| Message ID | 1474620452-7278-1-git-send-email-omosnacek@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Herbert Xu |
| Headers | show |
On Fri, Sep 23, 2016 at 10:47:32AM +0200, Ondrej Mosnacek wrote: > The cipher block size for GCM is 16 bytes, and thus the CTR transform > used in crypto_gcm_setkey() will also expect a 16-byte IV. However, > the code currently reserves only 8 bytes for the IV, causing > an out-of-bounds access in the CTR transform. This patch fixes > the issue by setting the size of the IV buffer to 16 bytes. > > Fixes: 84c911523020 ("[CRYPTO] gcm: Add support for async ciphers") > Signed-off-by: Ondrej Mosnacek <omosnacek@gmail.com> Patch applied. Thanks.
diff --git a/crypto/gcm.c b/crypto/gcm.c index 70a892e8..f624ac9 100644 --- a/crypto/gcm.c +++ b/crypto/gcm.c @@ -117,7 +117,7 @@ static int crypto_gcm_setkey(struct crypto_aead *aead, const u8 *key, struct crypto_skcipher *ctr = ctx->ctr; struct { be128 hash; - u8 iv[8]; + u8 iv[16]; struct crypto_gcm_setkey_result result;
The cipher block size for GCM is 16 bytes, and thus the CTR transform used in crypto_gcm_setkey() will also expect a 16-byte IV. However, the code currently reserves only 8 bytes for the IV, causing an out-of-bounds access in the CTR transform. This patch fixes the issue by setting the size of the IV buffer to 16 bytes. Fixes: 84c911523020 ("[CRYPTO] gcm: Add support for async ciphers") Signed-off-by: Ondrej Mosnacek <omosnacek@gmail.com> --- (Sorry for previous broken patch, hopefully I got it right this time.) I randomly noticed this while going over igcm.c for an unrelated reason. It seems the wrong buffer size never caused any noticeable problems (it's been there since 2007), but it should be corrected nonetheless... crypto/gcm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html