Commit 26603946 authored by Herbert Xu's avatar Herbert Xu Committed by Yongqiang Liu
Browse files

crypto: s390/aes - Fix buffer overread in CTR mode 

stable inclusion
from stable-v5.10.210
commit cd51e26a3b89706beec64f2d8296cfb1c34e0c79
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9Q9DK


CVE: CVE-2023-52669

--------------------------------

commit d07f951903fa9922c375b8ab1ce81b18a0034e3b upstream.

When processing the last block, the s390 ctr code will always read
a whole block, even if there isn't a whole block of data left.  Fix
this by using the actual length left and copy it into a buffer first
for processing.

Fixes: 0200f3ec ("crypto: s390 - add System z hardware support for CTR mode")
Cc: <stable@vger.kernel.org>
Reported-by: default avatarGuangwu Zhang <guazhang@redhat.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Reviewd-by: default avatarHarald Freudenberger <freude@de.ibm.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Conflicts:
	arch/s390/crypto/aes_s390.c
	arch/s390/crypto/paes_s390.c
[Yongqiang: adapt for pointer of blkcipher_walk]
Signed-off-by: default avatarYongqiang Liu <liuyongqiang13@huawei.com>
parent 5af85baa
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment