From: Gilad Ben-Yossef <gilad@benyossef.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>
Cc: Ofir Drang <ofir.drang@arm.com>,
stable@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH] crypto: ccree: fix iv copying for small buffers
Date: Thu, 7 Jun 2018 09:58:47 +0100 [thread overview]
Message-ID: <1528361927-4172-1-git-send-email-gilad@benyossef.com> (raw)
We are copying our last cipher block into the request for use as IV as
required by the Crypto API but we failed to handle correctly the case the
buffer we are working on is smaller than a block. Fix it by calculating
how much we need to copy based on buffer size.
CC: stable@vger.kernel.org
Fixes: 63ee04c8b491 ("crypto: ccree - add skcipher support")
Reported by: Hadar Gat <hadar.gat@arm.com>
Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
---
drivers/crypto/ccree/cc_cipher.c | 30 ++++++++++++++++++++++++------
1 file changed, 24 insertions(+), 6 deletions(-)
diff --git a/drivers/crypto/ccree/cc_cipher.c b/drivers/crypto/ccree/cc_cipher.c
index d2810c1..a07547f 100644
--- a/drivers/crypto/ccree/cc_cipher.c
+++ b/drivers/crypto/ccree/cc_cipher.c
@@ -616,9 +616,18 @@ static void cc_cipher_complete(struct device *dev, void *cc_req, int err)
memcpy(req->iv, req_ctx->backup_info, ivsize);
kzfree(req_ctx->backup_info);
} else if (!err) {
- scatterwalk_map_and_copy(req->iv, req->dst,
- (req->cryptlen - ivsize),
- ivsize, 0);
+ unsigned int len;
+
+ if (req->cryptlen > ivsize) {
+ len = req->cryptlen - ivsize;
+ } else {
+ memset(req->iv, 0, ivsize);
+ len = 0;
+ ivsize = req->cryptlen;
+
+ }
+
+ scatterwalk_map_and_copy(req->iv, req->dst, len, ivsize, 0);
}
skcipher_request_complete(req, err);
@@ -755,17 +764,26 @@ static int cc_cipher_decrypt(struct skcipher_request *req)
struct cipher_req_ctx *req_ctx = skcipher_request_ctx(req);
unsigned int ivsize = crypto_skcipher_ivsize(sk_tfm);
gfp_t flags = cc_gfp_flags(&req->base);
+ unsigned int len;
/*
* Allocate and save the last IV sized bytes of the source, which will
* be lost in case of in-place decryption and might be needed for CTS.
*/
- req_ctx->backup_info = kmalloc(ivsize, flags);
+ req_ctx->backup_info = kzalloc(ivsize, flags);
if (!req_ctx->backup_info)
return -ENOMEM;
- scatterwalk_map_and_copy(req_ctx->backup_info, req->src,
- (req->cryptlen - ivsize), ivsize, 0);
+
+ if (req->cryptlen > ivsize) {
+ len = req->cryptlen - ivsize;
+ } else {
+ len = 0;
+ ivsize = req->cryptlen;
+ }
+
+ scatterwalk_map_and_copy(req_ctx->backup_info, req->src, len, ivsize,
+ 0);
req_ctx->is_giv = false;
return cc_cipher_process(req, DRV_CRYPTO_DIRECTION_DECRYPT);
--
2.7.4
next reply other threads:[~2018-06-07 8:58 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-07 8:58 Gilad Ben-Yossef [this message]
2018-06-07 9:02 ` [PATCH] crypto: ccree: fix iv copying for small buffers Gilad Ben-Yossef
2018-06-08 7:30 ` Harsh Jain
2018-06-13 6:30 ` Herbert Xu
[not found] ` <CAOtvUMdtafGwXJFD0Tm1tx1q+TxRsB4nwEKxumE7=--_PMCZrQ@mail.gmail.com>
2018-06-19 14:27 ` Herbert Xu
2018-06-21 13:35 ` Gilad Ben-Yossef
2018-06-22 6:53 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1528361927-4172-1-git-send-email-gilad@benyossef.com \
--to=gilad@benyossef.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ofir.drang@arm.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.