[thirdparty/kernel/stable-queue.git] / releases / 4.19.31 / crypto-ccree-don-t-copy-zero-size-ciphertext.patch

From 2b5ac17463dcb2411fed506edcf259a89bb538ba Mon Sep 17 00:00:00 2001
From: Gilad Ben-Yossef <gilad@benyossef.com>
Date: Tue, 15 Jan 2019 15:43:17 +0200
Subject: crypto: ccree - don't copy zero size ciphertext

From: Gilad Ben-Yossef <gilad@benyossef.com>

commit 2b5ac17463dcb2411fed506edcf259a89bb538ba upstream.

For decryption in CBC mode we need to save the last ciphertext block
for use as the next IV. However, we were trying to do this also with
zero sized ciphertext resulting in a panic.

Fix this by only doing the copy if the ciphertext length is at least
of IV size.

Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/crypto/ccree/cc_cipher.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/drivers/crypto/ccree/cc_cipher.c
+++ b/drivers/crypto/ccree/cc_cipher.c
@@ -783,7 +783,8 @@ static int cc_cipher_decrypt(struct skci
 
 	memset(req_ctx, 0, sizeof(*req_ctx));
 
-	if (ctx_p->cipher_mode == DRV_CIPHER_CBC) {
+	if ((ctx_p->cipher_mode == DRV_CIPHER_CBC) &&
+	    (req->cryptlen >= ivsize)) {
 
 		/* Allocate and save the last IV sized bytes of the source,
 		 * which will be lost in case of in-place decryption.
Commit	Line	Data
eedc2696 GKH	1	From 2b5ac17463dcb2411fed506edcf259a89bb538ba Mon Sep 17 00:00:00 2001
	2	From: Gilad Ben-Yossef <gilad@benyossef.com>
	3	Date: Tue, 15 Jan 2019 15:43:17 +0200
	4	Subject: crypto: ccree - don't copy zero size ciphertext
	5
	6	From: Gilad Ben-Yossef <gilad@benyossef.com>
	7
	8	commit 2b5ac17463dcb2411fed506edcf259a89bb538ba upstream.
	9
	10	For decryption in CBC mode we need to save the last ciphertext block
	11	for use as the next IV. However, we were trying to do this also with
	12	zero sized ciphertext resulting in a panic.
	13
	14	Fix this by only doing the copy if the ciphertext length is at least
	15	of IV size.
	16
	17	Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
	18	Cc: stable@vger.kernel.org
	19	Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
	20	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	21
	22	---
	23	drivers/crypto/ccree/cc_cipher.c \| 3 ++-
	24	1 file changed, 2 insertions(+), 1 deletion(-)
	25
	26	--- a/drivers/crypto/ccree/cc_cipher.c
	27	+++ b/drivers/crypto/ccree/cc_cipher.c
	28	@@ -783,7 +783,8 @@ static int cc_cipher_decrypt(struct skci
	29
	30	memset(req_ctx, 0, sizeof(*req_ctx));
	31
	32	- if (ctx_p->cipher_mode == DRV_CIPHER_CBC) {
	33	+ if ((ctx_p->cipher_mode == DRV_CIPHER_CBC) &&
	34	+ (req->cryptlen >= ivsize)) {
	35
	36	/* Allocate and save the last IV sized bytes of the source,
	37	* which will be lost in case of in-place decryption.