MLK-20204: drivers: crypto: dcp: Check we have input data for AES

If the input scatter gather table is wrongly built (no entries), the
code will try to copy memory which is not allowed.

Coverity Explanation:
drivers/crypto/mxs-dcp.c:388: CID 5233058 (#1 of 1):
  Type: Out-of-bounds access (OVERRUN)
  Classification: Unclassified
  Severity: Unspecified
  Action: Modeling Required
  Owner: nxa21133
  First detected on 2018-10-16.
drivers/crypto/mxs-dcp.c:297:
  1. alias: Assigning: "out_buf" = "sdcp->coh->aes_out_buf". "out_buf"
  now points to byte 0 of "sdcp->coh->aes_out_buf" (which consists of
  4096 bytes).
drivers/crypto/mxs-dcp.c:301:
  2. assignment: Assigning: "last_out_len" = "0U".
drivers/crypto/mxs-dcp.c:316:
  3. path: Condition "!rctx->ecb", taking true branch.
drivers/crypto/mxs-dcp.c:321:
  4. path: Falling through to end of if statement.
drivers/crypto/mxs-dcp.c:325:
  5. path: Condition "i < nents", taking false branch.
drivers/crypto/mxs-dcp.c:386:
  6. path: Condition "!rctx->ecb", taking true branch.
drivers/crypto/mxs-dcp.c:387:
  7. path: Condition "rctx->enc", taking true branch.
drivers/crypto/mxs-dcp.c:388:
  8. overrun-buffer-arg: Overrunning buffer pointed to by "out_buf +
  (last_out_len - 16U)" of 4096 bytes by passing it to a function which
  accesses it at byte offset 4294967295 using argument "16U".

Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>

1 files changed, 6 insertions, 0 deletions

diff --git a/drivers/crypto/mxs-dcp.c b/drivers/crypto/mxs-dcp.c
index c94481739306..4915b9187477 100644
--- a/drivers/crypto/mxs-dcp.c
+++ b/drivers/crypto/mxs-dcp.c
@@ -310,6 +310,12 @@ static int mxs_dcp_aes_block_crypt(struct crypto_async_request *arq)
 
 	actx->fill = 0;
 
+	/*
+	 * We are not supporting the case where there is no message to encrypt
+	 */
+	if (nents == 0)
+		return -EINVAL;
+
 	/* Copy the key from the temporary location. */
 	memcpy(key, actx->key, actx->key_len);