From: Wenkai Lin linwenkai6@hisilicon.com
It is more reasonable to check the input lengths of various cipher algorithms at the algorithm layer.
Signed-off-by: Wenkai Lin linwenkai6@hisilicon.com --- drv/hisi_sec.c | 19 +++++-------------- wd_cipher.c | 26 ++++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 14 deletions(-)
diff --git a/drv/hisi_sec.c b/drv/hisi_sec.c index 852340d..6625c41 100644 --- a/drv/hisi_sec.c +++ b/drv/hisi_sec.c @@ -960,10 +960,9 @@ static void parse_cipher_bd2(struct hisi_qp *qp, struct hisi_sec_sqe *sqe, dump_sec_msg(temp_msg, "cipher"); }
-static int aes_sm4_len_check(struct wd_cipher_msg *msg) +static int aes_len_check(struct wd_cipher_msg *msg) { - if (msg->alg == WD_CIPHER_AES && - msg->in_bytes <= AES_BLOCK_SIZE && + if (msg->in_bytes <= AES_BLOCK_SIZE && (msg->mode == WD_CIPHER_CBC_CS1 || msg->mode == WD_CIPHER_CBC_CS2 || msg->mode == WD_CIPHER_CBC_CS3)) { @@ -972,13 +971,6 @@ static int aes_sm4_len_check(struct wd_cipher_msg *msg) return -WD_EINVAL; }
- if ((msg->in_bytes & (AES_BLOCK_SIZE - 1)) && - (msg->mode == WD_CIPHER_CBC || msg->mode == WD_CIPHER_ECB)) { - WD_ERR("failed to check input bytes of AES or SM4, size = %u\n", - msg->in_bytes); - return -WD_EINVAL; - } - return 0; }
@@ -986,8 +978,7 @@ static int cipher_len_check(struct wd_cipher_msg *msg) { int ret;
- if (msg->in_bytes > MAX_INPUT_DATA_LEN || - !msg->in_bytes) { + if (msg->in_bytes > MAX_INPUT_DATA_LEN) { WD_ERR("input cipher length is error, size = %u\n", msg->in_bytes); return -WD_EINVAL; @@ -1016,8 +1007,8 @@ static int cipher_len_check(struct wd_cipher_msg *msg) return 0; }
- if (msg->alg == WD_CIPHER_AES || msg->alg == WD_CIPHER_SM4) { - ret = aes_sm4_len_check(msg); + if (msg->alg == WD_CIPHER_AES) { + ret = aes_len_check(msg); if (ret) return ret; } diff --git a/wd_cipher.c b/wd_cipher.c index 63ec362..6f7411f 100644 --- a/wd_cipher.c +++ b/wd_cipher.c @@ -565,6 +565,28 @@ static int cipher_iv_len_check(struct wd_cipher_req *req, return ret; }
+static int cipher_len_check(handle_t h_sess, struct wd_cipher_req *req) +{ + struct wd_cipher_sess *sess = (struct wd_cipher_sess *)h_sess; + + if (!req->in_bytes) { + WD_ERR("invalid: cipher input length is zero!\n"); + return -WD_EINVAL; + } + + if (sess->alg != WD_CIPHER_AES && sess->alg != WD_CIPHER_SM4) + return 0; + + if ((req->in_bytes & (AES_BLOCK_SIZE - 1)) && + (sess->mode == WD_CIPHER_CBC || sess->mode == WD_CIPHER_ECB)) { + WD_ERR("failed to check input bytes of AES or SM4, size = %u\n", + req->in_bytes); + return -WD_EINVAL; + } + + return 0; +} + static int wd_cipher_check_params(handle_t h_sess, struct wd_cipher_req *req, __u8 mode) { @@ -587,6 +609,10 @@ static int wd_cipher_check_params(handle_t h_sess, return -WD_EINVAL; }
+ ret = cipher_len_check(h_sess, req); + if (unlikely(ret)) + return ret; + ret = wd_check_src_dst(req->src, req->in_bytes, req->dst, req->out_bytes); if (unlikely(ret)) { WD_ERR("invalid: src/dst addr is NULL when src/dst size is non-zero!\n");