From patchwork Fri Sep 23 08:47:32 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: =?utf-8?b?T25kcmVqIE1vc27DocSNZWs=?=
 <omosnacek@gmail.com>
X-Patchwork-Id: 9347769
X-Patchwork-Delegate: herbert@gondor.apana.org.au
Return-Path: <linux-crypto-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	4E108607F2 for <patchwork-linux-crypto@patchwork.kernel.org>;
	Fri, 23 Sep 2016 08:48:12 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3ED072A794
	for <patchwork-linux-crypto@patchwork.kernel.org>;
	Fri, 23 Sep 2016 08:48:12 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 337852A7BC; Fri, 23 Sep 2016 08:48:12 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM,
	T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D56702A794
	for <patchwork-linux-crypto@patchwork.kernel.org>;
	Fri, 23 Sep 2016 08:48:11 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S934797AbcIWIsK (ORCPT
	<rfc822;patchwork-linux-crypto@patchwork.kernel.org>);
	Fri, 23 Sep 2016 04:48:10 -0400
Received: from mail-wm0-f67.google.com ([74.125.82.67]:35843 "EHLO
	mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S935444AbcIWIsH (ORCPT
	<rfc822;linux-crypto@vger.kernel.org>);
	Fri, 23 Sep 2016 04:48:07 -0400
Received: by mail-wm0-f67.google.com with SMTP id b184so1608098wma.3
	for <linux-crypto@vger.kernel.org>;
	Fri, 23 Sep 2016 01:47:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id:mime-version;
	bh=UernIspdT48msKKJARwltDnzDHI9p3Z1A2glylE4oHM=;
	b=aGd+vInZuG6K05HJUTuJeAvvh18muuNPiafykJjJcT8XF9b+HUxBln76xy6y9B+mLe
	HcTV7Hs8N2jmwqol4sOG5IS2XzibdtJAZcUCR8bXpzEIuw4URcKgwi3bN85XY1clhmiB
	5DwQK5Zj+fXBMiSIxb54b4lV1D1NHXPpMUyaFONiAvVnrJ28IfbXe844Mf+a9ofOeoF5
	s6rEd1XADrc8sGrx8MXcAog05wHBQLjAeWte6Y7UCP44EBMT9mOeaCeK8UiicVC8g99y
	GxGF1k/nG5GbrP2iwdNumo8eHUW4mvXftWmCR0Fzg+komvMOSpMaTXQvRL8w4f4I3lgK
	qQQA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version;
	bh=UernIspdT48msKKJARwltDnzDHI9p3Z1A2glylE4oHM=;
	b=UyUU+QpYGCQXtwXHnMS03rsctjIYoLH/4y9MsWXsZYG+xYJuA6pJwNAWxa8QOc3D+C
	1F//865AHEoa/cyOWoz12FPnXUYHZxyGAP4CopODwJ2FhmcTOlASuhQy4l+McpvScl3H
	ZgFwVXv6luf/2RoULrR3ewN98Xy3LyqxfNYOT0gXaym7EbRqiluED592Gk/oS2PNln4G
	PUdUf12DGHbn7bcJffb0IetNcSi8MEyTiCAOi/FzdklK7gSPbCG74byGScmtVOV/gNt9
	auOUDFkmh3xMIZZeLTXjdJdkXwHo2uTmphCqWk0EWjn3/syuh0R3jjVUN6C5IytyIMzh
	eoLQ==
X-Gm-Message-State: 
 AA6/9RmoY09AcSPd0+OJWwWXpK9glnXcQ2CCkBghmnLeGwhdQrhx58bOfdfYC+pA0T8L4A==
X-Received: by 10.194.157.193 with SMTP id wo1mr6901107wjb.22.1474620471526;
	Fri, 23 Sep 2016 01:47:51 -0700 (PDT)
Received: from localhost.localdomain (ip-78-45-120-92.net.upcbroadband.cz.
	[78.45.120.92]) by smtp.gmail.com with ESMTPSA id
	j10sm6112354wjy.13.2016.09.23.01.47.46
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Fri, 23 Sep 2016 01:47:50 -0700 (PDT)
From: Ondrej Mosnacek <omosnacek@gmail.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org, Ondrej Mosnacek <omosnacek@gmail.com>
Subject: [PATCH v2] crypto: gcm - Fix IV buffer size in crypto_gcm_setkey
Date: Fri, 23 Sep 2016 10:47:32 +0200
Message-Id: <1474620452-7278-1-git-send-email-omosnacek@gmail.com>
X-Mailer: git-send-email 2.7.4
MIME-Version: 1.0
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

The cipher block size for GCM is 16 bytes, and thus the CTR transform
used in crypto_gcm_setkey() will also expect a 16-byte IV. However,
the code currently reserves only 8 bytes for the IV, causing
an out-of-bounds access in the CTR transform. This patch fixes
the issue by setting the size of the IV buffer to 16 bytes.

Fixes: 84c911523020 ("[CRYPTO] gcm: Add support for async ciphers")
Signed-off-by: Ondrej Mosnacek <omosnacek@gmail.com>
---
(Sorry for previous broken patch, hopefully I got it right this
time.)

I randomly noticed this while going over igcm.c for an unrelated
reason. It seems the wrong buffer size never caused any noticeable
problems (it's been there since 2007), but it should be corrected
nonetheless...

 crypto/gcm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--
2.7.4

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/crypto/gcm.c b/crypto/gcm.c
index 70a892e8..f624ac9 100644
--- a/crypto/gcm.c
+++ b/crypto/gcm.c
@@ -117,7 +117,7 @@ static int crypto_gcm_setkey(struct crypto_aead *aead, const u8 *key,
 	struct crypto_skcipher *ctr = ctx->ctr;
 	struct {
 		be128 hash;
-		u8 iv[8];
+		u8 iv[16];
 
 		struct crypto_gcm_setkey_result result;