github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-12 16:18:45 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

crypto: ccp - copy IV using skcipher ivsize

Browse Source 
AF_ALG rfc3686-ctr-aes-ccp requests pass an 8-byte IV to the driver.

ccp_aes_complete() restores AES_BLOCK_SIZE bytes into the caller's IV
buffer while RFC3686 skciphers expose an 8-byte IV, so the restore
overruns the provided buffer.

Use crypto_skcipher_ivsize() to copy only the algorithm's IV length.

Fixes: 2b789435d7 ("crypto: ccp - CCP AES crypto API support")
Signed-off-by: Paul Moses <p@1g4.org>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Paul Moses 2026-04-01 03:07:49 -05:00 committed by Herbert Xu
parent 4f685dbfa8
commit a7a1f3cdd6
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
drivers/crypto/ccp/ccp-crypto-aes.c
View File

@ -30,8 +30,11 @@ static int ccp_aes_complete(struct crypto_async_request *async_req, int ret)
if (ret)
return ret;
if (ctx->u.aes.mode != CCP_AES_MODE_ECB)
memcpy(req->iv, rctx->iv, AES_BLOCK_SIZE);
if (ctx->u.aes.mode != CCP_AES_MODE_ECB) {
size_t ivsize = crypto_skcipher_ivsize(crypto_skcipher_reqtfm(req));
memcpy(req->iv, rctx->iv, ivsize);
}
return 0;
}