aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2019-01-18 12:48:43 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2019-01-18 12:48:43 -0500
commitdc6fef2cc57972d4d64d9cd6d26b81060e1db0e6 (patch)
tree88a5b30f0e23f7a94a7b3981ccf990c4cbbacc28
parent6e434bf2e36b8a111c4dea6c1d1e355ad39ec01b (diff)
parentd45a90cb5d061fa7d411b974b950fe0b8bc5f265 (diff)
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto fixes from Herbert Xu: "This fixes the following issues: - Zero-length DMA mapping in caam - Invalidly mapping stack memory for DMA in talitos - Use after free in cavium/nitrox - Key parsing in authenc - Undefined shift in sm3 - Bogus completion call in authencesn - SHA support detection in caam" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: sm3 - fix undefined shift by >= width of value crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK crypto: talitos - reorder code in talitos_edesc_alloc() crypto: adiantum - initialize crypto_spawn::inst crypto: cavium/nitrox - Use after free in process_response_list() crypto: authencesn - Avoid twice completion call in decrypt path crypto: caam - fix SHA support detection crypto: caam - fix zero-length buffer DMA mapping crypto: ccree - convert to use crypto_authenc_extractkeys() crypto: bcm - convert to use crypto_authenc_extractkeys() crypto: authenc - fix parsing key with misaligned rta_len
Diffstat
-rw-r--r--crypto/adiantum.c4
-rw-r--r--crypto/authenc.c14
-rw-r--r--crypto/authencesn.c2
-rw-r--r--crypto/sm3_generic.c2
-rw-r--r--drivers/crypto/Kconfig1
-rw-r--r--drivers/crypto/bcm/cipher.c44
-rw-r--r--drivers/crypto/caam/caamalg.c2
-rw-r--r--drivers/crypto/caam/caamhash.c15
-rw-r--r--drivers/crypto/caam/desc.h1
-rw-r--r--drivers/crypto/caam/error.h9
-rw-r--r--drivers/crypto/cavium/nitrox/nitrox_reqmgr.c2
-rw-r--r--drivers/crypto/ccree/cc_aead.c40
-rw-r--r--drivers/crypto/talitos.c26
13 files changed, 80 insertions, 82 deletions
diff --git a/crypto/adiantum.c b/crypto/adiantum.c
index 6651e713c45d..5564e73266a6 100644
--- a/crypto/adiantum.c
+++ b/crypto/adiantum.c
@@ -539,6 +539,8 @@ static int adiantum_create(struct crypto_template *tmpl, struct rtattr **tb)
539 ictx = skcipher_instance_ctx(inst); 539 ictx = skcipher_instance_ctx(inst);
540 540
541 /* Stream cipher, e.g. "xchacha12" */ 541 /* Stream cipher, e.g. "xchacha12" */
542 crypto_set_skcipher_spawn(&ictx->streamcipher_spawn,
543 skcipher_crypto_instance(inst));
542 err = crypto_grab_skcipher(&ictx->streamcipher_spawn, streamcipher_name, 544 err = crypto_grab_skcipher(&ictx->streamcipher_spawn, streamcipher_name,
543 0, crypto_requires_sync(algt->type, 545 0, crypto_requires_sync(algt->type,
544 algt->mask)); 546 algt->mask));
@@ -547,6 +549,8 @@ static int adiantum_create(struct crypto_template *tmpl, struct rtattr **tb)
547 streamcipher_alg = crypto_spawn_skcipher_alg(&ictx->streamcipher_spawn); 549 streamcipher_alg = crypto_spawn_skcipher_alg(&ictx->streamcipher_spawn);
548 550
549 /* Block cipher, e.g. "aes" */ 551 /* Block cipher, e.g. "aes" */
552 crypto_set_spawn(&ictx->blockcipher_spawn,
553 skcipher_crypto_instance(inst));
550 err = crypto_grab_spawn(&ictx->blockcipher_spawn, blockcipher_name, 554 err = crypto_grab_spawn(&ictx->blockcipher_spawn, blockcipher_name,
551 CRYPTO_ALG_TYPE_CIPHER, CRYPTO_ALG_TYPE_MASK); 555 CRYPTO_ALG_TYPE_CIPHER, CRYPTO_ALG_TYPE_MASK);
552 if (err) 556 if (err)
diff --git a/crypto/authenc.c b/crypto/authenc.c
index 37f54d1b2f66..4be293a4b5f0 100644
--- a/crypto/authenc.c
+++ b/crypto/authenc.c
@@ -58,14 +58,22 @@ int crypto_authenc_extractkeys(struct crypto_authenc_keys *keys, const u8 *key,
58 return -EINVAL; 58 return -EINVAL;
59 if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM) 59 if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM)
60 return -EINVAL; 60 return -EINVAL;
61 if (RTA_PAYLOAD(rta) < sizeof(*param)) 61
62 /*
63 * RTA_OK() didn't align the rtattr's payload when validating that it
64 * fits in the buffer. Yet, the keys should start on the next 4-byte
65 * aligned boundary. To avoid confusion, require that the rtattr
66 * payload be exactly the param struct, which has a 4-byte aligned size.
