[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] crypto: ensure XTS is only used with ciphers wi
From: |
Eric Blake |
Subject: |
Re: [Qemu-devel] [PATCH] crypto: ensure XTS is only used with ciphers with 16 byte blocks |
Date: |
Fri, 26 Aug 2016 13:21:50 -0500 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 |
On 08/26/2016 07:47 AM, Daniel P. Berrange wrote:
> The XTS cipher mode needs to be used with a cipher which has
> a block size of 16 bytes. If a mis-matching block size is used,
> the code will either corrupt memory beyond the IV array, or
> not fully encrypt/decrypt the IV.
>
> This fixes a memory curruption crash when attempting to use
s/curruption/corruption/
> cast5-128 with xts, since the former has an 8 byte block size.
>
> A test case is added to ensure the cipher creation fails with
> such an invalid combination.
>
> Signed-off-by: Daniel P. Berrange <address@hidden>
> ---
> crypto/cipher-gcrypt.c | 6 ++++++
> crypto/cipher-nettle.c | 12 +++++++-----
> tests/test-crypto-cipher.c | 44 ++++++++++++++++++++++++++++++++++++--------
> 3 files changed, 49 insertions(+), 13 deletions(-)
Are you aiming for a last-minute 2.7 fix, or should this just be 2.8
material and cc qemu-stable?
Reviewed-by: Eric Blake <address@hidden>
> +++ b/tests/test-crypto-cipher.c
> @@ -370,6 +370,17 @@ static QCryptoCipherTestData test_data[] = {
> @@ -449,8 +468,16 @@ static void test_cipher(const void *opaque)
> cipher = qcrypto_cipher_new(
> data->alg, data->mode,
> key, nkey,
> - &error_abort);
> - g_assert(cipher != NULL);
> + &err);
> + if (data->plaintext) {
> + g_assert(err == NULL);
> + g_assert(cipher != NULL);
> + } else {
> + g_assert(err != NULL);
> + error_free(err);
Could shorten these two lines as error_free_or_abort(&err), but that's
cosmetic.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature