Ubuntu
linux package

Bug #1832623
Comment #0

Comment 0 for bug 1832623

Revision history for this message

bugproxy (bugproxy) wrote on 2019-06-12:

Description: kernel: Fix gcm-aes-s390 wrong scatter-gather list processing
Symptom: gcm-aes-s390 wrong en/decryption processing
Problem: The current gcm aes s390 implementation does not process
               scatter-gather input and output lists correct when list
               entries with sizes not multiples of the blocksize of 16
               bytes are used. Result may be wrong calculated encrypted
               or decrypted data.
               This can only happen on z14 (this is the only machine
               which supports aes-gcm in hardware via CPACF). Please note
               that applications using aes-gcm via the AF_ALG interface are
               not affected as this API ensures scatter/gather list entries
               with chunk sizes in multiples of 16 bytes. However, all
               exploiters of aes-gcm within the kernel may be affected.
Solution: Rework of the scatter/gather walk within the aes_s390 kernel
               module implementation with the goal to support any list
               entry size.
Reproduction: With kernel 5.1 there has been an improvement on the crypto
               selftests. There are now tests run with fragmented
               scatter/gather lists. So:
               1. You need at least a z14 and kernel >= 5.1.
               2. If disabled, enable the crypto self tests.
               3. Watch for syslog entries during modprobe of the aes_s390
                  kernel module. As this module usually gets automatically
                  inserted during system startup you may need to unload the
                  aes_s390 kernel module before re-inserting it.
               4. Without the fix something like
                  "kernel: alg: aead: gcm-aes-s390 encryption test failed
                      (wrong result) on test vector 1,..."
                  will show up. With the fix, all selftests will pass and
                  nothing is reported in syslog.

Component: kernel
Upstream-ID: bef9f0ba300a55d79a69aa172156072182176515

This request is targeted for 19.10, but should also be applied to 18.04 and 19.04

Description:   kernel: Fix gcm-aes-s390 wrong scatter-gather list processing
Symptom:       gcm-aes-s390 wrong en/decryption processing
Problem:       The current gcm aes s390 implementation does not process
               scatter-gather input and output lists correct when list
               entries with sizes not multiples of the blocksize of 16
               bytes are used. Result may be wrong calculated encrypted
               or decrypted data.
               This can only happen on z14 (this is the only machine
               which supports aes-gcm in hardware via CPACF). Please note
               that applications using aes-gcm via the AF_ALG interface are
               not affected as this API ensures scatter/gather list entries
               with chunk sizes in multiples of 16 bytes. However, all
               exploiters of aes-gcm within the kernel may be affected.
Solution:      Rework of the scatter/gather walk within the aes_s390 kernel
               module implementation with the goal to support any list
               entry size.
Reproduction:  With kernel 5.1 there has been an improvement on the crypto
               selftests. There are now tests run with fragmented
               scatter/gather lists. So:
               1. You need at least a z14 and kernel >= 5.1.
               2. If disabled, enable the crypto self tests.
               3. Watch for syslog entries during modprobe of the aes_s390
                  kernel module. As this module usually gets automatically
                  inserted during system startup you may need to unload the
                  aes_s390 kernel module before re-inserting it.
               4. Without the fix something like
                  "kernel: alg: aead: gcm-aes-s390 encryption test failed
                      (wrong result) on test vector 1,..."
                  will show up. With the fix, all selftests will pass and
                  nothing is reported in syslog.

Component: kernel
Upstream-ID:   bef9f0ba300a55d79a69aa172156072182176515

This request is targeted for 19.10, but should also be applied to 18.04 and 19.04

Ubuntulinux package

Comment 0 for bug 1832623

Ubuntu
linux package