From: Ondrej Mosnacek omosnace@redhat.com

mainline inclusion from mainline-v5.9-rc1 commit 21dfbcd1f5cbff9cf2f9e7e43475aed8d072b0dd category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I991GQ CVE: NA

Reference: https://github.com/torvalds/linux/commit/21dfbcd1f5cbff9cf2f9e7e43475aed8d07...

--------------------------------

In skcipher_accept_parent_nokey() the whole af_alg_ctx structure is cleared by memset() after allocation, so add such memset() also to aead_accept_parent_nokey() so that the new "init" field is also initialized to zero. Without that the initial ctx->init checks might randomly return true and cause errors.

While there, also remove the redundant zero assignments in both functions.

Found via libkcapi testsuite.

Cc: Stephan Mueller smueller@chronox.de Fixes: f3c802a1f300 ("crypto: algif_aead - Only wake up when ctx->more is zero") Suggested-by: Herbert Xu herbert@gondor.apana.org.au Signed-off-by: Ondrej Mosnacek omosnace@redhat.com Signed-off-by: Herbert Xu herbert@gondor.apana.org.au Signed-off-by: GUO Zihua guozihua@huawei.com --- crypto/algif_aead.c | 6 ------ crypto/algif_skcipher.c | 7 +------ 2 files changed, 1 insertion(+), 12 deletions(-)

diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c index c40a8c7ee8ae..3f20d3e4acfb 100644 --- a/crypto/algif_aead.c +++ b/crypto/algif_aead.c @@ -565,12 +565,6 @@ static int aead_accept_parent_nokey(void *private, struct sock *sk)

INIT_LIST_HEAD(&ctx->tsgl_list); ctx->len = len; - ctx->used = 0; - atomic_set(&ctx->rcvused, 0); - ctx->more = 0; - ctx->merge = 0; - ctx->enc = 0; - ctx->aead_assoclen = 0; crypto_init_wait(&ctx->wait);

ask->private = ctx; diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c index fe1f6b0f7c4c..94aeb8b946b0 100644 --- a/crypto/algif_skcipher.c +++ b/crypto/algif_skcipher.c @@ -344,6 +344,7 @@ static int skcipher_accept_parent_nokey(void *private, struct sock *sk) ctx = sock_kmalloc(sk, len, GFP_KERNEL); if (!ctx) return -ENOMEM; + memset(ctx, 0, len);

ctx->iv = sock_kmalloc(sk, crypto_skcipher_ivsize(tfm), GFP_KERNEL); @@ -351,16 +352,10 @@ static int skcipher_accept_parent_nokey(void *private, struct sock *sk) sock_kfree_s(sk, ctx, len); return -ENOMEM; } - memset(ctx->iv, 0, crypto_skcipher_ivsize(tfm));

INIT_LIST_HEAD(&ctx->tsgl_list); ctx->len = len; - ctx->used = 0; - atomic_set(&ctx->rcvused, 0); - ctx->more = 0; - ctx->merge = 0; - ctx->enc = 0; crypto_init_wait(&ctx->wait);

ask->private = ctx;