From patchwork Fri Sep 23 08:47:32 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?b?T25kcmVqIE1vc27DocSNZWs=?= X-Patchwork-Id: 9347769 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 4E108607F2 for ; Fri, 23 Sep 2016 08:48:12 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3ED072A794 for ; Fri, 23 Sep 2016 08:48:12 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 337852A7BC; Fri, 23 Sep 2016 08:48:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D56702A794 for ; Fri, 23 Sep 2016 08:48:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934797AbcIWIsK (ORCPT ); Fri, 23 Sep 2016 04:48:10 -0400 Received: from mail-wm0-f67.google.com ([74.125.82.67]:35843 "EHLO mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S935444AbcIWIsH (ORCPT ); Fri, 23 Sep 2016 04:48:07 -0400 Received: by mail-wm0-f67.google.com with SMTP id b184so1608098wma.3 for ; Fri, 23 Sep 2016 01:47:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:mime-version; bh=UernIspdT48msKKJARwltDnzDHI9p3Z1A2glylE4oHM=; b=aGd+vInZuG6K05HJUTuJeAvvh18muuNPiafykJjJcT8XF9b+HUxBln76xy6y9B+mLe HcTV7Hs8N2jmwqol4sOG5IS2XzibdtJAZcUCR8bXpzEIuw4URcKgwi3bN85XY1clhmiB 5DwQK5Zj+fXBMiSIxb54b4lV1D1NHXPpMUyaFONiAvVnrJ28IfbXe844Mf+a9ofOeoF5 s6rEd1XADrc8sGrx8MXcAog05wHBQLjAeWte6Y7UCP44EBMT9mOeaCeK8UiicVC8g99y GxGF1k/nG5GbrP2iwdNumo8eHUW4mvXftWmCR0Fzg+komvMOSpMaTXQvRL8w4f4I3lgK qQQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version; bh=UernIspdT48msKKJARwltDnzDHI9p3Z1A2glylE4oHM=; b=UyUU+QpYGCQXtwXHnMS03rsctjIYoLH/4y9MsWXsZYG+xYJuA6pJwNAWxa8QOc3D+C 1F//865AHEoa/cyOWoz12FPnXUYHZxyGAP4CopODwJ2FhmcTOlASuhQy4l+McpvScl3H ZgFwVXv6luf/2RoULrR3ewN98Xy3LyqxfNYOT0gXaym7EbRqiluED592Gk/oS2PNln4G PUdUf12DGHbn7bcJffb0IetNcSi8MEyTiCAOi/FzdklK7gSPbCG74byGScmtVOV/gNt9 auOUDFkmh3xMIZZeLTXjdJdkXwHo2uTmphCqWk0EWjn3/syuh0R3jjVUN6C5IytyIMzh eoLQ== X-Gm-Message-State: AA6/9RmoY09AcSPd0+OJWwWXpK9glnXcQ2CCkBghmnLeGwhdQrhx58bOfdfYC+pA0T8L4A== X-Received: by 10.194.157.193 with SMTP id wo1mr6901107wjb.22.1474620471526; Fri, 23 Sep 2016 01:47:51 -0700 (PDT) Received: from localhost.localdomain (ip-78-45-120-92.net.upcbroadband.cz. [78.45.120.92]) by smtp.gmail.com with ESMTPSA id j10sm6112354wjy.13.2016.09.23.01.47.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 23 Sep 2016 01:47:50 -0700 (PDT) From: Ondrej Mosnacek To: Herbert Xu Cc: linux-crypto@vger.kernel.org, Ondrej Mosnacek Subject: [PATCH v2] crypto: gcm - Fix IV buffer size in crypto_gcm_setkey Date: Fri, 23 Sep 2016 10:47:32 +0200 Message-Id: <1474620452-7278-1-git-send-email-omosnacek@gmail.com> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The cipher block size for GCM is 16 bytes, and thus the CTR transform used in crypto_gcm_setkey() will also expect a 16-byte IV. However, the code currently reserves only 8 bytes for the IV, causing an out-of-bounds access in the CTR transform. This patch fixes the issue by setting the size of the IV buffer to 16 bytes. Fixes: 84c911523020 ("[CRYPTO] gcm: Add support for async ciphers") Signed-off-by: Ondrej Mosnacek --- (Sorry for previous broken patch, hopefully I got it right this time.) I randomly noticed this while going over igcm.c for an unrelated reason. It seems the wrong buffer size never caused any noticeable problems (it's been there since 2007), but it should be corrected nonetheless... crypto/gcm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/crypto/gcm.c b/crypto/gcm.c index 70a892e8..f624ac9 100644 --- a/crypto/gcm.c +++ b/crypto/gcm.c @@ -117,7 +117,7 @@ static int crypto_gcm_setkey(struct crypto_aead *aead, const u8 *key, struct crypto_skcipher *ctr = ctx->ctr; struct { be128 hash; - u8 iv[8]; + u8 iv[16]; struct crypto_gcm_setkey_result result;