Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN
The CRYPTO_TFM_RES_BAD_KEY_LEN flag was apparently meant as a way to
make the ->setkey() functions provide more information about errors.
However, no one actually checks for this flag, which makes it pointless.
Also, many algorithms fail to set this flag when given a bad length key.
Reviewing just the generic implementations, this is the case for
aes-fixed-time, cbcmac, echainiv, nhpoly1305, pcrypt, rfc3686, rfc4309,
rfc7539, rfc7539esp, salsa20, seqiv, and xcbc. But there are probably
many more in arch/*/crypto/ and drivers/crypto/.
Some algorithms can even set this flag when the key is the correct
length. For example, authenc and authencesn set it when the key payload
is malformed in any way (not just a bad length), the atmel-sha and ccree
drivers can set it if a memory allocation fails, and the chelsio driver
sets it for bad auth tag lengths, not just bad key lengths.
So even if someone actually wanted to start checking this flag (which
seems unlikely, since it's been unused for a long time), there would be
a lot of work needed to get it working correctly. But it would probably
be much better to go back to the drawing board and just define different
return values, like -EINVAL if the key is invalid for the algorithm vs.
-EKEYREJECTED if the key was rejected by a policy like "no weak keys".
That would be much simpler, less error-prone, and easier to test.
So just remove this flag.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
authored by
Eric Biggers
and committed by
Herbert Xu
674f368a
5c925e8b
+167
-561
+2
-12
arch/arm/crypto/aes-ce-glue.c
+2
-12
arch/arm/crypto/aes-ce-glue.c
···
138
138
unsigned int key_len)
139
139
{
140
140
struct crypto_aes_ctx *ctx = crypto_skcipher_ctx(tfm);
141
-
int ret;
142
141
143
-
ret = ce_aes_expandkey(ctx, in_key, key_len);
144
-
if (!ret)
145
-
return 0;
146
-
147
-
crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
148
-
return -EINVAL;
142
+
return ce_aes_expandkey(ctx, in_key, key_len);
149
143
}
150
144
151
145
struct crypto_aes_xts_ctx {
···
161
167
if (!ret)
162
168
ret = ce_aes_expandkey(&ctx->key2, &in_key[key_len / 2],
163
169
key_len / 2);
164
-
if (!ret)
165
-
return 0;
166
-
167
-
crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
168
-
return -EINVAL;
170
+
return ret;
169
171
}
170
172
171
173
static int ecb_encrypt(struct skcipher_request *req)
+1
-3
arch/arm/crypto/crc32-ce-glue.c
+1
-3
arch/arm/crypto/crc32-ce-glue.c
+1
-3
arch/arm/crypto/ghash-ce-glue.c
+1
-3
arch/arm/crypto/ghash-ce-glue.c
···
163
163
struct ghash_key *key = crypto_shash_ctx(tfm);
164
164
be128 h;
165
165
166
-
if (keylen != GHASH_BLOCK_SIZE) {
167
-
crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
166
+
if (keylen != GHASH_BLOCK_SIZE)
168
167
return -EINVAL;
169
-
}
170
168
171
169
/* needed for the fallback */
172
170
memcpy(&key->k, inkey, GHASH_BLOCK_SIZE);
+1
-7
arch/arm64/crypto/aes-ce-ccm-glue.c
+1
-7
arch/arm64/crypto/aes-ce-ccm-glue.c
···
47
47
unsigned int key_len)
48
48
{
49
49
struct crypto_aes_ctx *ctx = crypto_aead_ctx(tfm);
50
-
int ret;
51
50
52
-
ret = ce_aes_expandkey(ctx, in_key, key_len);
53
-
if (!ret)
54
-
return 0;
55
-
56
-
tfm->base.crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
57
-
return -EINVAL;
51
+
return ce_aes_expandkey(ctx, in_key, key_len);
58
52
}
59
53
60
54
static int ccm_setauthsize(struct crypto_aead *tfm, unsigned int authsize)
+1
-7
arch/arm64/crypto/aes-ce-glue.c
+1
-7
arch/arm64/crypto/aes-ce-glue.c
···
143
143
unsigned int key_len)
144
144
{
145
145
struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
146
-
int ret;
147
146
148
-
ret = ce_aes_expandkey(ctx, in_key, key_len);
149
-
if (!ret)
150
-
return 0;
151
-
152
-
tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
153
-
return -EINVAL;
147
+
return ce_aes_expandkey(ctx, in_key, key_len);
154
148
}
155
149
EXPORT_SYMBOL(ce_aes_setkey);
156
150
+5
-26
arch/arm64/crypto/aes-glue.c
+5
-26
arch/arm64/crypto/aes-glue.c
···
132
132
unsigned int key_len)
133
133
{
134
134
struct crypto_aes_ctx *ctx = crypto_skcipher_ctx(tfm);
135
-
int ret;
136
135
137
-
ret = aes_expandkey(ctx, in_key, key_len);
138
-
if (ret)
139
-
crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
140
-
141
-
return ret;
136
+
return aes_expandkey(ctx, in_key, key_len);
142
137
}
143
138
144
139
static int __maybe_unused xts_set_key(struct crypto_skcipher *tfm,
···
150
155
if (!ret)
151
156
ret = aes_expandkey(&ctx->key2, &in_key[key_len / 2],
152
157
key_len / 2);
153
-
if (!ret)
154
-
return 0;
155
-
156
-
crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
157
-
return -EINVAL;
158
+
return ret;
158
159
}
159
160
160
161
static int __maybe_unused essiv_cbc_set_key(struct crypto_skcipher *tfm,
···
164
173
165
174
ret = aes_expandkey(&ctx->key1, in_key, key_len);
166
175
if (ret)
167
-
goto out;
176
+
return ret;
168
177
169
178
desc->tfm = ctx->hash;
170
179
crypto_shash_digest(desc, in_key, key_len, digest);
171
180
172
-
ret = aes_expandkey(&ctx->key2, digest, sizeof(digest));
173
-
if (ret)
174
-
goto out;
175
-
176
-
return 0;
177
-
out:
178
-
crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
179
-
return -EINVAL;
181
+
return aes_expandkey(&ctx->key2, digest, sizeof(digest));
180
182
}
181
183
182
184
static int __maybe_unused ecb_encrypt(struct skcipher_request *req)
···
775
791
unsigned int key_len)
776
792
{
777
793
struct mac_tfm_ctx *ctx = crypto_shash_ctx(tfm);
778
-
int err;
779
794
780
-
err = aes_expandkey(&ctx->key, in_key, key_len);
781
-
if (err)
782
-
crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
783
-
784
-
return err;
795
+
return aes_expandkey(&ctx->key, in_key, key_len);
785
796
}
786
797
787
798
static void cmac_gf128_mul_by_x(be128 *y, const be128 *x)
+2
-6
arch/arm64/crypto/ghash-ce-glue.c
+2
-6
arch/arm64/crypto/ghash-ce-glue.c
···
248
248
{
249
249
struct ghash_key *key = crypto_shash_ctx(tfm);
250
250
251
-
if (keylen != GHASH_BLOCK_SIZE) {
252
-
crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
251
+
if (keylen != GHASH_BLOCK_SIZE)
253
252
return -EINVAL;
254
-
}
255
253
256
254
return __ghash_setkey(key, inkey, keylen);
257
255
}
···
304
306
int ret;
305
307
306
308
ret = aes_expandkey(&ctx->aes_key, inkey, keylen);
307
-
if (ret) {
308
-
tfm->base.crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
309
+
if (ret)
309
310
return -EINVAL;
310
-
}
311
311
312
312
aes_encrypt(&ctx->aes_key, key, (u8[AES_BLOCK_SIZE]){});
313
313
+1
-3
arch/mips/crypto/crc32-mips.c
+1
-3
arch/mips/crypto/crc32-mips.c
···
177
177
{
178
178
struct chksum_ctx *mctx = crypto_shash_ctx(tfm);
179
179
180
-
if (keylen != sizeof(mctx->key)) {
181
-
crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
180
+
if (keylen != sizeof(mctx->key))
182
181
return -EINVAL;
183
-
}
184
182
mctx->key = get_unaligned_le32(key);
185
183
return 0;
186
184
}
+4
-14
arch/powerpc/crypto/aes-spe-glue.c
+4
-14
arch/powerpc/crypto/aes-spe-glue.c
···
94
94
{
95
95
struct ppc_aes_ctx *ctx = crypto_tfm_ctx(tfm);
96
96
97
-
if (key_len != AES_KEYSIZE_128 &&
98
-
key_len != AES_KEYSIZE_192 &&
99
-
key_len != AES_KEYSIZE_256) {
100
-
tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
101
-
return -EINVAL;
102
-
}
103
-
104
97
switch (key_len) {
105
98
case AES_KEYSIZE_128:
106
99
ctx->rounds = 4;
···
107
114
ctx->rounds = 6;
108
115
ppc_expand_key_256(ctx->key_enc, in_key);
109
116
break;
117
+
default:
118
+
return -EINVAL;
110
119
}
111
120
112
121
ppc_generate_decrypt_key(ctx->key_dec, ctx->key_enc, key_len);
···
134
139
135
140
key_len >>= 1;
136
141
137
-
if (key_len != AES_KEYSIZE_128 &&
138
-
key_len != AES_KEYSIZE_192 &&
139
-
key_len != AES_KEYSIZE_256) {
140
-
crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
141
-
return -EINVAL;
142
-
}
143
-
144
142
switch (key_len) {
145
143
case AES_KEYSIZE_128:
146
144
ctx->rounds = 4;
···
150
162
ppc_expand_key_256(ctx->key_enc, in_key);
151
163
ppc_expand_key_256(ctx->key_twk, in_key + AES_KEYSIZE_256);
152
164
break;
165
+
default:
166
+
return -EINVAL;
153
167
}
154
168
155
169
ppc_generate_decrypt_key(ctx->key_dec, ctx->key_enc, key_len);
+1
-3
arch/powerpc/crypto/crc32c-vpmsum_glue.c
+1
-3
arch/powerpc/crypto/crc32c-vpmsum_glue.c
+1
-3
arch/s390/crypto/aes_s390.c
+1
-3
arch/s390/crypto/aes_s390.c
···
414
414
return err;
415
415
416
416
/* In fips mode only 128 bit or 256 bit keys are valid */
417
-
if (fips_enabled && key_len != 32 && key_len != 64) {
418
-
crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
417
+
if (fips_enabled && key_len != 32 && key_len != 64)
419
418
return -EINVAL;
420
-
}
421
419
422
420
/* Pick the correct function code based on the key length */
423
421
fc = (key_len == 32) ? CPACF_KM_XTS_128 :
+2
-6
arch/s390/crypto/crc32-vx.c
+2
-6
arch/s390/crypto/crc32-vx.c
···
111
111
{
112
112
struct crc_ctx *mctx = crypto_shash_ctx(tfm);
113
113
114
-
if (newkeylen != sizeof(mctx->key)) {
115
-
crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
114
+
if (newkeylen != sizeof(mctx->key))
116
115
return -EINVAL;
117
-
}
118
116
mctx->key = le32_to_cpu(*(__le32 *)newkey);
119
117
return 0;
120
118
}
···
122
124
{
123
125
struct crc_ctx *mctx = crypto_shash_ctx(tfm);
124
126
125
-
if (newkeylen != sizeof(mctx->key)) {
126
-
crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
127
+
if (newkeylen != sizeof(mctx->key))
127
128
return -EINVAL;
128
-
}
129
129
mctx->key = be32_to_cpu(*(__be32 *)newkey);
130
130
return 0;
131
131
}
+1
-3
arch/s390/crypto/ghash_s390.c
+1
-3
arch/s390/crypto/ghash_s390.c
+6
-19
arch/s390/crypto/paes_s390.c