67 */
68 if (RTA_PAYLOAD(rta) != sizeof(*param))
62 return -EINVAL; 69 return -EINVAL;
70 BUILD_BUG_ON(sizeof(*param) % RTA_ALIGNTO);
63 71
64 param = RTA_DATA(rta); 72 param = RTA_DATA(rta);
65 keys->enckeylen = be32_to_cpu(param->enckeylen); 73 keys->enckeylen = be32_to_cpu(param->enckeylen);
66 74
67 key += RTA_ALIGN(rta->rta_len); 75 key += rta->rta_len;
68 keylen -= RTA_ALIGN(rta->rta_len); 76 keylen -= rta->rta_len;
69 77
70 if (keylen < keys->enckeylen) 78 if (keylen < keys->enckeylen)
71 return -EINVAL; 79 return -EINVAL;
diff --git a/crypto/authencesn.c b/crypto/authencesn.c
index 80a25cc04aec..4741fe89ba2c 100644
--- a/crypto/authencesn.c
+++ b/crypto/authencesn.c
@@ -279,7 +279,7 @@ static void authenc_esn_verify_ahash_done(struct crypto_async_request *areq,
279 struct aead_request *req = areq->data; 279 struct aead_request *req = areq->data;
280 280
281 err = err ?: crypto_authenc_esn_decrypt_tail(req, 0); 281 err = err ?: crypto_authenc_esn_decrypt_tail(req, 0);
282 aead_request_complete(req, err); 282 authenc_esn_request_complete(req, err);
283} 283}
284 284
285static int crypto_authenc_esn_decrypt(struct aead_request *req) 285static int crypto_authenc_esn_decrypt(struct aead_request *req)
diff --git a/crypto/sm3_generic.c b/crypto/sm3_generic.c
index 9a5c60f08aad..c0cf87ae7ef6 100644
--- a/crypto/sm3_generic.c
+++ b/crypto/sm3_generic.c
@@ -100,7 +100,7 @@ static void sm3_compress(u32 *w, u32 *wt, u32 *m)
100 100
101 for (i = 0; i <= 63; i++) { 101 for (i = 0; i <= 63; i++) {
102 102
103 ss1 = rol32((rol32(a, 12) + e + rol32(t(i), i)), 7); 103 ss1 = rol32((rol32(a, 12) + e + rol32(t(i), i & 31)), 7);
104 104
105 ss2 = ss1 ^ rol32(a, 12); 105 ss2 = ss1 ^ rol32(a, 12);
106 106
diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig
index 5a90075f719d..0be55fcc19ba 100644
--- a/drivers/crypto/Kconfig
+++ b/drivers/crypto/Kconfig
@@ -692,6 +692,7 @@ config CRYPTO_DEV_BCM_SPU
692 depends on ARCH_BCM_IPROC 692 depends on ARCH_BCM_IPROC
693 depends on MAILBOX 693 depends on MAILBOX
694 default m 694 default m
695 select CRYPTO_AUTHENC
695 select CRYPTO_DES 696 select CRYPTO_DES
696 select CRYPTO_MD5 697 select CRYPTO_MD5
697 select CRYPTO_SHA1 698 select CRYPTO_SHA1
diff --git a/drivers/crypto/bcm/cipher.c b/drivers/crypto/bcm/cipher.c
index c9393ffb70ed..5567cbda2798 100644
--- a/drivers/crypto/bcm/cipher.c
+++ b/drivers/crypto/bcm/cipher.c
@@ -2845,44 +2845,28 @@ static int aead_authenc_setkey(struct crypto_aead *cipher,
2845 struct spu_hw *spu = &iproc_priv.spu; 2845 struct spu_hw *spu = &iproc_priv.spu;
2846 struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher); 2846 struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
2847 struct crypto_tfm *tfm = crypto_aead_tfm(cipher); 2847 struct crypto_tfm *tfm = crypto_aead_tfm(cipher);
2848 struct rtattr *rta = (void *)key; 2848 struct crypto_authenc_keys keys;
