]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 229c586)
crypto: essiv - Check ssize for decryption and in-place encryption
authorHerbert Xu <herbert@gondor.apana.org.au>
Wed, 8 Oct 2025 07:54:20 +0000 (15:54 +0800)
committerHerbert Xu <herbert@gondor.apana.org.au>
Thu, 9 Oct 2025 07:02:35 +0000 (15:02 +0800)
Move the ssize check to the start in essiv_aead_crypt so that
it's also checked for decryption and in-place encryption.

Reported-by: Muhammad Alifa Ramdhan <ramdhan@starlabs.sg>
Fixes: be1eb7f78aa8 ("crypto: essiv - create wrapper template for ESSIV generation")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto/essiv.c patch | blob | blame | history

diff --git a/crypto/essiv.c b/crypto/essiv.c
index d003b78fcd855a1c04e27fb6f750738ea42353e1..a47a3eab69351929759e5f929b26fe2b1c9d3fcb 100644 (file)
--- a/crypto/essiv.c
+++ b/crypto/essiv.c
@@ -186,9 +186,14 @@ static int essiv_aead_crypt(struct aead_request *req, bool enc)
        const struct essiv_tfm_ctx *tctx = crypto_aead_ctx(tfm);
        struct essiv_aead_request_ctx *rctx = aead_request_ctx(req);
        struct aead_request *subreq = &rctx->aead_req;
+       int ivsize = crypto_aead_ivsize(tfm);
+       int ssize = req->assoclen - ivsize;
        struct scatterlist *src = req->src;
        int err;
 
+       if (ssize < 0)
+               return -EINVAL;
+
        crypto_cipher_encrypt_one(tctx->essiv_cipher, req->iv, req->iv);
 
        /*
@@ -198,19 +203,12 @@ static int essiv_aead_crypt(struct aead_request *req, bool enc)
         */
        rctx->assoc = NULL;
        if (req->src == req->dst || !enc) {
-               scatterwalk_map_and_copy(req->iv, req->dst,
-                                        req->assoclen - crypto_aead_ivsize(tfm),
-                                        crypto_aead_ivsize(tfm), 1);
+               scatterwalk_map_and_copy(req->iv, req->dst, ssize, ivsize, 1);
        } else {
                u8 *iv = (u8 *)aead_request_ctx(req) + tctx->ivoffset;
-               int ivsize = crypto_aead_ivsize(tfm);
-               int ssize = req->assoclen - ivsize;
                struct scatterlist *sg;
                int nents;
 
-               if (ssize < 0)
-                       return -EINVAL;
-
                nents = sg_nents_for_len(req->src, ssize);
                if (nents < 0)
                        return -EINVAL;
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git