crypto: ccp - copy IV using skcipher ivsize

AF_ALG rfc3686-ctr-aes-ccp requests pass an 8-byte IV to the driver. ccp_aes_complete() restores AES_BLOCK_SIZE bytes into the caller's IV buffer while RFC3686 skciphers expose an 8-byte IV, so the restore overruns the provided buffer. Use crypto_skcipher_ivsize() to copy only the algorithm's IV length. Fixes: 2b789435d7f3 ("crypto: ccp - CCP AES crypto API support") Signed-off-by: Paul Moses <p@1g4.org> Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Paul Moses <p@1g4.org> 2026-04-01 03:07:49 -0500
committer: Herbert Xu <herbert@gondor.apana.org.au> 2026-04-16 17:37:03 +0800
commit: a7a1f3cdd64d8a165d9b8c9e9ad7fb46ac19dfc4 (patch)
tree: bda716bb1729300be07c0a89328a6c9ae837c291 /drivers/crypto/ccp
parent: 4f685dbfa87c546e51d9dc6cab379d20f275e114 (diff)
download: lwn-a7a1f3cdd64d8a165d9b8c9e9ad7fb46ac19dfc4.tar.gz
lwn-a7a1f3cdd64d8a165d9b8c9e9ad7fb46ac19dfc4.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/drivers/crypto/ccp/ccp-crypto-aes.c b/drivers/crypto/ccp/ccp-crypto-aes.c
index 94bccc5d6c78..f475819b6fc3 100644
--- a/drivers/crypto/ccp/ccp-crypto-aes.c
+++ b/drivers/crypto/ccp/ccp-crypto-aes.c
@@ -30,8 +30,11 @@ static int ccp_aes_complete(struct crypto_async_request *async_req, int ret)
 	if (ret)
 		return ret;
 
-	if (ctx->u.aes.mode != CCP_AES_MODE_ECB)
-		memcpy(req->iv, rctx->iv, AES_BLOCK_SIZE);
+	if (ctx->u.aes.mode != CCP_AES_MODE_ECB) {
+		size_t ivsize = crypto_skcipher_ivsize(crypto_skcipher_reqtfm(req));
+
+		memcpy(req->iv, rctx->iv, ivsize);
+	}
 
 	return 0;
 }
author	Paul Moses <p@1g4.org>	2026-04-01 03:07:49 -0500
committer	Herbert Xu <herbert@gondor.apana.org.au>	2026-04-16 17:37:03 +0800
commit	a7a1f3cdd64d8a165d9b8c9e9ad7fb46ac19dfc4 (patch)
tree	bda716bb1729300be07c0a89328a6c9ae837c291 /drivers/crypto/ccp
parent	4f685dbfa87c546e51d9dc6cab379d20f275e114 (diff)
download	lwn-a7a1f3cdd64d8a165d9b8c9e9ad7fb46ac19dfc4.tar.gz lwn-a7a1f3cdd64d8a165d9b8c9e9ad7fb46ac19dfc4.zip