+6
-19
arch/s390/crypto/paes_s390.c
···
151
151
if (rc)
152
152
return rc;
153
153
154
-
if (__paes_set_key(ctx)) {
155
-
crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
156
-
return -EINVAL;
157
-
}
158
-
return 0;
154
+
return __paes_set_key(ctx);
159
155
}
160
156
161
157
static int ecb_paes_crypt(struct skcipher_request *req, unsigned long modifier)
···
250
254
if (rc)
251
255
return rc;
252
256
253
-
if (__cbc_paes_set_key(ctx)) {
254
-
crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
255
-
return -EINVAL;
256
-
}
257
-
return 0;
257
+
return __cbc_paes_set_key(ctx);
258
258
}
259
259
260
260
static int cbc_paes_crypt(struct skcipher_request *req, unsigned long modifier)
···
378
386
if (rc)
379
387
return rc;
380
388
381
-
if (__xts_paes_set_key(ctx)) {
382
-
crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
383
-
return -EINVAL;
384
-
}
389
+
rc = __xts_paes_set_key(ctx);
390
+
if (rc)
391
+
return rc;
385
392
386
393
/*
387
394
* xts_check_key verifies the key length is not odd and makes
···
517
526
if (rc)
518
527
return rc;
519
528
520
-
if (__ctr_paes_set_key(ctx)) {
521
-
crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
522
-
return -EINVAL;
523
-
}
524
-
return 0;
529
+
return __ctr_paes_set_key(ctx);
525
530
}
526
531
527
532
static unsigned int __ctrblk_init(u8 *ctrptr, u8 *iv, unsigned int nbytes)
-2
arch/sparc/crypto/aes_glue.c
-2
arch/sparc/crypto/aes_glue.c
···
169
169
unsigned int key_len)
170
170
{
171
171
struct crypto_sparc64_aes_ctx *ctx = crypto_tfm_ctx(tfm);
172
-
u32 *flags = &tfm->crt_flags;
173
172
174
173
switch (key_len) {
175
174
case AES_KEYSIZE_128:
···
187
188
break;
188
189
189
190
default:
190
-
*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
191
191
return -EINVAL;
192
192
}
193
193
+1
-4
arch/sparc/crypto/camellia_glue.c
+1
-4
arch/sparc/crypto/camellia_glue.c
···
39
39
{
40
40
struct camellia_sparc64_ctx *ctx = crypto_tfm_ctx(tfm);
41
41
const u32 *in_key = (const u32 *) _in_key;
42
-
u32 *flags = &tfm->crt_flags;
43
42
44
-
if (key_len != 16 && key_len != 24 && key_len != 32) {
45
-
*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
43
+
if (key_len != 16 && key_len != 24 && key_len != 32)
46
44
return -EINVAL;
47
-
}
48
45
49
46
ctx->key_len = key_len;
50
47
+1
-3
arch/sparc/crypto/crc32c_glue.c
+1
-3
arch/sparc/crypto/crc32c_glue.c
+1
-3
arch/x86/crypto/aegis128-aesni-glue.c
+1
-3
arch/x86/crypto/aegis128-aesni-glue.c
···
144
144
{
145
145
struct aegis_ctx *ctx = crypto_aegis128_aesni_ctx(aead);
146
146
147
-
if (keylen != AEGIS128_KEY_SIZE) {
148
-
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
147
+
if (keylen != AEGIS128_KEY_SIZE)
149
148
return -EINVAL;
150
-
}
151
149
152
150
memcpy(ctx->key.bytes, key, AEGIS128_KEY_SIZE);
153
151
+3
-7
arch/x86/crypto/aesni-intel_glue.c
+3
-7
arch/x86/crypto/aesni-intel_glue.c
···
316
316
const u8 *in_key, unsigned int key_len)
317
317
{
318
318
struct crypto_aes_ctx *ctx = aes_ctx(raw_ctx);
319
-
u32 *flags = &tfm->crt_flags;
320
319
int err;
321
320
322
321
if (key_len != AES_KEYSIZE_128 && key_len != AES_KEYSIZE_192 &&
323
-
key_len != AES_KEYSIZE_256) {
324
-
*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
322
+
key_len != AES_KEYSIZE_256)
325
323
return -EINVAL;
326
-
}
327
324
328
325
if (!crypto_simd_usable())
329
326
err = aes_expandkey(ctx, in_key, key_len);
···
638
641
{
639
642
struct aesni_rfc4106_gcm_ctx *ctx = aesni_rfc4106_gcm_ctx_get(aead);
640
643
641
-
if (key_len < 4) {
642
-
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
644
+
if (key_len < 4)
643
645
return -EINVAL;
644
-
}
646
+
645
647
/*Account for 4 byte nonce at the end.*/
646
648
key_len -= 4;
647
649
+1
-3
arch/x86/crypto/blake2s-glue.c
+1
-3
arch/x86/crypto/blake2s-glue.c
···
64
64
{
65
65
struct blake2s_tfm_ctx *tctx = crypto_shash_ctx(tfm);
66
66
67
-
if (keylen == 0 || keylen > BLAKE2S_KEY_SIZE) {
68
-
crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
67
+
if (keylen == 0 || keylen > BLAKE2S_KEY_SIZE)
69
68
return -EINVAL;
70
-
}
71
69
72
70
memcpy(tctx->key, key, keylen);
73
71
tctx->keylen = keylen;
+1
-2
arch/x86/crypto/camellia_aesni_avx2_glue.c
+1
-2
arch/x86/crypto/camellia_aesni_avx2_glue.c
···
142
142
static int camellia_setkey(struct crypto_skcipher *tfm, const u8 *key,
143
143
unsigned int keylen)
144
144
{
145
-
return __camellia_setkey(crypto_skcipher_ctx(tfm), key, keylen,
146
-
&tfm->base.crt_flags);
145
+
return __camellia_setkey(crypto_skcipher_ctx(tfm), key, keylen);
147
146
}
148
147
149
148
static int ecb_encrypt(struct skcipher_request *req)
+3
-6
arch/x86/crypto/camellia_aesni_avx_glue.c
+3
-6
arch/x86/crypto/camellia_aesni_avx_glue.c
···
144
144
static int camellia_setkey(struct crypto_skcipher *tfm, const u8 *key,
145
145
unsigned int keylen)
146
146
{
147
-
return __camellia_setkey(crypto_skcipher_ctx(tfm), key, keylen,
148
-
&tfm->base.crt_flags);
147
+
return __camellia_setkey(crypto_skcipher_ctx(tfm), key, keylen);
149
148
}
150
149
151
150
static int ecb_encrypt(struct skcipher_request *req)
···
176
177
unsigned int keylen)
177
178
{
178
179
struct camellia_xts_ctx *ctx = crypto_skcipher_ctx(tfm);
179
-
u32 *flags = &tfm->base.crt_flags;
180
180
int err;
181
181
182
182
err = xts_verify_key(tfm, key, keylen);
···
183
185
return err;
184
186
185
187
/* first half of xts-key is for crypt */
186
-
err = __camellia_setkey(&ctx->crypt_ctx, key, keylen / 2, flags);
188
+
err = __camellia_setkey(&ctx->crypt_ctx, key, keylen / 2);
187
189
if (err)
188
190
return err;
189
191
190
192
/* second half of xts-key is for tweak */
191
-
return __camellia_setkey(&ctx->tweak_ctx, key + keylen / 2, keylen / 2,
192
-
flags);
193
+
return __camellia_setkey(&ctx->tweak_ctx, key + keylen / 2, keylen / 2);
193
194
}
194
195
EXPORT_SYMBOL_GPL(xts_camellia_setkey);
195
196
+3
-6
arch/x86/crypto/camellia_glue.c
+3
-6
arch/x86/crypto/camellia_glue.c
···
1227
1227
}
1228
1228
1229
1229
int __camellia_setkey(struct camellia_ctx *cctx, const unsigned char *key,
1230
-
unsigned int key_len, u32 *flags)
1230
+
unsigned int key_len)
1231
1231
{
1232
-
if (key_len != 16 && key_len != 24 && key_len != 32) {
1233
-
*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
1232
+
if (key_len != 16 && key_len != 24 && key_len != 32)
1234
1233
return -EINVAL;
1235
-
}
1236
1234
1237
1235
cctx->key_length = key_len;
1238
1236
···
1253
1255
static int camellia_setkey(struct crypto_tfm *tfm, const u8 *key,
1254
1256
unsigned int key_len)
1255
1257
{
1256
-
return __camellia_setkey(crypto_tfm_ctx(tfm), key, key_len,
1257
-
&tfm->crt_flags);
1258
+
return __camellia_setkey(crypto_tfm_ctx(tfm), key, key_len);
1258
1259
}
1259
1260
1260
1261
static int camellia_setkey_skcipher(struct crypto_skcipher *tfm, const u8 *key,
+2
-4
arch/x86/crypto/cast6_avx_glue.c
+2
-4
arch/x86/crypto/cast6_avx_glue.c
···
173
173
unsigned int keylen)
174
174
{
175
175
struct cast6_xts_ctx *ctx = crypto_skcipher_ctx(tfm);
176
-
u32 *flags = &tfm->base.crt_flags;
177
176
int err;
178
177
179
178
err = xts_verify_key(tfm, key, keylen);
···
180
181
return err;
181
182
182
183
/* first half of xts-key is for crypt */
183
-
err = __cast6_setkey(&ctx->crypt_ctx, key, keylen / 2, flags);
184
+
err = __cast6_setkey(&ctx->crypt_ctx, key, keylen / 2);
184
185
if (err)
185
186
return err;
186
187
187
188
/* second half of xts-key is for tweak */
188
-
return __cast6_setkey(&ctx->tweak_ctx, key + keylen / 2, keylen / 2,
189
-
flags);
189
+
return __cast6_setkey(&ctx->tweak_ctx, key + keylen / 2, keylen / 2);
190
190
}
191
191
192
192
static int xts_encrypt(struct skcipher_request *req)
+1
-3
arch/x86/crypto/crc32-pclmul_glue.c
+1
-3
arch/x86/crypto/crc32-pclmul_glue.c
+1
-3
arch/x86/crypto/crc32c-intel_glue.c
+1
-3
arch/x86/crypto/crc32c-intel_glue.c
+1
-3
arch/x86/crypto/ghash-clmulni-intel_glue.c
+1
-3
arch/x86/crypto/ghash-clmulni-intel_glue.c
···
57
57
be128 *x = (be128 *)key;
58
58
u64 a, b;
59
59
60
-
if (keylen != GHASH_BLOCK_SIZE) {
61
-
crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
60
+
if (keylen != GHASH_BLOCK_SIZE)
62
61
return -EINVAL;
63
-
}
64
62
65
63
/* perform multiplication by 'x' in GF(2^128) */
66
64
a = be64_to_cpu(x->a);
+2
-4
arch/x86/crypto/twofish_avx_glue.c
+2
-4
arch/x86/crypto/twofish_avx_glue.c
···
64
64
unsigned int keylen)
65
65
{
66
66
struct twofish_xts_ctx *ctx = crypto_skcipher_ctx(tfm);
67
-
u32 *flags = &tfm->base.crt_flags;
68
67
int err;
69
68
70
69
err = xts_verify_key(tfm, key, keylen);
···
71
72
return err;
72
73
73
74
/* first half of xts-key is for crypt */
74
-
err = __twofish_setkey(&ctx->crypt_ctx, key, keylen / 2, flags);
75
+
err = __twofish_setkey(&ctx->crypt_ctx, key, keylen / 2);
75
76
if (err)
76
77
return err;
77
78
78
79
/* second half of xts-key is for tweak */
79
-
return __twofish_setkey(&ctx->tweak_ctx, key + keylen / 2, keylen / 2,
80
-
flags);
80
+
return __twofish_setkey(&ctx->tweak_ctx, key + keylen / 2, keylen / 2);
81
81
}
82
82
83
83
static const struct common_glue_ctx twofish_enc = {
+1
-1
arch/x86/include/asm/crypto/camellia.h
+1
-1
arch/x86/include/asm/crypto/camellia.h
+1
-3
crypto/aegis128-core.c
+1
-3
crypto/aegis128-core.c
···
372
372
{
373
373
struct aegis_ctx *ctx = crypto_aead_ctx(aead);
374
374
375
-
if (keylen != AEGIS128_KEY_SIZE) {
376
-
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
375
+
if (keylen != AEGIS128_KEY_SIZE)
377
376
return -EINVAL;
378
-
}
379
377
380
378
memcpy(ctx->key.bytes, key, AEGIS128_KEY_SIZE);
381
379
return 0;
+6
-12
crypto/aes_generic.c
+6
-12
crypto/aes_generic.c
···
1127
1127
* @in_key: The input key.
