Commit fcd23ed5 authored by Iuliana Prodan's avatar Iuliana Prodan Committed by Herbert Xu
Browse files

crypto: caam - check assoclen 



Check assoclen to solve the extra tests that expect -EINVAL to be
returned when the associated data size is not valid.

Validated assoclen for RFC4106 and RFC4543 which expects an assoclen
of 16 or 20.
Based on seqiv, IPsec ESP and RFC4543/RFC4106 the assoclen is sizeof IP
Header (spi, seq_no, extended seq_no) and IV len. This can be 16 or 20
bytes.

Signed-off-by: default avatarIuliana Prodan <iuliana.prodan@nxp.com>
Reviewed-by: default avatarHoria Geanta <horia.geanta@nxp.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 68a51394

drivers/crypto/caam/caamalg.c

+2 −8
Original line number Original line Diff line number Diff line
@@ -1598,10 +1598,7 @@ static int chachapoly_decrypt(struct aead_request *req) 




static int ipsec_gcm_encrypt(struct aead_request *req)

static int ipsec_gcm_encrypt(struct aead_request *req)

{

{

	if (req->assoclen < 8)

	return crypto_ipsec_check_assoclen(req->assoclen) ? : gcm_encrypt(req);

		return -EINVAL;



	return gcm_encrypt(req);

}

}





static int aead_encrypt(struct aead_request *req)

static int aead_encrypt(struct aead_request *req)
@@ -1675,10 +1672,7 @@ static int gcm_decrypt(struct aead_request *req) 




static int ipsec_gcm_decrypt(struct aead_request *req)

static int ipsec_gcm_decrypt(struct aead_request *req)

{

{

	if (req->assoclen < 8)

	return crypto_ipsec_check_assoclen(req->assoclen) ? : gcm_decrypt(req);

		return -EINVAL;



	return gcm_decrypt(req);

}

}





static int aead_decrypt(struct aead_request *req)

static int aead_decrypt(struct aead_request *req)

drivers/crypto/caam/caamalg_qi.c

+4 −8
Original line number Original line Diff line number Diff line
@@ -1237,18 +1237,14 @@ static int aead_decrypt(struct aead_request *req) 




static int ipsec_gcm_encrypt(struct aead_request *req)

static int ipsec_gcm_encrypt(struct aead_request *req)

{

{

	if (req->assoclen < 8)

	return crypto_ipsec_check_assoclen(req->assoclen) ? : aead_crypt(req,

		return -EINVAL;

					   true);



	return aead_crypt(req, true);

}

}





static int ipsec_gcm_decrypt(struct aead_request *req)

static int ipsec_gcm_decrypt(struct aead_request *req)

{

{

	if (req->assoclen < 8)

	return crypto_ipsec_check_assoclen(req->assoclen) ? : aead_crypt(req,

		return -EINVAL;

					   false);



	return aead_crypt(req, false);

}

}





static void skcipher_done(struct caam_drv_req *drv_req, u32 status)

static void skcipher_done(struct caam_drv_req *drv_req, u32 status)

drivers/crypto/caam/caamalg_qi2.c

+2 −8
Original line number Original line Diff line number Diff line
@@ -1407,18 +1407,12 @@ static int aead_decrypt(struct aead_request *req) 




static int ipsec_gcm_encrypt(struct aead_request *req)

static int ipsec_gcm_encrypt(struct aead_request *req)

{

{

	if (req->assoclen < 8)

	return crypto_ipsec_check_assoclen(req->assoclen) ? : aead_encrypt(req);

		return -EINVAL;



	return aead_encrypt(req);

}

}





static int ipsec_gcm_decrypt(struct aead_request *req)

static int ipsec_gcm_decrypt(struct aead_request *req)

{

{

	if (req->assoclen < 8)

	return crypto_ipsec_check_assoclen(req->assoclen) ? : aead_decrypt(req);

		return -EINVAL;



	return aead_decrypt(req);

}

}





static void skcipher_encrypt_done(void *cbk_ctx, u32 status)

static void skcipher_encrypt_done(void *cbk_ctx, u32 status)