crypto: ensure XTS is only used with ciphers with 16 byte blocks

The XTS cipher mode needs to be used with a cipher which has a block size of 16 bytes. If a mis-matching block size is used, the code will either corrupt memory beyond the IV array, or not fully encrypt/decrypt the IV. This fixes a memory corruption crash when attempting to use cast5-128 with xts, since the former has an 8 byte block size. A test case is added to ensure the cipher creation fails with such an invalid combination. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
author: Daniel P. Berrange <berrange@redhat.com> 2016-08-24 16:28:15 +0100
committer: Daniel P. Berrange <berrange@redhat.com> 2016-09-12 12:00:06 +0100
commit: a5d2f44d0d3e7523670e103a8c37faed29ff2b76 (patch)
tree: 605c0414b74ebd8bdea7a31fde1da0205a056be0 /crypto/cipher-gcrypt.c
parent: c2a57aae9a1c3dd7de77daf5478df10379aeeebf (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/cipher-gcrypt.c b/crypto/cipher-gcrypt.c
index ede2f70df8..3652aa1e1b 100644
--- a/crypto/cipher-gcrypt.c
+++ b/crypto/cipher-gcrypt.c
@@ -192,6 +192,12 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
     }
 
     if (cipher->mode == QCRYPTO_CIPHER_MODE_XTS) {
+        if (ctx->blocksize != XTS_BLOCK_SIZE) {
+            error_setg(errp,
+                       "Cipher block size %zu must equal XTS block size %d",
+                       ctx->blocksize, XTS_BLOCK_SIZE);
+            goto error;
+        }
         ctx->iv = g_new0(uint8_t, ctx->blocksize);
     }
author	Daniel P. Berrange <berrange@redhat.com>	2016-08-24 16:28:15 +0100
committer	Daniel P. Berrange <berrange@redhat.com>	2016-09-12 12:00:06 +0100
commit	a5d2f44d0d3e7523670e103a8c37faed29ff2b76 (patch)
tree	605c0414b74ebd8bdea7a31fde1da0205a056be0 /crypto/cipher-gcrypt.c
parent	c2a57aae9a1c3dd7de77daf5478df10379aeeebf (diff)