[meta-freescale.git] /

From ec2529027a6565fdede79e7bda4a0232757acf70 Mon Sep 17 00:00:00 2001
From: Cristian Stoica <cristian.stoica@nxp.com>
Date: Wed, 14 Jun 2017 11:23:18 +0300
Subject: [PATCH 8/9] check session flags early to avoid incorrect failure
 modes

This verification of aead flag was incorrectly removed in
"refactoring: split big function to simplify maintainance"
20dcf071bc3076ee7db9d603cfbe6a06e86c7d5f
resulting in an incorrect dispatching of functions.

Add back this check and at the same time remove the second check from
the called function which now becomes redundant.
Add another guard check for aead modes and reject not supported combinations.

Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
---
 authenc.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/authenc.c b/authenc.c
index 692951f..fc32f43 100644
--- a/authenc.c
+++ b/authenc.c
@@ -643,10 +643,6 @@ static int crypto_auth_zc_tls(struct csession *ses_ptr, struct kernel_crypt_auth
        struct scatterlist tmp;
        int ret;
 
-       if (unlikely(ses_ptr->cdata.aead != 0)) {
-               return -EINVAL;
-       }
-
        if (unlikely(caop->auth_len > PAGE_SIZE)) {
                derr(1, "auth data len is excessive.");
                return -EINVAL;
@@ -787,10 +783,13 @@ __crypto_auth_run_zc(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcao
 
        if (caop->flags & COP_FLAG_AEAD_SRTP_TYPE) {
                ret = crypto_auth_zc_srtp(ses_ptr, kcaop);
-       } else if (caop->flags & COP_FLAG_AEAD_TLS_TYPE) {
+       } else if (caop->flags & COP_FLAG_AEAD_TLS_TYPE &&
+                  ses_ptr->cdata.aead == 0) {
                ret = crypto_auth_zc_tls(ses_ptr, kcaop);
-       } else {
+       } else if (ses_ptr->cdata.aead) {
                ret = crypto_auth_zc_aead(ses_ptr, kcaop);
+       } else {
+               ret = -EINVAL;
        }
 
        return ret;
-- 
2.7.4