From 69fba378edcaffba7bc7d299fdee02e377069d30 Mon Sep 17 00:00:00 2001
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Mon, 29 Jan 2024 22:17:11 +0800
Subject: [PATCH] crypto: cbc - Ensure statesize is zero

The cbc template should not be applied on stream ciphers, especially
ones that have internal state.  Enforce this by checking the state
size when the instance is created.

Reported-by: syzbot+050eeedd6c285d8c42f2@syzkaller.appspotmail.com
Fixes: 47309ea13591 ("crypto: arc4 - Add internal state")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---
 crypto/cbc.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crypto/cbc.c b/crypto/cbc.c
index eedddef9ce40c..e81918ca68b78 100644
--- a/crypto/cbc.c
+++ b/crypto/cbc.c
@@ -148,6 +148,9 @@ static int crypto_cbc_create(struct crypto_template *tmpl, struct rtattr **tb)
 	if (!is_power_of_2(inst->alg.co.base.cra_blocksize))
 		goto out_free_inst;
 
+	if (inst->alg.co.statesize)
+		goto out_free_inst;
+
 	inst->alg.encrypt = crypto_cbc_encrypt;
 	inst->alg.decrypt = crypto_cbc_decrypt;
 
-- 
GitLab