Patch "crypto: gcm - Fix rfc4543 decryption crash" has been added to the 3.14-stable tree

[gregkh]

This is a note to let you know that I've just added the patch titled

    crypto: gcm - Fix rfc4543 decryption crash

to the 3.14-stable tree which can be found at:
    
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     crypto-gcm-fix-rfc4543-decryption-crash.patch
and it can be found in the queue-3.14 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <sta...@vger.kernel.org> know about it.


>From herb...@gondor.apana.org.au  Sun May  1 15:39:20 2016
From: Herbert Xu <herb...@gondor.apana.org.au>
Date: Fri, 18 Mar 2016 22:42:40 +0800
Subject: crypto: gcm - Fix rfc4543 decryption crash
To: sta...@vger.kernel.org, Linux Crypto Mailing List 
<linux-crypto@vger.kernel.org>, Jussi Kivilinna <jussi.kivili...@iki.fi>, 
patrick.me...@vasgard.com
Message-ID: <20160318144240.ga20...@gondor.apana.org.au>
Content-Disposition: inline

From: Herbert Xu <herb...@gondor.apana.org.au>

This bug has already bee fixed upstream since 4.2.  However, it
was fixed during the AEAD conversion so no fix was backported to
the older kernels.

When we do an RFC 4543 decryption, we will end up writing the
ICV beyond the end of the dst buffer.  This should lead to a
crash but for some reason it was never noticed.

This patch fixes it by only writing back the ICV for encryption.

Fixes: d733ac90f9fe ("crypto: gcm - fix rfc4543 to handle async...")
Reported-by: Patrick Meyer <patrick.me...@vasgard.com>
Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>

---
 crypto/gcm.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/crypto/gcm.c
+++ b/crypto/gcm.c
@@ -1173,6 +1173,9 @@ static struct aead_request *crypto_rfc45
        aead_request_set_tfm(subreq, ctx->child);
        aead_request_set_callback(subreq, req->base.flags, crypto_rfc4543_done,
                                  req);
+       if (!enc)
+               aead_request_set_callback(subreq, req->base.flags,
+                                         req->base.complete, req->base.data);
        aead_request_set_crypt(subreq, cipher, cipher, enc ? 0 : authsize, iv);
        aead_request_set_assoc(subreq, assoc, assoclen);
 


Patches currently in stable-queue which might be from 
herb...@gondor.apana.org.au are

queue-3.14/crypto-gcm-fix-rfc4543-decryption-crash.patch
queue-3.14/crypto-ccp-prevent-information-leakage-on-export.patch
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html