From: Bobi Jam <bobijam@whamcloud.com>
Date: Wed, 9 May 2012 19:22:58 +0000 (+0800)
Subject: LU-1102 crypto: correctly check crypto_alloc_blkcipher returns
X-Git-Tag: 2.2.53~24
X-Git-Url: https://git.whamcloud.com/?a=commitdiff_plain;h=96894b2afb0675ec93eec6260de6d71b296f57dc;p=fs%2Flustre-release.git

LU-1102 crypto: correctly check crypto_alloc_blkcipher returns

ll_crypto_alloc_blkcipher() returns error value as well as possible
NULL pointer, should check its return value carefully.

Signed-off-by: Bobi Jam <bobijam@whamcloud.com>
Change-Id: I181b236406e2649580a04940886f849ad6071078
Reviewed-on: http://review.whamcloud.com/2703
Reviewed-by: Lai Siyao <laisiyao@whamcloud.com>
Tested-by: Hudson
Tested-by: Maloo <whamcloud.maloo@gmail.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
---

diff --git a/lustre/include/linux/lustre_compat25.h b/lustre/include/linux/lustre_compat25.h
index d2f5e61..204322f 100644
--- a/lustre/include/linux/lustre_compat25.h
+++ b/lustre/include/linux/lustre_compat25.h
@@ -429,8 +429,6 @@ static inline struct dentry *d_obtain_alias(struct inode *inode)
 #define ll_crypto_hash_init(desc)               crypto_hash_init(desc)
 #define ll_crypto_hash_update(desc, sl, bytes)  crypto_hash_update(desc, sl, bytes)
 #define ll_crypto_hash_final(desc, out)         crypto_hash_final(desc, out)
-#define ll_crypto_alloc_blkcipher(name, type, mask) \
-                crypto_alloc_blkcipher(name ,type, mask)
 #define ll_crypto_blkcipher_setkey(tfm, key, keylen) \
                 crypto_blkcipher_setkey(tfm, key, keylen)
 #define ll_crypto_blkcipher_set_iv(tfm, src, len) \
@@ -446,6 +444,15 @@ static inline struct dentry *d_obtain_alias(struct inode *inode)
 #define ll_crypto_blkcipher_decrypt_iv(desc, dst, src, bytes) \
                 crypto_blkcipher_decrypt_iv(desc, dst, src, bytes)
 
+static inline
+struct ll_crypto_cipher *ll_crypto_alloc_blkcipher(const char *name,
+						   u32 type, u32 mask)
+{
+	struct ll_crypto_cipher *rtn = crypto_alloc_blkcipher(name, type, mask);
+
+	return (rtn == NULL ? ERR_PTR(-ENOMEM) : rtn);
+}
+
 static inline int ll_crypto_hmac(struct ll_crypto_hash *tfm,
                                  u8 *key, unsigned int *keylen,
                                  struct scatterlist *sg,
@@ -515,25 +522,27 @@ static inline
 struct ll_crypto_cipher *ll_crypto_alloc_blkcipher(const char * algname,
                                                    u32 type, u32 mask)
 {
-        char        buf[CRYPTO_MAX_ALG_NAME + 1];
-        const char *pan = algname;
-        u32         flag = 0;
-
-        if (strncmp("cbc(", algname, 4) == 0)
-                flag |= CRYPTO_TFM_MODE_CBC;
-        else if (strncmp("ecb(", algname, 4) == 0)
-                flag |= CRYPTO_TFM_MODE_ECB;
-        if (flag) {
-                char *vp = strnchr(algname, CRYPTO_MAX_ALG_NAME, ')');
-                if (vp) {
-                        memcpy(buf, algname + 4, vp - algname - 4);
-                        buf[vp - algname - 4] = '\0';
-                        pan = buf;
-                } else {
-                        flag = 0;
-                }
-        }
-        return crypto_alloc_tfm(pan, flag);
+	struct ll_crypto_cipher *rtn;
+	char        		 buf[CRYPTO_MAX_ALG_NAME + 1];
+	const char 		*pan = algname;
+	u32         		 flag = 0;
+
+	if (strncmp("cbc(", algname, 4) == 0)
+		flag |= CRYPTO_TFM_MODE_CBC;
+	else if (strncmp("ecb(", algname, 4) == 0)
+		flag |= CRYPTO_TFM_MODE_ECB;
+	if (flag) {
+		char *vp = strnchr(algname, CRYPTO_MAX_ALG_NAME, ')');
+		if (vp) {
+			memcpy(buf, algname + 4, vp - algname - 4);
+			buf[vp - algname - 4] = '\0';
+			pan = buf;
+		} else {
+			flag = 0;
+		}
+	}
+	rtn = crypto_alloc_tfm(pan, flag);
+	return (rtn == NULL ?  ERR_PTR(-ENOMEM) : rtn);
 }
 
 static inline
diff --git a/lustre/obdclass/capa.c b/lustre/obdclass/capa.c
index f34a543..c0431b3 100644
--- a/lustre/obdclass/capa.c
+++ b/lustre/obdclass/capa.c
@@ -284,13 +284,13 @@ int capa_encrypt_id(__u32 *d, __u32 *s, __u8 *key, int keylen)
         char alg[CRYPTO_MAX_ALG_NAME+1] = "aes";
         ENTRY;
 
