Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/arch/x86
History
Stephan Mueller c87f72368a crypto: aesni - fix memory usage in GCM decryption 
commit ccfe8c3f7e52ae83155cb038753f4c75b774ca8a upstream.

The kernel crypto API logic requires the caller to provide the
length of (ciphertext || authentication tag) as cryptlen for the
AEAD decryption operation. Thus, the cipher implementation must
calculate the size of the plaintext output itself and cannot simply use
cryptlen.

The RFC4106 GCM decryption operation tries to overwrite cryptlen memory
in req->dst. As the destination buffer for decryption only needs to hold
the plaintext memory but cryptlen references the input buffer holding
(ciphertext || authentication tag), the assumption of the destination
buffer length in RFC4106 GCM operation leads to a too large size. This
patch simply uses the already calculated plaintext size.

In addition, this patch fixes the offset calculation of the AAD buffer
pointer: as mentioned before, cryptlen already includes the size of the
tag. Thus, the tag does not need to be added. With the addition, the AAD
will be written beyond the already allocated buffer.

Note, this fixes a kernel crash that can be triggered from user space
via AF_ALG(aead) -- simply use the libkcapi test application
from [1] and update it to use rfc4106-gcm-aes.

Using [1], the changes were tested using CAVS vectors to demonstrate
that the crypto operation still delivers the right results.

[1] http://www.chronox.de/libkcapi.html

CC: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Zefan Li <lizefan@huawei.com>
2015-06-19 11:40:28 +08:00
..
boot x86, build: Pass in additional -mno-mmx, -mno-sse options 2014-06-07 16:02:08 -07:00
configs
crypto crypto: aesni - fix memory usage in GCM decryption 2015-06-19 11:40:28 +08:00
ia32 x86-64: Replace left over sti/cli in ia32 audit exit code 2013-02-11 08:47:18 -08:00
include/asm x86, cpu, amd: Add workaround for family 16h, erratum 793 2015-04-14 17:34:03 +08:00
kernel x86/asm/entry/32: Fix user_mode() misuses 2015-06-19 11:40:26 +08:00
kvm KVM: emulate: fix CMPXCHG8B on 32-bit hosts 2015-06-19 11:40:19 +08:00
lguest x86, mm: Patch out arch_flush_lazy_mmu_mode() when running on bare metal 2013-04-16 21:27:27 -07:00
lib x86-64: Fix the failure case in copy_user_handle_tail() 2013-03-28 12:12:26 -07:00
math-emu
mm x86, mm/ASLR: Fix stack randomization on 64-bit systems 2015-04-14 17:33:58 +08:00
net x86: bpf_jit: support negative offsets 2014-03-30 21:40:30 -07:00
oprofile
pci xen/pci: We don't do multiple MSI's. 2013-03-14 11:29:41 -07:00
platform x86/efi: Fix dummy variable buffer allocation 2014-06-07 16:02:10 -07:00
power perf,x86: fix kernel crash with PEBS/BTS after suspend/resume 2013-03-20 13:04:59 -07:00
syscalls x86, x32: Use compat shims for io_{setup,submit} 2014-06-30 20:01:33 -07:00
tools
um x86, um: actually mark system call tables readonly 2015-04-14 17:33:49 +08:00
vdso x86/vdso: Fix the build on GCC5 2015-06-19 11:40:25 +08:00
video
xen xen/smp/spinlock: Fix leakage of the spinlock interrupt line for every CPU online/offline 2014-03-11 16:10:06 -07:00
.gitignore
Kbuild
Kconfig x86, espfix: Make it possible to disable 16-bit support 2014-08-07 12:00:11 -07:00
Kconfig.cpu
Kconfig.debug
Makefile
Makefile.um
Makefile_32.cpu