Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp2717566pxv;
        Sun, 11 Jul 2021 23:40:59 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJx/iyGuO5pUJv5eBYMQTJfkYXIrybzH1CCor9605lBwvc8TifGPl73aNapdI2D3V5DzgEmy
X-Received: by 2002:a17:906:bc48:: with SMTP id s8mr12939117ejv.453.1626072059266;
        Sun, 11 Jul 2021 23:40:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1626072059; cv=none;
        d=google.com; s=arc-20160816;
        b=hb4VgM85TbbnVObWkjX/O3j5fnM40ByOLIOzmcfMi7vWO5irGXPZY6ZDWfdZzKkTON
         eUfJzCDS2zxjS/wfDeThNJTdk0FcUpA6Cmm4TIf7RgGMTXn2zydESk94lue937sB6nTh
         GIc9/Be6c9vYq5PhpakgSyvUB3OONIDnOKqngknKG+uRi14K9uJ/xu2Dqp4/px3jc3BN
         zUu4tZWxT9YpgXuIrqwedmtdn+4llamohnDokZWXaL8mA6fggGv+SVmAYg/cFiQyUAJj
         7fpD5f30MExzcVh/II/t9PqJxFKnQDJArjdvWMoG0EXLi5mz2YrMh45t9oxCs5FSL/R1
         gIqw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=ahhOwn7Y4wvwqDT4CDhPqug0KQo+mM696MD94oGFHtA=;
        b=Yvqpa6Ea39BnfeY8N+Nl+z/K9HnzEC4FjVciJUjkSTRhFpujqogxs6Rv+yUZowIR8O
         umtZORfSGFee7OH7Vq3Nw22BQZE0XVaTjJYdAu/4po/eDIPYg508fgc7z/Mea8pTPNhy
         T3Vlvj+44QYwU15FbtTVkOp2/vOtE8z2os16Gcfs7NieGtAvCtcn/MxcI/Zo7gIHxM5T
         lv3i5orYcSjIlK7OULomHV5DYebxmJgSfeFDpPDSuG8wx3zGC0YfxA9qGzc1VT7/poeK
         GveLro2OOHbOqr0phd0GbrDrb63x43aWls/Z/DyV2707r3eZCZ2L/or0IpoRwP7xMpk1
         pTvQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=hIUHT2hZ;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id js1si17829684ejc.464.2021.07.11.23.40.36;
        Sun, 11 Jul 2021 23:40:59 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=hIUHT2hZ;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238192AbhGLGkA (ORCPT <rfc822;maloy021189ju@gmail.com>
        + 99 others); Mon, 12 Jul 2021 02:40:00 -0400
Received: from mail.kernel.org ([198.145.29.99]:54296 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S236855AbhGLGcA (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 12 Jul 2021 02:32:00 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id D410460238;
        Mon, 12 Jul 2021 06:29:11 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1626071352;
        bh=T514FKVQHpdtGynVP9Rb6yceVV44jJ/7xXUG8NIatSg=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=hIUHT2hZPK+EpvQAAmPz651818r0nw+m3LMJzjJGbOCt0hPLe9Ya3jxpVhPZw8YgZ
         MMXt9p7pswBK2NbNn74hr+1BQ2uiuFVdti0MEgrdal69bbaDGv08ba+ngssTKdgkre
         OVAWLQOmpuGVQpUk/ouS36f6+gA174V2M1XxYyGk=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Kees Cook <keescook@chromium.org>,
        Herbert Xu <herbert@gondor.apana.org.au>
Subject: [PATCH 5.10 034/593] crypto: nx - Fix memcpy() over-reading in nonce
Date:   Mon, 12 Jul 2021 08:03:14 +0200
Message-Id: <20210712060846.919970925@linuxfoundation.org>
X-Mailer: git-send-email 2.32.0
In-Reply-To: <20210712060843.180606720@linuxfoundation.org>
References: <20210712060843.180606720@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Kees Cook <keescook@chromium.org>

commit 74c66120fda6596ad57f41e1607b3a5d51ca143d upstream.

Fix typo in memcpy() where size should be CTR_RFC3686_NONCE_SIZE.

Fixes: 030f4e968741 ("crypto: nx - Fix reentrancy bugs")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/crypto/nx/nx-aes-ctr.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/crypto/nx/nx-aes-ctr.c
+++ b/drivers/crypto/nx/nx-aes-ctr.c
@@ -118,7 +118,7 @@ static int ctr3686_aes_nx_crypt(struct s
 	struct nx_crypto_ctx *nx_ctx = crypto_skcipher_ctx(tfm);
 	u8 iv[16];
 
-	memcpy(iv, nx_ctx->priv.ctr.nonce, CTR_RFC3686_IV_SIZE);
+	memcpy(iv, nx_ctx->priv.ctr.nonce, CTR_RFC3686_NONCE_SIZE);
 	memcpy(iv + CTR_RFC3686_NONCE_SIZE, req->iv, CTR_RFC3686_IV_SIZE);
 	iv[12] = iv[13] = iv[14] = 0;
 	iv[15] = 1;