Forgot to Cc Michael Weiser.
On 11/17/2016 10:20 AM, Horia Geantă wrote:
> ablkcipher API is not completely removed from kernels <= v4.9.
> Thus it's still valid to use ablkcipher algorithms.
>
> Fix the case when implementers register ablkcipher algorithms
> and cryptodev casts them to skcipher without checking their type.
>
> Note: alg returned by crypto_ablkcipher_alg() is no longer checked
> to be non-NULL. This is guaranteed by the fact that ablkcipher_tfm
> (out->async.s) is valid.
>
> Fixes: cb186f682679 ("Support skcipher in addition to ablkcipher API")
> Tested-by: Cristian Stoica <[email protected]>
> Signed-off-by: Horia Geantă <[email protected]>
> ---
> cipherapi.h | 4 ----
> cryptlib.c | 56 ++++++++++++++++++++++++++++++++++++++++++++------------
> 2 files changed, 44 insertions(+), 16 deletions(-)
>
> diff --git a/cipherapi.h b/cipherapi.h
> index 07d992333ad7..b6ed6c279350 100644
> --- a/cipherapi.h
> +++ b/cipherapi.h
> @@ -6,12 +6,10 @@
> #if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 8, 0))
> # include <linux/crypto.h>
>
> -typedef struct ablkcipher_alg cryptodev_blkcipher_alg_t;
> typedef struct crypto_ablkcipher cryptodev_crypto_blkcipher_t;
> typedef struct ablkcipher_request cryptodev_blkcipher_request_t;
>
> # define cryptodev_crypto_alloc_blkcipher crypto_alloc_ablkcipher
> -# define cryptodev_crypto_blkcipher_alg crypto_ablkcipher_alg
> # define cryptodev_crypto_blkcipher_blocksize crypto_ablkcipher_blocksize
> # define cryptodev_crypto_blkcipher_ivsize crypto_ablkcipher_ivsize
> # define cryptodev_crypto_blkcipher_alignmask crypto_ablkcipher_alignmask
> @@ -37,12 +35,10 @@ static inline void
> cryptodev_blkcipher_request_free(cryptodev_blkcipher_request_
> #else
> #include <crypto/skcipher.h>
>
> -typedef struct skcipher_alg cryptodev_blkcipher_alg_t;
> typedef struct crypto_skcipher cryptodev_crypto_blkcipher_t;
> typedef struct skcipher_request cryptodev_blkcipher_request_t;
>
> # define cryptodev_crypto_alloc_blkcipher crypto_alloc_skcipher
> -# define cryptodev_crypto_blkcipher_alg crypto_skcipher_alg
> # define cryptodev_crypto_blkcipher_blocksize crypto_skcipher_blocksize
> # define cryptodev_crypto_blkcipher_ivsize crypto_skcipher_ivsize
> # define cryptodev_crypto_blkcipher_alignmask crypto_skcipher_alignmask
> diff --git a/cryptlib.c b/cryptlib.c
> index 5a6e0ba5fe88..2c6028ee2b23 100644
> --- a/cryptlib.c
> +++ b/cryptlib.c
> @@ -38,6 +38,7 @@
> #include "cryptodev_int.h"
> #include "cipherapi.h"
>
> +extern const struct crypto_type crypto_givcipher_type;
>
> static void cryptodev_complete(struct crypto_async_request *req, int err)
> {
> @@ -121,6 +122,19 @@ error:
> return ret;
> }
>
> +/* Was correct key length supplied? */
> +static int check_key_size(size_t keylen, const char *alg_name,
> + unsigned int min_keysize, unsigned int max_keysize)
> +{
> + if (max_keysize > 0 && unlikely((keylen < min_keysize) ||
> + (keylen > max_keysize))) {
> + ddebug(1, "Wrong keylen '%zu' for algorithm '%s'. Use %u to
> %u.",
> + keylen, alg_name, min_keysize, max_keysize);
> + return -EINVAL;
> + }
> +
> + return 0;
> +}
>
> int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
> uint8_t *keyp, size_t keylen, int stream, int
> aead)
> @@ -128,7 +142,12 @@ int cryptodev_cipher_init(struct cipher_data *out, const
> char *alg_name,
> int ret;
>
> if (aead == 0) {
> - cryptodev_blkcipher_alg_t *alg;
> + unsigned int min_keysize, max_keysize;
> +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 8, 0))
> + struct crypto_tfm *tfm;
> +#else
> + struct ablkcipher_alg *alg;
> +#endif
>
> out->async.s = cryptodev_crypto_alloc_blkcipher(alg_name, 0, 0);
> if (unlikely(IS_ERR(out->async.s))) {
> @@ -136,18 +155,31 @@ int cryptodev_cipher_init(struct cipher_data *out,
> const char *alg_name,
> return -EINVAL;
> }
>
> - alg = cryptodev_crypto_blkcipher_alg(out->async.s);
> - if (alg != NULL) {
> - /* Was correct key length supplied? */
> - if (alg->max_keysize > 0 &&
> - unlikely((keylen < alg->min_keysize) ||
> - (keylen > alg->max_keysize))) {
> - ddebug(1, "Wrong keylen '%zu' for algorithm
> '%s'. Use %u to %u.",
> - keylen, alg_name,
> alg->min_keysize, alg->max_keysize);
> - ret = -EINVAL;
> - goto error;
> - }
> +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 8, 0))
> + tfm = crypto_skcipher_tfm(out->async.s);
> + if ((tfm->__crt_alg->cra_type == &crypto_ablkcipher_type) ||
> + (tfm->__crt_alg->cra_type == &crypto_givcipher_type)) {
> + struct ablkcipher_alg *alg;
> +
> + alg = &tfm->__crt_alg->cra_ablkcipher;
> + min_keysize = alg->min_keysize;
> + max_keysize = alg->max_keysize;
> + } else {
> + struct skcipher_alg *alg;
> +
> + alg = crypto_skcipher_alg(out->async.s);
> + min_keysize = alg->min_keysize;
> + max_keysize = alg->max_keysize;
> }
> +#else
> + alg = crypto_ablkcipher_alg(out->async.s);
> + min_keysize = alg->min_keysize;
> + max_keysize = alg->max_keysize;
> +#endif
> + ret = check_key_size(keylen, alg_name, min_keysize,
> + max_keysize);
> + if (ret)
> + goto error;
>
> out->blocksize =
> cryptodev_crypto_blkcipher_blocksize(out->async.s);
> out->ivsize = cryptodev_crypto_blkcipher_ivsize(out->async.s);
>
_______________________________________________
Cryptodev-linux-devel mailing list
[email protected]
https://mail.gna.org/listinfo/cryptodev-linux-devel
