Menu
▾
▴
[Astlinux-commits] SF.net SVN: astlinux:[7083] branches/1.0/project/astlinux/kernel-patches/ linux-900-crypto-aesni-fix-memory-usage-in-GCM-decryption.patch
|
From: <abe...@us...> - 2015-05-28 16:56:21
|
Revision: 7083
http://sourceforge.net/p/astlinux/code/7083
Author: abelbeck
Date: 2015-05-28 16:56:19 +0000 (Thu, 28 May 2015)
Log Message:
-----------
linux patch, crypto: aesni - fix memory usage in GCM decryption, Security fix: CVE-2015-3331
Added Paths:
-----------
branches/1.0/project/astlinux/kernel-patches/linux-900-crypto-aesni-fix-memory-usage-in-GCM-decryption.patch
Added: branches/1.0/project/astlinux/kernel-patches/linux-900-crypto-aesni-fix-memory-usage-in-GCM-decryption.patch
===================================================================
--- branches/1.0/project/astlinux/kernel-patches/linux-900-crypto-aesni-fix-memory-usage-in-GCM-decryption.patch (rev 0)
+++ branches/1.0/project/astlinux/kernel-patches/linux-900-crypto-aesni-fix-memory-usage-in-GCM-decryption.patch 2015-05-28 16:56:19 UTC (rev 7083)
@@ -0,0 +1,61 @@
+From ccfe8c3f7e52ae83155cb038753f4c75b774ca8a Mon Sep 17 00:00:00 2001
+From: Stephan Mueller <smu...@ch...>
+Date: Thu, 12 Mar 2015 09:17:51 +0100
+Subject: crypto: aesni - fix memory usage in GCM decryption
+
+The kernel crypto API logic requires the caller to provide the
+length of (ciphertext || authentication tag) as cryptlen for the
+AEAD decryption operation. Thus, the cipher implementation must
+calculate the size of the plaintext output itself and cannot simply use
+cryptlen.
+
+The RFC4106 GCM decryption operation tries to overwrite cryptlen memory
+in req->dst. As the destination buffer for decryption only needs to hold
+the plaintext memory but cryptlen references the input buffer holding
+(ciphertext || authentication tag), the assumption of the destination
+buffer length in RFC4106 GCM operation leads to a too large size. This
+patch simply uses the already calculated plaintext size.
+
+In addition, this patch fixes the offset calculation of the AAD buffer
+pointer: as mentioned before, cryptlen already includes the size of the
+tag. Thus, the tag does not need to be added. With the addition, the AAD
+will be written beyond the already allocated buffer.
+
+Note, this fixes a kernel crash that can be triggered from user space
+via AF_ALG(aead) -- simply use the libkcapi test application
+from [1] and update it to use rfc4106-gcm-aes.
+
+Using [1], the changes were tested using CAVS vectors to demonstrate
+that the crypto operation still delivers the right results.
+
+[1] http://www.chronox.de/libkcapi.html
+
+CC: Tadeusz Struk <tad...@in...>
+Cc: st...@vg...
+Signed-off-by: Stephan Mueller <smu...@ch...>
+Signed-off-by: Herbert Xu <he...@go...>
+
+diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
+index 947c6bf..54f60ab 100644
+--- a/arch/x86/crypto/aesni-intel_glue.c
++++ b/arch/x86/crypto/aesni-intel_glue.c
+@@ -1202,7 +1202,7 @@ static int __driver_rfc4106_decrypt(struct aead_request *req)
+ src = kmalloc(req->cryptlen + req->assoclen, GFP_ATOMIC);
+ if (!src)
+ return -ENOMEM;
+- assoc = (src + req->cryptlen + auth_tag_len);
++ assoc = (src + req->cryptlen);
+ scatterwalk_map_and_copy(src, req->src, 0, req->cryptlen, 0);
+ scatterwalk_map_and_copy(assoc, req->assoc, 0,
+ req->assoclen, 0);
+@@ -1227,7 +1227,7 @@ static int __driver_rfc4106_decrypt(struct aead_request *req)
+ scatterwalk_done(&src_sg_walk, 0, 0);
+ scatterwalk_done(&assoc_sg_walk, 0, 0);
+ } else {
+- scatterwalk_map_and_copy(dst, req->dst, 0, req->cryptlen, 1);
++ scatterwalk_map_and_copy(dst, req->dst, 0, tempCipherLen, 1);
+ kfree(src);
+ }
+ return retval;
+--
+cgit v0.10.2
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
