• T
    crypto: atmel-aes - Fix IV handling when req->nbytes < ivsize · 1e475dc4
    Tudor Ambarus 提交于
    commit 86ef1dfcb561473fbf5e199d58d18c55554d78be upstream.
    
    commit 394a9e044702 ("crypto: cfb - add missing 'chunksize' property")
    adds a test vector where the input length is smaller than the IV length
    (the second test vector). This revealed a NULL pointer dereference in
    the atmel-aes driver, that is caused by passing an incorrect offset in
    scatterwalk_map_and_copy() when atmel_aes_complete() is called.
    
    Do not save the IV in req->info of ablkcipher_request (or equivalently
    req->iv of skcipher_request) when req->nbytes < ivsize, because the IV
    will not be further used.
    
    While touching the code, modify the type of ivsize from int to
    unsigned int, to comply with the return type of
    crypto_ablkcipher_ivsize().
    
    Fixes: 91308019 ("crypto: atmel-aes - properly set IV after {en,de}crypt")
    Cc: <stable@vger.kernel.org>
    Signed-off-by: NTudor Ambarus <tudor.ambarus@microchip.com>
    Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    1e475dc4
atmel-aes.c 68.8 KB