1128
1128
* @key_len: The size of the key.
1129
1129
*
1130
-
* Returns 0 on success, on failure the %CRYPTO_TFM_RES_BAD_KEY_LEN flag in tfm
1131
-
* is set. The function uses aes_expand_key() to expand the key.
1132
-
* &crypto_aes_ctx _must_ be the private data embedded in @tfm which is
1133
-
* retrieved with crypto_tfm_ctx().
1130
+
* This function uses aes_expand_key() to expand the key. &crypto_aes_ctx
1131
+
* _must_ be the private data embedded in @tfm which is retrieved with
1132
+
* crypto_tfm_ctx().
1133
+
*
1134
+
* Return: 0 on success; -EINVAL on failure (only happens for bad key lengths)
1134
1135
*/
1135
1136
int crypto_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
1136
1137
unsigned int key_len)
1137
1138
{
1138
1139
struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
1139
-
u32 *flags = &tfm->crt_flags;
1140
-
int ret;
1141
1140
1142
-
ret = aes_expandkey(ctx, in_key, key_len);
1143
-
if (!ret)
1144
-
return 0;
1145
-
1146
-
*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
1147
-
return -EINVAL;
1141
+
return aes_expandkey(ctx, in_key, key_len);
1148
1142
}
1149
1143
EXPORT_SYMBOL_GPL(crypto_aes_set_key);
1150
1144
-2
crypto/anubis.c
-2
crypto/anubis.c
···
464
464
{
465
465
struct anubis_ctx *ctx = crypto_tfm_ctx(tfm);
466
466
const __be32 *key = (const __be32 *)in_key;
467
-
u32 *flags = &tfm->crt_flags;
468
467
int N, R, i, r;
469
468
u32 kappa[ANUBIS_MAX_N];
470
469
u32 inter[ANUBIS_MAX_N];
···
473
474
case 32: case 36: case 40:
474
475
break;
475
476
default:
476
-
*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
477
477
return -EINVAL;
478
478
}
479
479
+1
-5
crypto/authenc.c
+1
-5
crypto/authenc.c
···
91
91
int err = -EINVAL;
92
92
93
93
if (crypto_authenc_extractkeys(&keys, key, keylen) != 0)
94
-
goto badkey;
94
+
goto out;
95
95
96
96
crypto_ahash_clear_flags(auth, CRYPTO_TFM_REQ_MASK);
97
97
crypto_ahash_set_flags(auth, crypto_aead_get_flags(authenc) &
···
113
113
out:
114
114
memzero_explicit(&keys, sizeof(keys));
115
115
return err;
116
-
117
-
badkey:
118
-
crypto_aead_set_flags(authenc, CRYPTO_TFM_RES_BAD_KEY_LEN);
119
-
goto out;
120
116
}
121
117
122
118
static void authenc_geniv_ahash_done(struct crypto_async_request *areq, int err)
+1
-5
crypto/authencesn.c
+1
-5
crypto/authencesn.c
···
65
65
int err = -EINVAL;
66
66
67
67
if (crypto_authenc_extractkeys(&keys, key, keylen) != 0)
68
-
goto badkey;
68
+
goto out;
69
69
70
70
crypto_ahash_clear_flags(auth, CRYPTO_TFM_REQ_MASK);
71
71
crypto_ahash_set_flags(auth, crypto_aead_get_flags(authenc_esn) &
···
87
87
out:
88
88
memzero_explicit(&keys, sizeof(keys));
89
89
return err;
90
-
91
-
badkey:
92
-
crypto_aead_set_flags(authenc_esn, CRYPTO_TFM_RES_BAD_KEY_LEN);
93
-
goto out;
94
90
}
95
91
96
92
static int crypto_authenc_esn_genicv_tail(struct aead_request *req,
+1
-3
crypto/blake2b_generic.c
+1
-3
crypto/blake2b_generic.c
···
147
147
{
148
148
struct blake2b_tfm_ctx *tctx = crypto_shash_ctx(tfm);
149
149
150
-
if (keylen == 0 || keylen > BLAKE2B_KEYBYTES) {
151
-
crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
150
+
if (keylen == 0 || keylen > BLAKE2B_KEYBYTES)
152
151
return -EINVAL;
153
-
}
154
152
155
153
memcpy(tctx->key, key, keylen);
156
154
tctx->keylen = keylen;
+1
-3
crypto/blake2s_generic.c
+1
-3
crypto/blake2s_generic.c
···
17
17
{
18
18
struct blake2s_tfm_ctx *tctx = crypto_shash_ctx(tfm);
19
19
20
-
if (keylen == 0 || keylen > BLAKE2S_KEY_SIZE) {
21
-
crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
20
+
if (keylen == 0 || keylen > BLAKE2S_KEY_SIZE)
22
21
return -EINVAL;
23
-
}
24
22
25
23
memcpy(tctx->key, key, keylen);
26
24
tctx->keylen = keylen;
+1
-4
crypto/camellia_generic.c
+1
-4
crypto/camellia_generic.c
···
970
970
{
971
971
struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
972
972
const unsigned char *key = (const unsigned char *)in_key;
973
-
u32 *flags = &tfm->crt_flags;
974
973
975
-
if (key_len != 16 && key_len != 24 && key_len != 32) {
976
-
*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
974
+
if (key_len != 16 && key_len != 24 && key_len != 32)
977
975
return -EINVAL;
978
-
}
979
976
980
977
cctx->key_length = key_len;
981
978
+3
-7
crypto/cast6_generic.c
+3
-7
crypto/cast6_generic.c
···
103
103
key[7] ^= F2(key[0], Tr[i % 4][7], Tm[i][7]);
104
104
}
105
105
106
-
int __cast6_setkey(struct cast6_ctx *c, const u8 *in_key,
107
-
unsigned key_len, u32 *flags)
106
+
int __cast6_setkey(struct cast6_ctx *c, const u8 *in_key, unsigned int key_len)
108
107
{
109
108
int i;
110
109
u32 key[8];
111
110
__be32 p_key[8]; /* padded key */
112
111
113
-
if (key_len % 4 != 0) {
114
-
*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
112
+
if (key_len % 4 != 0)
115
113
return -EINVAL;
116
-
}
117
114
118
115
memset(p_key, 0, 32);
119
116
memcpy(p_key, in_key, key_len);
···
145
148
146
149
int cast6_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen)
147
150
{
148
-
return __cast6_setkey(crypto_tfm_ctx(tfm), key, keylen,
149
-
&tfm->crt_flags);
151
+
return __cast6_setkey(crypto_tfm_ctx(tfm), key, keylen);
150
152
}
151
153
EXPORT_SYMBOL_GPL(cast6_setkey);
152
154
+1
-3
crypto/cipher.c
+1
-3
crypto/cipher.c
···
46
46
unsigned long alignmask = crypto_cipher_alignmask(tfm);
47
47
48
48
crypto_cipher_clear_flags(tfm, CRYPTO_TFM_RES_MASK);
49
-
if (keylen < cia->cia_min_keysize || keylen > cia->cia_max_keysize) {
50
-
crypto_cipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
49
+
if (keylen < cia->cia_min_keysize || keylen > cia->cia_max_keysize)
51
50
return -EINVAL;
52
-
}
53
51
54
52
if ((unsigned long)key & alignmask)
55
53
return setkey_unaligned(tfm, key, keylen);
+1
-3
crypto/crc32_generic.c
+1
-3
crypto/crc32_generic.c
+1
-3
crypto/crc32c_generic.c
+1
-3
crypto/crc32c_generic.c
···
74
74
{
75
75
struct chksum_ctx *mctx = crypto_shash_ctx(tfm);
76
76
77
-
if (keylen != sizeof(mctx->key)) {
78
-
crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
77
+
if (keylen != sizeof(mctx->key))
79
78
return -EINVAL;
80
-
}
81
79
mctx->key = get_unaligned_le32(key);
82
80
return 0;
83
81
}
+1
-3
crypto/essiv.c
+1
-3
crypto/essiv.c
···
117
117
if (err)
118
118
return err;
119
119
120
-
if (crypto_authenc_extractkeys(&keys, key, keylen) != 0) {
121
-
crypto_aead_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
120
+
if (crypto_authenc_extractkeys(&keys, key, keylen) != 0)
122
121
return -EINVAL;
123
-
}
124
122
125
123
desc->tfm = tctx->hash;
126
124
err = crypto_shash_init(desc) ?:
+1
-3
crypto/ghash-generic.c
+1
-3
crypto/ghash-generic.c
···
58
58
struct ghash_ctx *ctx = crypto_shash_ctx(tfm);
59
59
be128 k;
60
60
61
-
if (keylen != GHASH_BLOCK_SIZE) {
62
-
crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
61
+
if (keylen != GHASH_BLOCK_SIZE)
63
62
return -EINVAL;
64
-
}
65
63
66
64
if (ctx->gf128)
67
65
gf128mul_free_4k(ctx->gf128);
+1
-3
crypto/michael_mic.c
+1
-3
crypto/michael_mic.c
···
137
137
138
138
const __le32 *data = (const __le32 *)key;
139
139
140
-
if (keylen != 8) {
141
-
crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
140
+
if (keylen != 8)
142
141
return -EINVAL;
143
-
}
144
142
145
143
mctx->l = le32_to_cpu(data[0]);
146
144
mctx->r = le32_to_cpu(data[1]);
+1
-3
crypto/skcipher.c
+1
-3
crypto/skcipher.c
···
603
603
unsigned long alignmask = crypto_skcipher_alignmask(tfm);
604
604
int err;
605
605
606
-
if (keylen < cipher->min_keysize || keylen > cipher->max_keysize) {
607
-
crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
606
+
if (keylen < cipher->min_keysize || keylen > cipher->max_keysize)
608
607
return -EINVAL;
609
-
}
610
608
611
609
if ((unsigned long)key & alignmask)
612
610
err = skcipher_setkey_unaligned(tfm, key, keylen);
+5
-11
crypto/sm4_generic.c
+5
-11
crypto/sm4_generic.c
···
143
143
EXPORT_SYMBOL_GPL(crypto_sm4_expand_key);
144
144
145
145
/**
146
-
* crypto_sm4_set_key - Set the AES key.
