]> git.proxmox.com Git - mirror_ubuntu-kernels.git/commitdiff
mac80211: Check crypto_aead_encrypt for errors
authorDaniel Phan <daniel.phan36@gmail.com>
Tue, 9 Mar 2021 20:41:36 +0000 (12:41 -0800)
committerJohannes Berg <johannes.berg@intel.com>
Tue, 16 Mar 2021 20:20:41 +0000 (21:20 +0100)
crypto_aead_encrypt returns <0 on error, so if these calls are not checked,
execution may continue with failed encrypts.  It also seems that these two
crypto_aead_encrypt calls are the only instances in the codebase that are
not checked for errors.

Signed-off-by: Daniel Phan <daniel.phan36@gmail.com>
Link: https://lore.kernel.org/r/20210309204137.823268-1-daniel.phan36@gmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
net/mac80211/aead_api.c
net/mac80211/aes_gmac.c

index d7b3d905d5353425574230a1731acd15049b2c5d..b00d6f5b33f40ca4cc3ba6d237020f0515013676 100644 (file)
@@ -23,6 +23,7 @@ int aead_encrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad, size_t aad_len,
        struct aead_request *aead_req;
        int reqsize = sizeof(*aead_req) + crypto_aead_reqsize(tfm);
        u8 *__aad;
+       int ret;
 
        aead_req = kzalloc(reqsize + aad_len, GFP_ATOMIC);
        if (!aead_req)
@@ -40,10 +41,10 @@ int aead_encrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad, size_t aad_len,
        aead_request_set_crypt(aead_req, sg, sg, data_len, b_0);
        aead_request_set_ad(aead_req, sg[0].length);
 
-       crypto_aead_encrypt(aead_req);
+       ret = crypto_aead_encrypt(aead_req);
        kfree_sensitive(aead_req);
 
-       return 0;
+       return ret;
 }
 
 int aead_decrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad, size_t aad_len,
index 6f3b3a0cc10a4eb88f17fc5811459722a80608f8..512cab073f2e8ed9ff7bbf5c0d339e5240c77770 100644 (file)
@@ -22,6 +22,7 @@ int ieee80211_aes_gmac(struct crypto_aead *tfm, const u8 *aad, u8 *nonce,
        struct aead_request *aead_req;
        int reqsize = sizeof(*aead_req) + crypto_aead_reqsize(tfm);
        const __le16 *fc;
+       int ret;
 
        if (data_len < GMAC_MIC_LEN)
                return -EINVAL;
@@ -59,10 +60,10 @@ int ieee80211_aes_gmac(struct crypto_aead *tfm, const u8 *aad, u8 *nonce,
        aead_request_set_crypt(aead_req, sg, sg, 0, iv);
        aead_request_set_ad(aead_req, GMAC_AAD_LEN + data_len);
 
-       crypto_aead_encrypt(aead_req);
+       ret = crypto_aead_encrypt(aead_req);
        kfree_sensitive(aead_req);
 
-       return 0;
+       return ret;
 }
 
 struct crypto_aead *ieee80211_aes_gmac_key_setup(const u8 key[],