto-on-the-stack bugs"
Next in thread: Andy Lutomirski: "Re: [PATCH v2] keys/encrypted: Fix two crypto-on-the-stack bugs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]