| From 74c66120fda6596ad57f41e1607b3a5d51ca143d Mon Sep 17 00:00:00 2001 |
| From: Kees Cook <keescook@chromium.org> |
| Date: Wed, 16 Jun 2021 13:34:59 -0700 |
| Subject: crypto: nx - Fix memcpy() over-reading in nonce |
| |
| From: Kees Cook <keescook@chromium.org> |
| |
| commit 74c66120fda6596ad57f41e1607b3a5d51ca143d upstream. |
| |
| Fix typo in memcpy() where size should be CTR_RFC3686_NONCE_SIZE. |
| |
| Fixes: 030f4e968741 ("crypto: nx - Fix reentrancy bugs") |
| Cc: stable@vger.kernel.org |
| Signed-off-by: Kees Cook <keescook@chromium.org> |
| Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| drivers/crypto/nx/nx-aes-ctr.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- a/drivers/crypto/nx/nx-aes-ctr.c |
| +++ b/drivers/crypto/nx/nx-aes-ctr.c |
| @@ -118,7 +118,7 @@ static int ctr3686_aes_nx_crypt(struct s |
| struct nx_crypto_ctx *nx_ctx = crypto_skcipher_ctx(tfm); |
| u8 iv[16]; |
| |
| - memcpy(iv, nx_ctx->priv.ctr.nonce, CTR_RFC3686_IV_SIZE); |
| + memcpy(iv, nx_ctx->priv.ctr.nonce, CTR_RFC3686_NONCE_SIZE); |
| memcpy(iv + CTR_RFC3686_NONCE_SIZE, req->iv, CTR_RFC3686_IV_SIZE); |
| iv[12] = iv[13] = iv[14] = 0; |
| iv[15] = 1; |
