Skip to content

Commit 6bb73db

Browse files
herbertxherbertx
committed
crypto: essiv - Check ssize for decryption and in-place encryption
Move the ssize check to the start in essiv_aead_crypt so that it's also checked for decryption and in-place encryption. Reported-by: Muhammad Alifa Ramdhan <ramdhan@starlabs.sg> Fixes: be1eb7f ("crypto: essiv - create wrapper template for ESSIV generation") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
1 parent 229c586 commit 6bb73db

File tree

1 file changed

+6
-8
lines changed

1 file changed

+6
-8
lines changed

crypto/essiv.c

Lines changed: 6 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -186,9 +186,14 @@ static int essiv_aead_crypt(struct aead_request *req, bool enc)
186186
const struct essiv_tfm_ctx *tctx = crypto_aead_ctx(tfm);
187187
struct essiv_aead_request_ctx *rctx = aead_request_ctx(req);
188188
struct aead_request *subreq = &rctx->aead_req;
189+
int ivsize = crypto_aead_ivsize(tfm);
190+
int ssize = req->assoclen - ivsize;
189191
struct scatterlist *src = req->src;
190192
int err;
191193

194+
if (ssize < 0)
195+
return -EINVAL;
196+
192197
crypto_cipher_encrypt_one(tctx->essiv_cipher, req->iv, req->iv);
193198

194199
/*
@@ -198,19 +203,12 @@ static int essiv_aead_crypt(struct aead_request *req, bool enc)
198203
*/
199204
rctx->assoc = NULL;
200205
if (req->src == req->dst || !enc) {
201-
scatterwalk_map_and_copy(req->iv, req->dst,
202-
req->assoclen - crypto_aead_ivsize(tfm),
203-
crypto_aead_ivsize(tfm), 1);
206+
scatterwalk_map_and_copy(req->iv, req->dst, ssize, ivsize, 1);
204207
} else {
205208
u8 *iv = (u8 *)aead_request_ctx(req) + tctx->ivoffset;
206-
int ivsize = crypto_aead_ivsize(tfm);
207-
int ssize = req->assoclen - ivsize;
208209
struct scatterlist *sg;
209210
int nents;
210211

211-
if (ssize < 0)
212-
return -EINVAL;
213-
214212
nents = sg_nents_for_len(req->src, ssize);
215213
if (nents < 0)
216214
return -EINVAL;

0 commit comments

Comments
 (0)