2849 struct crypto_authenc_key_param *param; 2849 int ret;
2850 const u8 *origkey = key;
2851 const unsigned int origkeylen = keylen;
2852
2853 int ret = 0;
2854 2850
2855 flow_log("%s() aead:%p key:%p keylen:%u\n", __func__, cipher, key, 2851 flow_log("%s() aead:%p key:%p keylen:%u\n", __func__, cipher, key,
2856 keylen); 2852 keylen);
2857 flow_dump(" key: ", key, keylen); 2853 flow_dump(" key: ", key, keylen);
2858 2854
2859 if (!RTA_OK(rta, keylen)) 2855 ret = crypto_authenc_extractkeys(&keys, key, keylen);
2860 goto badkey; 2856 if (ret)
2861 if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM)
2862 goto badkey;
2863 if (RTA_PAYLOAD(rta) < sizeof(*param))
2864 goto badkey; 2857 goto badkey;
2865 2858
2866 param = RTA_DATA(rta); 2859 if (keys.enckeylen > MAX_KEY_SIZE ||
2867 ctx->enckeylen = be32_to_cpu(param->enckeylen); 2860 keys.authkeylen > MAX_KEY_SIZE)
2868
2869 key += RTA_ALIGN(rta->rta_len);
2870 keylen -= RTA_ALIGN(rta->rta_len);
2871
2872 if (keylen < ctx->enckeylen)
2873 goto badkey;
2874 if (ctx->enckeylen > MAX_KEY_SIZE)
2875 goto badkey; 2861 goto badkey;
2876 2862
2877 ctx->authkeylen = keylen - ctx->enckeylen; 2863 ctx->enckeylen = keys.enckeylen;
2878 2864 ctx->authkeylen = keys.authkeylen;
2879 if (ctx->authkeylen > MAX_KEY_SIZE)
2880 goto badkey;
2881 2865
2882 memcpy(ctx->enckey, key + ctx->authkeylen, ctx->enckeylen); 2866 memcpy(ctx->enckey, keys.enckey, keys.enckeylen);
2883 /* May end up padding auth key. So make sure it's zeroed. */ 2867 /* May end up padding auth key. So make sure it's zeroed. */
2884 memset(ctx->authkey, 0, sizeof(ctx->authkey)); 2868 memset(ctx->authkey, 0, sizeof(ctx->authkey));
2885 memcpy(ctx->authkey, key, ctx->authkeylen); 2869 memcpy(ctx->authkey, keys.authkey, keys.authkeylen);
2886 2870
2887 switch (ctx->alg->cipher_info.alg) { 2871 switch (ctx->alg->cipher_info.alg) {
2888 case CIPHER_ALG_DES: 2872 case CIPHER_ALG_DES:
@@ -2890,7 +2874,7 @@ static int aead_authenc_setkey(struct crypto_aead *cipher,
2890 u32 tmp[DES_EXPKEY_WORDS]; 2874 u32 tmp[DES_EXPKEY_WORDS];
2891 u32 flags = CRYPTO_TFM_RES_WEAK_KEY; 2875 u32 flags = CRYPTO_TFM_RES_WEAK_KEY;
2892 2876
2893 if (des_ekey(tmp, key) == 0) { 2877 if (des_ekey(tmp, keys.enckey) == 0) {
2894 if (crypto_aead_get_flags(cipher) & 2878 if (crypto_aead_get_flags(cipher) &
2895 CRYPTO_TFM_REQ_WEAK_KEY) { 2879 CRYPTO_TFM_REQ_WEAK_KEY) {
2896 crypto_aead_set_flags(cipher, flags); 2880 crypto_aead_set_flags(cipher, flags);
@@ -2905,7 +2889,7 @@ static int aead_authenc_setkey(struct crypto_aead *cipher,
2905 break; 2889 break;
2906 case CIPHER_ALG_3DES: 2890 case CIPHER_ALG_3DES:
2907 if (ctx->enckeylen == (DES_KEY_SIZE * 3)) { 2891 if (ctx->enckeylen == (DES_KEY_SIZE * 3)) {
2908 const u32 *K = (const u32 *)key; 2892 const u32 *K = (const u32 *)keys.enckey;
