linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Iuliana Prodan <iuliana.prodan@nxp.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
	Horia Geanta <horia.geanta@nxp.com>,
	Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: "David S. Miller" <davem@davemloft.net>,
	linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-imx <linux-imx@nxp.com>
Subject: [PATCH v2 03/14] crypto: caam - update IV only when crypto operation succeeds
Date: Fri, 19 Jul 2019 02:57:45 +0300	[thread overview]
Message-ID: <1563494276-3993-4-git-send-email-iuliana.prodan@nxp.com> (raw)
In-Reply-To: <1563494276-3993-1-git-send-email-iuliana.prodan@nxp.com>

From: Horia Geantă <horia.geanta@nxp.com>

skcipher encryption might fail and in some cases, like (invalid) input
length smaller then block size, updating the IV would lead to a useless
IV copy in case hardware issued an error.

Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com>
---
 drivers/crypto/caam/caamalg.c     | 5 ++---
 drivers/crypto/caam/caamalg_qi.c  | 4 +++-
 drivers/crypto/caam/caamalg_qi2.c | 8 ++++++--
 3 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c
index 06b4f2d..28d55a0 100644
--- a/drivers/crypto/caam/caamalg.c
+++ b/drivers/crypto/caam/caamalg.c
@@ -990,10 +990,9 @@ static void skcipher_encrypt_done(struct device *jrdev, u32 *desc, u32 err,
 	 * ciphertext block (CBC mode) or last counter (CTR mode).
 	 * This is used e.g. by the CTS mode.
 	 */
-	if (ivsize) {
+	if (ivsize && !ecode) {
 		memcpy(req->iv, (u8 *)edesc->sec4_sg + edesc->sec4_sg_bytes,
 		       ivsize);
-
 		print_hex_dump_debug("dstiv  @"__stringify(__LINE__)": ",
 				     DUMP_PREFIX_ADDRESS, 16, 4, req->iv,
 				     edesc->src_nents > 1 ? 100 : ivsize, 1);
@@ -1030,7 +1029,7 @@ static void skcipher_decrypt_done(struct device *jrdev, u32 *desc, u32 err,
 	 * ciphertext block (CBC mode) or last counter (CTR mode).
 	 * This is used e.g. by the CTS mode.
 	 */
-	if (ivsize) {
+	if (ivsize && !ecode) {
 		memcpy(req->iv, (u8 *)edesc->sec4_sg + edesc->sec4_sg_bytes,
 		       ivsize);
 
diff --git a/drivers/crypto/caam/caamalg_qi.c b/drivers/crypto/caam/caamalg_qi.c
index ab263b1..66531d6 100644
--- a/drivers/crypto/caam/caamalg_qi.c
+++ b/drivers/crypto/caam/caamalg_qi.c
@@ -1201,7 +1201,9 @@ static void skcipher_done(struct caam_drv_req *drv_req, u32 status)
 	 * ciphertext block (CBC mode) or last counter (CTR mode).
 	 * This is used e.g. by the CTS mode.
 	 */
-	memcpy(req->iv, (u8 *)&edesc->sgt[0] + edesc->qm_sg_bytes, ivsize);
+	if (!ecode)
+		memcpy(req->iv, (u8 *)&edesc->sgt[0] + edesc->qm_sg_bytes,
+		       ivsize);
 
 	qi_cache_free(edesc);
 	skcipher_request_complete(req, ecode);
diff --git a/drivers/crypto/caam/caamalg_qi2.c b/drivers/crypto/caam/caamalg_qi2.c
index 2681581..bc370af 100644
--- a/drivers/crypto/caam/caamalg_qi2.c
+++ b/drivers/crypto/caam/caamalg_qi2.c
@@ -1358,7 +1358,9 @@ static void skcipher_encrypt_done(void *cbk_ctx, u32 status)
 	 * ciphertext block (CBC mode) or last counter (CTR mode).
 	 * This is used e.g. by the CTS mode.
 	 */
-	memcpy(req->iv, (u8 *)&edesc->sgt[0] + edesc->qm_sg_bytes, ivsize);
+	if (!ecode)
+		memcpy(req->iv, (u8 *)&edesc->sgt[0] + edesc->qm_sg_bytes,
+		       ivsize);
 
