Received: by 2002:a05:7412:419a:b0:f3:1519:9f41 with SMTP id i26csp3641749rdh;
        Mon, 27 Nov 2023 22:32:08 -0800 (PST)
X-Google-Smtp-Source: AGHT+IHr1j88lK7kNx5bqsCyet98qXNKrGP2JoKIEXU499m1kfOXFCc7YQIxDAm1Ah+vr6mYGlck
X-Received: by 2002:a05:6358:560a:b0:16d:bebc:8473 with SMTP id b10-20020a056358560a00b0016dbebc8473mr14429224rwf.32.1701153128587;
        Mon, 27 Nov 2023 22:32:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1701153128; cv=none;
        d=google.com; s=arc-20160816;
        b=JLVukN7lVucNkXlNKVbnkdpwuLNBsCKIO7vXoKwUwq69abvqbrmK0U4YIaqORecFuE
         Z7nZ106EdjN0iClt/YWouPBYdEJ2bQzfUFNqlgAyhCheXWr3GpXMsTMBO/H14NTncGrg
         5wlMz80Fjx9EcSgczSDUKoMOWc9LfPl2PKonPK75VrPWAdKkgRIT+su42l+J0aGYS0OX
         kU8He4iY7J4u1kvTIJEYvlsc1HbIqpls6dHOBohpC7e9ZAAYRlNdQgxaO1vqp2y+54VK
         MNsWi7gcb7vqElEEynGuM/KVPva7OHQZT62CAUXqmBTC2zXFs5MTpdrlhnKAtJ31Urvu
         lHSA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-disposition:mime-version:list-unsubscribe:list-subscribe
         :list-id:precedence:message-id:subject:to:from:date;
        bh=5/cIp/wJn7RKGnDYK8EMm6Biy8OGekV3cv1rb5bO+Uc=;
        fh=0aNxWXr1jcyBBVJ4bIV7M1eWSoaVjAlVYFHyrXVqtDg=;
        b=VL/c/GqDbXNO6oumhInifKuKcywFayENcmZjsPQZJ5Cx/SSicwMrh+qejtN12fioom
         y6/ym2I9cq1juB3HLGNN6rnn+AmOHsRM1q6fjUu/ns+f/GtW48f/JayFp4sVAqDJFEy6
         Uvxq3X34a8wAf3mJXr292pg4NnriWfz3qFcyZBgEHLdP2rX0B88K6nc56CCCH9c/fmLD
         gNq/YT9JZNdSnoBV7kupxur4dHkr+0kltkMHrc5fgxak/MWFVnMdv0lz8HbT/U16RaX0
         0VvHjRNx6iDSx3QDZdReANc9Biq470d3TxZWtMwYDWtXZCJK9q4pAKZOg2g4Mg7SVLJo
         X+zA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-crypto+bounces-353-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-353-linux.lists.archive=gmail.com@vger.kernel.org"
Return-Path: <linux-crypto+bounces-353-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223])
        by mx.google.com with ESMTPS id o10-20020ac85a4a000000b0042370f990a5si10948008qta.266.2023.11.27.22.32.08
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 27 Nov 2023 22:32:08 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-crypto+bounces-353-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-crypto+bounces-353-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-353-linux.lists.archive=gmail.com@vger.kernel.org"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id 4452C1C209C3
	for <linux.lists.archive@gmail.com>; Tue, 28 Nov 2023 06:32:08 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id A538B134C4
	for <linux.lists.archive@gmail.com>; Tue, 28 Nov 2023 06:32:07 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; dkim=none
X-Original-To: linux-crypto@vger.kernel.org
Received: from abb.hmeau.com (abb.hmeau.com [144.6.53.87])
	by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 85F6A189;
	Mon, 27 Nov 2023 22:22:10 -0800 (PST)
Received: from loth.rohan.me.apana.org.au ([192.168.167.2])
	by formenos.hmeau.com with smtp (Exim 4.94.2 #2 (Debian))
	id 1r7rTw-004Hgh-LO; Tue, 28 Nov 2023 14:22:05 +0800
Received: by loth.rohan.me.apana.org.au (sSMTP sendmail emulation); Tue, 28 Nov 2023 14:22:13 +0800
Date: Tue, 28 Nov 2023 14:22:13 +0800
From: Herbert Xu <herbert@gondor.apana.org.au>
To: Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
	Harald Freudenberger <freude@linux.ibm.com>,
	linux-s390@vger.kernel.org,
	Gerald Schaefer <gerald.schaefer@de.ibm.com>,
	Jan Glauber <jang@linux.vnet.ibm.com>
Subject: crypto: s390/aes - Fix buffer overread in CTR mode
Message-ID: <ZWWHFeOPcW30OYo1@gondor.apana.org.au>
Precedence: bulk
X-Mailing-List: linux-crypto@vger.kernel.org
List-Id: <linux-crypto.vger.kernel.org>
List-Subscribe: <mailto:linux-crypto+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-crypto+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

When processing the last block, the s390 ctr code will always read
a whole block, even if there isn't a whole block of data left.  Fix
this by using the actual length left and copy it into a buffer first
for processing.

Fixes: 0200f3ecc196 ("crypto: s390 - add System z hardware support for CTR mode")
Cc: <stable@vger.kernel.org>
Reported-by: Guangwu Zhang <guazhang@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/arch/s390/crypto/aes_s390.c b/arch/s390/crypto/aes_s390.c
index c773820e4af9..c6fe5405de4a 100644
--- a/arch/s390/crypto/aes_s390.c
+++ b/arch/s390/crypto/aes_s390.c
@@ -597,7 +597,9 @@ static int ctr_aes_crypt(struct skcipher_request *req)
 	 * final block may be < AES_BLOCK_SIZE, copy only nbytes
 	 */
 	if (nbytes) {
-		cpacf_kmctr(sctx->fc, sctx->key, buf, walk.src.virt.addr,
+		memset(buf, 0, AES_BLOCK_SIZE);
+		memcpy(buf, walk.src.virt.addr, nbytes);
+		cpacf_kmctr(sctx->fc, sctx->key, buf, buf,
 			    AES_BLOCK_SIZE, walk.iv);
 		memcpy(walk.dst.virt.addr, buf, nbytes);
 		crypto_inc(walk.iv, AES_BLOCK_SIZE);
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt