diff options
| author | Mathias Krause <mathias.krause@secunet.com> | 2013-10-15 07:49:33 -0400 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2013-10-16 08:56:26 -0400 |
| commit | ab827fb399b453bd7d4a49e8878bc5f7018507dd (patch) | |
| tree | cdf0a38b277196463213ef5097d25ebd95fa882e /drivers/crypto/picoxcell_crypto.c | |
| parent | 56902781cd037f4d6380cb037b5f50076bb82549 (diff) | |
crypto: picoxcell - Simplify and harden key parsing
Use the common helper function crypto_authenc_extractkeys() for key
parsing. Also ensure the auth key won't overflow the hash_ctx buffer.
Cc: Jamie Iles <jamie@jamieiles.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Mathias Krause <mathias.krause@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'drivers/crypto/picoxcell_crypto.c')
| -rw-r--r-- | drivers/crypto/picoxcell_crypto.c | 32 |
1 files changed, 8 insertions, 24 deletions
diff --git a/drivers/crypto/picoxcell_crypto.c b/drivers/crypto/picoxcell_crypto.c index 888f7f4a6d3f..a6175ba6d238 100644 --- a/drivers/crypto/picoxcell_crypto.c +++ b/drivers/crypto/picoxcell_crypto.c | |||
| @@ -495,45 +495,29 @@ static int spacc_aead_setkey(struct crypto_aead *tfm, const u8 *key, | |||
| 495 | { | 495 | { |
| 496 | struct spacc_aead_ctx *ctx = crypto_aead_ctx(tfm); | 496 | struct spacc_aead_ctx *ctx = crypto_aead_ctx(tfm); |
| 497 | struct spacc_alg *alg = to_spacc_alg(tfm->base.__crt_alg); | 497 | struct spacc_alg *alg = to_spacc_alg(tfm->base.__crt_alg); |
| 498 | struct rtattr *rta = (void *)key; | 498 | struct crypto_authenc_keys keys; |
| 499 | struct crypto_authenc_key_param *param; | ||
| 500 | unsigned int authkeylen, enckeylen; | ||
| 501 | int err = -EINVAL; | 499 | int err = -EINVAL; |
| 502 | 500 | ||
| 503 | if (!RTA_OK(rta, keylen)) | 501 | if (crypto_authenc_extractkeys(&keys, key, keylen) != 0) |
| 504 | goto badkey; | 502 | goto badkey; |
| 505 | 503 | ||
| 506 | if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM) | 504 | if (keys.enckeylen > AES_MAX_KEY_SIZE) |
| 507 | goto badkey; | 505 | goto badkey; |
| 508 | 506 | ||
| 509 | if (RTA_PAYLOAD(rta) < sizeof(*param)) | 507 | if (keys.authkeylen > sizeof(ctx->hash_ctx)) |
| 510 | goto badkey; | ||
| 511 | |||
| 512 | param = RTA_DATA(rta); | ||
| 513 | enckeylen = be32_to_cpu(param->enckeylen); | ||
| 514 | |||
| 515 | key += RTA_ALIGN(rta->rta_len); | ||
| 516 | keylen -= RTA_ALIGN(rta->rta_len); | ||
| 517 | |||
| 518 | if (keylen < enckeylen) | ||
| 519 | goto badkey; | ||
| 520 | |||
| 521 | authkeylen = keylen - enckeylen; | ||
| 522 | |||
| 523 | if (enckeylen > AES_MAX_KEY_SIZE) | ||
| 524 | goto badkey; | 508 | goto badkey; |
| 525 | 509 | ||
| 526 | if ((alg->ctrl_default & SPACC_CRYPTO_ALG_MASK) == | 510 | if ((alg->ctrl_default & SPACC_CRYPTO_ALG_MASK) == |
| 527 | SPA_CTRL_CIPH_ALG_AES) | 511 | SPA_CTRL_CIPH_ALG_AES) |
| 528 | err = spacc_aead_aes_setkey(tfm, key + authkeylen, enckeylen); | 512 | err = spacc_aead_aes_setkey(tfm, keys.enckey, keys.enckeylen); |
| 529 | else | 513 | else |
| 530 | err = spacc_aead_des_setkey(tfm, key + authkeylen, enckeylen); | 514 | err = spacc_aead_des_setkey(tfm, keys.enckey, keys.enckeylen); |
| 531 | 515 | ||
| 532 | if (err) | 516 | if (err) |
| 533 | goto badkey; | 517 | goto badkey; |
| 534 | 518 | ||
| 535 | memcpy(ctx->hash_ctx, key, authkeylen); | 519 | memcpy(ctx->hash_ctx, keys.authkey, keys.authkeylen); |
| 536 | ctx->hash_key_len = authkeylen; | 520 | ctx->hash_key_len = keys.authkeylen; |
| 537 | 521 | ||
| 538 | return 0; | 522 | return 0; |
| 539 | 523 | ||