Commit a8070e16 authored by Ondrej Mosnacek's avatar Ondrej Mosnacek Committed by Kleber Sacilotto de Souza

crypto: lrw - Fix out-of bounds access on counter overflow

BugLink: https://bugs.launchpad.net/bugs/1810947

commit fbe1a850 upstream.

When the LRW block counter overflows, the current implementation returns
128 as the index to the precomputed multiplication table, which has 128
entries. This patch fixes it to return the correct value (127).

Fixes: 64470f1b ("[CRYPTO] lrw: Liskov Rivest Wagner, a tweakable narrow block cipher mode")
Cc: <stable@vger.kernel.org> # 2.6.20+
Reported-by: default avatarEric Biggers <ebiggers@kernel.org>
Signed-off-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarJuerg Haefliger <juergh@canonical.com>
Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
parent b769b7d1
...@@ -132,7 +132,12 @@ static inline int get_index128(be128 *block) ...@@ -132,7 +132,12 @@ static inline int get_index128(be128 *block)
return x + ffz(val); return x + ffz(val);
} }
return x; /*
* If we get here, then x == 128 and we are incrementing the counter
* from all ones to all zeros. This means we must return index 127, i.e.
* the one corresponding to key2*{ 1,...,1 }.
*/
return 127;
} }
static int crypt(struct blkcipher_desc *d, static int crypt(struct blkcipher_desc *d,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment