diff mbox

[1/3] linux-generic: crypto: always make a copy of IV

Message ID 1418424026-4526-2-git-send-email-taras.kondratiuk@linaro.org
State Accepted
Commit 5d01546306787a92e695b4828206a6b8b9c422bc
Headers show

Commit Message

Taras Kondratiuk Dec. 12, 2014, 10:40 p.m. UTC
DES library modifies IV buffer in-place. Current code handles this
correctly only in case of encryption operation with session IV.
To prevent user buffer modifications always make a copy of a
provided IV.

Signed-off-by: Taras Kondratiuk <taras.kondratiuk@linaro.org>
---
 platform/linux-generic/odp_crypto.c | 50 +++++++++++++++++++++----------------
 1 file changed, 28 insertions(+), 22 deletions(-)
diff mbox

Patch

diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c
index d3cdec7..a2d4ab8 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -147,30 +147,25 @@  enum crypto_alg_err des_encrypt(odp_crypto_op_params_t *params,
 {
 	uint8_t *data  = odp_packet_addr(params->out_pkt);
 	uint32_t len   = params->cipher_range.length;
-	DES_cblock *iv = NULL;
-	DES_cblock iv_temp;
+	DES_cblock iv;
+	void *iv_ptr;
+
+	if (params->override_iv_ptr)
+		iv_ptr = params->override_iv_ptr;
+	else if (session->cipher.iv.data)
+		iv_ptr = session->cipher.iv.data;
+	else
+		return ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER;
 
 	/*
 	 * Create a copy of the IV.  The DES library modifies IV
 	 * and if we are processing packets on parallel threads
 	 * we could get corruption.
 	 */
-	if (session->cipher.iv.data) {
-		memcpy(iv_temp, session->cipher.iv.data, sizeof(iv_temp));
-		iv = &iv_temp;
-	}
+	memcpy(iv, iv_ptr, sizeof(iv));
 
 	/* Adjust pointer for beginning of area to cipher */
 	data += params->cipher_range.offset;
-
-	/* Override IV if requested */
-	if (params->override_iv_ptr)
-		iv = (DES_cblock *)params->override_iv_ptr;
-
-	/* No session or operation IV */
-	if (!iv)
-		return ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER;
-
 	/* Encrypt it */
 	DES_ede3_cbc_encrypt(data,
 			     data,
@@ -178,7 +173,7 @@  enum crypto_alg_err des_encrypt(odp_crypto_op_params_t *params,
 			     &session->cipher.data.des.ks1,
 			     &session->cipher.data.des.ks2,
 			     &session->cipher.data.des.ks3,
-			     iv,
+			     &iv,
 			     1);
 
 	return ODP_CRYPTO_ALG_ERR_NONE;
@@ -190,15 +185,26 @@  enum crypto_alg_err des_decrypt(odp_crypto_op_params_t *params,
 {
 	uint8_t *data  = odp_packet_addr(params->out_pkt);
 	uint32_t len   = params->cipher_range.length;
-	DES_cblock *iv = (DES_cblock *)session->cipher.iv.data;
+	DES_cblock iv;
+	void *iv_ptr;
+
+	if (params->override_iv_ptr)
+		iv_ptr = params->override_iv_ptr;
+	else if (session->cipher.iv.data)
+		iv_ptr = session->cipher.iv.data;
+	else
+		return ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER;
+
+	/*
+	 * Create a copy of the IV.  The DES library modifies IV
+	 * and if we are processing packets on parallel threads
+	 * we could get corruption.
+	 */
+	memcpy(iv, iv_ptr, sizeof(iv));
 
 	/* Adjust pointer for beginning of area to cipher */
 	data += params->cipher_range.offset;
 
-	/* Override IV if requested */
-	if (params->override_iv_ptr)
-		iv = (DES_cblock *)params->override_iv_ptr;
-
 	/* Decrypt it */
 	DES_ede3_cbc_encrypt(data,
 			     data,
@@ -206,7 +212,7 @@  enum crypto_alg_err des_decrypt(odp_crypto_op_params_t *params,
 			     &session->cipher.data.des.ks1,
 			     &session->cipher.data.des.ks2,
 			     &session->cipher.data.des.ks3,
-			     iv,
+			     &iv,
 			     0);
 
 	return ODP_CRYPTO_ALG_ERR_NONE;