Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp815848ybl; Wed, 11 Dec 2019 07:57:38 -0800 (PST) X-Google-Smtp-Source: APXvYqzyDnCnCcQ/6Zz4Fspum62ojZnKKn3Qh5AOSYwsQmrO6n5CqRulPK3TtOpEInzJ6QzN6tuJ X-Received: by 2002:a9d:6c85:: with SMTP id c5mr2698547otr.164.1576079858580; Wed, 11 Dec 2019 07:57:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576079858; cv=none; d=google.com; s=arc-20160816; b=uhFSNNisppABwRQBECcUtSnKKI46jVh5pibw2ny32S9yJBX9GBvTIaN/eLaSIrYJ0U xNccjto596xOca7QIAVXHKKVMm2ov3sgpERzaikaoX7mPnH0Pz0Yy4DaMylBLmB7uANy Px5XFxZ7J9pA/MbjIMzbTMvNGeA7VE0TdJbaOEtvBt6NS4bW4E6+3ndLC3z2tClT7q1j YSF1A0rAM/cbUzI2SVjlvU91wFbK3jlUTxoICLcDwm2MPFv33iyXUiPsxMsB7UVks5HJ SA93lI5wxRWkHRqjy+qkiI3Sd3w46I0C79ZSx35ujSfevzuA2vtl6DXVKDjzZLzuyll8 tghw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=my+ES9fsjn1+WKa3g3yFlP2YI5uSzJfbX391I0l7Z5U=; b=0dpj4fUiVR80tF7K/QESMGYxTkS8A0MjP/Yu1I/HC0zfK7k+rEBBHnAU5UCDmNL2SQ GmihRj5Hx27VruHVZqavgOzu5WSdiQC2UwlG7di3aVSWze6nxgTS6Ja75LGia2oc50gS okNk1gDhXTRNKrW6BonOsZia7GSCm6ZCwwWhLoSHDRmAH/9paLWK8BtsabKnI716+VZK UypV8puf7Z0CbWcc+msRR/J1RLqN5m/zDgXLaKCBh9UbMqkdFqHHIw5Wp8HNTfKly6Jp t1Y4Rq4Iixj8iUoRzJ1ePcMiXxyEGGvohTZIwLazAKU3UtDyYeBKCGNo4dVm329sYW7n hyrA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="u/taWUxa"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u132si1429353oig.93.2019.12.11.07.57.27; Wed, 11 Dec 2019 07:57:38 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="u/taWUxa"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732012AbfLKP4U (ORCPT + 99 others); Wed, 11 Dec 2019 10:56:20 -0500 Received: from mail.kernel.org ([198.145.29.99]:41772 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731798AbfLKPP3 (ORCPT ); Wed, 11 Dec 2019 10:15:29 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 72ED92467D; Wed, 11 Dec 2019 15:15:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1576077328; bh=0qytjjZWSM6P7mpZ8ddmpF2SU5ZT8/Uf1JWrhNBExQo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=u/taWUxab3qHl+yME7baGA7Apwye8SG9cEP1toq4pmuj2C3t/hQXCxbMLB6UrNtT5 Z9NMF4WvnTa55Bp7Ts3UbQTx3lmzdqLE+RJbscNE0Iz51/jR0Rc4HNFYOGm3aEVupP ZUPCAphsdO3OBO1pwc3CYucyC8AqfRuOqxLQavgk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Tudor Ambarus , Herbert Xu Subject: [PATCH 5.3 086/105] crypto: atmel-aes - Fix IV handling when req->nbytes < ivsize Date: Wed, 11 Dec 2019 16:06:15 +0100 Message-Id: <20191211150259.473884315@linuxfoundation.org> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20191211150221.153659747@linuxfoundation.org> References: <20191211150221.153659747@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Tudor Ambarus commit 86ef1dfcb561473fbf5e199d58d18c55554d78be upstream. commit 394a9e044702 ("crypto: cfb - add missing 'chunksize' property") adds a test vector where the input length is smaller than the IV length (the second test vector). This revealed a NULL pointer dereference in the atmel-aes driver, that is caused by passing an incorrect offset in scatterwalk_map_and_copy() when