Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp598422img; Fri, 22 Mar 2019 04:53:32 -0700 (PDT) X-Google-Smtp-Source: APXvYqw/LIX68WbYpA3ohTFp88VmADfuBe0fGDspbQoAXU6PqtdREAilLaqIVaJH5gg5TdKlWUjS X-Received: by 2002:a17:902:9008:: with SMTP id a8mr9122797plp.38.1553255612631; Fri, 22 Mar 2019 04:53:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553255612; cv=none; d=google.com; s=arc-20160816; b=mVDyrDhJRlPHlMNhpvedYhsFIcZBN+HYf/8VgocDn8XWvFH+OYLyvHg5/llfUR7r8H KUhSwXZbZYVuPHfBVWdAuV7QyS6lMnRxQ8AKRryLgQ1EQU26GIzu8w48o+ZWVyDwOUyq n+yp8pnP3t+Xx1Zrtm0RJDe/VUbbd1oY9c4AIxpetmpO8e2mFQSeHxnt19IDMQJEMq2W rLKuEE4jXllMLmD1VsHSZfOkdAGIVD3Ur6+Gpb0yzNq835O5mZrqcl8s8lQBbYg4jkon h50h+J4v6CunNYujzxapr4vRC8yP6SaX8SrD8uQpLvWIJD5KJ/E79hKeDZ6RimdLsc1l oCTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=AbtCF2qQRu/4k9aXdG/obg0MhPwNump8YlooEloEqlI=; b=rvvqoPXxZGck7GNABZj6WdpgrrAbkcQSJjYnDUmFSl1Hwxsmff49yKwGDh3V14r4iP svCIm+tn7kvv2h6qIf5A5Fs63lNdFsjSsu1oVY2Mz5X4k0Nzb8pqN3yYgoRn0t7eUxXY FyMDAgGZipMvnIVMaXfe9ZvjGDV8gjoLkNfcYQnmUVUj2+nv+HRZwVgpK+HxgJpVlQgJ QhbPc4k1T+N5ixzhwNu8BSyOJVmlrBz3gozMqLTT07f2XXRvSmAfIdZnvpT2pIdEQGUY H1Y/3elpsgF0ROfsFdhYEjoSGMV8bdJoD+genbgNaXK0j+NpYxCx19zBiaXfnsZUNUqg JBDQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ghBPSQew; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w69si1866254pgd.11.2019.03.22.04.53.17; Fri, 22 Mar 2019 04:53:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ghBPSQew; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732942AbfCVLwn (ORCPT + 99 others); Fri, 22 Mar 2019 07:52:43 -0400 Received: from mail.kernel.org ([198.145.29.99]:56740 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732707AbfCVLwm (ORCPT ); Fri, 22 Mar 2019 07:52:42 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 8F8432082C; Fri, 22 Mar 2019 11:52:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1553255562; bh=QnTdNJVIejZyVq9oWjBSTnvx7zO3eSm9n3n7P3lCSJU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ghBPSQew/okc2PjkylURgW4pG2o7MzuYyFpOauFeeEl8fX0kZbe4OOtbwzGU9cg6e 7RGWOGkM2nw1wIDn/zEcjmwby0b4SqysAEINiLC75BS7Jnlki6quAaNzX6inL4iJGi e1UtfowpBcDQYlsCu3nhXDCZ/ACawu9XvRInf6ps= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ard Biesheuvel , Eric Biggers , Herbert Xu Subject: [PATCH 4.14 129/183] crypto: arm64/aes-neonbs - fix returning final keystream block Date: Fri, 22 Mar 2019 12:15:57 +0100 Message-Id: <20190322111251.086915402@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190322111241.819468003@linuxfoundation.org> References: <20190322111241.819468003@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Eric Biggers commit 12455e320e19e9cc7ad97f4ab89c280fe297387c upstream. The arm64 NEON bit-sliced implementation of AES-CTR fails the improved skcipher tests because it sometimes produces the wrong ciphertext. The bug is that the final keystream block isn't returned from the assembly code when the number of non-final blocks is zero. This can happen if the input data ends a few bytes after a page boundary. In this case the last bytes get "encrypted" by XOR'ing them with uninitialized memory. Fix the assembly code to return the final keystream block when needed. Fixes: 88a3f582bea9 ("crypto: arm64/aes - don't use IV buffer to return final keystream block") Cc: # v4.11+ Reviewed-by: Ard Biesheuvel Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- arch/arm64/crypto/aes-neonbs-core.S | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/arch/arm64/crypto/aes-neonbs-core.S +++ b/arch/arm64/crypto/aes-neonbs-core.S @@ -940,7 +940,7 @@ CPU_LE( rev x8, x8 ) 8: next_ctr v0 cbnz x4, 99b -0: st1 {v0.16b}, [x5] + st1 {v0.16b}, [x5] ldp x29, x30, [sp], #16 ret @@ -948,6 +948,9 @@ CPU_LE( rev x8, x8 ) * If we are handling the tail of the input (x6 != NULL), return the * final keystream block back to the caller. */ +0: cbz x6, 8b + st1 {v0.16b}, [x6] + b 8b 1: cbz x6, 8b st1 {v1.16b}, [x6] b 8b