File fix-out-of-bounds-write-in-aes-gcm.patch of Package libica.10421

From cf5b6d1a13e4fedc0ef90905b835bf4235ed18e5 Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.steuer@de.ibm.com>
Date: Mon, 26 Feb 2018 20:18:36 +0000
Subject: [PATCH] fix out-of-bounds write in aes-gcm

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
---
 src/fips.c             | 2 +-
 src/include/s390_gcm.h | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/fips.c b/src/fips.c
index 4b0e64f..d09a553 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -443,7 +443,7 @@ aes_gcm_kat(void) {
 			goto _err_;
 
 		memset(tag, 0, AES_BLKSIZE);
-		memset(out, 0, AES_BLKSIZE);
+		memset(out, 0, tv->len);
 		memset(icb, 0, sizeof(icb));
 		memset(icb, 0, sizeof(ucb));
 		memset(subkey, 0, sizeof(subkey));
diff --git a/src/include/s390_gcm.h b/src/include/s390_gcm.h
index e856a1c..849de3b 100644
--- a/src/include/s390_gcm.h
+++ b/src/include/s390_gcm.h
@@ -405,13 +405,14 @@ static inline int s390_gcm(unsigned int function_code,
 					  tag, tag_length, 1, 1);
 		} else {
 			/* encrypt */
-			memset(tag, 0, AES_BLOCK_SIZE);
+			memset(tmp_tag, 0, AES_BLOCK_SIZE);
 			rc = s390_aes_gcm(function_code,
 					  plaintext, ciphertext, text_length,
 					  key, j0, GCM_CTR_WIDTH,
 					  tmp_ctr, GCM_CTR_WIDTH,
 					  aad, aad_length, subkey_h,
-					  tag, tag_length, 1, 1);
+					  tmp_tag, tag_length, 1, 1);
+			memcpy(tag, tmp_tag, tag_length);
 		}
 
 		return rc;
-- 
2.13.7