tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

crypto: caam - check assoclen

Check assoclen to solve the extra tests that expect -EINVAL to be
returned when the associated data size is not valid.

Validated assoclen for RFC4106 and RFC4543 which expects an assoclen
of 16 or 20.
Based on seqiv, IPsec ESP and RFC4543/RFC4106 the assoclen is sizeof IP
Header (spi, seq_no, extended seq_no) and IV len. This can be 16 or 20
bytes.

Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com>
Reviewed-by: Horia Geanta <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Iuliana Prodan and committed by
Herbert Xu fcd23ed5 68a51394

+8 -24
+2 -8
drivers/crypto/caam/caamalg.c
··· 1598 1598 1599 1599 static int ipsec_gcm_encrypt(struct aead_request *req) 1600 1600 { 1601 - if (req->assoclen < 8) 1602 - return -EINVAL; 1603 - 1604 - return gcm_encrypt(req); 1601 + return crypto_ipsec_check_assoclen(req->assoclen) ? : gcm_encrypt(req); 1605 1602 } 1606 1603 1607 1604 static int aead_encrypt(struct aead_request *req) ··· 1672 1675 1673 1676 static int ipsec_gcm_decrypt(struct aead_request *req) 1674 1677 { 1675 - if (req->assoclen < 8) 1676 - return -EINVAL; 1677 - 1678 - return gcm_decrypt(req); 1678 + return crypto_ipsec_check_assoclen(req->assoclen) ? : gcm_decrypt(req); 1679 1679 } 1680 1680 1681 1681 static int aead_decrypt(struct aead_request *req)
+4 -8
drivers/crypto/caam/caamalg_qi.c
··· 1237 1237 1238 1238 static int ipsec_gcm_encrypt(struct aead_request *req) 1239 1239 { 1240 - if (req->assoclen < 8) 1241 - return -EINVAL; 1242 - 1243 - return aead_crypt(req, true); 1240 + return crypto_ipsec_check_assoclen(req->assoclen) ? : aead_crypt(req, 1241 + true); 1244 1242 } 1245 1243 1246 1244 static int ipsec_gcm_decrypt(struct aead_request *req) 1247 1245 { 1248 - if (req->assoclen < 8) 1249 - return -EINVAL; 1250 - 1251 - return aead_crypt(req, false); 1246 + return crypto_ipsec_check_assoclen(req->assoclen) ? : aead_crypt(req, 1247 + false); 1252 1248 } 1253 1249 1254 1250 static void skcipher_done(struct caam_drv_req *drv_req, u32 status)
+2 -8
drivers/crypto/caam/caamalg_qi2.c
··· 1407 1407 1408 1408 static int ipsec_gcm_encrypt(struct aead_request *req) 1409 1409 { 1410 - if (req->assoclen < 8) 1411 - return -EINVAL; 1412 - 1413 - return aead_encrypt(req); 1410 + return crypto_ipsec_check_assoclen(req->assoclen) ? : aead_encrypt(req); 1414 1411 } 1415 1412 1416 1413 static int ipsec_gcm_decrypt(struct aead_request *req) 1417 1414 { 1418 - if (req->assoclen < 8) 1419 - return -EINVAL; 1420 - 1421 - return aead_decrypt(req); 1415 + return crypto_ipsec_check_assoclen(req->assoclen) ? : aead_decrypt(req); 1422 1416 } 1423 1417 1424 1418 static void skcipher_encrypt_done(void *cbk_ctx, u32 status)