diff options
Diffstat (limited to 'recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch')
-rw-r--r-- | recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch b/recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch new file mode 100644 index 00000000..1fce5580 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch @@ -0,0 +1,54 @@ +From ec2529027a6565fdede79e7bda4a0232757acf70 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica <cristian.stoica@nxp.com> +Date: Wed, 14 Jun 2017 11:23:18 +0300 +Subject: [PATCH 8/9] check session flags early to avoid incorrect failure + modes + +This verification of aead flag was incorrectly removed in +"refactoring: split big function to simplify maintainance" +20dcf071bc3076ee7db9d603cfbe6a06e86c7d5f +resulting in an incorrect dispatching of functions. + +Add back this check and at the same time remove the second check from +the called function which now becomes redundant. +Add another guard check for aead modes and reject not supported combinations. + +Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> +--- + authenc.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/authenc.c b/authenc.c +index 692951f..fc32f43 100644 +--- a/authenc.c ++++ b/authenc.c +@@ -643,10 +643,6 @@ static int crypto_auth_zc_tls(struct csession *ses_ptr, struct kernel_crypt_auth + struct scatterlist tmp; + int ret; + +- if (unlikely(ses_ptr->cdata.aead != 0)) { +- return -EINVAL; +- } +- + if (unlikely(caop->auth_len > PAGE_SIZE)) { + derr(1, "auth data len is excessive."); + return -EINVAL; +@@ -787,10 +783,13 @@ __crypto_auth_run_zc(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcao + + if (caop->flags & COP_FLAG_AEAD_SRTP_TYPE) { + ret = crypto_auth_zc_srtp(ses_ptr, kcaop); +- } else if (caop->flags & COP_FLAG_AEAD_TLS_TYPE) { ++ } else if (caop->flags & COP_FLAG_AEAD_TLS_TYPE && ++ ses_ptr->cdata.aead == 0) { + ret = crypto_auth_zc_tls(ses_ptr, kcaop); +- } else { ++ } else if (ses_ptr->cdata.aead) { + ret = crypto_auth_zc_aead(ses_ptr, kcaop); ++ } else { ++ ret = -EINVAL; + } + + return ret; +-- +2.7.4 + |