Commit 6bb73db6 authored by Herbert Xu's avatar Herbert Xu
Browse files

crypto: essiv - Check ssize for decryption and in-place encryption 



Move the ssize check to the start in essiv_aead_crypt so that
it's also checked for decryption and in-place encryption.

Reported-by: default avatarMuhammad Alifa Ramdhan <ramdhan@starlabs.sg>
Fixes: be1eb7f7 ("crypto: essiv - create wrapper template for ESSIV generation")
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 229c586b

crypto/essiv.c

+6 −8
Original line number Diff line number Diff line
@@ -186,9 +186,14 @@ static int essiv_aead_crypt(struct aead_request *req, bool enc) 
	const struct essiv_tfm_ctx *tctx = crypto_aead_ctx(tfm);

	struct essiv_aead_request_ctx *rctx = aead_request_ctx(req);

	struct aead_request *subreq = &rctx->aead_req;

	int ivsize = crypto_aead_ivsize(tfm);

	int ssize = req->assoclen - ivsize;

	struct scatterlist *src = req->src;

	int err;



	if (ssize < 0)

		return -EINVAL;



	crypto_cipher_encrypt_one(tctx->essiv_cipher, req->iv, req->iv);



	/*
@@ -198,19 +203,12 @@ static int essiv_aead_crypt(struct aead_request *req, bool enc) 
	 */

	rctx->assoc = NULL;

	if (req->src == req->dst || !enc) {

		scatterwalk_map_and_copy(req->iv, req->dst,

					 req->assoclen - crypto_aead_ivsize(tfm),

					 crypto_aead_ivsize(tfm), 1);

		scatterwalk_map_and_copy(req->iv, req->dst, ssize, ivsize, 1);

	} else {

		u8 *iv = (u8 *)aead_request_ctx(req) + tctx->ivoffset;

		int ivsize = crypto_aead_ivsize(tfm);

		int ssize = req->assoclen - ivsize;

		struct scatterlist *sg;

		int nents;



		if (ssize < 0)

			return -EINVAL;



		nents = sg_nents_for_len(req->src, ssize);

		if (nents < 0)

			return -EINVAL;