Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp640895img; Fri, 22 Mar 2019 05:44:10 -0700 (PDT) X-Google-Smtp-Source: APXvYqyxc69lmHMQ6vQ0eNjFidGm9k3BpWUA9KgJBvweg8V9KuatHivEjqrb7SjyJOsCkqd+IxVn X-Received: by 2002:a17:902:4681:: with SMTP id p1mr9081505pld.42.1553258650010; Fri, 22 Mar 2019 05:44:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553258650; cv=none; d=google.com; s=arc-20160816; b=pe7alczGWqQ8LUTJJJpgwbWp/l/ZmGVBVMfjPdYt2hUJ42A7metHJad8m3JHH2Wgkx UQAJIDrG+Yzi9aczK8xt16EH0pQkVsLjp0sCs4clKJJU362QVE1J7f8ulkhCzOOoKbsA XsRUCRXdDLtXQHVznbadAM9uLwSqaOsP/PRZwPwN4vKmd5xb22bby8CRuuWLrjkeRgPY 1GzZ8TPo/M7wC+Q4FlcBnl3NEZQS1QPGZHSWO3ih0B1tX23q+fE0uepeS25ffr9dQIor Qdpq9P2GrHsaih492J9PSPvhANvxRWGw01cm9UlkUO3CxrOPbEDWFQdWGuVUoP32ECrV ov/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=3YFiq90YaJGPr4ZwSCBsNm1bvB/RtJm0z6nxmIeSQOU=; b=llgS198mvRfCWg0w8gy/PIGOLfWAtrsquZu/f8xb0PfyCQ0Q+bDOVRW00Hcwt9n+Gk 7t8A78zzgTsB7wawNd8zMvme645RgT+kM8LqcwzYUDseKBMXHQqbAzSmgTbzuPJ1N0d/ hMWFERAM7dKZ78BJwCJcFi5qxrXvMspaBzgz0Hzj0mf/krvtZEBQqnmMFpL6j4A9agrn gcSGMM9c/8uUr/UMpwpQGARUYp662jvA4HIgrjwJZaEW2qQ/r+uzrXUmh8vS/YZtM7dL 7KNlyBr3vbgFNd+Up9Ut6kLTIWDFznhujyk0xTz1psFJtDfRguB9chth/lC4tWRS/QO7 rh+A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="n8a0P/yU"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y5si6449592pgv.3.2019.03.22.05.43.54; Fri, 22 Mar 2019 05:44:09 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="n8a0P/yU"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388479AbfCVMDM (ORCPT + 99 others); Fri, 22 Mar 2019 08:03:12 -0400 Received: from mail.kernel.org ([198.145.29.99]:41502 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730413AbfCVMDJ (ORCPT ); Fri, 22 Mar 2019 08:03:09 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6A231204FD; Fri, 22 Mar 2019 12:03:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1553256188; bh=5cZvzoefyLH0+Nhn3cAEWZU/npiSIf9g3yP2YgmxLu4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=n8a0P/yUrYuCzk2vuqQtpLm5zAfprzGAgDgT+WMyZn2JotcWvwDQS1UYxjnlyCvVZ 8U1tsqWet1sD3ICUKbdndUdI0WQ5jaVcjKbK2aJFwomz/0+zTxG6hAN3Lz4ji8LzXX o40UECH21urfSRbbDDqNF3i3ck5R4tnoAbfq3648= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Biggers , Ard Biesheuvel , Herbert Xu Subject: [PATCH 4.19 135/280] crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling Date: Fri, 22 Mar 2019 12:14:48 +0100 Message-Id: <20190322111317.313705889@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190322111306.356185024@linuxfoundation.org> References: <20190322111306.356185024@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.19-stable review patch. If anyone has any objections, please let me know. ------------------ From: Ard Biesheuvel commit eaf46edf6ea89675bd36245369c8de5063a0272c upstream. The NEON MAC calculation routine fails to handle the case correctly where there is some data in the buffer, and the input fills it up exactly. In this case, we enter the loop at the end with w8 == 0, while a negative value is assumed, and so the loop carries on until the increment of the 32-bit counter wraps around, which is quite obviously wrong. So omit the loop altogether in this case, and exit right away. Reported-by: Eric Biggers Fixes: a3fd82105b9d1 ("arm64/crypto: AES in CCM mode using ARMv8 Crypto ...") Cc: stable@vger.kernel.org Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- arch/arm64/crypto/aes-ce-ccm-core.S | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- a/arch/arm64/crypto/aes-ce-ccm-core.S +++ b/arch/arm64/crypto/aes-ce-ccm-core.S @@ -74,12 +74,13 @@ ENTRY(ce_aes_ccm_auth_data) beq 10f ext v0.16b, v0.16b, v0.16b, #1 /* rotate out the mac bytes */ b 7b -8: mov w7, w8 +8: cbz w8, 91f + mov w7, w8 add w8, w8, #16 9: ext v1.16b, v1.16b, v1.16b, #1 adds w7, w7, #1 bne 9b - eor v0.16b, v0.16b, v1.16b +91: eor v0.16b, v0.16b, v1.16b st1 {v0.16b}, [x0] 10: str w8, [x3] ret