From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:60419 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752475AbcEAW7X (ORCPT ); Sun, 1 May 2016 18:59:23 -0400 Subject: Patch "crypto: gcm - Fix rfc4543 decryption crash" has been added to the 3.14-stable tree To: herbert@gondor.apana.org.au, gregkh@linuxfoundation.org, jussi.kivilinna@iki.fi, linux-crypto@vger.kernel.org, patrick.meyer@vasgard.com Cc: , From: Date: Sun, 01 May 2016 15:59:15 -0700 In-Reply-To: <20160318144240.GA20816@gondor.apana.org.au> Message-ID: <146214355584167@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org List-ID: This is a note to let you know that I've just added the patch titled crypto: gcm - Fix rfc4543 decryption crash to the 3.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: crypto-gcm-fix-rfc4543-decryption-crash.patch and it can be found in the queue-3.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >>From herbert@gondor.apana.org.au Sun May 1 15:39:20 2016 From: Herbert Xu Date: Fri, 18 Mar 2016 22:42:40 +0800 Subject: crypto: gcm - Fix rfc4543 decryption crash To: stable@vger.kernel.org, Linux Crypto Mailing List , Jussi Kivilinna , patrick.meyer@vasgard.com Message-ID: <20160318144240.GA20816@gondor.apana.org.au> Content-Disposition: inline From: Herbert Xu This bug has already bee fixed upstream since 4.2. However, it was fixed during the AEAD conversion so no fix was backported to the older kernels. When we do an RFC 4543 decryption, we will end up writing the ICV beyond the end of the dst buffer. This should lead to a crash but for some reason it was never noticed. This patch fixes it by only writing back the ICV for encryption. Fixes: d733ac90f9fe ("crypto: gcm - fix rfc4543 to handle async...") Reported-by: Patrick Meyer Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- crypto/gcm.c | 3 +++ 1 file changed, 3 insertions(+) --- a/crypto/gcm.c +++ b/crypto/gcm.c @@ -1173,6 +1173,9 @@ static struct aead_request *crypto_rfc45 aead_request_set_tfm(subreq, ctx->child); aead_request_set_callback(subreq, req->base.flags, crypto_rfc4543_done, req); + if (!enc) + aead_request_set_callback(subreq, req->base.flags, + req->base.complete, req->base.data); aead_request_set_crypt(subreq, cipher, cipher, enc ? 0 : authsize, iv); aead_request_set_assoc(subreq, assoc, assoclen); Patches currently in stable-queue which might be from herbert@gondor.apana.org.au are queue-3.14/crypto-gcm-fix-rfc4543-decryption-crash.patch queue-3.14/crypto-ccp-prevent-information-leakage-on-export.patch