146
+
* crypto_sm4_set_key - Set the SM4 key.
147
147
* @tfm: The %crypto_tfm that is used in the context.
148
148
* @in_key: The input key.
149
149
* @key_len: The size of the key.
150
150
*
151
-
* Returns 0 on success, on failure the %CRYPTO_TFM_RES_BAD_KEY_LEN flag in tfm
152
-
* is set. The function uses crypto_sm4_expand_key() to expand the key.
151
+
* This function uses crypto_sm4_expand_key() to expand the key.
153
152
* &crypto_sm4_ctx _must_ be the private data embedded in @tfm which is
154
153
* retrieved with crypto_tfm_ctx().
154
+
*
155
+
* Return: 0 on success; -EINVAL on failure (only happens for bad key lengths)
155
156
*/
156
157
int crypto_sm4_set_key(struct crypto_tfm *tfm, const u8 *in_key,
157
158
unsigned int key_len)
158
159
{
159
160
struct crypto_sm4_ctx *ctx = crypto_tfm_ctx(tfm);
160
-
u32 *flags = &tfm->crt_flags;
161
-
int ret;
162
161
163
-
ret = crypto_sm4_expand_key(ctx, in_key, key_len);
164
-
if (!ret)
165
-
return 0;
166
-
167
-
*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
168
-
return -EINVAL;
162
+
return crypto_sm4_expand_key(ctx, in_key, key_len);
169
163
}
170
164
EXPORT_SYMBOL_GPL(crypto_sm4_set_key);
171
165
+2
-6
crypto/twofish_common.c
+2
-6
crypto/twofish_common.c
···
567
567
568
568
/* Perform the key setup. */
569
569
int __twofish_setkey(struct twofish_ctx *ctx, const u8 *key,
570
-
unsigned int key_len, u32 *flags)
570
+
unsigned int key_len)
571
571
{
572
572
int i, j, k;
573
573
···
584
584
585
585
/* Check key length. */
586
586
if (key_len % 8)
587
-
{
588
-
*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
589
587
return -EINVAL; /* unsupported key length */
590
-
}
591
588
592
589
/* Compute the first two words of the S vector. The magic numbers are
593
590
* the entries of the RS matrix, preprocessed through poly_to_exp. The
···
685
688
686
689
int twofish_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int key_len)
687
690
{
688
-
return __twofish_setkey(crypto_tfm_ctx(tfm), key, key_len,
689
-
&tfm->crt_flags);
691
+
return __twofish_setkey(crypto_tfm_ctx(tfm), key, key_len);
690
692
}
691
693
EXPORT_SYMBOL_GPL(twofish_setkey);
692
694
+1
-3
crypto/vmac.c
+1
-3
crypto/vmac.c
···
435
435
unsigned int i;
436
436
int err;
437
437
438
-
if (keylen != VMAC_KEY_LEN) {
439
-
crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
438
+
if (keylen != VMAC_KEY_LEN)
440
439
return -EINVAL;
441
-
}
442
440
443
441
err = crypto_cipher_setkey(tctx->cipher, key, keylen);
444
442
if (err)
+1
-3
crypto/xxhash_generic.c
+1
-3
crypto/xxhash_generic.c
···
22
22
{
23
23
struct xxhash64_tfm_ctx *tctx = crypto_shash_ctx(tfm);
24
24
25
-
if (keylen != sizeof(tctx->seed)) {
26
-
crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
25
+
if (keylen != sizeof(tctx->seed))
27
26
return -EINVAL;
28
-
}
29
27
tctx->seed = get_unaligned_le64(key);
30
28
return 0;
31
29
}
-1
drivers/crypto/allwinner/sun4i-ss/sun4i-ss-cipher.c
-1
drivers/crypto/allwinner/sun4i-ss/sun4i-ss-cipher.c
-1
drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
-1
drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
-2
drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c
-2
drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c
···
390
390
break;
391
391
default:
392
392
dev_dbg(ss->dev, "ERROR: Invalid keylen %u\n", keylen);
393
-
crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
394
393
return -EINVAL;
395
394
}
396
395
if (op->key) {
···
415
416
416
417
if (unlikely(keylen != 3 * DES_KEY_SIZE)) {
417
418
dev_dbg(ss->dev, "Invalid keylen %u\n", keylen);
418
-
crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
419
419
return -EINVAL;
420
420
}
421
421
+3
-8
drivers/crypto/amcc/crypto4xx_alg.c
+3
-8
drivers/crypto/amcc/crypto4xx_alg.c
···
128
128
struct dynamic_sa_ctl *sa;
129
129
int rc;
130
130
131
-
if (keylen != AES_KEYSIZE_256 &&
132
-
keylen != AES_KEYSIZE_192 && keylen != AES_KEYSIZE_128) {
133
-
crypto_skcipher_set_flags(cipher,
134
-
CRYPTO_TFM_RES_BAD_KEY_LEN);
131
+
if (keylen != AES_KEYSIZE_256 && keylen != AES_KEYSIZE_192 &&
132
+
keylen != AES_KEYSIZE_128)
135
133
return -EINVAL;
136
-
}
137
134
138
135
/* Create SA */
139
136
if (ctx->sa_in || ctx->sa_out)
···
548
551
struct dynamic_sa_ctl *sa;
549
552
int rc = 0;
550
553
551
-
if (crypto4xx_aes_gcm_validate_keylen(keylen) != 0) {
552
-
crypto_aead_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
554
+
if (crypto4xx_aes_gcm_validate_keylen(keylen) != 0)
553
555
return -EINVAL;
554
-
}
555
556
556
557
rc = crypto4xx_aead_setup_fallback(ctx, cipher, key, keylen);
557
558
if (rc)
-1
drivers/crypto/amlogic/amlogic-gxl-cipher.c
-1
drivers/crypto/amlogic/amlogic-gxl-cipher.c
+2
-7
drivers/crypto/atmel-aes.c
+2
-7
drivers/crypto/atmel-aes.c
···
1140
1140
1141
1141
if (keylen != AES_KEYSIZE_128 &&
1142
1142
keylen != AES_KEYSIZE_192 &&
1143
-
keylen != AES_KEYSIZE_256) {
1144
-
crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
1143
+
keylen != AES_KEYSIZE_256)
1145
1144
return -EINVAL;
1146
-
}
1147
1145
1148
1146
memcpy(ctx->key, key, keylen);
1149
1147
ctx->keylen = keylen;
···
1714
1716
1715
1717
if (keylen != AES_KEYSIZE_256 &&
1716
1718
keylen != AES_KEYSIZE_192 &&
1717
-
keylen != AES_KEYSIZE_128) {
1718
-
crypto_aead_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
1719
+
keylen != AES_KEYSIZE_128)
1719
1720
return -EINVAL;
1720
-
}
1721
1721
1722
1722
memcpy(ctx->key, key, keylen);
1723
1723
ctx->keylen = keylen;
···
2069
2073
return 0;
2070
2074
2071
2075
badkey:
2072
-
crypto_aead_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
2073
2076
memzero_explicit(&keys, sizeof(keys));
2074
2077
return -EINVAL;
2075
2078
}
+1
-7
drivers/crypto/axis/artpec6_crypto.c
+1
-7
drivers/crypto/axis/artpec6_crypto.c
···
1249
1249
{
1250
1250
struct artpec6_cryptotfm_context *ctx = crypto_tfm_ctx(&tfm->base);
1251
1251
1252
-
if (len != 16 && len != 24 && len != 32) {
1253
-
crypto_aead_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
1252
+
if (len != 16 && len != 24 && len != 32)
1254
1253
return -EINVAL;
1255
-
}
1256
1254
1257
1255
ctx->key_length = len;
1258
1256
···
1604
1606
case 32:
1605
1607
break;
1606
1608
default:
1607
-
crypto_skcipher_set_flags(cipher,
1608
-
CRYPTO_TFM_RES_BAD_KEY_LEN);
1609
1609
return -EINVAL;
1610
1610
}
1611
1611
···
1630
1634
case 64:
1631
1635
break;
1632
1636
default:
1633
-
crypto_skcipher_set_flags(cipher,
1634
-
CRYPTO_TFM_RES_BAD_KEY_LEN);
1635
1637
return -EINVAL;
1636
1638
}
1637
1639
-3
drivers/crypto/bcm/cipher.c
-3
drivers/crypto/bcm/cipher.c
···
1846
1846
ctx->cipher_type = CIPHER_TYPE_AES256;
1847
1847
break;
1848
1848
default:
1849
-
crypto_skcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
1850
1849
return -EINVAL;
1851
1850
}
1852
1851
WARN_ON((ctx->max_payload != SPU_MAX_PAYLOAD_INF) &&
···
2915
2916
ctx->authkeylen = 0;
2916
2917
ctx->digestsize = 0;
2917
2918
2918
-
crypto_aead_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
2919
2919
return -EINVAL;
2920
2920
}
2921
2921
···
2990
2992
ctx->authkeylen = 0;
2991
2993
ctx->digestsize = 0;
2992
2994
2993
-
crypto_aead_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
2994
2995
return -EINVAL;
2995
2996
}
2996
2997
+7
-26
drivers/crypto/caam/caamalg.c
+7
-26
drivers/crypto/caam/caamalg.c
···
548
548
unsigned int ivsize = crypto_aead_ivsize(aead);
549
549
unsigned int saltlen = CHACHAPOLY_IV_SIZE - ivsize;
550
550
551
-
if (keylen != CHACHA_KEY_SIZE + saltlen) {
552
-
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
551
+
if (keylen != CHACHA_KEY_SIZE + saltlen)
553
552
return -EINVAL;
554
-
}
555
553
556
554
ctx->cdata.key_virt = key;
557
555
ctx->cdata.keylen = keylen - saltlen;
···
617
619
memzero_explicit(&keys, sizeof(keys));
618
620
return aead_set_sh_desc(aead);
619
621
badkey:
620
-
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
621
622
memzero_explicit(&keys, sizeof(keys));
622
623
return -EINVAL;
623
624
}
···
646
649
int err;
647
650
648
651
err = aes_check_keylen(keylen);
649
-
if (err) {
650
-
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
652
+
if (err)
651
653
return err;
652
-
}
653
654
654
655
print_hex_dump_debug("key in @"__stringify(__LINE__)": ",
655
656
DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
···
667
672
int err;
668
673
669
674
err = aes_check_keylen(keylen - 4);
670
-
if (err) {
671
-
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
675
+
if (err)
672
676
return err;
673
-
}
674
677
675
678
print_hex_dump_debug("key in @"__stringify(__LINE__)": ",
