projects / platform / kernel / linux-starfive.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b20209c) | patch
crypto: aesni - Fix out-of-bounds access of the AAD buffer in generic-gcm-aesni
authorJunaid Shahid <junaids@google.com>
Thu, 21 Dec 2017 01:08:38 +0000 (17:08 -0800)
committerHerbert Xu <herbert@gondor.apana.org.au>
Thu, 28 Dec 2017 06:56:51 +0000 (17:56 +1100)
commit1ecdd37e308ca149dc378cce225068cbac54e3a6
treeaa6a2ab409ff3add306f6144ca5e7a415b3ed56ftree | snapshot
parentb20209c91e23a9bbad9cac2f80bc16b3c259e10ecommit | diff
crypto: aesni - Fix out-of-bounds access of the AAD buffer in generic-gcm-aesni

The aesni_gcm_enc/dec functions can access memory after the end of
the AAD buffer if the AAD length is not a multiple of 4 bytes.
It didn't matter with rfc4106-gcm-aesni as in that case the AAD was
always followed by the 8 byte IV, but that is no longer the case with
generic-gcm-aesni. This can potentially result in accessing a page that
is not mapped and thus causing the machine to crash. This patch fixes
that by reading the last <16 byte block of the AAD byte-by-byte and
optionally via an 8-byte load if the block was at least 8 bytes.

Fixes: 0487ccac ("crypto: aesni - make non-AVX AES-GCM work with any aadlen")
Cc: <stable@vger.kernel.org>
Signed-off-by: Junaid Shahid <junaids@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
arch/x86/crypto/aesni-intel_asm.S diff | blob | history
Domain: System / Kernel;