Corrected bug in IV setting for ciphers.

2 files changed, 11 insertions, 8 deletions

diff --git a/cryptodev_cipher.c b/cryptodev_cipher.c
index 49bd618..9cc42ac 100644
--- a/cryptodev_cipher.c
+++ b/cryptodev_cipher.c
@@ -187,12 +187,16 @@ void cryptodev_cipher_deinit(struct cipher_data* cdata)
 	cdata->type = 0;
 }
 
-void cryptodev_cipher_set_iv(struct cipher_data* cdata, void* iv, size_t iv_size)
+void cryptodev_cipher_set_iv(struct cipher_data* cdata, __user void* iv, size_t iv_size)
 {
-	if (cdata->type == 1)
-		crypto_blkcipher_set_iv(cdata->u.blk.s, iv, iv_size);
-	else
-		memcpy(cdata->u.ablk.iv, iv, min(iv_size,sizeof(*cdata->u.ablk.iv)));
+	if (cdata->type == 1) {
+		uint8_t _iv[EALG_MAX_BLOCK_LEN];
+		
+		copy_from_user(_iv, iv, min(iv_size,sizeof(_iv)));
+		crypto_blkcipher_set_iv(cdata->u.blk.s, _iv, iv_size);
+	} else {
+		copy_from_user(cdata->u.ablk.iv, iv, min(iv_size,sizeof(cdata->u.ablk.iv)));
+	}
 }
 
 static inline int waitfor (struct cryptodev_result* cr, ssize_t ret)
diff --git a/cryptodev_main.c b/cryptodev_main.c
index 139bb26..c065065 100644
--- a/cryptodev_main.c
+++ b/cryptodev_main.c
@@ -357,7 +357,7 @@ crypto_get_session_by_sid(struct fcrypt *fcr, uint32_t sid)
 static int
 crypto_run(struct fcrypt *fcr, struct crypt_op *cop)
 {
-	char *data, ivp[EALG_MAX_BLOCK_LEN];
+	char *data;
 	char __user *src, __user *dst;
 	struct scatterlist sg;
 	struct csession *ses_ptr;
@@ -411,8 +411,7 @@ crypto_run(struct fcrypt *fcr, struct crypt_op *cop)
 		ivsize = ses_ptr->cdata.ivsize;
 
 		if (cop->iv) {
-			copy_from_user(ivp, cop->iv, ivsize);
-			cryptodev_cipher_set_iv(&ses_ptr->cdata, ivp, ivsize);
+			cryptodev_cipher_set_iv(&ses_ptr->cdata, cop->iv, ivsize);
 		}
 	}