Commit e381a0a1 authored by Herbert Xu's avatar Herbert Xu Committed by Chris Wright

[PATCH] Fix boundary check in standard multi-block cipher processors

[CRYPTO] Fix boundary check in standard multi-block cipher processors

Fixes Bug 5194 (IPSec related Oops in 2.6.13).

The boundary check in the standard multi-block cipher processors are
broken when nbytes is not a multiple of bsize.  In those cases it will
always process an extra block.

This patch corrects the check so that it processes at most nbytes of data.
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarChris Wright <chrisw@osdl.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent a49567a4
...@@ -191,6 +191,8 @@ static unsigned int cbc_process_encrypt(const struct cipher_desc *desc, ...@@ -191,6 +191,8 @@ static unsigned int cbc_process_encrypt(const struct cipher_desc *desc,
u8 *iv = desc->info; u8 *iv = desc->info;
unsigned int done = 0; unsigned int done = 0;
nbytes -= bsize;
do { do {
xor(iv, src); xor(iv, src);
fn(crypto_tfm_ctx(tfm), dst, iv); fn(crypto_tfm_ctx(tfm), dst, iv);
...@@ -198,7 +200,7 @@ static unsigned int cbc_process_encrypt(const struct cipher_desc *desc, ...@@ -198,7 +200,7 @@ static unsigned int cbc_process_encrypt(const struct cipher_desc *desc,
src += bsize; src += bsize;
dst += bsize; dst += bsize;
} while ((done += bsize) < nbytes); } while ((done += bsize) <= nbytes);
return done; return done;
} }
...@@ -219,6 +221,8 @@ static unsigned int cbc_process_decrypt(const struct cipher_desc *desc, ...@@ -219,6 +221,8 @@ static unsigned int cbc_process_decrypt(const struct cipher_desc *desc,
u8 *iv = desc->info; u8 *iv = desc->info;
unsigned int done = 0; unsigned int done = 0;
nbytes -= bsize;
do { do {
u8 *tmp_dst = *dst_p; u8 *tmp_dst = *dst_p;
...@@ -230,7 +234,7 @@ static unsigned int cbc_process_decrypt(const struct cipher_desc *desc, ...@@ -230,7 +234,7 @@ static unsigned int cbc_process_decrypt(const struct cipher_desc *desc,
src += bsize; src += bsize;
dst += bsize; dst += bsize;
} while ((done += bsize) < nbytes); } while ((done += bsize) <= nbytes);
return done; return done;
} }
...@@ -243,12 +247,14 @@ static unsigned int ecb_process(const struct cipher_desc *desc, u8 *dst, ...@@ -243,12 +247,14 @@ static unsigned int ecb_process(const struct cipher_desc *desc, u8 *dst,
void (*fn)(void *, u8 *, const u8 *) = desc->crfn; void (*fn)(void *, u8 *, const u8 *) = desc->crfn;
unsigned int done = 0; unsigned int done = 0;
nbytes -= bsize;
do { do {
fn(crypto_tfm_ctx(tfm), dst, src); fn(crypto_tfm_ctx(tfm), dst, src);
src += bsize; src += bsize;
dst += bsize; dst += bsize;
} while ((done += bsize) < nbytes); } while ((done += bsize) <= nbytes);
return done; return done;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment