1 From 969e2f59d589c15f6aaf306e590dde16f12ea4b3 Mon Sep 17 00:00:00 2001
2 From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
3 Date: Thu, 24 Jan 2019 17:33:46 +0100
4 Subject: crypto: arm64/aes-ccm - fix bugs in non-NEON fallback routine
6 From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
8 commit 969e2f59d589c15f6aaf306e590dde16f12ea4b3 upstream.
10 Commit 5092fcf34908 ("crypto: arm64/aes-ce-ccm: add non-SIMD generic
11 fallback") introduced C fallback code to replace the NEON routines
12 when invoked from a context where the NEON is not available (i.e.,
13 from the context of a softirq taken while the NEON is already being
14 used in kernel process context)
16 Fix two logical flaws in the MAC calculation of the associated data.
18 Reported-by: Eric Biggers <ebiggers@kernel.org>
19 Fixes: 5092fcf34908 ("crypto: arm64/aes-ce-ccm: add non-SIMD generic fallback")
20 Cc: stable@vger.kernel.org
21 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
22 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
23 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
26 arch/arm64/crypto/aes-ce-ccm-glue.c | 4 +---
27 1 file changed, 1 insertion(+), 3 deletions(-)
29 --- a/arch/arm64/crypto/aes-ce-ccm-glue.c
30 +++ b/arch/arm64/crypto/aes-ce-ccm-glue.c
31 @@ -123,7 +123,7 @@ static void ccm_update_mac(struct crypto
35 - while (abytes > AES_BLOCK_SIZE) {
36 + while (abytes >= AES_BLOCK_SIZE) {
37 __aes_arm64_encrypt(key->key_enc, mac, mac,
39 crypto_xor(mac, in, AES_BLOCK_SIZE);
40 @@ -137,8 +137,6 @@ static void ccm_update_mac(struct crypto
42 crypto_xor(mac, in, abytes);