676
679
DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
···
693
700
int err;
694
701
695
702
err = aes_check_keylen(keylen - 4);
696
-
if (err) {
697
-
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
703
+
if (err)
698
704
return err;
699
-
}
700
705
701
706
print_hex_dump_debug("key in @"__stringify(__LINE__)": ",
702
707
DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
···
753
762
int err;
754
763
755
764
err = aes_check_keylen(keylen);
756
-
if (err) {
757
-
crypto_skcipher_set_flags(skcipher,
758
-
CRYPTO_TFM_RES_BAD_KEY_LEN);
765
+
if (err)
759
766
return err;
760
-
}
761
767
762
768
return skcipher_setkey(skcipher, key, keylen, 0);
763
769
}
···
774
786
keylen -= CTR_RFC3686_NONCE_SIZE;
775
787
776
788
err = aes_check_keylen(keylen);
777
-
if (err) {
778
-
crypto_skcipher_set_flags(skcipher,
779
-
CRYPTO_TFM_RES_BAD_KEY_LEN);
789
+
if (err)
780
790
return err;
781
-
}
782
791
783
792
return skcipher_setkey(skcipher, key, keylen, ctx1_iv_off);
784
793
}
···
794
809
ctx1_iv_off = 16;
795
810
796
811
err = aes_check_keylen(keylen);
797
-
if (err) {
798
-
crypto_skcipher_set_flags(skcipher,
799
-
CRYPTO_TFM_RES_BAD_KEY_LEN);
812
+
if (err)
800
813
return err;
801
-
}
802
814
803
815
return skcipher_setkey(skcipher, key, keylen, ctx1_iv_off);
804
816
}
···
828
846
u32 *desc;
829
847
830
848
if (keylen != 2 * AES_MIN_KEY_SIZE && keylen != 2 * AES_MAX_KEY_SIZE) {
831
-
crypto_skcipher_set_flags(skcipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
832
849
dev_err(jrdev, "key size mismatch\n");
833
850
return -EINVAL;
834
851
}
+11
-33
drivers/crypto/caam/caamalg_qi.c
+11
-33
drivers/crypto/caam/caamalg_qi.c
···
268
268
memzero_explicit(&keys, sizeof(keys));
269
269
return ret;
270
270
badkey:
271
-
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
272
271
memzero_explicit(&keys, sizeof(keys));
273
272
return -EINVAL;
274
273
}
···
355
356
int ret;
356
357
357
358
ret = aes_check_keylen(keylen);
358
-
if (ret) {
359
-
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
359
+
if (ret)
360
360
return ret;
361
-
}
362
361
363
362
print_hex_dump_debug("key in @" __stringify(__LINE__)": ",
364
363
DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
···
459
462
int ret;
460
463
461
464
ret = aes_check_keylen(keylen - 4);
462
-
if (ret) {
463
-
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
465
+
if (ret)
464
466
return ret;
465
-
}
466
467
467
468
print_hex_dump_debug("key in @" __stringify(__LINE__)": ",
468
469
DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
···
565
570
int ret;
566
571
567
572
ret = aes_check_keylen(keylen - 4);
568
-
if (ret) {
569
-
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
573
+
if (ret)
570
574
return ret;
571
-
}
572
575
573
576
print_hex_dump_debug("key in @" __stringify(__LINE__)": ",
574
577
DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
···
637
644
ctx->sh_desc_enc);
638
645
if (ret) {
639
646
dev_err(jrdev, "driver enc context update failed\n");
640
-
goto badkey;
647
+
return -EINVAL;
641
648
}
642
649
}
643
650
···
646
653
ctx->sh_desc_dec);
647
654
if (ret) {
648
655
dev_err(jrdev, "driver dec context update failed\n");
649
-
goto badkey;
656
+
return -EINVAL;
650
657
}
651
658
}
652
659
653
660
return ret;
654
-
badkey:
655
-
crypto_skcipher_set_flags(skcipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
656
-
return -EINVAL;
657
661
}
658
662
659
663
static int aes_skcipher_setkey(struct crypto_skcipher *skcipher,
···
659
669
int err;
660
670
661
671
err = aes_check_keylen(keylen);
662
-
if (err) {
663
-
crypto_skcipher_set_flags(skcipher,
664
-
CRYPTO_TFM_RES_BAD_KEY_LEN);
672
+
if (err)
665
673
return err;
666
-
}
667
674
668
675
return skcipher_setkey(skcipher, key, keylen, 0);
669
676
}
···
680
693
keylen -= CTR_RFC3686_NONCE_SIZE;
681
694
682
695
err = aes_check_keylen(keylen);
683
-
if (err) {
684
-
crypto_skcipher_set_flags(skcipher,
685
-
CRYPTO_TFM_RES_BAD_KEY_LEN);
696
+
if (err)
686
697
return err;
687
-
}
688
698
689
699
return skcipher_setkey(skcipher, key, keylen, ctx1_iv_off);
690
700
}
···
700
716
ctx1_iv_off = 16;
701
717
702
718
err = aes_check_keylen(keylen);
703
-
if (err) {
704
-
crypto_skcipher_set_flags(skcipher,
705
-
CRYPTO_TFM_RES_BAD_KEY_LEN);
719
+
if (err)
706
720
return err;
707
-
}
708
721
709
722
return skcipher_setkey(skcipher, key, keylen, ctx1_iv_off);
710
723
}
···
729
748
730
749
if (keylen != 2 * AES_MIN_KEY_SIZE && keylen != 2 * AES_MAX_KEY_SIZE) {
731
750
dev_err(jrdev, "key size mismatch\n");
732
-
goto badkey;
751
+
return -EINVAL;
733
752
}
734
753
735
754
ctx->cdata.keylen = keylen;
···
746
765
ctx->sh_desc_enc);
747
766
if (ret) {
748
767
dev_err(jrdev, "driver enc context update failed\n");
749
-
goto badkey;
768
+
return -EINVAL;
750
769
}
751
770
}
752
771
···
755
774
ctx->sh_desc_dec);
756
775
if (ret) {
757
776
dev_err(jrdev, "driver dec context update failed\n");
758
-
goto badkey;
777
+
return -EINVAL;
759
778
}
760
779
}
761
780
762
781
return ret;
763
-
badkey:
764
-
crypto_skcipher_set_flags(skcipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
765
-
return -EINVAL;
766
782
}
767
783
768
784
/*
+10
-37
drivers/crypto/caam/caamalg_qi2.c
+10
-37
drivers/crypto/caam/caamalg_qi2.c
···
313
313
memzero_explicit(&keys, sizeof(keys));
314
314
return aead_set_sh_desc(aead);
315
315
badkey:
316
-
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
317
316
memzero_explicit(&keys, sizeof(keys));
318
317
return -EINVAL;
319
318
}
···
325
326
326
327
err = crypto_authenc_extractkeys(&keys, key, keylen);
327
328
if (unlikely(err))
328
-
goto badkey;
329
+
goto out;
329
330
330
331
err = -EINVAL;
331
332
if (keys.enckeylen != DES3_EDE_KEY_SIZE)
332
-
goto badkey;
333
+
goto out;
333
334
334
335
err = crypto_des3_ede_verify_key(crypto_aead_tfm(aead), keys.enckey) ?:
335
336
aead_setkey(aead, key, keylen);
···
337
338
out:
338
339
memzero_explicit(&keys, sizeof(keys));
339
340
return err;
340
-
341
-
badkey:
342
-
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
343
-
goto out;
344
341
}
345
342
346
343
static struct aead_edesc *aead_edesc_alloc(struct aead_request *req,
···
629
634
unsigned int ivsize = crypto_aead_ivsize(aead);
630
635
unsigned int saltlen = CHACHAPOLY_IV_SIZE - ivsize;
631
636
632
-
if (keylen != CHACHA_KEY_SIZE + saltlen) {
633
-
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
637
+
if (keylen != CHACHA_KEY_SIZE + saltlen)
634
638
return -EINVAL;
635
-
}
636
639
637
640
ctx->cdata.key_virt = key;
638
641
ctx->cdata.keylen = keylen - saltlen;
···
718
725
int ret;
719
726
720
727
ret = aes_check_keylen(keylen);
721
-
if (ret) {
722
-
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
728
+
if (ret)
723
729
return ret;
724
-
}
725
730
print_hex_dump_debug("key in @" __stringify(__LINE__)": ",
726
731
DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
727
732
···
813
822
int ret;
814
823
815
824
ret = aes_check_keylen(keylen - 4);
816
-
if (ret) {
817
-
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
825
+
if (ret)
818
826
return ret;
819
-
}
820
827
821
828
print_hex_dump_debug("key in @" __stringify(__LINE__)": ",
822
829
DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
···
912
923
int ret;
913
924
914
925
ret = aes_check_keylen(keylen - 4);
915
-
if (ret) {
916
-
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
926
+
if (ret)
917
927
return ret;
918
-
}
919
928
920
929
print_hex_dump_debug("key in @" __stringify(__LINE__)": ",
921
930
DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
···
979
992
int err;
980
993
981
994
err = aes_check_keylen(keylen);
982
-
if (err) {
983
-
crypto_skcipher_set_flags(skcipher,
984
-
CRYPTO_TFM_RES_BAD_KEY_LEN);
995
+
if (err)
985
996
return err;
986
-
}
987
997
988
998
return skcipher_setkey(skcipher, key, keylen, 0);
989
999
}
···
1000
1016
keylen -= CTR_RFC3686_NONCE_SIZE;
1001
1017
1002
1018
err = aes_check_keylen(keylen);
1003
-
if (err) {
1004
-
crypto_skcipher_set_flags(skcipher,
1005
-
CRYPTO_TFM_RES_BAD_KEY_LEN);
1019
+
if (err)
1006
1020
return err;
1007
-
}
1008
1021
1009
1022
return skcipher_setkey(skcipher, key, keylen, ctx1_iv_off);
1010
1023
}
···
1020
1039
ctx1_iv_off = 16;
1021
1040
1022
1041
err = aes_check_keylen(keylen);
1023
-
if (err) {
1024
-
crypto_skcipher_set_flags(skcipher,
1025
-
CRYPTO_TFM_RES_BAD_KEY_LEN);
1042
+
if (err)
1026
1043
return err;
1027
-
}
1028
1044
1029
1045
return skcipher_setkey(skcipher, key, keylen, ctx1_iv_off);
1030
1046
}
···
1029
1051
