[PATCH 5.9 080/757] crypto: caam - add xts check for block length equal to zero

From: Greg Kroah-Hartman
Date: Tue Oct 27 2020 - 11:30:53 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.9 079/757] ima: Dont ignore errors from crypto_shash_update()"
Previous message: Greg Kroah-Hartman: "[PATCH 5.9 145/757] spi: fsi: Handle 9 to 15 byte transfers lengths"
In reply to: Greg Kroah-Hartman: "[PATCH 5.9 145/757] spi: fsi: Handle 9 to 15 byte transfers lengths"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.9 079/757] ima: Dont ignore errors from crypto_shash_update()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Andrei Botila <andrei.botila@xxxxxxx>

commit 297b931c2a3cada230d8b84432ee982fc68cf76a upstream.

XTS should not return succes when dealing with block length equal to zero.
This is different than the rest of the skcipher algorithms.

Fixes: 31bb2f0da1b50 ("crypto: caam - check zero-length input")
Cc: <stable@xxxxxxxxxxxxxxx> # v5.4+
Signed-off-by: Andrei Botila <andrei.botila@xxxxxxx>
Reviewed-by: Horia Geantă <horia.geanta@xxxxxxx>
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/crypto/caam/caamalg.c | 7 ++++++-
drivers/crypto/caam/caamalg_qi.c | 7 ++++++-
drivers/crypto/caam/caamalg_qi2.c | 14 ++++++++++++--
3 files changed, 24 insertions(+), 4 deletions(-)

--- a/drivers/crypto/caam/caamalg.c
+++ b/drivers/crypto/caam/caamalg.c
@@ -1765,7 +1765,12 @@ static inline int skcipher_crypt(struct
u32 *desc;
int ret = 0;

- if (!req->cryptlen)
+ /*
+ * XTS is expected to return an error even for input length = 0
+ * Note that the case input length < block size will be caught during
+ * HW offloading and return an error.
+ */
+ if (!req->cryptlen && !ctx->fallback)
return 0;

/* allocate extended descriptor */
--- a/drivers/crypto/caam/caamalg_qi.c
+++ b/drivers/crypto/caam/caamalg_qi.c
@@ -1380,7 +1380,12 @@ static inline int skcipher_crypt(struct
struct caam_ctx *ctx = crypto_skcipher_ctx(skcipher);
int ret;

- if (!req->cryptlen)
+ /*
+ * XTS is expected to return an error even for input length = 0
+ * Note that the case input length < block size will be caught during
+ * HW offloading and return an error.
+ */
+ if (!req->cryptlen && !ctx->fallback)
return 0;

if (unlikely(caam_congested))
--- a/drivers/crypto/caam/caamalg_qi2.c
+++ b/drivers/crypto/caam/caamalg_qi2.c
@@ -1451,7 +1451,12 @@ static int skcipher_encrypt(struct skcip
struct caam_request *caam_req = skcipher_request_ctx(req);
int ret;

- if (!req->cryptlen)
+ /*
+ * XTS is expected to return an error even for input length = 0
+ * Note that the case input length < block size will be caught during
+ * HW offloading and return an error.
+ */
+ if (!req->cryptlen && !ctx->fallback)
return 0;

/* allocate extended descriptor */
@@ -1482,7 +1487,12 @@ static int skcipher_decrypt(struct skcip
struct caam_request *caam_req = skcipher_request_ctx(req);
int ret;

- if (!req->cryptlen)
+ /*
+ * XTS is expected to return an error even for input length = 0
+ * Note that the case input length < block size will be caught during
+ * HW offloading and return an error.
+ */
+ if (!req->cryptlen && !ctx->fallback)
return 0;
/* allocate extended descriptor */
edesc = skcipher_edesc_alloc(req);

Next message: Greg Kroah-Hartman: "[PATCH 5.9 079/757] ima: Dont ignore errors from crypto_shash_update()"
Previous message: Greg Kroah-Hartman: "[PATCH 5.9 145/757] spi: fsi: Handle 9 to 15 byte transfers lengths"
In reply to: Greg Kroah-Hartman: "[PATCH 5.9 145/757] spi: fsi: Handle 9 to 15 byte transfers lengths"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.9 079/757] ima: Dont ignore errors from crypto_shash_update()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]