2909 u32 flags = CRYPTO_TFM_RES_BAD_KEY_SCHED; 2893 u32 flags = CRYPTO_TFM_RES_BAD_KEY_SCHED;
2910 2894
2911 if (!((K[0] ^ K[2]) | (K[1] ^ K[3])) || 2895 if (!((K[0] ^ K[2]) | (K[1] ^ K[3])) ||
@@ -2956,9 +2940,7 @@ static int aead_authenc_setkey(struct crypto_aead *cipher,
2956 ctx->fallback_cipher->base.crt_flags &= ~CRYPTO_TFM_REQ_MASK; 2940 ctx->fallback_cipher->base.crt_flags &= ~CRYPTO_TFM_REQ_MASK;
2957 ctx->fallback_cipher->base.crt_flags |= 2941 ctx->fallback_cipher->base.crt_flags |=
2958 tfm->crt_flags & CRYPTO_TFM_REQ_MASK; 2942 tfm->crt_flags & CRYPTO_TFM_REQ_MASK;
2959 ret = 2943 ret = crypto_aead_setkey(ctx->fallback_cipher, key, keylen);
2960 crypto_aead_setkey(ctx->fallback_cipher, origkey,
2961 origkeylen);
2962 if (ret) { 2944 if (ret) {
2963 flow_log(" fallback setkey() returned:%d\n", ret); 2945 flow_log(" fallback setkey() returned:%d\n", ret);
2964 tfm->crt_flags &= ~CRYPTO_TFM_RES_MASK; 2946 tfm->crt_flags &= ~CRYPTO_TFM_RES_MASK;
diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c
index 92e593e2069a..80ae69f906fb 100644
--- a/drivers/crypto/caam/caamalg.c
+++ b/drivers/crypto/caam/caamalg.c
@@ -3476,7 +3476,7 @@ static int __init caam_algapi_init(void)
3476 * Skip algorithms requiring message digests 3476 * Skip algorithms requiring message digests
3477 * if MD or MD size is not supported by device. 3477 * if MD or MD size is not supported by device.
3478 */ 3478 */
3479 if ((c2_alg_sel & ~OP_ALG_ALGSEL_SUBMASK) == 0x40 && 3479 if (is_mdha(c2_alg_sel) &&
3480 (!md_inst || t_alg->aead.maxauthsize > md_limit)) 3480 (!md_inst || t_alg->aead.maxauthsize > md_limit))
3481 continue; 3481 continue;
3482 3482
diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c
index 81712aa5d0f2..bb1a2cdf1951 100644
--- a/drivers/crypto/caam/caamhash.c
+++ b/drivers/crypto/caam/caamhash.c
@@ -1072,13 +1072,16 @@ static int ahash_final_no_ctx(struct ahash_request *req)
1072 1072
1073 desc = edesc->hw_desc; 1073 desc = edesc->hw_desc;
1074 1074
1075 state->buf_dma = dma_map_single(jrdev, buf, buflen, DMA_TO_DEVICE); 1075 if (buflen) {
1076 if (dma_mapping_error(jrdev, state->buf_dma)) { 1076 state->buf_dma = dma_map_single(jrdev, buf, buflen,
1077 dev_err(jrdev, "unable to map src\n"); 1077 DMA_TO_DEVICE);
1078 goto unmap; 1078 if (dma_mapping_error(jrdev, state->buf_dma)) {
1079 } 1079 dev_err(jrdev, "unable to map src\n");
1080 goto unmap;
1081 }
1080 1082
1081 append_seq_in_ptr(desc, state->buf_dma, buflen, 0); 1083 append_seq_in_ptr(desc, state->buf_dma, buflen, 0);
1084 }
1082 1085
1083 edesc->dst_dma = map_seq_out_ptr_result(desc, jrdev, req->result, 1086 edesc->dst_dma = map_seq_out_ptr_result(desc, jrdev, req->result,
1084 digestsize); 1087 digestsize);
diff --git a/drivers/crypto/caam/desc.h b/drivers/crypto/caam/desc.h
index ec10230178c5..4b6854bf896a 100644
--- a/drivers/crypto/caam/desc.h
+++ b/drivers/crypto/caam/desc.h
@@ -1155,6 +1155,7 @@