atmel_aes_complete() is called. Do not save the IV in req->info of ablkcipher_request (or equivalently req->iv of skcipher_request) when req->nbytes < ivsize, because the IV will not be further used. While touching the code, modify the type of ivsize from int to unsigned int, to comply with the return type of crypto_ablkcipher_ivsize(). Fixes: 91308019ecb4 ("crypto: atmel-aes - properly set IV after {en,de}crypt") Cc: Signed-off-by: Tudor Ambarus Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- drivers/crypto/atmel-aes.c | 53 +++++++++++++++++++++++++-------------------- 1 file changed, 30 insertions(+), 23 deletions(-) --- a/drivers/crypto/atmel-aes.c +++ b/drivers/crypto/atmel-aes.c @@ -490,6 +490,29 @@ static inline bool atmel_aes_is_encrypt( static void atmel_aes_authenc_complete(struct atmel_aes_dev *dd, int err); #endif +static void atmel_aes_set_iv_as_last_ciphertext_block(struct atmel_aes_dev *dd) +{ + struct ablkcipher_request *req = ablkcipher_request_cast(dd->areq); + struct atmel_aes_reqctx *rctx = ablkcipher_request_ctx(req); + struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req); + unsigned int ivsize = crypto_ablkcipher_ivsize(ablkcipher); + + if (req->nbytes < ivsize) + return; + + if (rctx->mode & AES_FLAGS_ENCRYPT) { + scatterwalk_map_and_copy(req->info, req->dst, + req->nbytes - ivsize, ivsize, 0); + } else { + if (req->src == req->dst) + memcpy(req->info, rctx->lastc, ivsize); + else + scatterwalk_map_and_copy(req->info, req->src, + req->nbytes - ivsize, + ivsize, 0); + } +} + static inline int atmel_aes_complete(struct atmel_aes_dev *dd, int err) { #ifdef CONFIG_CRYPTO_DEV_ATMEL_AUTHENC @@ -500,26 +523,8 @@ static inline int atmel_aes_complete(str clk_disable(dd->iclk); dd->flags &= ~AES_FLAGS_BUSY; - if (!dd->ctx->is_aead) { - struct ablkcipher_request *req = - ablkcipher_request_cast(dd->areq); - struct atmel_aes_reqctx *rctx = ablkcipher_request_ctx(req); - struct crypto_ablkcipher *ablkcipher = - crypto_ablkcipher_reqtfm(req); - int ivsize = crypto_ablkcipher_ivsize(ablkcipher); - - if (rctx->mode & AES_FLAGS_ENCRYPT) { - scatterwalk_map_and_copy(req->info, req->dst, - req->nbytes - ivsize, ivsize, 0); - } else { - if (req->src == req->dst) { - memcpy(req->info, rctx->lastc, ivsize); - } else { - scatterwalk_map_and_copy(req->info, req->src, - req->nbytes - ivsize, ivsize, 0); - } - } - } + if (!dd->ctx->is_aead) + atmel_aes_set_iv_as_last_ciphertext_block(dd); if (dd->is_async) dd->areq->complete(dd->areq, err); @@ -1125,10 +1130,12 @@ static int atmel_aes_crypt(struct ablkci rctx->mode = mode; if (!(mode & AES_FLAGS_ENCRYPT) && (req->src == req->dst)) { - int ivsize = crypto_ablkcipher_ivsize(ablkcipher); + unsigned int ivsize = crypto_ablkcipher_ivsize(ablkcipher); - scatterwalk_map_and_copy(rctx->lastc, req->src, - (req->nbytes - ivsize), ivsize, 0); + if (req->nbytes >= ivsize) + scatterwalk_map_and_copy(rctx->lastc, req->src, + req->nbytes - ivsize, + ivsize, 0); } return atmel_aes_handle_queue(dd, &req->base);