packages/libwd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
libwd/0045-cipher-optimze-input-lengths-check.patch
JangShui Yang e072f742a4 libwd: update the source code 
(cherry picked from commit dc42b3a676205c1a1c922628a993887e1ad2988f)
2024-04-07 18:59:45 +08:00

115 lines
3.3 KiB
Diff
Raw Permalink Blame History

From 4e1a4eb28f0e476cf4587d56b5cef4350b33ab82 Mon Sep 17 00:00:00 2001
From: Wenkai Lin <linwenkai6@hisilicon.com>
Date: Fri, 29 Mar 2024 16:53:04 +0800
Subject: [PATCH 45/52] cipher: optimze input lengths check
It is more reasonable to check the input lengths of various cipher
algorithms at the algorithm layer.
Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
Signed-off-by: Qi Tao <taoqi10@huawei.com>
---
drv/hisi_sec.c | 19 +++++--------------
wd_cipher.c | 26 ++++++++++++++++++++++++++
2 files changed, 31 insertions(+), 14 deletions(-)
diff --git a/drv/hisi_sec.c b/drv/hisi_sec.c
index 852340d..6625c41 100644
--- a/drv/hisi_sec.c
+++ b/drv/hisi_sec.c
@@ -960,10 +960,9 @@ static void parse_cipher_bd2(struct hisi_qp *qp, struct hisi_sec_sqe *sqe,
dump_sec_msg(temp_msg, "cipher");
}
-static int aes_sm4_len_check(struct wd_cipher_msg *msg)
+static int aes_len_check(struct wd_cipher_msg *msg)
{
- if (msg->alg == WD_CIPHER_AES &&
- msg->in_bytes <= AES_BLOCK_SIZE &&
+ if (msg->in_bytes <= AES_BLOCK_SIZE &&
(msg->mode == WD_CIPHER_CBC_CS1 ||
msg->mode == WD_CIPHER_CBC_CS2 ||
msg->mode == WD_CIPHER_CBC_CS3)) {
@@ -972,13 +971,6 @@ static int aes_sm4_len_check(struct wd_cipher_msg *msg)
return -WD_EINVAL;
}
- if ((msg->in_bytes & (AES_BLOCK_SIZE - 1)) &&
- (msg->mode == WD_CIPHER_CBC || msg->mode == WD_CIPHER_ECB)) {
- WD_ERR("failed to check input bytes of AES or SM4, size = %u\n",
- msg->in_bytes);
- return -WD_EINVAL;
- }
-
return 0;
}
@@ -986,8 +978,7 @@ static int cipher_len_check(struct wd_cipher_msg *msg)
{
int ret;
- if (msg->in_bytes > MAX_INPUT_DATA_LEN ||
- !msg->in_bytes) {
+ if (msg->in_bytes > MAX_INPUT_DATA_LEN) {
WD_ERR("input cipher length is error, size = %u\n",
msg->in_bytes);
return -WD_EINVAL;
@@ -1016,8 +1007,8 @@ static int cipher_len_check(struct wd_cipher_msg *msg)
return 0;
}
- if (msg->alg == WD_CIPHER_AES || msg->alg == WD_CIPHER_SM4) {
- ret = aes_sm4_len_check(msg);
+ if (msg->alg == WD_CIPHER_AES) {
+ ret = aes_len_check(msg);
if (ret)
return ret;
}
diff --git a/wd_cipher.c b/wd_cipher.c
index f35ce6f..279ca8b 100644
--- a/wd_cipher.c
+++ b/wd_cipher.c
@@ -565,6 +565,28 @@ static int cipher_iv_len_check(struct wd_cipher_req *req,
return ret;
}
+static int cipher_len_check(handle_t h_sess, struct wd_cipher_req *req)
+{
+ struct wd_cipher_sess *sess = (struct wd_cipher_sess *)h_sess;
+
+ if (!req->in_bytes) {
+ WD_ERR("invalid: cipher input length is zero!\n");
+ return -WD_EINVAL;
+ }
+
+ if (sess->alg != WD_CIPHER_AES && sess->alg != WD_CIPHER_SM4)
+ return 0;
+
+ if ((req->in_bytes & (AES_BLOCK_SIZE - 1)) &&
+ (sess->mode == WD_CIPHER_CBC || sess->mode == WD_CIPHER_ECB)) {
+ WD_ERR("failed to check input bytes of AES or SM4, size = %u\n",
+ req->in_bytes);
+ return -WD_EINVAL;
+ }
+
+ return 0;
+}
+
static int wd_cipher_check_params(handle_t h_sess,
struct wd_cipher_req *req, __u8 mode)
{
@@ -587,6 +609,10 @@ static int wd_cipher_check_params(handle_t h_sess,
return -WD_EINVAL;
}
+ ret = cipher_len_check(h_sess, req);
+ if (unlikely(ret))
+ return ret;
+
ret = wd_check_src_dst(req->src, req->in_bytes, req->dst, req->out_bytes);
if (unlikely(ret)) {
WD_ERR("invalid: src/dst addr is NULL when src/dst size is non-zero!\n");
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink