Received: by 10.223.164.202 with SMTP id h10csp206064wrb;
        Mon, 13 Nov 2017 05:15:32 -0800 (PST)
X-Google-Smtp-Source: AGs4zMbbD/lbPMTulqHY/h5KKI1RZH02w8upfFuiBLAthZbiGg3OppMIIncQSKutQGSF/eH6hd/j
X-Received: by 10.99.170.66 with SMTP id x2mr8761335pgo.117.1510578932706;
        Mon, 13 Nov 2017 05:15:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1510578932; cv=none;
        d=google.com; s=arc-20160816;
        b=ISat/8/xKirlx2CdiS01l4dugVDWyvit+Q2xK+JQGt52dpYFEAuW6imEh2k6BFgMEn
         s1R76VUpzjuFbKe3GmBl+DnGGtiJmqtpmkZOdr+iVpj+Lk9pd3nHym2AH7R9wEiBDdEu
         vUzZwgoY0TYUc1NJ9bKr4ekRFM4hgdUaDE3UZXWIbwZM/nwhTcSg7C4+g0Yp4Aa3lfHx
         KlZSOQWSTQr9NFjq6FWMafAZmVo6aTHULTMlgzFmiDdc/SgUGftyoGBhHIo71MkNC5vg
         7g6eN7RaXWlVn+KOdsDLA0XcKytRkzLMdrOp2VYsEWBkIg+hTnTvihJ9zBi47/c4G4Nu
         xFiQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=fmsVHMZoxoZY8z6adoP9873mVVKE/KJTh0NnpVSNIwQ=;
        b=CDcWDBwGYDxfTDJRion1KfEBxCM4ZG+ipX88LZsySQEufv1i2ymbrTxCxcF+eqFKaL
         L97dkSFC+7ugLq9pyERaO+1bkKpjMgkZ1wNK61Mvmp+CRycMkqJ3lRDaevVZvDvxiXIq
         SwgHYL2mrkfXDFZeB0J6XxDrxHqBnLUJseoHqrGefMOmOwd8SAQVXRzqHzZx6eG8Bq0N
         FVWker8JLvFj3MIsec9mL3wxgBUp/F519v2hWV+KLxxvxr+lbiAzO7fULak3R1fL6ciz
         t5UZin6gGIz7I9kLHGiabGCV1dXIyRr6kHHmzK+aQDibfpLhzmyjswnaMepBRHTTEXMi
         IryQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id h13si13645195pgq.28.2017.11.13.05.15.19;
        Mon, 13 Nov 2017 05:15:32 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1755142AbdKMNOs (ORCPT <rfc822;0330sisy@gmail.com> + 95 others);
        Mon, 13 Nov 2017 08:14:48 -0500
Received: from mail.linuxfoundation.org ([140.211.169.12]:51332 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1754983AbdKMNDA (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 13 Nov 2017 08:03:00 -0500
Received: from localhost (LFbn-1-12253-150.w90-92.abo.wanadoo.fr [90.92.67.150])
        by mail.linuxfoundation.org (Postfix) with ESMTPSA id 5B146AB7;
        Mon, 13 Nov 2017 13:02:59 +0000 (UTC)
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Romain Izard <romain.izard.pro@gmail.com>,
        Tudor Ambarus <tudor.ambarus@microchip.com>,
        Herbert Xu <herbert@gondor.apana.org.au>
Subject: [PATCH 4.9 57/87] crypto: ccm - preserve the IV buffer
Date:   Mon, 13 Nov 2017 13:56:14 +0100
Message-Id: <20171113125620.606802451@linuxfoundation.org>
X-Mailer: git-send-email 2.15.0
In-Reply-To: <20171113125615.304035578@linuxfoundation.org>
References: <20171113125615.304035578@linuxfoundation.org>
User-Agent: quilt/0.65
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.9-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Romain Izard <romain.izard.pro@gmail.com>

commit 441f99c90497e15aa3ad1dbabd56187e29614348 upstream.

The IV buffer used during CCM operations is used twice, during both the
hashing step and the ciphering step.

When using a hardware accelerator that updates the contents of the IV
buffer at the end of ciphering operations, the value will be modified.
In the decryption case, the subsequent setup of the hashing algorithm
will interpret the updated IV instead of the original value, which can
lead to out-of-bounds writes.

Reuse the idata buffer, only used in the hashing step, to preserve the
IV's value during the ciphering step in the decryption case.

Signed-off-by: Romain Izard <romain.izard.pro@gmail.com>
Reviewed-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 crypto/ccm.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/crypto/ccm.c
+++ b/crypto/ccm.c
@@ -413,7 +413,7 @@ static int crypto_ccm_decrypt(struct aea
 	unsigned int cryptlen = req->cryptlen;
 	u8 *authtag = pctx->auth_tag;
 	u8 *odata = pctx->odata;
-	u8 *iv = req->iv;
+	u8 *iv = pctx->idata;
 	int err;
 
 	cryptlen -= authsize;
@@ -429,6 +429,8 @@ static int crypto_ccm_decrypt(struct aea
 	if (req->src != req->dst)
 		dst = pctx->dst;
 
+	memcpy(iv, req->iv, 16);
+
 	skcipher_request_set_tfm(skreq, ctx->ctr);
 	skcipher_request_set_callback(skreq, pctx->flags,
 				      crypto_ccm_decrypt_done, req);



From 1583956126666045134@xxx Mon Nov 13 13:04:36 +0000 2017
X-GM-THRID: 1583956126666045134
X-Gmail-Labels: Inbox,Category Updates,HistoricalUnread