crypto: ccp - copy IV using skcipher ivsize

AF_ALG rfc3686-ctr-aes-ccp requests pass an 8-byte IV to the driver.

ccp_aes_complete() restores AES_BLOCK_SIZE bytes into the caller's IV
buffer while RFC3686 skciphers expose an 8-byte IV, so the restore
overruns the provided buffer.

Use crypto_skcipher_ivsize() to copy only the algorithm's IV length.

Fixes: 2b789435d7f3 ("crypto: ccp - CCP AES crypto API support")
Signed-off-by: Paul Moses <p@1g4.org>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/drivers/crypto/ccp/ccp-crypto-aes.c b/drivers/crypto/ccp/ccp-crypto-aes.c
index 94bccc5d6c789a08222867ee1a97a61797c3c168..f475819b6fc39f4e0d29463d6b281cac036edf9f 100644 (file)
--- a/drivers/crypto/ccp/ccp-crypto-aes.c
+++ b/drivers/crypto/ccp/ccp-crypto-aes.c
@@ -30,8 +30,11 @@ static int ccp_aes_complete(struct crypto_async_request *async_req, int ret)
        if (ret)
                return ret;
 
-       if (ctx->u.aes.mode != CCP_AES_MODE_ECB)
-               memcpy(req->iv, rctx->iv, AES_BLOCK_SIZE);
+       if (ctx->u.aes.mode != CCP_AES_MODE_ECB) {
+               size_t ivsize = crypto_skcipher_ivsize(crypto_skcipher_reqtfm(req));
+
+               memcpy(req->iv, rctx->iv, ivsize);
+       }
 
        return 0;
 }