crypto: inside-secure - fix EINVAL error (buf overflow) for AEAD decrypt

This patch fixes a buffer overflow error returning -EINVAL for AEAD
decrypt operations by NOT appending the (already verified) ICV to
the output packet (which is not expected by the API anyway).
With this fix, all testmgr AEAD (extra) tests now pass.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/drivers/crypto/inside-secure/safexcel.h b/drivers/crypto/inside-secure/safexcel.h
index e0c202f3367415211e8079e767cf49a022dbc9b4..91d221b421fd75f0d2129f34a179c247fa6d3c7d 100644 (file)
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -458,7 +458,7 @@ static inline void eip197_noop_token(struct safexcel_token *token)
 #define EIP197_TOKEN_INS_ORIGIN_LEN(x)         ((x) << 5)
 #define EIP197_TOKEN_INS_TYPE_OUTPUT           BIT(5)
 #define EIP197_TOKEN_INS_TYPE_HASH             BIT(6)
-#define EIP197_TOKEN_INS_TYPE_CRYTO            BIT(7)
+#define EIP197_TOKEN_INS_TYPE_CRYPTO           BIT(7)
 #define EIP197_TOKEN_INS_LAST                  BIT(8)
 
 /* Processing Engine Control Data  */

diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c b/drivers/crypto/inside-secure/safexcel_cipher.c
index 4f25f5c9dfd6f3688192e355129048f8b2db1ed4..e8742873367101fe1be00435890edf3534f36f0c 100644 (file)
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -91,7 +91,7 @@ static void safexcel_skcipher_token(struct safexcel_cipher_ctx *ctx, u8 *iv,
        token[0].stat = EIP197_TOKEN_STAT_LAST_PACKET |
                        EIP197_TOKEN_STAT_LAST_HASH;
        token[0].instructions = EIP197_TOKEN_INS_LAST |
-                               EIP197_TOKEN_INS_TYPE_CRYTO |
+                               EIP197_TOKEN_INS_TYPE_CRYPTO |
                                EIP197_TOKEN_INS_TYPE_OUTPUT;
 }
 
@@ -117,14 +117,13 @@ static void safexcel_aead_token(struct safexcel_cipher_ctx *ctx, u8 *iv,
 
        token[0].opcode = EIP197_TOKEN_OPCODE_DIRECTION;
        token[0].packet_length = assoclen;
-       token[0].instructions = EIP197_TOKEN_INS_TYPE_HASH |
-                               EIP197_TOKEN_INS_TYPE_OUTPUT;
+       token[0].instructions = EIP197_TOKEN_INS_TYPE_HASH;
 
        token[1].opcode = EIP197_TOKEN_OPCODE_DIRECTION;
        token[1].packet_length = cryptlen;
        token[1].stat = EIP197_TOKEN_STAT_LAST_HASH;
        token[1].instructions = EIP197_TOKEN_INS_LAST |
-                               EIP197_TOKEN_INS_TYPE_CRYTO |
+                               EIP197_TOKEN_INS_TYPE_CRYPTO |
                                EIP197_TOKEN_INS_TYPE_HASH |
                                EIP197_TOKEN_INS_TYPE_OUTPUT;