FAILED: patch "[PATCH] crypto: arm64/aes-neonbs - fix returning final keystream" failed to apply to 4.14-stable tree

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* FAILED: patch "[PATCH] crypto: arm64/aes-neonbs - fix returning final keystream" failed to apply to 4.14-stable tree
@ 2019-03-20 16:17 gregkh
  0 siblings, 0 replies; only message in thread
From: gregkh @ 2019-03-20 16:17 UTC (permalink / raw)
  To: ebiggers, ard.biesheuvel, herbert, stable; +Cc: stable

The patch below does not apply to the 4.14-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.

thanks,

greg k-h

------------------ original commit in Linus's tree ------------------

From 12455e320e19e9cc7ad97f4ab89c280fe297387c Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers@google.com>
Date: Thu, 31 Jan 2019 23:51:42 -0800
Subject: [PATCH] crypto: arm64/aes-neonbs - fix returning final keystream
 block

The arm64 NEON bit-sliced implementation of AES-CTR fails the improved
skcipher tests because it sometimes produces the wrong ciphertext.  The
bug is that the final keystream block isn't returned from the assembly
code when the number of non-final blocks is zero.  This can happen if
the input data ends a few bytes after a page boundary.  In this case the
last bytes get "encrypted" by XOR'ing them with uninitialized memory.

Fix the assembly code to return the final keystream block when needed.

Fixes: 88a3f582bea9 ("crypto: arm64/aes - don't use IV buffer to return final keystream block")
Cc: <stable@vger.kernel.org> # v4.11+
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/arch/arm64/crypto/aes-neonbs-core.S b/arch/arm64/crypto/aes-neonbs-core.S
index e613a87f8b53..8432c8d0dea6 100644
--- a/arch/arm64/crypto/aes-neonbs-core.S
+++ b/arch/arm64/crypto/aes-neonbs-core.S
@@ -971,18 +971,22 @@ CPU_LE(	rev		x8, x8		)

 8:	next_ctr	v0
 	st1		{v0.16b}, [x24]
-	cbz		x23, 0f
+	cbz		x23, .Lctr_done

 	cond_yield_neon	98b
 	b		99b

-0:	frame_pop
+.Lctr_done:
+	frame_pop
 	ret

 	/*
 	 * If we are handling the tail of the input (x6 != NULL), return the
 	 * final keystream block back to the caller.
 	 */
+0:	cbz		x25, 8b
+	st1		{v0.16b}, [x25]
+	b		8b
 1:	cbz		x25, 8b
 	st1		{v1.16b}, [x25]
 	b		8b

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2019-03-20 16:17 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-03-20 16:17 FAILED: patch "[PATCH] crypto: arm64/aes-neonbs - fix returning final keystream" failed to apply to 4.14-stable tree gregkh

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).