static int chacha20_skcipher_setkey(struct crypto_skcipher *skcipher,
1030
1052
const u8 *key, unsigned int keylen)
1031
1053
{
1032
-
if (keylen != CHACHA_KEY_SIZE) {
1033
-
crypto_skcipher_set_flags(skcipher,
1034
-
CRYPTO_TFM_RES_BAD_KEY_LEN);
1054
+
if (keylen != CHACHA_KEY_SIZE)
1035
1055
return -EINVAL;
1036
-
}
1037
1056
1038
1057
return skcipher_setkey(skcipher, key, keylen, 0);
1039
1058
}
···
1059
1084
1060
1085
if (keylen != 2 * AES_MIN_KEY_SIZE && keylen != 2 * AES_MAX_KEY_SIZE) {
1061
1086
dev_err(dev, "key size mismatch\n");
1062
-
crypto_skcipher_set_flags(skcipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
1063
1087
return -EINVAL;
1064
1088
}
1065
1089
···
3251
3277
return ret;
3252
3278
bad_free_key:
3253
3279
kfree(hashed_key);
3254
-
crypto_ahash_set_flags(ahash, CRYPTO_TFM_RES_BAD_KEY_LEN);
3255
3280
return -EINVAL;
3256
3281
}
3257
3282
+2
-7
drivers/crypto/caam/caamhash.c
+2
-7
drivers/crypto/caam/caamhash.c
···
473
473
return ahash_set_sh_desc(ahash);
474
474
bad_free_key:
475
475
kfree(hashed_key);
476
-
crypto_ahash_set_flags(ahash, CRYPTO_TFM_RES_BAD_KEY_LEN);
477
476
return -EINVAL;
478
477
}
479
478
···
482
483
struct caam_hash_ctx *ctx = crypto_ahash_ctx(ahash);
483
484
struct device *jrdev = ctx->jrdev;
484
485
485
-
if (keylen != AES_KEYSIZE_128) {
486
-
crypto_ahash_set_flags(ahash, CRYPTO_TFM_RES_BAD_KEY_LEN);
486
+
if (keylen != AES_KEYSIZE_128)
487
487
return -EINVAL;
488
-
}
489
488
490
489
memcpy(ctx->key, key, keylen);
491
490
dma_sync_single_for_device(jrdev, ctx->adata.key_dma, keylen,
···
503
506
int err;
504
507
505
508
err = aes_check_keylen(keylen);
506
-
if (err) {
507
-
crypto_ahash_set_flags(ahash, CRYPTO_TFM_RES_BAD_KEY_LEN);
509
+
if (err)
508
510
return err;
509
-
}
510
511
511
512
/* key is immediate data for all cmac shared descriptors */
512
513
ctx->adata.key_virt = key;
-2
drivers/crypto/cavium/cpt/cptvf_algs.c
-2
drivers/crypto/cavium/cpt/cptvf_algs.c
+1
-3
drivers/crypto/cavium/nitrox/nitrox_aead.c
+1
-3
drivers/crypto/cavium/nitrox/nitrox_aead.c
+3
-9
drivers/crypto/cavium/nitrox/nitrox_skcipher.c
+3
-9
drivers/crypto/cavium/nitrox/nitrox_skcipher.c
···
200
200
int aes_keylen;
201
201
202
202
aes_keylen = flexi_aes_keylen(keylen);
203
-
if (aes_keylen < 0) {
204
-
crypto_skcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
203
+
if (aes_keylen < 0)
205
204
return -EINVAL;
206
-
}
207
205
return nitrox_skcipher_setkey(cipher, aes_keylen, key, keylen);
208
206
}
209
207
···
349
351
keylen /= 2;
350
352
351
353
aes_keylen = flexi_aes_keylen(keylen);
352
-
if (aes_keylen < 0) {
353
-
crypto_skcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
354
+
if (aes_keylen < 0)
354
355
return -EINVAL;
355
-
}
356
356
357
357
fctx = nctx->u.fctx;
358
358
/* copy KEY2 */
···
378
382
keylen -= CTR_RFC3686_NONCE_SIZE;
379
383
380
384
aes_keylen = flexi_aes_keylen(keylen);
381
-
if (aes_keylen < 0) {
382
-
crypto_skcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
385
+
if (aes_keylen < 0)
383
386
return -EINVAL;
384
-
}
385
387
return nitrox_skcipher_setkey(cipher, aes_keylen, key, keylen);
386
388
}
387
389
-1
drivers/crypto/ccp/ccp-crypto-aes-cmac.c
-1
drivers/crypto/ccp/ccp-crypto-aes-cmac.c
-1
drivers/crypto/ccp/ccp-crypto-aes-galois.c
-1
drivers/crypto/ccp/ccp-crypto-aes-galois.c
-1
drivers/crypto/ccp/ccp-crypto-aes.c
-1
drivers/crypto/ccp/ccp-crypto-aes.c
+1
-3
drivers/crypto/ccp/ccp-crypto-sha.c
+1
-3
drivers/crypto/ccp/ccp-crypto-sha.c
+6
-14
drivers/crypto/ccree/cc_aead.c
+6
-14
drivers/crypto/ccree/cc_aead.c
···
562
562
563
563
rc = crypto_authenc_extractkeys(&keys, key, keylen);
564
564
if (rc)
565
-
goto badkey;
565
+
return rc;
566
566
enckey = keys.enckey;
567
567
authkey = keys.authkey;
568
568
ctx->enc_keylen = keys.enckeylen;
···
570
570
571
571
if (ctx->cipher_mode == DRV_CIPHER_CTR) {
572
572
/* the nonce is stored in bytes at end of key */
573
-
rc = -EINVAL;
574
573
if (ctx->enc_keylen <
575
574
(AES_MIN_KEY_SIZE + CTR_RFC3686_NONCE_SIZE))
576
-
goto badkey;
575
+
return -EINVAL;
577
576
/* Copy nonce from last 4 bytes in CTR key to
578
577
* first 4 bytes in CTR IV
579
578
*/
···
590
591
591
592
rc = validate_keys_sizes(ctx);
592
593
if (rc)
593
-
goto badkey;
594
+
return rc;
594
595
595
596
/* STAT_PHASE_1: Copy key to ctx */
596
597
···
604
605
} else if (ctx->auth_mode != DRV_HASH_NULL) { /* HMAC */
605
606
rc = cc_get_plain_hmac_key(tfm, authkey, ctx->auth_keylen);
606
607
if (rc)
607
-
goto badkey;
608
+
return rc;
608
609
}
609
610
610
611
/* STAT_PHASE_2: Create sequence */
···
621
622
break; /* No auth. key setup */
622
623
default:
623
624
dev_err(dev, "Unsupported authenc (%d)\n", ctx->auth_mode);
624
-
rc = -ENOTSUPP;
625
-
goto badkey;
625
+
return -ENOTSUPP;
626
626
}
627
627
628
628
/* STAT_PHASE_3: Submit sequence to HW */
···
630
632
rc = cc_send_sync_request(ctx->drvdata, &cc_req, desc, seq_len);
631
633
if (rc) {
632
634
dev_err(dev, "send_request() failed (rc=%d)\n", rc);
633
-
goto setkey_error;
635
+
return rc;
634
636
}
635
637
}
636
638
637
639
/* Update STAT_PHASE_3 */
638
-
return rc;
639
-
640
-
badkey:
641
-
crypto_aead_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
642
-
643
-
setkey_error:
644
640
return rc;
645
641
}
646
642
-3
drivers/crypto/ccree/cc_cipher.c
-3
drivers/crypto/ccree/cc_cipher.c
···
291
291
/* This check the size of the protected key token */
292
292
if (keylen != sizeof(hki)) {
293
293
dev_err(dev, "Unsupported protected key size %d.\n", keylen);
294
-
crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
295
294
return -EINVAL;
296
295
}
297
296
···
303
304
304
305
if (validate_keys_sizes(ctx_p, keylen)) {
305
306
dev_err(dev, "Unsupported key size %d.\n", keylen);
306
-
crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
307
307
return -EINVAL;
308
308
}
309
309
···
393
395
394
396
if (validate_keys_sizes(ctx_p, keylen)) {
395
397
dev_err(dev, "Unsupported key size %d.\n", keylen);
396
-
crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
397
398
return -EINVAL;
398
399
}
399
400
-6
drivers/crypto/ccree/cc_hash.c
-6
drivers/crypto/ccree/cc_hash.c
···
899
899
rc = cc_send_sync_request(ctx->drvdata, &cc_req, desc, idx);
900
900
901
901
out:
902
-
if (rc)
903
-
crypto_ahash_set_flags(ahash, CRYPTO_TFM_RES_BAD_KEY_LEN);
904
-
905
902
if (ctx->key_params.key_dma_addr) {
906
903
dma_unmap_single(dev, ctx->key_params.key_dma_addr,
907
904
ctx->key_params.keylen, DMA_TO_DEVICE);
···
986
989
idx++;
987
990
988
991
rc = cc_send_sync_request(ctx->drvdata, &cc_req, desc, idx);
989
-
990
-
if (rc)
991
-
crypto_ahash_set_flags(ahash, CRYPTO_TFM_RES_BAD_KEY_LEN);
992
992
993
993
dma_unmap_single(dev, ctx->key_params.key_dma_addr,
994
994
ctx->key_params.keylen, DMA_TO_DEVICE);
+3
-13
drivers/crypto/chelsio/chcr_algo.c
+3
-13
drivers/crypto/chelsio/chcr_algo.c
···
912
912
ablkctx->ciph_mode = CHCR_SCMD_CIPHER_MODE_AES_CBC;
913
913
return 0;
914
914
badkey_err:
915
-
crypto_skcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
916
915
ablkctx->enckey_len = 0;
917
916
918
917
return err;
···
942
943
943
944
return 0;
944
945
badkey_err:
945
-
crypto_skcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
946
946
ablkctx->enckey_len = 0;
947
947
948
948
return err;
···
979
981
980
982
return 0;
981
983
badkey_err:
982
-
crypto_skcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
983
984
ablkctx->enckey_len = 0;
984
985
985
986
return err;
···
2171
2174
ablkctx->ciph_mode = CHCR_SCMD_CIPHER_MODE_AES_XTS;
2172
2175
return 0;
2173
2176
badkey_err:
2174
-
crypto_skcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
2175
2177
ablkctx->enckey_len = 0;
2176
2178
2177
2179
return err;
···
3280
3284
ck_size = CHCR_KEYCTX_CIPHER_KEY_SIZE_256;
3281
3285
mk_size = CHCR_KEYCTX_MAC_KEY_SIZE_256;
3282
3286
} else {
3283
-
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
3284
3287
aeadctx->enckey_len = 0;
3285
3288
return -EINVAL;
3286
3289
}
···
3317
3322
int error;
3318
3323
3319
3324
if (keylen < 3) {
3320
-
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
3321
3325
aeadctx->enckey_len = 0;
3322
3326
return -EINVAL;
3323
3327
}
···
3366
3372
} else if (keylen == AES_KEYSIZE_256) {
3367
3373
ck_size = CHCR_KEYCTX_CIPHER_KEY_SIZE_256;
3368
3374
} else {
3369
-
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
3370
3375
pr_err("GCM: Invalid key length %d\n", keylen);
3371
3376
ret = -EINVAL;
3372
3377
goto out;
···
3422
3429
if (err)
3423
3430
goto out;
3424
3431
3425
-
if (crypto_authenc_extractkeys(&keys, key, keylen) != 0) {
