crypto: ccree - don't copy zero size ciphertext

commit 2b5ac174 upstream. For decryption in CBC mode we need to save the last ciphertext block for use as the next IV. However, we were trying to do this also with zero sized ciphertext resulting in a panic. Fix this by only doing the copy if the ciphertext length is at least of IV size. Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> Cc: stable@vger.kernel.org Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

crypto: ccree - don't copy zero size ciphertext
commit 2b5ac174 upstream. For decryption in CBC mode we need to save the last ciphertext block for use as the next IV. However, we were trying to do this also with zero sized ciphertext resulting in a panic. Fix this by only doing the copy if the ciphertext length is at least of IV size. Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> Cc: stable@vger.kernel.org Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
6ed42ccc · Gilad Ben-Yossef · Greg Kroah-Hartman · 0bdd345a · 6ed42ccc
Commit 6ed42ccc authored Jan 15, 2019 by Gilad Ben-Yossef Committed by Greg Kroah-Hartman Mar 23, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

drivers/crypto/ccree/cc_cipher.c drivers/crypto/ccree/cc_cipher.c +2 -1

No files found.
--- a/drivers/crypto/ccree/cc_cipher.c
+++ b/drivers/crypto/ccree/cc_cipher.c
@@ -783,7 +783,8 @@ static int cc_cipher_decrypt(struct skcipher_request *req)
 	memset(req_ctx, 0, sizeof(*req_ctx));
-	if (ctx_p->cipher_mode == DRV_CIPHER_CBC) {
+	if ((ctx_p->cipher_mode == DRV_CIPHER_CBC) &&
+	    (req->cryptlen >= ivsize)) {
 		/* Allocate and save the last IV sized bytes of the source,
 		 * which will be lost in case of in-place decryption.