libwd/0028-uadk-cipher-add-length-check-of-CBC_CTS-mode.patch

From 11e9545abb4e861f2cc589dfa76f20564033c995 Mon Sep 17 00:00:00 2001
From: Yang Shen <shenyang39@huawei.com>
Date: Fri, 11 Oct 2024 11:27:54 +0800
Subject: [PATCH 28/39] uadk/cipher - add length check of CBC_CTS mode

Add length check of CBC_CTS mode.

Signed-off-by: Yang Shen <shenyang39@huawei.com>
Signed-off-by: Qi Tao <taoqi10@huawei.com>
---
 wd_cipher.c | 30 ++++++++++++++++++++++--------
 1 file changed, 22 insertions(+), 8 deletions(-)

diff --git a/wd_cipher.c b/wd_cipher.c
index f6b035a..ec6fb15 100644
--- a/wd_cipher.c
+++ b/wd_cipher.c
@@ -588,9 +588,10 @@ static int cipher_iv_len_check(struct wd_cipher_req *req,
 	return ret;
 }
 
-static int cipher_len_check(handle_t h_sess, struct wd_cipher_req *req)
+static int cipher_in_len_check(handle_t h_sess, struct wd_cipher_req *req)
 {
 	struct wd_cipher_sess *sess = (struct wd_cipher_sess *)h_sess;
+	int ret = 0;
 
 	if (!req->in_bytes) {
 		WD_ERR("invalid: cipher input length is zero!\n");
@@ -600,14 +601,27 @@ static int cipher_len_check(handle_t h_sess, struct wd_cipher_req *req)
 	if (sess->alg != WD_CIPHER_AES && sess->alg != WD_CIPHER_SM4)
 		return 0;
 
-	if ((req->in_bytes & (AES_BLOCK_SIZE - 1)) &&
-	    (sess->mode == WD_CIPHER_CBC || sess->mode == WD_CIPHER_ECB)) {
-		WD_ERR("failed to check input bytes of AES or SM4, size = %u\n",
-		       req->in_bytes);
-		return -WD_EINVAL;
+	switch (sess->mode) {
+	case WD_CIPHER_ECB:
+	case WD_CIPHER_CBC:
+		if (req->in_bytes & (AES_BLOCK_SIZE - 1))
+			ret = -WD_EINVAL;
+		break;
+	case WD_CIPHER_CBC_CS1:
+	case WD_CIPHER_CBC_CS2:
+	case WD_CIPHER_CBC_CS3:
+		if (req->in_bytes < AES_BLOCK_SIZE)
+			ret = -WD_EINVAL;
+		break;
+	default:
+		break;
 	}
 
-	return 0;
+	if (ret)
+		WD_ERR("invalid: %s input bytes is %u!\n",
+		       wd_cipher_alg_name[sess->alg][sess->mode], req->in_bytes);
+
+	return ret;
 }
 
 static int wd_cipher_check_params(handle_t h_sess,
@@ -632,7 +646,7 @@ static int wd_cipher_check_params(handle_t h_sess,
 		return -WD_EINVAL;
 	}
 
-	ret = cipher_len_check(h_sess, req);
+	ret = cipher_in_len_check(h_sess, req);
 	if (unlikely(ret))
 		return ret;
 
-- 
2.25.1