1155#define OP_ALG_ALGSEL_DES (0x20 << OP_ALG_ALGSEL_SHIFT) 1155#define OP_ALG_ALGSEL_DES (0x20 << OP_ALG_ALGSEL_SHIFT)
1156#define OP_ALG_ALGSEL_3DES (0x21 << OP_ALG_ALGSEL_SHIFT) 1156#define OP_ALG_ALGSEL_3DES (0x21 << OP_ALG_ALGSEL_SHIFT)
1157#define OP_ALG_ALGSEL_ARC4 (0x30 << OP_ALG_ALGSEL_SHIFT) 1157#define OP_ALG_ALGSEL_ARC4 (0x30 << OP_ALG_ALGSEL_SHIFT)
1158#define OP_ALG_CHA_MDHA (0x40 << OP_ALG_ALGSEL_SHIFT)
1158#define OP_ALG_ALGSEL_MD5 (0x40 << OP_ALG_ALGSEL_SHIFT) 1159#define OP_ALG_ALGSEL_MD5 (0x40 << OP_ALG_ALGSEL_SHIFT)
1159#define OP_ALG_ALGSEL_SHA1 (0x41 << OP_ALG_ALGSEL_SHIFT) 1160#define OP_ALG_ALGSEL_SHA1 (0x41 << OP_ALG_ALGSEL_SHIFT)
1160#define OP_ALG_ALGSEL_SHA224 (0x42 << OP_ALG_ALGSEL_SHIFT) 1161#define OP_ALG_ALGSEL_SHA224 (0x42 << OP_ALG_ALGSEL_SHIFT)
diff --git a/drivers/crypto/caam/error.h b/drivers/crypto/caam/error.h
index 67ea94079837..8c6b83e02a70 100644
--- a/drivers/crypto/caam/error.h
+++ b/drivers/crypto/caam/error.h
@@ -7,6 +7,9 @@
7 7
8#ifndef CAAM_ERROR_H 8#ifndef CAAM_ERROR_H
9#define CAAM_ERROR_H 9#define CAAM_ERROR_H
10
11#include "desc.h"
12
10#define CAAM_ERROR_STR_MAX 302 13#define CAAM_ERROR_STR_MAX 302
11 14
12void caam_strstatus(struct device *dev, u32 status, bool qi_v2); 15void caam_strstatus(struct device *dev, u32 status, bool qi_v2);
@@ -17,4 +20,10 @@ void caam_strstatus(struct device *dev, u32 status, bool qi_v2);
17void caam_dump_sg(const char *level, const char *prefix_str, int prefix_type, 20void caam_dump_sg(const char *level, const char *prefix_str, int prefix_type,
18 int rowsize, int groupsize, struct scatterlist *sg, 21 int rowsize, int groupsize, struct scatterlist *sg,
19 size_t tlen, bool ascii); 22 size_t tlen, bool ascii);
23
24static inline bool is_mdha(u32 algtype)
25{
26 return (algtype & OP_ALG_ALGSEL_MASK & ~OP_ALG_ALGSEL_SUBMASK) ==
27 OP_ALG_CHA_MDHA;
28}
20#endif /* CAAM_ERROR_H */ 29#endif /* CAAM_ERROR_H */
diff --git a/drivers/crypto/cavium/nitrox/nitrox_reqmgr.c b/drivers/crypto/cavium/nitrox/nitrox_reqmgr.c
index e34e4df8fd24..fe070d75c842 100644
--- a/drivers/crypto/cavium/nitrox/nitrox_reqmgr.c
+++ b/drivers/crypto/cavium/nitrox/nitrox_reqmgr.c
@@ -567,10 +567,10 @@ static void process_response_list(struct nitrox_cmdq *cmdq)
567 567
568 /* ORH error code */ 568 /* ORH error code */
569 err = READ_ONCE(*sr->resp.orh) & 0xff; 569 err = READ_ONCE(*sr->resp.orh) & 0xff;
570 softreq_destroy(sr);
571 570
572 if (sr->callback) 571 if (sr->callback)
573 sr->callback(sr->cb_arg, err); 572 sr->callback(sr->cb_arg, err);
573 softreq_destroy(sr);
574 574
575 req_completed++; 575 req_completed++;
576 } 576 }
diff --git a/drivers/crypto/ccree/cc_aead.c b/drivers/crypto/ccree/cc_aead.c
index f2643cda45db..a3527c00b29a 100644
--- a/drivers/crypto/ccree/cc_aead.c
+++ b/drivers/crypto/ccree/cc_aead.c
