1 From eaf46edf6ea89675bd36245369c8de5063a0272c Mon Sep 17 00:00:00 2001
2 From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
3 Date: Thu, 24 Jan 2019 17:33:45 +0100
4 Subject: crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling
6 From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
8 commit eaf46edf6ea89675bd36245369c8de5063a0272c upstream.
10 The NEON MAC calculation routine fails to handle the case correctly
11 where there is some data in the buffer, and the input fills it up
12 exactly. In this case, we enter the loop at the end with w8 == 0,
13 while a negative value is assumed, and so the loop carries on until
14 the increment of the 32-bit counter wraps around, which is quite
17 So omit the loop altogether in this case, and exit right away.
19 Reported-by: Eric Biggers <ebiggers@kernel.org>
20 Fixes: a3fd82105b9d1 ("arm64/crypto: AES in CCM mode using ARMv8 Crypto ...")
21 Cc: stable@vger.kernel.org
22 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
23 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
24 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
27 arch/arm64/crypto/aes-ce-ccm-core.S | 5 +++--
28 1 file changed, 3 insertions(+), 2 deletions(-)
30 --- a/arch/arm64/crypto/aes-ce-ccm-core.S
31 +++ b/arch/arm64/crypto/aes-ce-ccm-core.S
32 @@ -74,12 +74,13 @@ ENTRY(ce_aes_ccm_auth_data)
34 ext v0.16b, v0.16b, v0.16b, #1 /* rotate out the mac bytes */
40 9: ext v1.16b, v1.16b, v1.16b, #1
43 - eor v0.16b, v0.16b, v1.16b
44 +91: eor v0.16b, v0.16b, v1.16b