Skip to content

linuxkm/lkcapi_aes_glue.c: fix scatterwalk_map error handling in AesG…#9996

Merged
douzzer merged 1 commit into
wolfSSL:masterfrom
sameehj:linuxkm-fix
Mar 19, 2026
Merged

linuxkm/lkcapi_aes_glue.c: fix scatterwalk_map error handling in AesG…#9996
douzzer merged 1 commit into
wolfSSL:masterfrom
sameehj:linuxkm-fix

Conversation

@sameehj
Copy link
Copy Markdown
Contributor

@sameehj sameehj commented Mar 17, 2026

…cmCrypt_1

When scatterwalk_map fails in either the stream or non-stream path, the code jumped to cleanup without setting err, causing the function to return 0 (success) despite the failure. This could cause the kernel crypto layer to treat uninitialized data as valid ciphertext/plaintext.

  • Capture the error code (PTR_ERR) into err before goto out
  • Fix PTR_ERR arguments that incorrectly used assoc instead of in_map/out_map (assoc was NULL or pointed to the wrong mapping)
  • Make in_map/out_map NULL assignments unconditional (previously gated behind < 6.15, but the cleanup at out: checks these pointers on all kernel versions)
  • Remove bogus scatterwalk_unmap of a failed walk in the stream path on >= 6.15

Description

Please describe the scope of the fix or feature addition.

Fixes zd#

Testing

How did you test?

Checklist

  • [NA] added tests
  • [NA] updated/added doxygen
  • [NA] updated appropriate READMEs
  • [NA] Updated manual and documentation

@sameehj
linuxkm/lkcapi_aes_glue.c: fix scatterwalk_map error handling in AesG…
e96dc36 
…cmCrypt_1

When scatterwalk_map fails in either the stream or non-stream path, the
code jumped to cleanup without setting err, causing the function to
return 0 (success) despite the failure. This could cause the kernel
crypto layer to treat uninitialized data as valid ciphertext/plaintext.

- Capture the error code (PTR_ERR) into err before goto out
- Fix PTR_ERR arguments that incorrectly used assoc instead of
  in_map/out_map (assoc was NULL or pointed to the wrong mapping)
- Make in_map/out_map NULL assignments unconditional (previously
  gated behind < 6.15, but the cleanup at out: checks these
  pointers on all kernel versions)
- Remove bogus scatterwalk_unmap of a failed walk in the stream
  path on >= 6.15

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
@sameehj
Copy link
Copy Markdown
Contributor Author

sameehj commented Mar 18, 2026

retest this please

@sameehj sameehj requested a review from douzzer March 18, 2026 13:10
douzzer
douzzer approved these changes Mar 19, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@douzzer douzzer left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note this PR fixes quantum-safe-wolfssl-all-crypto-only-noasm-fips-dev-linuxkm-next-insmod, broken since Mar 3rd linux-next.

tested with

wolfssl-multi-test.sh ...
quantum-safe-wolfssl-all-crypto-only-noasm-fips-dev-linuxkm-next-insmod
quantum-safe-wolfssl-all-crypto-only-intelasm-fips-dev-linuxkm-next-insmod-amdrdseed

@douzzer douzzer merged commit b6f4810 into wolfSSL:master Mar 19, 2026
447 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@douzzer douzzer douzzer approved these changes

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sameehj @douzzer @wolfSSL-Bot