From: Hans-Joachim Picht <hpicht@redhat.com> Date: Tue, 20 May 2008 13:47:52 +0200 Subject: [s390] aes_s390 decrypt may produce wrong results in CBC Message-id: 20080520114752.GF16866@redhat.com O-Subject: [RHEL5 U3 PATCH 1/4] s390 - aes_s390 decrypt operation may produce wrong results in CBC mode. Bugzilla: 446191 RH-Acked-by: Pete Zaitcev <zaitcev@redhat.com> Description ============ The aes_s390 decrypt operation may produce wrong results in CBC mode. In CBC mode the IV is used to chain consecutive data blocks but aes_s390 is missing the write back of the IV if decrypting in CBC mode. If multiple data blocks are decrypted the plaintext may be wrong. The problem is fixed writing back the IV in CBC mode Bugzilla ========= BZ 446191 https://bugzilla.redhat.com/show_bug.cgi?id=446191 Upstream status of the patch: ============================= This patch does not apply to upstream since the upstream crypto code changed with 2.6.19. Test status: ============ The patch has been tested and fixes the problem. The fix was verified by the IBM test team. Please ACK. With best regards, Hans diff --git a/arch/s390/crypto/aes_s390.c b/arch/s390/crypto/aes_s390.c index 0bf0d37..55c9cd4 100644 --- a/arch/s390/crypto/aes_s390.c +++ b/arch/s390/crypto/aes_s390.c @@ -215,6 +215,8 @@ static unsigned int aes_decrypt_cbc(const struct cipher_desc *desc, u8 *out, BUG_ON((ret < 0) || (ret != nbytes)); break; } + memcpy(desc->info, &sctx->iv, AES_BLOCK_SIZE); + return nbytes; }