releases/4.19.31/crypto-ccree-don-t-copy-zero-size-ciphertext.patch

   1 From 2b5ac17463dcb2411fed506edcf259a89bb538ba Mon Sep 17 00:00:00 2001
   2 From: Gilad Ben-Yossef <gilad@benyossef.com>
   3 Date: Tue, 15 Jan 2019 15:43:17 +0200
   4 Subject: crypto: ccree - don't copy zero size ciphertext
   5
   6 From: Gilad Ben-Yossef <gilad@benyossef.com>
   7
   8 commit 2b5ac17463dcb2411fed506edcf259a89bb538ba upstream.
   9
  10 For decryption in CBC mode we need to save the last ciphertext block
  11 for use as the next IV. However, we were trying to do this also with
  12 zero sized ciphertext resulting in a panic.
  13
  14 Fix this by only doing the copy if the ciphertext length is at least
  15 of IV size.
  16
  17 Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
  18 Cc: stable@vger.kernel.org
  19 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
  20 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  21
  22 ---
  23  drivers/crypto/ccree/cc_cipher.c |    3 ++-
  24  1 file changed, 2 insertions(+), 1 deletion(-)
  25
  26 --- a/drivers/crypto/ccree/cc_cipher.c
  27 +++ b/drivers/crypto/ccree/cc_cipher.c
  28 @@ -783,7 +783,8 @@ static int cc_cipher_decrypt(struct skci
  29
  30         memset(req_ctx, 0, sizeof(*req_ctx));
  31
  32 -       if (ctx_p->cipher_mode == DRV_CIPHER_CBC) {
  33 +       if ((ctx_p->cipher_mode == DRV_CIPHER_CBC) &&
  34 +           (req->cryptlen >= ivsize)) {
  35
  36                 /* Allocate and save the last IV sized bytes of the source,
  37                  * which will be lost in case of in-place decryption.