2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-24 13:13:57 +08:00
linux-next/arch
Stephan Mueller ccfe8c3f7e crypto: aesni - fix memory usage in GCM decryption
The kernel crypto API logic requires the caller to provide the
length of (ciphertext || authentication tag) as cryptlen for the
AEAD decryption operation. Thus, the cipher implementation must
calculate the size of the plaintext output itself and cannot simply use
cryptlen.

The RFC4106 GCM decryption operation tries to overwrite cryptlen memory
in req->dst. As the destination buffer for decryption only needs to hold
the plaintext memory but cryptlen references the input buffer holding
(ciphertext || authentication tag), the assumption of the destination
buffer length in RFC4106 GCM operation leads to a too large size. This
patch simply uses the already calculated plaintext size.

In addition, this patch fixes the offset calculation of the AAD buffer
pointer: as mentioned before, cryptlen already includes the size of the
tag. Thus, the tag does not need to be added. With the addition, the AAD
will be written beyond the already allocated buffer.

Note, this fixes a kernel crash that can be triggered from user space
via AF_ALG(aead) -- simply use the libkcapi test application
from [1] and update it to use rfc4106-gcm-aes.

Using [1], the changes were tested using CAVS vectors to demonstrate
that the crypto operation still delivers the right results.

[1] http://www.chronox.de/libkcapi.html

CC: Tadeusz Struk <tadeusz.struk@intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-03-13 21:32:21 +11:00
..
alpha asm-generic: uaccess.h cleanup 2015-02-18 10:02:24 -08:00
arc Merge branch 'for-linus' of git://git.infradead.org/users/vkoul/slave-dma 2015-02-18 08:49:20 -08:00
arm crypto: arm/aes update NEON AES module to latest OpenSSL version 2015-03-02 23:18:26 +13:00
arm64 asm-generic: uaccess.h cleanup 2015-02-18 10:02:24 -08:00
avr32 asm-generic: uaccess.h cleanup 2015-02-18 10:02:24 -08:00
blackfin Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2015-02-21 12:59:04 -08:00
c6x all arches, signal: move restart_block to struct task_struct 2015-02-12 18:54:12 -08:00
cris CRIS changes for 3.20 2015-02-15 18:02:02 -08:00
frv asm-generic: uaccess.h cleanup 2015-02-18 10:02:24 -08:00
hexagon all arches, signal: move restart_block to struct task_struct 2015-02-12 18:54:12 -08:00
ia64 asm-generic: uaccess.h cleanup 2015-02-18 10:02:24 -08:00
m32r asm-generic: uaccess.h cleanup 2015-02-18 10:02:24 -08:00
m68k asm-generic: uaccess.h cleanup 2015-02-18 10:02:24 -08:00
metag asm-generic: uaccess.h cleanup 2015-02-18 10:02:24 -08:00
microblaze all arches, signal: move restart_block to struct task_struct 2015-02-12 18:54:12 -08:00
mips Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2015-02-21 19:41:38 -08:00
mn10300 OK, this has the big virtio 1.0 implementation, as specified by OASIS. 2015-02-18 09:24:01 -08:00
nios2 nios2 for v3.20 2015-02-17 14:23:42 -08:00
openrisc asm-generic: uaccess.h cleanup 2015-02-18 10:02:24 -08:00
parisc Merge branch 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild 2015-02-19 10:07:08 -08:00
powerpc The clock framework changes for 3.20 contain the usual driver additions, 2015-02-21 12:30:30 -08:00
s390 Merge branch 'for-linus-2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-02-22 17:42:14 -08:00
score all arches, signal: move restart_block to struct task_struct 2015-02-12 18:54:12 -08:00
sh asm-generic: uaccess.h cleanup 2015-02-18 10:02:24 -08:00
sparc asm-generic: uaccess.h cleanup 2015-02-18 10:02:24 -08:00
tile tile: use %*pb[l] to print bitmaps including cpumasks and nodemasks 2015-02-13 21:21:37 -08:00
um all arches, signal: move restart_block to struct task_struct 2015-02-12 18:54:12 -08:00
unicore32 mm: vmalloc: pass additional vm_flags to __vmalloc_node_range() 2015-02-13 21:21:42 -08:00
x86 crypto: aesni - fix memory usage in GCM decryption 2015-03-13 21:32:21 +11:00
xtensa asm-generic: uaccess.h cleanup 2015-02-18 10:02:24 -08:00
.gitignore
Kconfig