• Junaid Shahid's avatar
    crypto: aesni - Fix out-of-bounds access of the AAD buffer in generic-gcm-aesni · 1ecdd37e
    Junaid Shahid authored
    The aesni_gcm_enc/dec functions can access memory after the end of
    the AAD buffer if the AAD length is not a multiple of 4 bytes.
    It didn't matter with rfc4106-gcm-aesni as in that case the AAD was
    always followed by the 8 byte IV, but that is no longer the case with
    generic-gcm-aesni. This can potentially result in accessing a page that
    is not mapped and thus causing the machine to crash. This patch fixes
    that by reading the last <16 byte block of the AAD byte-by-byte and
    optionally via an 8-byte load if the block was at least 8 bytes.
    
    Fixes: 0487ccac ("crypto: aesni - make non-AVX AES-GCM work with any aadlen")
    Cc: <stable@vger.kernel.org>
    Signed-off-by: default avatarJunaid Shahid <junaids@google.com>
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    1ecdd37e
aesni-intel_asm.S 78.1 KB