@@ -549,13 +549,12 @@ static int cc_aead_setkey(struct crypto_aead *tfm, const u8 *key,
549 unsigned int keylen) 549 unsigned int keylen)
550{ 550{
551 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 551 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
552 struct rtattr *rta = (struct rtattr *)key;
553 struct cc_crypto_req cc_req = {}; 552 struct cc_crypto_req cc_req = {};
554 struct crypto_authenc_key_param *param;
555 struct cc_hw_desc desc[MAX_AEAD_SETKEY_SEQ]; 553 struct cc_hw_desc desc[MAX_AEAD_SETKEY_SEQ];
556 int rc = -EINVAL;
557 unsigned int seq_len = 0; 554 unsigned int seq_len = 0;
558 struct device *dev = drvdata_to_dev(ctx->drvdata); 555 struct device *dev = drvdata_to_dev(ctx->drvdata);
556 const u8 *enckey, *authkey;
557 int rc;
559 558
560 dev_dbg(dev, "Setting key in context @%p for %s. key=%p keylen=%u\n", 559 dev_dbg(dev, "Setting key in context @%p for %s. key=%p keylen=%u\n",
561 ctx, crypto_tfm_alg_name(crypto_aead_tfm(tfm)), key, keylen); 560 ctx, crypto_tfm_alg_name(crypto_aead_tfm(tfm)), key, keylen);
@@ -563,35 +562,33 @@ static int cc_aead_setkey(struct crypto_aead *tfm, const u8 *key,
563 /* STAT_PHASE_0: Init and sanity checks */ 562 /* STAT_PHASE_0: Init and sanity checks */
564 563
565 if (ctx->auth_mode != DRV_HASH_NULL) { /* authenc() alg. */ 564 if (ctx->auth_mode != DRV_HASH_NULL) { /* authenc() alg. */
566 if (!RTA_OK(rta, keylen)) 565 struct crypto_authenc_keys keys;
567 goto badkey; 566
568 if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM) 567 rc = crypto_authenc_extractkeys(&keys, key, keylen);
569 goto badkey; 568 if (rc)
570 if (RTA_PAYLOAD(rta) < sizeof(*param))
571 goto badkey;
572 param = RTA_DATA(rta);
573 ctx->enc_keylen = be32_to_cpu(param->enckeylen);
574 key += RTA_ALIGN(rta->rta_len);
575 keylen -= RTA_ALIGN(rta->rta_len);
576 if (keylen < ctx->enc_keylen)
577 goto badkey; 569 goto badkey;
578 ctx->auth_keylen = keylen - ctx->enc_keylen; 570 enckey = keys.enckey;
571 authkey = keys.authkey;
572 ctx->enc_keylen = keys.enckeylen;
573 ctx->auth_keylen = keys.authkeylen;
579 574
580 if (ctx->cipher_mode == DRV_CIPHER_CTR) { 575 if (ctx->cipher_mode == DRV_CIPHER_CTR) {
581 /* the nonce is stored in bytes at end of key */ 576 /* the nonce is stored in bytes at end of key */
577 rc = -EINVAL;
582 if (ctx->enc_keylen < 578 if (ctx->enc_keylen <
583 (AES_MIN_KEY_SIZE + CTR_RFC3686_NONCE_SIZE)) 579 (AES_MIN_KEY_SIZE + CTR_RFC3686_NONCE_SIZE))
584 goto badkey; 580 goto badkey;
585 /* Copy nonce from last 4 bytes in CTR key to 581 /* Copy nonce from last 4 bytes in CTR key to
586 * first 4 bytes in CTR IV 582 * first 4 bytes in CTR IV
587 */ 583 */
588 memcpy(ctx->ctr_nonce, key + ctx->auth_keylen + 584 memcpy(ctx->ctr_nonce, enckey + ctx->enc_keylen -
589 ctx->enc_keylen - CTR_RFC3686_NONCE_SIZE, 585 CTR_RFC3686_NONCE_SIZE, CTR_RFC3686_NONCE_SIZE);
590 CTR_RFC3686_NONCE_SIZE);