3426
-
crypto_aead_set_flags(authenc, CRYPTO_TFM_RES_BAD_KEY_LEN);
3432
+
if (crypto_authenc_extractkeys(&keys, key, keylen) != 0)
3427
3433
goto out;
3428
-
}
3429
3434
3430
3435
if (get_alg_config(¶m, max_authsize)) {
3431
3436
pr_err("chcr : Unsupported digest size\n");
···
3550
3559
if (err)
3551
3560
goto out;
3552
3561
3553
-
if (crypto_authenc_extractkeys(&keys, key, keylen) != 0) {
3554
-
crypto_aead_set_flags(authenc, CRYPTO_TFM_RES_BAD_KEY_LEN);
3562
+
if (crypto_authenc_extractkeys(&keys, key, keylen) != 0)
3555
3563
goto out;
3556
-
}
3564
+
3557
3565
subtype = get_aead_subtype(authenc);
3558
3566
if (subtype == CRYPTO_ALG_SUB_TYPE_CTR_SHA ||
3559
3567
subtype == CRYPTO_ALG_SUB_TYPE_CTR_NULL) {
+2
-6
drivers/crypto/geode-aes.c
+2
-6
drivers/crypto/geode-aes.c
···
119
119
return 0;
120
120
}
121
121
122
-
if (len != AES_KEYSIZE_192 && len != AES_KEYSIZE_256) {
122
+
if (len != AES_KEYSIZE_192 && len != AES_KEYSIZE_256)
123
123
/* not supported at all */
124
-
tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
125
124
return -EINVAL;
126
-
}
127
125
128
126
/*
129
127
* The requested key size is not supported by HW, do a fallback
···
152
154
return 0;
153
155
}
154
156
155
-
if (len != AES_KEYSIZE_192 && len != AES_KEYSIZE_256) {
157
+
if (len != AES_KEYSIZE_192 && len != AES_KEYSIZE_256)
156
158
/* not supported at all */
157
-
crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
158
159
return -EINVAL;
159
-
}
160
160
161
161
/*
162
162
* The requested key size is not supported by HW, do a fallback
+11
-27
drivers/crypto/inside-secure/safexcel_cipher.c
+11
-27
drivers/crypto/inside-secure/safexcel_cipher.c
···
380
380
int ret, i;
381
381
382
382
ret = aes_expandkey(&aes, key, len);
383
-
if (ret) {
384
-
crypto_skcipher_set_flags(ctfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
383
+
if (ret)
385
384
return ret;
386
-
}
387
385
388
386
if (priv->flags & EIP197_TRC_CACHE && ctx->base.ctxr_dma) {
389
387
for (i = 0; i < len / sizeof(u32); i++) {
···
431
433
case SAFEXCEL_DES:
432
434
err = verify_aead_des_key(ctfm, keys.enckey, keys.enckeylen);
433
435
if (unlikely(err))
434
-
goto badkey_expflags;
436
+
goto badkey;
435
437
break;
436
438
case SAFEXCEL_3DES:
437
439
err = verify_aead_des3_key(ctfm, keys.enckey, keys.enckeylen);
438
440
if (unlikely(err))
439
-
goto badkey_expflags;
441
+
goto badkey;
440
442
break;
441
443
case SAFEXCEL_AES:
442
444
err = aes_expandkey(&aes, keys.enckey, keys.enckeylen);
···
519
521
return 0;
520
522
521
523
badkey:
522
-
crypto_aead_set_flags(ctfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
523
-
badkey_expflags:
524
524
memzero_explicit(&keys, sizeof(keys));
525
525
return err;
526
526
}
···
1440
1444
/* exclude the nonce here */
1441
1445
keylen = len - CTR_RFC3686_NONCE_SIZE;
1442
1446
ret = aes_expandkey(&aes, key, keylen);
1443
-
if (ret) {
1444
-
crypto_skcipher_set_flags(ctfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
1447
+
if (ret)
1445
1448
return ret;
1446
-
}
1447
1449
1448
1450
if (priv->flags & EIP197_TRC_CACHE && ctx->base.ctxr_dma) {
1449
1451
for (i = 0; i < keylen / sizeof(u32); i++) {
···
2453
2459
/* Only half of the key data is cipher key */
2454
2460
keylen = (len >> 1);
2455
2461
ret = aes_expandkey(&aes, key, keylen);
2456
-
if (ret) {
2457
-
crypto_skcipher_set_flags(ctfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
2462
+
if (ret)
2458
2463
return ret;
2459
-
}
2460
2464
2461
2465
if (priv->flags & EIP197_TRC_CACHE && ctx->base.ctxr_dma) {
2462
2466
for (i = 0; i < keylen / sizeof(u32); i++) {
···
2470
2478
2471
2479
/* The other half is the tweak key */
2472
2480
ret = aes_expandkey(&aes, (u8 *)(key + keylen), keylen);
2473
-
if (ret) {
2474
-
crypto_skcipher_set_flags(ctfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
2481
+
if (ret)
2475
2482
return ret;
2476
-
}
2477
2483
2478
2484
if (priv->flags & EIP197_TRC_CACHE && ctx->base.ctxr_dma) {
2479
2485
for (i = 0; i < keylen / sizeof(u32); i++) {
···
2560
2570
2561
2571
ret = aes_expandkey(&aes, key, len);
2562
2572
if (ret) {
2563
-
crypto_aead_set_flags(ctfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
2564
2573
memzero_explicit(&aes, sizeof(aes));
2565
2574
return ret;
2566
2575
}
···
2673
2684
2674
2685
ret = aes_expandkey(&aes, key, len);
2675
2686
if (ret) {
2676
-
crypto_aead_set_flags(ctfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
2677
2687
memzero_explicit(&aes, sizeof(aes));
2678
2688
return ret;
2679
2689
}
···
2803
2815
{
2804
2816
struct safexcel_cipher_ctx *ctx = crypto_skcipher_ctx(ctfm);
2805
2817
2806
-
if (len != CHACHA_KEY_SIZE) {
2807
-
crypto_skcipher_set_flags(ctfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
2818
+
if (len != CHACHA_KEY_SIZE)
2808
2819
return -EINVAL;
2809
-
}
2820
+
2810
2821
safexcel_chacha20_setkey(ctx, key);
2811
2822
2812
2823
return 0;
···
2859
2872
len -= EIP197_AEAD_IPSEC_NONCE_SIZE;
2860
2873
ctx->nonce = *(u32 *)(key + len);
2861
2874
}
2862
-
if (len != CHACHA_KEY_SIZE) {
2863
-
crypto_aead_set_flags(ctfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
2875
+
if (len != CHACHA_KEY_SIZE)
2864
2876
return -EINVAL;
2865
-
}
2877
+
2866
2878
safexcel_chacha20_setkey(ctx, key);
2867
2879
2868
2880
return 0;
···
3056
3070
struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
3057
3071
struct safexcel_crypto_priv *priv = ctx->priv;
3058
3072
3059
-
if (len != SM4_KEY_SIZE) {
3060
-
crypto_skcipher_set_flags(ctfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
3073
+
if (len != SM4_KEY_SIZE)
3061
3074
return -EINVAL;
3062
-
}
3063
3075
3064
3076
if (priv->flags & EIP197_TRC_CACHE && ctx->base.ctxr_dma)
3065
3077
if (memcmp(ctx->key, key, SM4_KEY_SIZE))
+4
-12
drivers/crypto/inside-secure/safexcel_hash.c
+4
-12
drivers/crypto/inside-secure/safexcel_hash.c
···
1919
1919
{
1920
1920
struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(crypto_ahash_tfm(tfm));
1921
1921
1922
-
if (keylen != sizeof(u32)) {
1923
-
crypto_ahash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
1922
+
if (keylen != sizeof(u32))
1924
1923
return -EINVAL;
1925
-
}
1926
1924
1927
1925
memcpy(ctx->ipad, key, sizeof(u32));
1928
1926
return 0;
···
1993
1995
int ret, i;
1994
1996
1995
1997
ret = aes_expandkey(&aes, key, len);
1996
-
if (ret) {
1997
-
crypto_ahash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
1998
+
if (ret)
1998
1999
return ret;
1999
-
}
2000
2000
2001
2001
memset(ctx->ipad, 0, 2 * AES_BLOCK_SIZE);
2002
2002
for (i = 0; i < len / sizeof(u32); i++)
···
2061
2065
int ret, i;
2062
2066
2063
2067
ret = aes_expandkey(&aes, key, len);
2064
-
if (ret) {
2065
-
crypto_ahash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
2068
+
if (ret)
2066
2069
return ret;
2067
-
}
2068
2070
2069
2071
/* precompute the XCBC key material */
2070
2072
crypto_cipher_clear_flags(ctx->kaes, CRYPTO_TFM_REQ_MASK);
···
2162
2168
int ret, i;
2163
2169
2164
2170
ret = aes_expandkey(&aes, key, len);
2165
-
if (ret) {
2166
-
crypto_ahash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
2171
+
if (ret)
2167
2172
return ret;
2168
-
}
2169
2173
2170
2174
for (i = 0; i < len / sizeof(u32); i++)
2171
2175
ctx->ipad[i + 8] =
-3
drivers/crypto/ixp4xx_crypto.c
-3
drivers/crypto/ixp4xx_crypto.c
···
740
740
u32 keylen_cfg = 0;
741
741
struct ix_sa_dir *dir;
742
742
struct ixp_ctx *ctx = crypto_tfm_ctx(tfm);
743
-
u32 *flags = &tfm->crt_flags;
744
743
745
744
dir = encrypt ? &ctx->encrypt : &ctx->decrypt;
746
745
cinfo = dir->npe_ctx;
···
756
757
case 24: keylen_cfg = MOD_AES192; break;
757
758
case 32: keylen_cfg = MOD_AES256; break;
758
759
default:
759
-
*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
760
760
return -EINVAL;
761
761
}
762
762
cipher_cfg |= keylen_cfg;
···
1167
1169
memzero_explicit(&keys, sizeof(keys));
1168
1170
return aead_setup(tfm, crypto_aead_authsize(tfm));
1169
1171
badkey:
1170
-
crypto_aead_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
1171
1172
memzero_explicit(&keys, sizeof(keys));
1172
1173
return -EINVAL;
1173
1174
}
+1
-3
drivers/crypto/marvell/cipher.c
+1
-3
drivers/crypto/marvell/cipher.c
···
255
255
int i;
256
256
257
257
ret = aes_expandkey(&ctx->aes, key, len);
258
-
if (ret) {
259
-
crypto_skcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
258
+
if (ret)
260
259
return ret;
261
-
}
262
260
263
261
remaining = (ctx->aes.key_length - 16) / 4;
264
262
offset = ctx->aes.key_length + 24 - remaining;
-2
drivers/crypto/mediatek/mtk-aes.c
-2
drivers/crypto/mediatek/mtk-aes.c
···
652
