Merge 4.14.202 into kernel.lnx.4.14.r4-relHEAD r11.0 q10.0

Changes in 4.14.202: (19 commits) Bluetooth: fix kernel oops in store_pending_adv_report Bluetooth: A2MP: Fix not initializing all members Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel Bluetooth: MGMT: Fix not checking if BT_HS is enabled Bluetooth: Consolidate encryption handling in hci_encrypt_cfm Bluetooth: Fix update of connection state in `hci_encrypt_cfm` Bluetooth: Disconnect if E0 is used for Level 4 media: usbtv: Fix refcounting mixup USB: serial: option: add Cellient MPL200 card USB: serial: option: Add Telit FT980-KS composition staging: comedi: check validity of wMaxPacketSize of usb endpoints found USB: serial: pl2303: add device-id for HP GC device USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters reiserfs: Initialize inode keys properly reiserfs: Fix oops during mount drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case crypto: bcm - Verify GCM/CCM key length in setkey crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA Linux 4.14.202 Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
author: Nathan Chancellor <natechancellor@gmail.com> 2020-10-17 19:41:12 -0700
committer: dragonGR <alex@dragongr.dev> 2020-10-21 17:48:12 +0300
commit: b95c30af9b48bddb166a50c8cd8e5b046b443ca5 (patch)
tree: 5b6d24aa3d4f44570343affa07e7ea50cc7cb766 /drivers/crypto
parent: 15c7ef27ab40e8ccda729e0736eb91a7e387e2bb (diff)
2 files changed, 23 insertions, 2 deletions
diff --git a/drivers/crypto/bcm/cipher.c b/drivers/crypto/bcm/cipher.c
index 279e907590e9..af6119b3b6b7 100644
--- a/drivers/crypto/bcm/cipher.c
+++ b/drivers/crypto/bcm/cipher.c
@@ -2981,7 +2981,6 @@ static int aead_gcm_ccm_setkey(struct crypto_aead *cipher,
 
 	ctx->enckeylen = keylen;
 	ctx->authkeylen = 0;
-	memcpy(ctx->enckey, key, ctx->enckeylen);
 
 	switch (ctx->enckeylen) {
 	case AES_KEYSIZE_128:
@@ -2997,6 +2996,8 @@ static int aead_gcm_ccm_setkey(struct crypto_aead *cipher,
 		goto badkey;
 	}
 
+	memcpy(ctx->enckey, key, ctx->enckeylen);
+
 	flow_log("  enckeylen:%u authkeylen:%u\n", ctx->enckeylen,
 		 ctx->authkeylen);
 	flow_dump("  enc: ", ctx->enckey, ctx->enckeylen);
@@ -3057,6 +3058,10 @@ static int aead_gcm_esp_setkey(struct crypto_aead *cipher,
 	struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
 
 	flow_log("%s\n", __func__);
+
+	if (keylen < GCM_ESP_SALT_SIZE)
+		return -EINVAL;
+
 	ctx->salt_len = GCM_ESP_SALT_SIZE;
 	ctx->salt_offset = GCM_ESP_SALT_OFFSET;
 	memcpy(ctx->salt, key + keylen - GCM_ESP_SALT_SIZE, GCM_ESP_SALT_SIZE);
@@ -3085,6 +3090,10 @@ static int rfc4543_gcm_esp_setkey(struct crypto_aead *cipher,
 	struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
 
 	flow_log("%s\n", __func__);
+
+	if (keylen < GCM_ESP_SALT_SIZE)
+		return -EINVAL;
+
 	ctx->salt_len = GCM_ESP_SALT_SIZE;
 	ctx->salt_offset = GCM_ESP_SALT_OFFSET;
 	memcpy(ctx->salt, key + keylen - GCM_ESP_SALT_SIZE, GCM_ESP_SALT_SIZE);
@@ -3114,6 +3123,10 @@ static int aead_ccm_esp_setkey(struct crypto_aead *cipher,
 	struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
 
 	flow_log("%s\n", __func__);
+
+	if (keylen < CCM_ESP_SALT_SIZE)
+		return -EINVAL;
+
 	ctx->salt_len = CCM_ESP_SALT_SIZE;
 	ctx->salt_offset = CCM_ESP_SALT_OFFSET;
 	memcpy(ctx->salt, key + keylen - CCM_ESP_SALT_SIZE, CCM_ESP_SALT_SIZE);
diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c
index baffae817259..bb875245644f 100644
--- a/drivers/crypto/qat/qat_common/qat_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_algs.c
@@ -825,6 +825,11 @@ static int qat_alg_aead_dec(struct aead_request *areq)
 	struct icp_qat_fw_la_bulk_req *msg;
 	int digst_size = crypto_aead_authsize(aead_tfm);
 	int ret, ctr = 0;
+	u32 cipher_len;
+
+	cipher_len = areq->cryptlen - digst_size;
+	if (cipher_len % AES_BLOCK_SIZE != 0)
+		return -EINVAL;
 
 	ret = qat_alg_sgl_to_bufl(ctx->inst, areq->src, areq->dst, qat_req);
 	if (unlikely(ret))
@@ -839,7 +844,7 @@ static int qat_alg_aead_dec(struct aead_request *areq)
 	qat_req->req.comn_mid.src_data_addr = qat_req->buf.blp;
 	qat_req->req.comn_mid.dest_data_addr = qat_req->buf.bloutp;
 	cipher_param = (void *)&qat_req->req.serv_specif_rqpars;
-	cipher_param->cipher_length = areq->cryptlen - digst_size;
+	cipher_param->cipher_length = cipher_len;
 	cipher_param->cipher_offset = areq->assoclen;
 	memcpy(cipher_param->u.cipher_IV_array, areq->iv, AES_BLOCK_SIZE);
 	auth_param = (void *)((uint8_t *)cipher_param + sizeof(*cipher_param));
@@ -868,6 +873,9 @@ static int qat_alg_aead_enc(struct aead_request *areq)
 	uint8_t *iv = areq->iv;
 	int ret, ctr = 0;
 
+	if (areq->cryptlen % AES_BLOCK_SIZE != 0)
+		return -EINVAL;
+
 	ret = qat_alg_sgl_to_bufl(ctx->inst, areq->src, areq->dst, qat_req);
 	if (unlikely(ret))
 		return ret;
author	Nathan Chancellor <natechancellor@gmail.com>	2020-10-17 19:41:12 -0700
committer	dragonGR <alex@dragongr.dev>	2020-10-21 17:48:12 +0300
commit	b95c30af9b48bddb166a50c8cd8e5b046b443ca5 (patch)
tree	5b6d24aa3d4f44570343affa07e7ea50cc7cb766 /drivers/crypto
parent	15c7ef27ab40e8ccda729e0736eb91a7e387e2bb (diff)