diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2016-03-18 22:42:40 +0800 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2016-05-01 00:06:15 +0200 |
commit | e5393d8034ab710f2797d0c2a15dab663cb60707 (patch) | |
tree | 10e6796249471021042b34f0e9c3172465cd7731 | |
parent | 366d36a8136fd4b34f6d30935693cb6b85915a25 (diff) |
crypto: gcm - Fix rfc4543 decryption crash
This bug has already bee fixed upstream since 4.2. However, it
was fixed during the AEAD conversion so no fix was backported to
the older kernels.
[bwh: The upstream commit was adcbc688fe2f ("crypto: gcm - Convert to
new AEAD interface")]
When we do an RFC 4543 decryption, we will end up writing the
ICV beyond the end of the dst buffer. This should lead to a
crash but for some reason it was never noticed.
This patch fixes it by only writing back the ICV for encryption.
Fixes: d733ac90f9fe ("crypto: gcm - fix rfc4543 to handle async...")
Reported-by: Patrick Meyer <patrick.meyer@vasgard.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r-- | crypto/gcm.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/crypto/gcm.c b/crypto/gcm.c index 9cea4d0b6904..f0bd00b15f26 100644 --- a/crypto/gcm.c +++ b/crypto/gcm.c @@ -1173,6 +1173,9 @@ static struct aead_request *crypto_rfc4543_crypt(struct aead_request *req, aead_request_set_tfm(subreq, ctx->child); aead_request_set_callback(subreq, req->base.flags, crypto_rfc4543_done, req); + if (!enc) + aead_request_set_callback(subreq, req->base.flags, + req->base.complete, req->base.data); aead_request_set_crypt(subreq, cipher, cipher, enc ? 0 : authsize, iv); aead_request_set_assoc(subreq, assoc, assoclen); |