From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Sun, 4 May 2025 13:33:14 +0000 (+0800)
Subject: crypto: shash - Cap state size to HASH_MAX_STATESIZE
X-Git-Tag: v6.16-rc1~206^2~72
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2b1a29ce3360570aeff053d1315cd504d94eab31;p=thirdparty%2Fkernel%2Flinux.git

crypto: shash - Cap state size to HASH_MAX_STATESIZE

Now that all shash algorithms have converted over to the generic
export format, limit the shash state size to HASH_MAX_STATESIZE.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

diff --git a/crypto/shash.c b/crypto/shash.c
index c4a724e55d7a6..44a6df3132adb 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -479,6 +479,8 @@ static int shash_prepare_alg(struct shash_alg *alg)
 
 	if (alg->descsize > HASH_MAX_DESCSIZE)
 		return -EINVAL;
+	if (alg->statesize > HASH_MAX_STATESIZE)
+		return -EINVAL;
 
 	return 0;
 }
diff --git a/include/crypto/hash.h b/include/crypto/hash.h
index c2497c300a288..e0321b5ec363e 100644
--- a/include/crypto/hash.h
+++ b/include/crypto/hash.h
@@ -167,8 +167,11 @@ struct shash_desc {
 
 #define HASH_MAX_DIGESTSIZE	 64
 
+/* Worst case is sha3-224. */
+#define HASH_MAX_STATESIZE	 200 + 144 + 1
+
 /*
- * Worst case is hmac(sha-224-s390).  Its context is a nested 'shash_desc'
+ * Worst case is hmac(sha3-224-s390).  Its context is a nested 'shash_desc'
  * containing a 'struct s390_sha_ctx'.
  */
 #define HASH_MAX_DESCSIZE	(sizeof(struct shash_desc) + 360)