4 files changed, 17 insertions, 5 deletions
diff --git a/crypto/adiantum.c b/crypto/adiantum.c
index 6651e713c45d..5564e73266a6 100644
--- a/crypto/adiantum.c
+++ b/crypto/adiantum.c
@@ -539,6 +539,8 @@ static int adiantum_create(struct crypto_template *tmpl, struct rtattr **tb)
        ictx = skcipher_instance_ctx(inst);
        /* Stream cipher, e.g. "xchacha12" */
+        crypto_set_skcipher_spawn(&ictx->streamcipher_spawn,
+                                  skcipher_crypto_instance(inst));
        err = crypto_grab_skcipher(&ictx->streamcipher_spawn, streamcipher_name,
                                   0, crypto_requires_sync(algt->type,
                                                           algt->mask));
@@ -547,6 +549,8 @@ static int adiantum_create(struct crypto_template *tmpl, struct rtattr **tb)
        streamcipher_alg = crypto_spawn_skcipher_alg(&ictx->streamcipher_spawn);
        /* Block cipher, e.g. "aes" */
+        crypto_set_spawn(&ictx->blockcipher_spawn,
+                         skcipher_crypto_instance(inst));
        err = crypto_grab_spawn(&ictx->blockcipher_spawn, blockcipher_name,
                                CRYPTO_ALG_TYPE_CIPHER, CRYPTO_ALG_TYPE_MASK);
        if (err)
diff --git a/crypto/authenc.c b/crypto/authenc.c
index 37f54d1b2f66..4be293a4b5f0 100644
--- a/crypto/authenc.c
+++ b/crypto/authenc.c
@@ -58,14 +58,22 @@ int crypto_authenc_extractkeys(struct crypto_authenc_keys *keys, const u8 *key,
                return -EINVAL;
        if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM)
                return -EINVAL;
-        if (RTA_PAYLOAD(rta) < sizeof(*param))
+        /*
+         * RTA_OK() didn't align the rtattr's payload when validating that it
+         * fits in the buffer.  Yet, the keys should start on the next 4-byte
+         * aligned boundary.  To avoid confusion, require that the rtattr
+         * payload be exactly the param struct, which has a 4-byte aligned size.
+         */
+        if (RTA_PAYLOAD(rta) != sizeof(*param))
                return -EINVAL;
+        BUILD_BUG_ON(sizeof(*param) % RTA_ALIGNTO);
        param = RTA_DATA(rta);
        keys->enckeylen = be32_to_cpu(param->enckeylen);
-        key += RTA_ALIGN(rta->rta_len);
+        key += rta->rta_len;
-        keylen -= RTA_ALIGN(rta->rta_len);
+        keylen -= rta->rta_len;
        if (keylen < keys->enckeylen)
                return -EINVAL;
diff --git a/crypto/authencesn.c b/crypto/authencesn.c
index 80a25cc04aec..4741fe89ba2c 100644
--- a/crypto/authencesn.c
+++ b/crypto/authencesn.c
@@ -279,7 +279,7 @@ static void authenc_esn_verify_ahash_done(struct crypto_async_request *areq,
        struct aead_request *req = areq->data;
        err = err ?: crypto_authenc_esn_decrypt_tail(req, 0);
-        aead_request_complete(req, err);
+        authenc_esn_request_complete(req, err);
 }
 static int crypto_authenc_esn_decrypt(struct aead_request *req)
diff --git a/crypto/sm3_generic.c b/crypto/sm3_generic.c
index 9a5c60f08aad..c0cf87ae7ef6 100644
--- a/crypto/sm3_generic.c
+++ b/crypto/sm3_generic.c
@@ -100,7 +100,7 @@ static void sm3_compress(u32 *w, u32 *wt, u32 *m)
        for (i = 0; i <= 63; i++) {
-                ss1 = rol32((rol32(a, 12) + e + rol32(t(i), i)), 7);
+                ss1 = rol32((rol32(a, 12) + e + rol32(t(i), i & 31)), 7);
                ss2 = ss1 ^ rol32(a, 12);