652
break;
653
653
654
654
default:
655
-
crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
656
655
return -EINVAL;
657
656
}
658
657
···
1021
1022
break;
1022
1023
1023
1024
default:
1024
-
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
1025
1025
return -EINVAL;
1026
1026
}
1027
1027
-1
drivers/crypto/n2_core.c
-1
drivers/crypto/n2_core.c
+2
-7
drivers/crypto/padlock-aes.c
+2
-7
drivers/crypto/padlock-aes.c
···
108
108
{
109
109
struct aes_ctx *ctx = aes_ctx(tfm);
110
110
const __le32 *key = (const __le32 *)in_key;
111
-
u32 *flags = &tfm->crt_flags;
112
111
struct crypto_aes_ctx gen_aes;
113
112
int cpu;
114
113
115
-
if (key_len % 8) {
116
-
*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
114
+
if (key_len % 8)
117
115
return -EINVAL;
118
-
}
119
116
120
117
/*
121
118
* If the hardware is capable of generating the extended key
···
143
146
ctx->cword.encrypt.keygen = 1;
144
147
ctx->cword.decrypt.keygen = 1;
145
148
146
-
if (aes_expandkey(&gen_aes, in_key, key_len)) {
147
-
*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
149
+
if (aes_expandkey(&gen_aes, in_key, key_len))
148
150
return -EINVAL;
149
-
}
150
151
151
152
memcpy(ctx->E, gen_aes.key_enc, AES_MAX_KEYLENGTH);
152
153
memcpy(ctx->D, gen_aes.key_dec, AES_MAX_KEYLENGTH);
+1
-5
drivers/crypto/picoxcell_crypto.c
+1
-5
drivers/crypto/picoxcell_crypto.c
···
490
490
return 0;
491
491
492
492
badkey:
493
-
crypto_aead_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
494
493
memzero_explicit(&keys, sizeof(keys));
495
494
return -EINVAL;
496
495
}
···
779
780
struct spacc_ablk_ctx *ctx = crypto_tfm_ctx(tfm);
780
781
int err = 0;
781
782
782
-
if (len > AES_MAX_KEY_SIZE) {
783
-
crypto_skcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
783
+
if (len > AES_MAX_KEY_SIZE)
784
784
return -EINVAL;
785
-
}
786
785
787
786
/*
788
787
* IPSec engine only supports 128 and 256 bit AES keys. If we get a
···
827
830
int err = 0;
828
831
829
832
if (len > AES_MAX_KEY_SIZE) {
830
-
crypto_skcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
831
833
err = -EINVAL;
832
834
goto out;
833
835
}
+1
-5
drivers/crypto/qat/qat_common/qat_algs.c
+1
-5
drivers/crypto/qat/qat_common/qat_algs.c
···
570
570
memzero_explicit(&keys, sizeof(keys));
571
571
return 0;
572
572
bad_key:
573
-
crypto_aead_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
574
573
memzero_explicit(&keys, sizeof(keys));
575
574
return -EINVAL;
576
575
error:
···
585
586
int alg;
586
587
587
588
if (qat_alg_validate_key(keylen, &alg, mode))
588
-
goto bad_key;
589
+
return -EINVAL;
589
590
590
591
qat_alg_skcipher_init_enc(ctx, alg, key, keylen, mode);
591
592
qat_alg_skcipher_init_dec(ctx, alg, key, keylen, mode);
592
593
return 0;
593
-
bad_key:
594
-
crypto_skcipher_set_flags(ctx->tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
595
-
return -EINVAL;
596
594
}
597
595
598
596
static int qat_alg_aead_rekey(struct crypto_aead *tfm, const uint8_t *key,
-2
drivers/crypto/qce/sha.c
-2
drivers/crypto/qce/sha.c
+1
-3
drivers/crypto/rockchip/rk3288_crypto_skcipher.c
+1
-3
drivers/crypto/rockchip/rk3288_crypto_skcipher.c
···
34
34
struct rk_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
35
35
36
36
if (keylen != AES_KEYSIZE_128 && keylen != AES_KEYSIZE_192 &&
37
-
keylen != AES_KEYSIZE_256) {
38
-
crypto_skcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
37
+
keylen != AES_KEYSIZE_256)
39
38
return -EINVAL;
40
-
}
41
39
ctx->keylen = keylen;
42
40
memcpy_toio(ctx->dev->reg + RK_CRYPTO_AES_KEY_0, key, keylen);
43
41
return 0;
+1
-3
drivers/crypto/stm32/stm32-crc32.c
+1
-3
drivers/crypto/stm32/stm32-crc32.c
+3
-12
drivers/crypto/talitos.c
+3
-12
drivers/crypto/talitos.c
···
914
914
return 0;
915
915
916
916
badkey:
917
-
crypto_aead_set_flags(authenc, CRYPTO_TFM_RES_BAD_KEY_LEN);
918
917
memzero_explicit(&keys, sizeof(keys));
919
918
return -EINVAL;
920
919
}
···
928
929
929
930
err = crypto_authenc_extractkeys(&keys, key, keylen);
930
931
if (unlikely(err))
931
-
goto badkey;
932
+
goto out;
932
933
933
934
err = -EINVAL;
934
935
if (keys.authkeylen + keys.enckeylen > TALITOS_MAX_KEY_SIZE)
935
-
goto badkey;
936
+
goto out;
936
937
937
938
err = verify_aead_des3_key(authenc, keys.enckey, keys.enckeylen);
938
939
if (err)
···
953
954
out:
954
955
memzero_explicit(&keys, sizeof(keys));
955
956
return err;
956
-
957
-
badkey:
958
-
crypto_aead_set_flags(authenc, CRYPTO_TFM_RES_BAD_KEY_LEN);
959
-
goto out;
960
957
}
961
958
962
959
static void talitos_sg_unmap(struct device *dev,
···
1522
1527
if (keylen == AES_KEYSIZE_128 || keylen == AES_KEYSIZE_192 ||
1523
1528
keylen == AES_KEYSIZE_256)
1524
1529
return skcipher_setkey(cipher, key, keylen);
1525
-
1526
-
crypto_skcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
1527
1530
1528
1531
return -EINVAL;
1529
1532
}
···
2227
2234
/* Must get the hash of the long key */
2228
2235
ret = keyhash(tfm, key, keylen, hash);
2229
2236
2230
-
if (ret) {
2231
-
crypto_ahash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
2237
+
if (ret)
2232
2238
return -EINVAL;
2233
-
}
2234
2239
2235
2240
keysize = digestsize;
2236
2241
memcpy(ctx->key, hash, digestsize);
-2
drivers/crypto/ux500/cryp/cryp_core.c
-2
drivers/crypto/ux500/cryp/cryp_core.c
···
951
951
const u8 *key, unsigned int keylen)
952
952
{
953
953
struct cryp_ctx *ctx = crypto_skcipher_ctx(cipher);
954
-
u32 *flags = &cipher->base.crt_flags;
955
954
956
955
pr_debug(DEV_DBG_NAME " [%s]", __func__);
957
956
···
969
970
970
971
default:
971
972
pr_err(DEV_DBG_NAME "[%s]: Unknown keylen!", __func__);
972
-
*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
973
973
return -EINVAL;
974
974
}
975
975
+2
-6
drivers/crypto/virtio/virtio_crypto_algs.c
+2
-6
drivers/crypto/virtio/virtio_crypto_algs.c
···
272
272
273
273
if (keylen > vcrypto->max_cipher_key_len) {
274
274
pr_err("virtio_crypto: the key is too long\n");
275
-
goto bad_key;
275
+
return -EINVAL;
276
276
}
277
277
278
278
if (virtio_crypto_alg_validate_key(keylen, &alg))
279
-
goto bad_key;
279
+
return -EINVAL;
280
280
281
281
/* Create encryption session */
282
282
ret = virtio_crypto_alg_skcipher_init_session(ctx,
···
291
291
return ret;
292
292
}
293
293
return 0;
294
-
295
-
bad_key:
296
-
crypto_skcipher_set_flags(ctx->tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
297
-
return -EINVAL;
298
294
}
299
295
300
296
/* Note: kernel crypto API realization */
+1
-2
include/crypto/cast6.h
+1
-2
include/crypto/cast6.h
···
15
15
u8 Kr[12][4];
16
16
};
17
17
18
-
int __cast6_setkey(struct cast6_ctx *ctx, const u8 *key,
19
-
unsigned int keylen, u32 *flags);
18
+
int __cast6_setkey(struct cast6_ctx *ctx, const u8 *key, unsigned int keylen);
20
19
int cast6_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen);
21
20
22
21
void __cast6_encrypt(const void *ctx, u8 *dst, const u8 *src);
+2
-6
include/crypto/internal/des.h
+2
-6
include/crypto/internal/des.h
···
120
120
static inline int verify_aead_des_key(struct crypto_aead *tfm, const u8 *key,
121
121
int keylen)
122
122
{
123
-
if (keylen != DES_KEY_SIZE) {
124
-
crypto_aead_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
123
+
if (keylen != DES_KEY_SIZE)
125
124
return -EINVAL;
126
-
}
127
125
return crypto_des_verify_key(crypto_aead_tfm(tfm), key);
128
126
}
129
127
130
128
static inline int verify_aead_des3_key(struct crypto_aead *tfm, const u8 *key,
131
129
int keylen)
132
130
{
133
-
if (keylen != DES3_EDE_KEY_SIZE) {
134
-
crypto_aead_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
131
+
if (keylen != DES3_EDE_KEY_SIZE)
135
132
return -EINVAL;
136
-
}
137
133
return crypto_des3_ede_verify_key(crypto_aead_tfm(tfm), key);
138
134
}
139
135
+1
-1
include/crypto/twofish.h
+1
-1
include/crypto/twofish.h
+2
-6
include/crypto/xts.h
+2
-6
include/crypto/xts.h
···
17
17
* key consists of keys of equal size concatenated, therefore
18
18
* the length must be even.
19
19
*/
20
-
if (keylen % 2) {
21
-
*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
20
+
if (keylen % 2)
22
21
return -EINVAL;
23
-
}
24
22
25
23
/* ensure that the AES and tweak key are not identical */
26
24
if (fips_enabled &&
···
37
39
* key consists of keys of equal size concatenated, therefore
38
40
* the length must be even.
39
41
*/
40
-
if (keylen % 2) {
41
-
crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
42
+
if (keylen % 2)
42
43
return -EINVAL;
43
-
}
44
44
45
45
/* ensure that the AES and tweak key are not identical */
46
46
if ((fips_enabled || (crypto_skcipher_get_flags(tfm) &