tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

crypto: bcm/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Ard Biesheuvel and committed by
Herbert Xu 05a7238d 92c203e2

+17 -62
+17 -62
drivers/crypto/bcm/cipher.c
··· 24 24 #include <crypto/aead.h> 25 25 #include <crypto/internal/aead.h> 26 26 #include <crypto/aes.h> 27 - #include <crypto/des.h> 27 + #include <crypto/internal/des.h> 28 28 #include <crypto/hmac.h> 29 29 #include <crypto/sha.h> 30 30 #include <crypto/md5.h> ··· 1802 1802 unsigned int keylen) 1803 1803 { 1804 1804 struct iproc_ctx_s *ctx = crypto_ablkcipher_ctx(cipher); 1805 - u32 tmp[DES_EXPKEY_WORDS]; 1805 + int err; 1806 1806 1807 - if (keylen == DES_KEY_SIZE) { 1808 - if (des_ekey(tmp, key) == 0) { 1809 - if (crypto_ablkcipher_get_flags(cipher) & 1810 - CRYPTO_TFM_REQ_FORBID_WEAK_KEYS) { 1811 - u32 flags = CRYPTO_TFM_RES_WEAK_KEY; 1807 + err = verify_ablkcipher_des_key(cipher, key); 1808 + if (err) 1809 + return err; 1812 1810 1813 - crypto_ablkcipher_set_flags(cipher, flags); 1814 - return -EINVAL; 1815 - } 1816 - } 1817 - 1818 - ctx->cipher_type = CIPHER_TYPE_DES; 1819 - } else { 1820 - crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN); 1821 - return -EINVAL; 1822 - } 1811 + ctx->cipher_type = CIPHER_TYPE_DES; 1823 1812 return 0; 1824 1813 } 1825 1814 ··· 1816 1827 unsigned int keylen) 1817 1828 { 1818 1829 struct iproc_ctx_s *ctx = crypto_ablkcipher_ctx(cipher); 1830 + int err; 1819 1831 1820 - if (keylen == (DES_KEY_SIZE * 3)) { 1821 - u32 flags; 1822 - int ret; 1832 + err = verify_ablkcipher_des3_key(cipher, key); 1833 + if (err) 1834 + return err; 1823 1835 1824 - flags = crypto_ablkcipher_get_flags(cipher); 1825 - ret = __des3_verify_key(&flags, key); 1826 - if (unlikely(ret)) { 1827 - crypto_ablkcipher_set_flags(cipher, flags); 1828 - return ret; 1829 - } 1830 - 1831 - ctx->cipher_type = CIPHER_TYPE_3DES; 1832 - } else { 1833 - crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN); 1834 - return -EINVAL; 1835 - } 1836 + ctx->cipher_type = CIPHER_TYPE_3DES; 1836 1837 return 0; 1837 1838 } 1838 1839 ··· 2847 2868 2848 2869 switch (ctx->alg->cipher_info.alg) { 2849 2870 case CIPHER_ALG_DES: 2850 - if (ctx->enckeylen == DES_KEY_SIZE) { 2851 - u32 tmp[DES_EXPKEY_WORDS]; 2852 - u32 flags = CRYPTO_TFM_RES_WEAK_KEY; 2871 + if (verify_aead_des_key(cipher, keys.enckey, keys.enckeylen)) 2872 + return -EINVAL; 2853 2873 2854 - if (des_ekey(tmp, keys.enckey) == 0) { 2855 - if (crypto_aead_get_flags(cipher) & 2856 - CRYPTO_TFM_REQ_FORBID_WEAK_KEYS) { 2857 - crypto_aead_set_flags(cipher, flags); 2858 - return -EINVAL; 2859 - } 2860 - } 2861 - 2862 - ctx->cipher_type = CIPHER_TYPE_DES; 2863 - } else { 2864 - goto badkey; 2865 - } 2874 + ctx->cipher_type = CIPHER_TYPE_DES; 2866 2875 break; 2867 2876 case CIPHER_ALG_3DES: 2868 - if (ctx->enckeylen == (DES_KEY_SIZE * 3)) { 2869 - u32 flags; 2870 - 2871 - flags = crypto_aead_get_flags(cipher); 2872 - ret = __des3_verify_key(&flags, keys.enckey); 2873 - if (unlikely(ret)) { 2874 - crypto_aead_set_flags(cipher, flags); 2875 - return ret; 2876 - } 2877 - 2878 - ctx->cipher_type = CIPHER_TYPE_3DES; 2879 - } else { 2880 - crypto_aead_set_flags(cipher, 2881 - CRYPTO_TFM_RES_BAD_KEY_LEN); 2877 + if (verify_aead_des3_key(cipher, keys.enckey, keys.enckeylen)) 2882 2878 return -EINVAL; 2883 - } 2879 + 2880 + ctx->cipher_type = CIPHER_TYPE_3DES; 2884 2881 break; 2885 2882 case CIPHER_ALG_AES: 2886 2883 switch (ctx->enckeylen) {