[thirdparty/kernel/stable-queue.git] / releases / 4.19.31 / crypto-arm64-aes-ccm-fix-bugs-in-non-neon-fallback-routine.patch

From 969e2f59d589c15f6aaf306e590dde16f12ea4b3 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date: Thu, 24 Jan 2019 17:33:46 +0100
Subject: crypto: arm64/aes-ccm - fix bugs in non-NEON fallback routine

From: Ard Biesheuvel <ard.biesheuvel@linaro.org>

commit 969e2f59d589c15f6aaf306e590dde16f12ea4b3 upstream.

Commit 5092fcf34908 ("crypto: arm64/aes-ce-ccm: add non-SIMD generic
fallback") introduced C fallback code to replace the NEON routines
when invoked from a context where the NEON is not available (i.e.,
from the context of a softirq taken while the NEON is already being
used in kernel process context)

Fix two logical flaws in the MAC calculation of the associated data.

Reported-by: Eric Biggers <ebiggers@kernel.org>
Fixes: 5092fcf34908 ("crypto: arm64/aes-ce-ccm: add non-SIMD generic fallback")
Cc: stable@vger.kernel.org
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm64/crypto/aes-ce-ccm-glue.c |    4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

--- a/arch/arm64/crypto/aes-ce-ccm-glue.c
+++ b/arch/arm64/crypto/aes-ce-ccm-glue.c
@@ -125,7 +125,7 @@ static void ccm_update_mac(struct crypto
 			abytes -= added;
 		}
 
-		while (abytes > AES_BLOCK_SIZE) {
+		while (abytes >= AES_BLOCK_SIZE) {
 			__aes_arm64_encrypt(key->key_enc, mac, mac,
 					    num_rounds(key));
 			crypto_xor(mac, in, AES_BLOCK_SIZE);
@@ -139,8 +139,6 @@ static void ccm_update_mac(struct crypto
 					    num_rounds(key));
 			crypto_xor(mac, in, abytes);
 			*macp = abytes;
-		} else {
-			*macp = 0;
 		}
 	}
 }
Commit	Line	Data
128027b5 GKH	1	From 969e2f59d589c15f6aaf306e590dde16f12ea4b3 Mon Sep 17 00:00:00 2001
	2	From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
	3	Date: Thu, 24 Jan 2019 17:33:46 +0100
	4	Subject: crypto: arm64/aes-ccm - fix bugs in non-NEON fallback routine
	5
	6	From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
	7
	8	commit 969e2f59d589c15f6aaf306e590dde16f12ea4b3 upstream.
	9
	10	Commit 5092fcf34908 ("crypto: arm64/aes-ce-ccm: add non-SIMD generic
	11	fallback") introduced C fallback code to replace the NEON routines
	12	when invoked from a context where the NEON is not available (i.e.,
	13	from the context of a softirq taken while the NEON is already being
	14	used in kernel process context)
	15
	16	Fix two logical flaws in the MAC calculation of the associated data.
	17
	18	Reported-by: Eric Biggers <ebiggers@kernel.org>
	19	Fixes: 5092fcf34908 ("crypto: arm64/aes-ce-ccm: add non-SIMD generic fallback")
	20	Cc: stable@vger.kernel.org
	21	Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
	22	Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
	23	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	24
	25	---
	26	arch/arm64/crypto/aes-ce-ccm-glue.c \| 4 +---
	27	1 file changed, 1 insertion(+), 3 deletions(-)
	28
	29	--- a/arch/arm64/crypto/aes-ce-ccm-glue.c
	30	+++ b/arch/arm64/crypto/aes-ce-ccm-glue.c
	31	@@ -125,7 +125,7 @@ static void ccm_update_mac(struct crypto
	32	abytes -= added;
	33	}
	34
	35	- while (abytes > AES_BLOCK_SIZE) {
	36	+ while (abytes >= AES_BLOCK_SIZE) {
	37	__aes_arm64_encrypt(key->key_enc, mac, mac,
	38	num_rounds(key));
	39	crypto_xor(mac, in, AES_BLOCK_SIZE);
	40	@@ -139,8 +139,6 @@ static void ccm_update_mac(struct crypto
	41	num_rounds(key));
	42	crypto_xor(mac, in, abytes);
	43	*macp = abytes;
	44	- } else {
	45	- *macp = 0;
	46	}
	47	}
	48	}