Bug#782561: please backport commit ccfe8c3f7e52 from upstream
Package: src:linux
Version: 3.16.7-ckt7-1
Severity: wishlist
Using the rfc4106 IPsec implementation provided by the aesni_intel
module results in occasional crashes on an busy gateway. This was fixed
upstream by commit ccfe8c3f7e52:
| commit ccfe8c3f7e52ae83155cb038753f4c75b774ca8a
| Author: Stephan Mueller <smueller@chronox.de>
| Date: Thu Mar 12 09:17:51 2015 +0100
|
| crypto: aesni - fix memory usage in GCM decryption
|
| The kernel crypto API logic requires the caller to provide the
| length of (ciphertext || authentication tag) as cryptlen for the
| AEAD decryption operation. Thus, the cipher implementation must
| calculate the size of the plaintext output itself and cannot simply use
| cryptlen.
|
| The RFC4106 GCM decryption operation tries to overwrite cryptlen memory
| in req->dst. As the destination buffer for decryption only needs to hold
| the plaintext memory but cryptlen references the input buffer holding
| (ciphertext || authentication tag), the assumption of the destination
| buffer length in RFC4106 GCM operation leads to a too large size. This
| patch simply uses the already calculated plaintext size.
|
| In addition, this patch fixes the offset calculation of the AAD buffer
| pointer: as mentioned before, cryptlen already includes the size of the
| tag. Thus, the tag does not need to be added. With the addition, the AAD
| will be written beyond the already allocated buffer.
|
| Note, this fixes a kernel crash that can be triggered from user space
| via AF_ALG(aead) -- simply use the libkcapi test application
| from [1] and update it to use rfc4106-gcm-aes.
|
| Using [1], the changes were tested using CAVS vectors to demonstrate
| that the crypto operation still delivers the right results.
|
| [1] http://www.chronox.de/libkcapi.html
|
| CC: Tadeusz Struk <tadeusz.struk@intel.com>
| Cc: stable@vger.kernel.org
| Signed-off-by: Stephan Mueller <smueller@chronox.de>
| Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This fix is already queued for 3.16.7-ckt10, but it'd be great if you
could include it in jessie ASAP.
Thanks,
--
Romain Francoise <rfrancoise@debian.org>
http://people.debian.org/~rfrancoise/
Reply to: