From patchwork Sun May 1 22:59:15 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 8989631 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Original-To: patchwork-linux-crypto@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 8C5419F39D for ; Sun, 1 May 2016 22:59:28 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id A0933200DB for ; Sun, 1 May 2016 22:59:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 6389A20172 for ; Sun, 1 May 2016 22:59:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752582AbcEAW7Y (ORCPT ); Sun, 1 May 2016 18:59:24 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:60419 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752475AbcEAW7X (ORCPT ); Sun, 1 May 2016 18:59:23 -0400 Received: from localhost (c-50-170-35-168.hsd1.wa.comcast.net [50.170.35.168]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 3CC6D725; Sun, 1 May 2016 22:59:23 +0000 (UTC) Subject: Patch "crypto: gcm - Fix rfc4543 decryption crash" has been added to the 3.14-stable tree To: herbert@gondor.apana.org.au, gregkh@linuxfoundation.org, jussi.kivilinna@iki.fi, linux-crypto@vger.kernel.org, patrick.meyer@vasgard.com Cc: , From: Date: Sun, 01 May 2016 15:59:15 -0700 In-Reply-To: <20160318144240.GA20816@gondor.apana.org.au> Message-ID: <146214355584167@kroah.com> MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Spam-Status: No, score=-7.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This is a note to let you know that I've just added the patch titled crypto: gcm - Fix rfc4543 decryption crash to the 3.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: crypto-gcm-fix-rfc4543-decryption-crash.patch and it can be found in the queue-3.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. From herbert@gondor.apana.org.au Sun May 1 15:39:20 2016 From: Herbert Xu Date: Fri, 18 Mar 2016 22:42:40 +0800 Subject: crypto: gcm - Fix rfc4543 decryption crash To: stable@vger.kernel.org, Linux Crypto Mailing List , Jussi Kivilinna , patrick.meyer@vasgard.com Message-ID: <20160318144240.GA20816@gondor.apana.org.au> Content-Disposition: inline From: Herbert Xu This bug has already bee fixed upstream since 4.2. However, it was fixed during the AEAD conversion so no fix was backported to the older kernels. When we do an RFC 4543 decryption, we will end up writing the ICV beyond the end of the dst buffer. This should lead to a crash but for some reason it was never noticed. This patch fixes it by only writing back the ICV for encryption. Fixes: d733ac90f9fe ("crypto: gcm - fix rfc4543 to handle async...") Reported-by: Patrick Meyer Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- crypto/gcm.c | 3 +++ 1 file changed, 3 insertions(+) Patches currently in stable-queue which might be from herbert@gondor.apana.org.au are queue-3.14/crypto-gcm-fix-rfc4543-decryption-crash.patch queue-3.14/crypto-ccp-prevent-information-leakage-on-export.patch -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html --- a/crypto/gcm.c +++ b/crypto/gcm.c @@ -1173,6 +1173,9 @@ static struct aead_request *crypto_rfc45 aead_request_set_tfm(subreq, ctx->child); aead_request_set_callback(subreq, req->base.flags, crypto_rfc4543_done, req); + if (!enc) + aead_request_set_callback(subreq, req->base.flags, + req->base.complete, req->base.data); aead_request_set_crypt(subreq, cipher, cipher, enc ? 0 : authsize, iv); aead_request_set_assoc(subreq, assoc, assoclen);