Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp591766img; Fri, 22 Mar 2019 04:43:40 -0700 (PDT) X-Google-Smtp-Source: APXvYqy0h21t7Alryd5HP86y3F7MXl8WZjMldloDq/raUBx92hEicb7mKS12q3VszbVcfsj/ycHC X-Received: by 2002:a62:fb04:: with SMTP id x4mr8704336pfm.83.1553255020724; Fri, 22 Mar 2019 04:43:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553255020; cv=none; d=google.com; s=arc-20160816; b=jmct0K9doDuoNkVtC3e10Ot2Fn4G5Yf/A9ANHNVPzixNgjRdBHMkrTQ2HSDGvz1FFC jOI+1hJ23QpZxidBSxDeTRvgSbA2k+VWNIU2JdeqZ80fxb4JUFxZYSGjGR+4L+rcg7f4 r3KVhc4Xj0kjwCMluNj0t4pqC6RrCqRd7U7QuLOyY5eGHFS7vxNie5xtTPYi4XPDhuiR 1HTVj0Z6uNeSegef2i7vUMcweHOhtyPx5iFlsNRFid+PzSceaLYnaHOnTHWGbv61Osaf rDE7I1hAJSng6fM1gF9JixgEzZFXVeuh8Nf2BHa/O2/GHTYT4Nsi13as6y2ngOvSgHGx PBZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=pXx+itNQZnHX0Dmca9c+5/GqiPtGP9S9MJDZOvE3OGg=; b=NW2UA3jv5pc4utl9mGiKlj+J/FvMN0ENfvxEZT75U07dmW1QEaK1hK9Hzdziksr5CB fxgOqkO2X1Yr//q0liTruspa19GScNO2qdkVw11FaqFpXvm4ZKye6P2eiO+b8Cj8MKNs 8q2MV6leOjO8xZHbAaOZ+HkdXgeMYnT4LX+014mEG71njxTQFiKoGEJzQ7WaHSfH5lS3 8cFfTjeupXiqYCbwGOZp1IxLV2lpNPxB3SJldp0oPJ/TIw0TQv25el7yYLHV9cfIvSH4 F7C7JMQnu0aS9SHDH6fw8hudny6xIA0kBPgCQ3dXawvGaiQpe+icZMfv3LXwa7bwkJPo 78uA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=wc8mdOcX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a6si2943406plm.62.2019.03.22.04.43.26; Fri, 22 Mar 2019 04:43:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=wc8mdOcX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731414AbfCVLmv (ORCPT + 99 others); Fri, 22 Mar 2019 07:42:51 -0400 Received: from mail.kernel.org ([198.145.29.99]:45350 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730389AbfCVLmr (ORCPT ); Fri, 22 Mar 2019 07:42:47 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 215672082C; Fri, 22 Mar 2019 11:42:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1553254966; bh=KsNTfJV4f2hdteokyytDE3BeLcgc/KcwsOrkPjWCgd8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=wc8mdOcXC8aM9tazR2ofHnuRo1GWKgcgq3B7NdFHaarSA3cBnhfgxhOFuIHw5vDeW bEKhaxam7ZyQQScc5V1bIcrvK0u+8FhvwL5Sq6tS6gJkTqvcAYiZHxCP4T6FfZ9xGm Q6TZTQJxyve1y9lgBuyDySAvRN7njo0BadvgrA58= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Biggers , Ard Biesheuvel , Herbert Xu Subject: [PATCH 4.9 047/118] crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling Date: Fri, 22 Mar 2019 12:15:19 +0100 Message-Id: <20190322111219.680827848@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190322111215.873964544@linuxfoundation.org> References: <20190322111215.873964544@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Ard Biesheuvel commit eaf46edf6ea89675bd36245369c8de5063a0272c upstream. The NEON MAC calculation routine fails to handle the case correctly where there is some data in the buffer, and the input fills it up exactly. In this case, we enter the loop at the end with w8 == 0, while a negative value is assumed, and so the loop carries on until the increment of the 32-bit counter wraps around, which is quite obviously wrong. So omit the loop altogether in this case, and exit right away. Reported-by: Eric Biggers Fixes: a3fd82105b9d1 ("arm64/crypto: AES in CCM mode using ARMv8 Crypto ...") Cc: stable@vger.kernel.org Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- arch/arm64/crypto/aes-ce-ccm-core.S | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- a/arch/arm64/crypto/aes-ce-ccm-core.S +++ b/arch/arm64/crypto/aes-ce-ccm-core.S @@ -74,12 +74,13 @@ ENTRY(ce_aes_ccm_auth_data) beq 10f ext v0.16b, v0.16b, v0.16b, #1 /* rotate out the mac bytes */ b 7b -8: mov w7, w8 +8: cbz w8, 91f + mov w7, w8 add w8, w8, #16 9: ext v1.16b, v1.16b, v1.16b, #1 adds w7, w7, #1 bne 9b - eor v0.16b, v0.16b, v1.16b +91: eor v0.16b, v0.16b, v1.16b st1 {v0.16b}, [x0] 10: str w8, [x3] ret