diff --git a/crypto/adiantum.c b/crypto/adiantum.c index 6651e713c45d..5564e73266a6 100644 --- a/crypto/adiantum.c +++ b/crypto/adiantum.c
@@ -539,6 +539,8 @@ static int adiantum_create(struct crypto_template tmpl, struct rtattr *tb)
539	ictx = skcipher_instance_ctx(inst);	539	ictx = skcipher_instance_ctx(inst);
540		540
541	/* Stream cipher, e.g. "xchacha12" */	541	/* Stream cipher, e.g. "xchacha12" */
		542	crypto_set_skcipher_spawn(&ictx->streamcipher_spawn,
		543	skcipher_crypto_instance(inst));
542	err = crypto_grab_skcipher(&ictx->streamcipher_spawn, streamcipher_name,	544	err = crypto_grab_skcipher(&ictx->streamcipher_spawn, streamcipher_name,
543	0, crypto_requires_sync(algt->type,	545	0, crypto_requires_sync(algt->type,
544	algt->mask));	546	algt->mask));
@@ -547,6 +549,8 @@ static int adiantum_create(struct crypto_template tmpl, struct rtattr *tb)
547	streamcipher_alg = crypto_spawn_skcipher_alg(&ictx->streamcipher_spawn);	549	streamcipher_alg = crypto_spawn_skcipher_alg(&ictx->streamcipher_spawn);
548		550
549	/* Block cipher, e.g. "aes" */	551	/* Block cipher, e.g. "aes" */
		552	crypto_set_spawn(&ictx->blockcipher_spawn,
		553	skcipher_crypto_instance(inst));
550	err = crypto_grab_spawn(&ictx->blockcipher_spawn, blockcipher_name,	554	err = crypto_grab_spawn(&ictx->blockcipher_spawn, blockcipher_name,
551	CRYPTO_ALG_TYPE_CIPHER, CRYPTO_ALG_TYPE_MASK);	555	CRYPTO_ALG_TYPE_CIPHER, CRYPTO_ALG_TYPE_MASK);
552	if (err)	556	if (err)


diff --git a/crypto/authenc.c b/crypto/authenc.c index 37f54d1b2f66..4be293a4b5f0 100644 --- a/crypto/authenc.c +++ b/crypto/authenc.c
@@ -58,14 +58,22 @@ int crypto_authenc_extractkeys(struct crypto_authenc_keys keys, const u8 key,
58	return -EINVAL;	58	return -EINVAL;
59	if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM)	59	if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM)
60	return -EINVAL;	60	return -EINVAL;
61	if (RTA_PAYLOAD(rta) < sizeof(*param))	61
		62	/*
		63	* RTA_OK() didn't align the rtattr's payload when validating that it
		64	* fits in the buffer. Yet, the keys should start on the next 4-byte
		65	* aligned boundary. To avoid confusion, require that the rtattr
		66	* payload be exactly the param struct, which has a 4-byte aligned size.
		67	*/
		68	if (RTA_PAYLOAD(rta) != sizeof(*param))
62	return -EINVAL;	69	return -EINVAL;
		70	BUILD_BUG_ON(sizeof(*param) % RTA_ALIGNTO);
63		71
64	param = RTA_DATA(rta);	72	param = RTA_DATA(rta);
65	keys->enckeylen = be32_to_cpu(param->enckeylen);	73	keys->enckeylen = be32_to_cpu(param->enckeylen);
66		74
67	key += RTA_ALIGN(rta->rta_len);	75	key += rta->rta_len;
68	keylen -= RTA_ALIGN(rta->rta_len);	76	keylen -= rta->rta_len;
69		77
70	if (keylen < keys->enckeylen)	78	if (keylen < keys->enckeylen)
71	return -EINVAL;	79	return -EINVAL;


diff --git a/crypto/authencesn.c b/crypto/authencesn.c index 80a25cc04aec..4741fe89ba2c 100644 --- a/crypto/authencesn.c +++ b/crypto/authencesn.c
@@ -279,7 +279,7 @@ static void authenc_esn_verify_ahash_done(struct crypto_async_request *areq,
279	struct aead_request *req = areq->data;	279	struct aead_request *req = areq->data;
280		280
281	err = err ?: crypto_authenc_esn_decrypt_tail(req, 0);	281	err = err ?: crypto_authenc_esn_decrypt_tail(req, 0);
282	aead_request_complete(req, err);	282	authenc_esn_request_complete(req, err);
283	}	283	}
284		284
285	static int crypto_authenc_esn_decrypt(struct aead_request *req)	285	static int crypto_authenc_esn_decrypt(struct aead_request *req)


diff --git a/crypto/sm3_generic.c b/crypto/sm3_generic.c index 9a5c60f08aad..c0cf87ae7ef6 100644 --- a/crypto/sm3_generic.c +++ b/crypto/sm3_generic.c
@@ -100,7 +100,7 @@ static void sm3_compress(u32 w, u32 wt, u32 *m)
100		100
101	for (i = 0; i <= 63; i++) {	101	for (i = 0; i <= 63; i++) {
102		102
103	ss1 = rol32((rol32(a, 12) + e + rol32(t(i), i)), 7);	103	ss1 = rol32((rol32(a, 12) + e + rol32(t(i), i & 31)), 7);
104		104
105	ss2 = ss1 ^ rol32(a, 12);	105	ss2 = ss1 ^ rol32(a, 12);
106		106