mkfs.ubifs: fscrypt: bail from encrypt_block if gen_essiv_salt fails

What originally cought my attention was that gen_essiv_salt has a
size_t return type and error paths that return -1 on failure.
Further investigation revealed that the error value is never checked
for. The encrypt_block function doesn't use the return value in any
way and simply continues onward.

Furthermore, the gen_essiv_salt function has an error case that emits
an error message but returns success state.

This patch modifes gen_essiv_salt to return an error status in all
error branches, changes the return type to ssize_t and adds a check
to encrypt_block if gen_essiv_salt fails.

Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>

diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c
index cd68e372601f8894949d8a9db5566d444828c6ea..d31bd2a7773b79b1952dc511a90819fd9d1a3456 100644 (file)
--- a/ubifs-utils/mkfs.ubifs/crypto.c
+++ b/ubifs-utils/mkfs.ubifs/crypto.c
@@ -109,7 +109,7 @@ fail:
        return -1;
 }
 
-static size_t gen_essiv_salt(const void *iv, size_t iv_len, const void *key, size_t key_len, void *salt)
+static ssize_t gen_essiv_salt(const void *iv, size_t iv_len, const void *key, size_t key_len, void *salt)
 {
        size_t ret;
        const EVP_CIPHER *cipher;
@@ -127,8 +127,10 @@ static size_t gen_essiv_salt(const void *iv, size_t iv_len, const void *key, siz
        }
 
        ret = do_encrypt(cipher, iv, iv_len, sha256, EVP_MD_size(EVP_sha256()), NULL, 0, salt);
-       if (ret != iv_len)
+       if (ret != iv_len) {
                errmsg("Unable to compute ESSIV salt, return value %zi instead of %zi", ret, iv_len);
+               return -1;
+       }
 
        free(sha256);
 
@@ -154,7 +156,8 @@ static ssize_t encrypt_block(const void *plaintext, size_t size,
 
        if (cipher == EVP_aes_128_cbc()) {
                tweak = alloca(ivsize);
-               gen_essiv_salt(&iv, FS_IV_SIZE, key, key_len, tweak);
+               if (gen_essiv_salt(&iv, FS_IV_SIZE, key, key_len, tweak) < 0)
+                       return -1;
        } else {
                tweak = &iv;
        }