 	qi_cache_free(edesc);
 	skcipher_request_complete(req, ecode);
@@ -1394,7 +1396,9 @@ static void skcipher_decrypt_done(void *cbk_ctx, u32 status)
 	 * ciphertext block (CBC mode) or last counter (CTR mode).
 	 * This is used e.g. by the CTS mode.
 	 */
-	memcpy(req->iv, (u8 *)&edesc->sgt[0] + edesc->qm_sg_bytes, ivsize);
+	if (!ecode)
+		memcpy(req->iv, (u8 *)&edesc->sgt[0] + edesc->qm_sg_bytes,
+		       ivsize);
 
 	qi_cache_free(edesc);
 	skcipher_request_complete(req, ecode);
-- 
2.1.0

next prev parent reply	other threads:[~2019-07-18 23:59 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-18 23:57 [PATCH v2 00/14] crypto: caam - fixes for kernel v5.3 Iuliana Prodan
2019-07-18 23:57 ` [PATCH v2 01/14] crypto: caam/qi - fix error handling in ERN handler Iuliana Prodan
2019-07-18 23:57 ` [PATCH v2 02/14] crypto: caam - fix return code in completion callbacks Iuliana Prodan
2019-07-18 23:57 ` Iuliana Prodan [this message]
2019-07-18 23:57 ` [PATCH v2 04/14] crypto: caam - check key length Iuliana Prodan
2019-07-19 14:38   ` Horia Geanta
2019-07-18 23:57 ` [PATCH v2 05/14] crypto: caam - check authsize Iuliana Prodan
2019-07-19 14:49   ` Horia Geanta
2019-07-18 23:57 ` [PATCH v2 06/14] crypto: caam - check assoclen Iuliana Prodan
2019-07-19 15:06   ` Horia Geanta
2019-07-19 15:15     ` Herbert Xu
2019-07-18 23:57 ` [PATCH v2 07/14] crypto: caam - check zero-length input Iuliana Prodan
2019-07-19 15:11   ` Horia Geanta
2019-07-18 23:57 ` [PATCH v2 08/14] crypto: caam - update rfc4106 sh desc to support zero length input Iuliana Prodan
2019-07-19 15:38   ` Horia Geanta
2019-07-18 23:57 ` [PATCH v2 09/14] crypto: caam - keep both virtual and dma key addresses Iuliana Prodan
2019-07-19 10:08   ` Horia Geanta
2019-07-18 23:57 ` [PATCH v2 10/14] crypto: caam - fix DKP for certain key lengths Iuliana Prodan
2019-07-18 23:57 ` [PATCH v2 11/14] crypto: caam - free resources in case caam_rng registration failed Iuliana Prodan
2019-07-19 15:53   ` Horia Geanta
2019-07-18 23:57 ` [PATCH v2 12/14] crypto: caam - execute module exit point only if necessary Iuliana Prodan
2019-07-19 16:02   ` Horia Geanta
2019-07-18 23:57 ` [PATCH v2 13/14] crypto: caam - unregister algorithm only if the registration succeeded Iuliana Prodan
2019-07-19 16:22   ` Horia Geanta
2019-07-18 23:57 ` [PATCH v2 14/14] crypto: caam - change return value in case CAAM has no MDHA Iuliana Prodan
2019-07-19 16:26   ` Horia Geanta

find likely ancestor, descendant, or conflicting patches for this message:
dfblob:06b4f2d dfblob:ab263b1 dfblob:2681581 dfblob:28d55a0
dfblob:66531d6 dfblob:bc370af
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1563494276-3993-4-git-send-email-iuliana.prodan@nxp.com \
    --to=iuliana.prodan@nxp.com \
    --cc=aymen.sghaier@nxp.com \
    --cc=davem@davemloft.net \
    --cc=herbert@gondor.apana.org.au \
    --cc=horia.geanta@nxp.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-imx@nxp.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).