From: Iuliana Prodan <iuliana.prodan@nxp.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
Horia Geanta <horia.geanta@nxp.com>,
Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: "David S. Miller" <davem@davemloft.net>,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-imx <linux-imx@nxp.com>
Subject: [PATCH v4 06/14] crypto: caam - check assoclen
Date: Tue, 30 Jul 2019 14:06:37 +0300 [thread overview]
Message-ID: <1564484805-28735-7-git-send-email-iuliana.prodan@nxp.com> (raw)
In-Reply-To: <1564484805-28735-1-git-send-email-iuliana.prodan@nxp.com>
Check assoclen to solve the extra tests that expect -EINVAL to be
returned when the associated data size is not valid.
Validated assoclen for RFC4106 and RFC4543 which expects an assoclen
of 16 or 20.
Based on seqiv, IPsec ESP and RFC4543/RFC4106 the assoclen is sizeof IP
Header (spi, seq_no, extended seq_no) and IV len. This can be 16 or 20
bytes.
Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com>
Reviewed-by: Horia Geanta <horia.geanta@nxp.com>
---
drivers/crypto/caam/caamalg.c | 10 ++--------
drivers/crypto/caam/caamalg_qi.c | 12 ++++--------
drivers/crypto/caam/caamalg_qi2.c | 10 ++--------
3 files changed, 8 insertions(+), 24 deletions(-)
diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c
index 0461bf3..47e61c0 100644
--- a/drivers/crypto/caam/caamalg.c
+++ b/drivers/crypto/caam/caamalg.c
@@ -1598,10 +1598,7 @@ static int chachapoly_decrypt(struct aead_request *req)
static int ipsec_gcm_encrypt(struct aead_request *req)
{
- if (req->assoclen < 8)
- return -EINVAL;
-
- return gcm_encrypt(req);
+ return crypto_ipsec_check_assoclen(req->assoclen) ? : gcm_encrypt(req);
}
static int aead_encrypt(struct aead_request *req)
@@ -1675,10 +1672,7 @@ static int gcm_decrypt(struct aead_request *req)
static int ipsec_gcm_decrypt(struct aead_request *req)
{
- if (req->assoclen < 8)
- return -EINVAL;
-
- return gcm_decrypt(req);
+ return crypto_ipsec_check_assoclen(req->assoclen) ? : gcm_decrypt(req);
}
static int aead_decrypt(struct aead_request *req)
diff --git a/drivers/crypto/caam/caamalg_qi.c b/drivers/crypto/caam/caamalg_qi.c
index 8011a2a..794d155d 100644
--- a/drivers/crypto/caam/caamalg_qi.c
+++ b/drivers/crypto/caam/caamalg_qi.c
@@ -1237,18 +1237,14 @@ static int aead_decrypt(struct aead_request *req)
static int ipsec_gcm_encrypt(struct aead_request *req)
{
- if (req->assoclen < 8)
- return -EINVAL;
-
- return aead_crypt(req, true);
+ return crypto_ipsec_check_assoclen(req->assoclen) ? : aead_crypt(req,
+ true);
}
static int ipsec_gcm_decrypt(struct aead_request *req)
{
- if (req->assoclen < 8)
- return -EINVAL;
-
- return aead_crypt(req, false);
+ return crypto_ipsec_check_assoclen(req->assoclen) ? : aead_crypt(req,
+ false);
}
static void skcipher_done(struct caam_drv_req *drv_req, u32 status)
diff --git a/drivers/crypto/caam/caamalg_qi2.c b/drivers/crypto/caam/caamalg_qi2.c
index e351ff2..5fd6529 100644
--- a/drivers/crypto/caam/caamalg_qi2.c
+++ b/drivers/crypto/caam/caamalg_qi2.c
@@ -1406,18 +1406,12 @@ static int aead_decrypt(struct aead_request *req)
static int ipsec_gcm_encrypt(struct aead_request *req)
{
- if (req->assoclen < 8)
- return -EINVAL;
-
- return aead_encrypt(req);
+ return crypto_ipsec_check_assoclen(req->assoclen) ? : aead_encrypt(req);
}
static int ipsec_gcm_decrypt(struct aead_request *req)
{
- if (req->assoclen < 8)
- return -EINVAL;
-
- return aead_decrypt(req);
+ return crypto_ipsec_check_assoclen(req->assoclen) ? : aead_decrypt(req);
}
static void skcipher_encrypt_done(void *cbk_ctx, u32 status)
--
2.1.0
next prev parent reply other threads:[~2019-07-30 11:07 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-30 11:06 [PATCH v4 00/14] crypto: caam - fixes for kernel v5.3 Iuliana Prodan
2019-07-30 11:06 ` [PATCH v4 01/14] crypto: caam/qi - fix error handling in ERN handler Iuliana Prodan
2019-07-30 12:08 ` Iuliana Prodan
2019-07-30 11:06 ` [PATCH v4 02/14] crypto: caam - fix return code in completion callbacks Iuliana Prodan
2019-07-30 11:06 ` [PATCH v4 03/14] crypto: caam - update IV only when crypto operation succeeds Iuliana Prodan
2019-07-30 11:06 ` [PATCH v4 04/14] crypto: caam - check key length Iuliana Prodan
2019-07-30 11:06 ` [PATCH v4 05/14] crypto: caam - check authsize Iuliana Prodan
2019-07-30 11:06 ` Iuliana Prodan [this message]
2019-07-30 11:06 ` [PATCH v4 07/14] crypto: caam - check zero-length input Iuliana Prodan
2019-07-30 11:06 ` [PATCH v4 08/14] crypto: caam - update rfc4106 sh desc to support zero length input Iuliana Prodan
2019-07-30 11:55 ` Horia Geanta
2019-07-30 11:06 ` [PATCH v4 09/14] crypto: caam - keep both virtual and dma key addresses Iuliana Prodan
2019-07-30 12:10 ` Iuliana Prodan
2019-07-30 11:06 ` [PATCH v4 10/14] crypto: caam - fix MDHA key derivation for certain user key lengths Iuliana Prodan
2019-07-30 12:27 ` Iuliana Prodan
2019-07-30 11:06 ` [PATCH v4 11/14] crypto: caam - free resources in case caam_rng registration failed Iuliana Prodan
2019-07-30 11:06 ` [PATCH v4 12/14] crypto: caam - execute module exit point only if necessary Iuliana Prodan
2019-07-30 11:06 ` [PATCH v4 13/14] crypto: caam - unregister algorithm only if the registration succeeded Iuliana Prodan
2019-07-30 11:06 ` [PATCH v4 14/14] crypto: caam - change return value in case CAAM has no MDHA Iuliana Prodan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1564484805-28735-7-git-send-email-iuliana.prodan@nxp.com \
--to=iuliana.prodan@nxp.com \
--cc=aymen.sghaier@nxp.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=horia.geanta@nxp.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-imx@nxp.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).