projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f898a39) | patch
crypto: aesni - Fix out-of-bounds access of the AAD buffer in generic-gcm-aesni
authorJunaid Shahid <junaids@google.com>
Thu, 21 Dec 2017 01:08:38 +0000 (17:08 -0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 3 Feb 2018 16:38:50 +0000 (17:38 +0100)
commit5ca02df0160233e463b043897cd17e32d38cb70e
tree8b6249d19b96ff699d89947c4c22a217ba6c6d06tree | snapshot (tar.gz zip)
parentf898a39985a30050abdad7a40b5b0098801509d4commit | diff
crypto: aesni - Fix out-of-bounds access of the AAD buffer in generic-gcm-aesni

commit 1ecdd37e308ca149dc378cce225068cbac54e3a6 upstream.

The aesni_gcm_enc/dec functions can access memory after the end of
the AAD buffer if the AAD length is not a multiple of 4 bytes.
It didn't matter with rfc4106-gcm-aesni as in that case the AAD was
always followed by the 8 byte IV, but that is no longer the case with
generic-gcm-aesni. This can potentially result in accessing a page that
is not mapped and thus causing the machine to crash. This patch fixes
that by reading the last <16 byte block of the AAD byte-by-byte and
optionally via an 8-byte load if the block was at least 8 bytes.

Fixes: 0487ccac ("crypto: aesni - make non-AVX AES-GCM work with any aadlen")
Signed-off-by: Junaid Shahid <junaids@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
arch/x86/crypto/aesni-intel_asm.S diff | blob | blame | history