git.baikalelectronics.ru Git - kernel.git/commit

author	Junaid Shahid <junaids@google.com>
	Thu, 21 Dec 2017 01:08:38 +0000 (17:08 -0800)
committer	Herbert Xu <herbert@gondor.apana.org.au>
	Thu, 28 Dec 2017 06:56:51 +0000 (17:56 +1100)
commit	ddb1b4af2c45dbaa896523d6e29acb3583a58f8a
tree	aa6a2ab409ff3add306f6144ca5e7a415b3ed56f	tree \| snapshot
parent	dd444d5109e7104fa878457cbd3b4c4cc89c347c	commit \| diff

crypto: aesni - Fix out-of-bounds access of the AAD buffer in generic-gcm-aesni

The aesni_gcm_enc/dec functions can access memory after the end of
the AAD buffer if the AAD length is not a multiple of 4 bytes.
It didn't matter with rfc4106-gcm-aesni as in that case the AAD was
always followed by the 8 byte IV, but that is no longer the case with
generic-gcm-aesni. This can potentially result in accessing a page that
is not mapped and thus causing the machine to crash. This patch fixes
that by reading the last <16 byte block of the AAD byte-by-byte and
optionally via an 8-byte load if the block was at least 8 bytes.

Fixes: e8e4e4ba ("crypto: aesni - make non-AVX AES-GCM work with any aadlen")
Cc: <stable@vger.kernel.org>
Signed-off-by: Junaid Shahid <junaids@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>