591 /* Set CTR key size */ 586 /* Set CTR key size */
592 ctx->enc_keylen -= CTR_RFC3686_NONCE_SIZE; 587 ctx->enc_keylen -= CTR_RFC3686_NONCE_SIZE;
593 } 588 }
594 } else { /* non-authenc - has just one key */ 589 } else { /* non-authenc - has just one key */
590 enckey = key;
591 authkey = NULL;
595 ctx->enc_keylen = keylen; 592 ctx->enc_keylen = keylen;
596 ctx->auth_keylen = 0; 593 ctx->auth_keylen = 0;
597 } 594 }
@@ -603,13 +600,14 @@ static int cc_aead_setkey(struct crypto_aead *tfm, const u8 *key,
603 /* STAT_PHASE_1: Copy key to ctx */ 600 /* STAT_PHASE_1: Copy key to ctx */
604 601
605 /* Get key material */ 602 /* Get key material */
606 memcpy(ctx->enckey, key + ctx->auth_keylen, ctx->enc_keylen); 603 memcpy(ctx->enckey, enckey, ctx->enc_keylen);
607 if (ctx->enc_keylen == 24) 604 if (ctx->enc_keylen == 24)
608 memset(ctx->enckey + 24, 0, CC_AES_KEY_SIZE_MAX - 24); 605 memset(ctx->enckey + 24, 0, CC_AES_KEY_SIZE_MAX - 24);
609 if (ctx->auth_mode == DRV_HASH_XCBC_MAC) { 606 if (ctx->auth_mode == DRV_HASH_XCBC_MAC) {
610 memcpy(ctx->auth_state.xcbc.xcbc_keys, key, ctx->auth_keylen); 607 memcpy(ctx->auth_state.xcbc.xcbc_keys, authkey,
608 ctx->auth_keylen);
611 } else if (ctx->auth_mode != DRV_HASH_NULL) { /* HMAC */ 609 } else if (ctx->auth_mode != DRV_HASH_NULL) { /* HMAC */
612 rc = cc_get_plain_hmac_key(tfm, key, ctx->auth_keylen); 610 rc = cc_get_plain_hmac_key(tfm, authkey, ctx->auth_keylen);
613 if (rc) 611 if (rc)
614 goto badkey; 612 goto badkey;
615 } 613 }
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index 45e20707cef8..f8e2c5c3f4eb 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -1361,23 +1361,18 @@ static struct talitos_edesc *talitos_edesc_alloc(struct device *dev,
1361 struct talitos_private *priv = dev_get_drvdata(dev); 1361 struct talitos_private *priv = dev_get_drvdata(dev);
1362 bool is_sec1 = has_ftr_sec1(priv); 1362 bool is_sec1 = has_ftr_sec1(priv);
1363 int max_len = is_sec1 ? TALITOS1_MAX_DATA_LEN : TALITOS2_MAX_DATA_LEN; 1363 int max_len = is_sec1 ? TALITOS1_MAX_DATA_LEN : TALITOS2_MAX_DATA_LEN;
1364 void *err;
1365 1364
1366 if (cryptlen + authsize > max_len) { 1365 if (cryptlen + authsize > max_len) {
1367 dev_err(dev, "length exceeds h/w max limit\n"); 1366 dev_err(dev, "length exceeds h/w max limit\n");
1368 return ERR_PTR(-EINVAL); 1367 return ERR_PTR(-EINVAL);
1369 } 1368 }
1370 1369
1371 if (ivsize)
1372 iv_dma = dma_map_single(dev, iv, ivsize, DMA_TO_DEVICE);
1373
1374 if (!dst || dst == src) { 1370 if (!dst || dst == src) {
1375 src_len = assoclen + cryptlen + authsize; 1371 src_len = assoclen + cryptlen + authsize;
1376 src_nents = sg_nents_for_len(src, src_len); 1372 src_nents = sg_nents_for_len(src, src_len);
1377 if (src_nents < 0) { 1373 if (src_nents < 0) {
1378 dev_err(dev, "Invalid number of src SG.\n"); 1374 dev_err(dev, "Invalid number of src SG.\n");