-        /* passing "aes" in a variable instead of a constant string keeps gcc
-         * 4.3.2 happy */
-        tfm = ll_crypto_alloc_blkcipher(alg, 0, 0 );
-        if (tfm == NULL) {
-                CERROR("failed to load transform for aes\n");
-                RETURN(-EFAULT);
-        }
+	/* passing "aes" in a variable instead of a constant string keeps gcc
+	 * 4.3.2 happy */
+	tfm = ll_crypto_alloc_blkcipher(alg, 0, 0 );
+	if (IS_ERR(tfm)) {
+		CERROR("failed to load transform for aes\n");
+		RETURN(PTR_ERR(tfm));
+	}
 
         min = ll_crypto_tfm_alg_min_keysize(tfm);
         if (keylen < min) {
@@ -336,13 +336,13 @@ int capa_decrypt_id(__u32 *d, __u32 *s, __u8 *key, int keylen)
         char alg[CRYPTO_MAX_ALG_NAME+1] = "aes";
         ENTRY;
 
-        /* passing "aes" in a variable instead of a constant string keeps gcc
-         * 4.3.2 happy */
-        tfm = ll_crypto_alloc_blkcipher(alg, 0, 0 );
-        if (tfm == NULL) {
-                CERROR("failed to load transform for aes\n");
-                RETURN(-EFAULT);
-        }
+	/* passing "aes" in a variable instead of a constant string keeps gcc
+	 * 4.3.2 happy */
+	tfm = ll_crypto_alloc_blkcipher(alg, 0, 0 );
+	if (IS_ERR(tfm)) {
+		CERROR("failed to load transform for aes\n");
+		RETURN(PTR_ERR(tfm));
+	}
 
         min = ll_crypto_tfm_alg_min_keysize(tfm);
         if (keylen < min) {
diff --git a/lustre/ptlrpc/gss/gss_krb5_mech.c b/lustre/ptlrpc/gss/gss_krb5_mech.c
index feec73a..3a11059 100644
--- a/lustre/ptlrpc/gss/gss_krb5_mech.c
+++ b/lustre/ptlrpc/gss/gss_krb5_mech.c
@@ -154,12 +154,12 @@ static const char * enctype2str(__u32 enctype)
 static
 int keyblock_init(struct krb5_keyblock *kb, char *alg_name, int alg_mode)
 {
-        kb->kb_tfm = ll_crypto_alloc_blkcipher(alg_name, alg_mode, 0);
-        if (kb->kb_tfm == NULL) {
-                CERROR("failed to alloc tfm: %s, mode %d\n",
-                       alg_name, alg_mode);
-                return -1;
-        }
+	kb->kb_tfm = ll_crypto_alloc_blkcipher(alg_name, alg_mode, 0);
+	if (IS_ERR(kb->kb_tfm)) {
+		CERROR("failed to alloc tfm: %s, mode %d\n",
+		       alg_name, alg_mode);
+		return -1;
+	}
 
         if (ll_crypto_blkcipher_setkey(kb->kb_tfm, kb->kb_key.data, kb->kb_key.len)) {
                 CERROR("failed to set %s key, len %d\n",
@@ -1311,11 +1311,11 @@ __u32 gss_wrap_kerberos(struct gss_ctx *gctx,
                         GOTO(arc4_out, rc = -EACCES);
                 }
 
-                arc4_tfm = ll_crypto_alloc_blkcipher("ecb(arc4)", 0, 0);
-                if (arc4_tfm == NULL) {
-                        CERROR("failed to alloc tfm arc4 in ECB mode\n");
-                        GOTO(arc4_out_key, rc = -EACCES);
-                }
+		arc4_tfm = ll_crypto_alloc_blkcipher("ecb(arc4)", 0, 0);
+		if (IS_ERR(arc4_tfm)) {
+			CERROR("failed to alloc tfm arc4 in ECB mode\n");
+			GOTO(arc4_out_key, rc = -EACCES);
+		}
 
                 if (ll_crypto_blkcipher_setkey(arc4_tfm, arc4_keye.data,
                                                arc4_keye.len)) {
@@ -1587,11 +1587,11 @@ __u32 gss_unwrap_kerberos(struct gss_ctx  *gctx,
                         GOTO(arc4_out, rc = -EACCES);
                 }
 
-                arc4_tfm = ll_crypto_alloc_blkcipher("ecb(arc4)", 0, 0);
-                if (arc4_tfm == NULL) {
-                        CERROR("failed to alloc tfm arc4 in ECB mode\n");
-                        GOTO(arc4_out_key, rc = -EACCES);
-                }
+		arc4_tfm = ll_crypto_alloc_blkcipher("ecb(arc4)", 0, 0);
+		if (IS_ERR(arc4_tfm)) {
+			CERROR("failed to alloc tfm arc4 in ECB mode\n");
+			GOTO(arc4_out_key, rc = -EACCES);
+		}
 
                 if (ll_crypto_blkcipher_setkey(arc4_tfm,
                                          arc4_keye.data, arc4_keye.len)) {