• Joy Latten's avatar
    [CRYPTO] xcbc: Fix crash with IPsec · 2f40a178
    Joy Latten authored
    When using aes-xcbc-mac for authentication in IPsec, 
    the kernel crashes. It seems this algorithm doesn't 
    account for the space IPsec may make in scatterlist for authtag.
    Thus when crypto_xcbc_digest_update2() gets called,
    nbytes may be less than sg[i].length. 
    Since nbytes is an unsigned number, it wraps
    at the end of the loop allowing us to go back 
    into loop and causing crash in memcpy.
    I used update function in digest.c to model this fix.
    Please let me know if it looks ok.
    Signed-off-by: default avatarJoy Latten <latten@austin.ibm.com>
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
xcbc.c 9.04 KB