Package: src:linux Version: 3.16.7-ckt7-1 Severity: wishlist Using the rfc4106 IPsec implementation provided by the aesni_intel module results in occasional crashes on an busy gateway. This was fixed upstream by commit ccfe8c3f7e52:
| commit ccfe8c3f7e52ae83155cb038753f4c75b774ca8a | Author: Stephan Mueller <[email protected]> | Date: Thu Mar 12 09:17:51 2015 +0100 | | crypto: aesni - fix memory usage in GCM decryption | | The kernel crypto API logic requires the caller to provide the | length of (ciphertext || authentication tag) as cryptlen for the | AEAD decryption operation. Thus, the cipher implementation must | calculate the size of the plaintext output itself and cannot simply use | cryptlen. | | The RFC4106 GCM decryption operation tries to overwrite cryptlen memory | in req->dst. As the destination buffer for decryption only needs to hold | the plaintext memory but cryptlen references the input buffer holding | (ciphertext || authentication tag), the assumption of the destination | buffer length in RFC4106 GCM operation leads to a too large size. This | patch simply uses the already calculated plaintext size. | | In addition, this patch fixes the offset calculation of the AAD buffer | pointer: as mentioned before, cryptlen already includes the size of the | tag. Thus, the tag does not need to be added. With the addition, the AAD | will be written beyond the already allocated buffer. | | Note, this fixes a kernel crash that can be triggered from user space | via AF_ALG(aead) -- simply use the libkcapi test application | from [1] and update it to use rfc4106-gcm-aes. | | Using [1], the changes were tested using CAVS vectors to demonstrate | that the crypto operation still delivers the right results. | | [1] http://www.chronox.de/libkcapi.html | | CC: Tadeusz Struk <[email protected]> | Cc: [email protected] | Signed-off-by: Stephan Mueller <[email protected]> | Signed-off-by: Herbert Xu <[email protected]> This fix is already queued for 3.16.7-ckt10, but it'd be great if you could include it in jessie ASAP. Thanks, -- Romain Francoise <[email protected]> http://people.debian.org/~rfrancoise/ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
