www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Jason A. Donenfeld <Jason@zx2c4.com>
	Sun, 6 Dec 2015 01:51:37 +0000 (02:51 +0100)
committer	Chuck Anderson <chuck.anderson@oracle.com>
	Sun, 26 Feb 2017 05:34:37 +0000 (21:34 -0800)
commit	faef04cb278f3f96a76119995dca69b68698a59d
tree	44b879e089c90843e752226dc4a083b6ebaa01ef	tree
parent	dde35f71de94186e4d013148a9c864858a41efb2	commit \| diff

crypto: skcipher - Copy iv from desc even for 0-len walks

Orabug: 25243093

Some ciphers actually support encrypting zero length plaintexts. For
example, many AEAD modes support this. The resulting ciphertext for
those winds up being only the authentication tag, which is a result of
the key, the iv, the additional data, and the fact that the plaintext
had zero length. The blkcipher constructors won't copy the IV to the
right place, however, when using a zero length input, resulting in
some significant problems when ciphers call their initialization
routines, only to find that the ->iv parameter is uninitialized. One
such example of this would be using chacha20poly1305 with a zero length
input, which then calls chacha20, which calls the key setup routine,
which eventually OOPSes due to the uninitialized ->iv member.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 70d906bc17500edfa9bdd8c8b7e59618c7911613)
Signed-off-by: Ethan Zhao <ethan.zhao@oracle.com>

crypto/ablkcipher.c		diff \| blob \| history
crypto/blkcipher.c		diff \| blob \| history