1379 err = ERR_PTR(-EINVAL); 1375 return ERR_PTR(-EINVAL);
1380 goto error_sg;
1381 } 1376 }
1382 src_nents = (src_nents == 1) ? 0 : src_nents; 1377 src_nents = (src_nents == 1) ? 0 : src_nents;
1383 dst_nents = dst ? src_nents : 0; 1378 dst_nents = dst ? src_nents : 0;
@@ -1387,16 +1382,14 @@ static struct talitos_edesc *talitos_edesc_alloc(struct device *dev,
1387 src_nents = sg_nents_for_len(src, src_len); 1382 src_nents = sg_nents_for_len(src, src_len);
1388 if (src_nents < 0) { 1383 if (src_nents < 0) {
1389 dev_err(dev, "Invalid number of src SG.\n"); 1384 dev_err(dev, "Invalid number of src SG.\n");
1390 err = ERR_PTR(-EINVAL); 1385 return ERR_PTR(-EINVAL);
1391 goto error_sg;
1392 } 1386 }
1393 src_nents = (src_nents == 1) ? 0 : src_nents; 1387 src_nents = (src_nents == 1) ? 0 : src_nents;
1394 dst_len = assoclen + cryptlen + (encrypt ? authsize : 0); 1388 dst_len = assoclen + cryptlen + (encrypt ? authsize : 0);
1395 dst_nents = sg_nents_for_len(dst, dst_len); 1389 dst_nents = sg_nents_for_len(dst, dst_len);
1396 if (dst_nents < 0) { 1390 if (dst_nents < 0) {
1397 dev_err(dev, "Invalid number of dst SG.\n"); 1391 dev_err(dev, "Invalid number of dst SG.\n");
1398 err = ERR_PTR(-EINVAL); 1392 return ERR_PTR(-EINVAL);
1399 goto error_sg;
1400 } 1393 }
1401 dst_nents = (dst_nents == 1) ? 0 : dst_nents; 1394 dst_nents = (dst_nents == 1) ? 0 : dst_nents;
1402 } 1395 }
@@ -1423,11 +1416,14 @@ static struct talitos_edesc *talitos_edesc_alloc(struct device *dev,
1423 /* if its a ahash, add space for a second desc next to the first one */ 1416 /* if its a ahash, add space for a second desc next to the first one */
1424 if (is_sec1 && !dst) 1417 if (is_sec1 && !dst)
1425 alloc_len += sizeof(struct talitos_desc); 1418 alloc_len += sizeof(struct talitos_desc);
1419 alloc_len += ivsize;
1426 1420
1427 edesc = kmalloc(alloc_len, GFP_DMA | flags); 1421 edesc = kmalloc(alloc_len, GFP_DMA | flags);
1428 if (!edesc) { 1422 if (!edesc)
1429 err = ERR_PTR(-ENOMEM); 1423 return ERR_PTR(-ENOMEM);
1430 goto error_sg; 1424 if (ivsize) {
1425 iv = memcpy(((u8 *)edesc) + alloc_len - ivsize, iv, ivsize);
1426 iv_dma = dma_map_single(dev, iv, ivsize, DMA_TO_DEVICE);
1431 } 1427 }
1432 memset(&edesc->desc, 0, sizeof(edesc->desc)); 1428 memset(&edesc->desc, 0, sizeof(edesc->desc));
1433 1429
@@ -1445,10 +1441,6 @@ static struct talitos_edesc *talitos_edesc_alloc(struct device *dev,
1445 DMA_BIDIRECTIONAL); 1441 DMA_BIDIRECTIONAL);
1446 } 1442 }
1447 return edesc; 1443 return edesc;
1448error_sg:
1449 if (iv_dma)
1450 dma_unmap_single(dev, iv_dma, ivsize, DMA_TO_DEVICE);
1451 return err;
1452} 1444}
1453 1445
1454static struct talitos_edesc *aead_edesc_alloc(struct aead_request *areq, u8 *iv, 1446static struct talitos_edesc *aead_edesc_alloc(struct aead_request *areq, u8 *iv,
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-27 18:10:41 -0400