accelerated: make explicit key size check to all accelerated ciphers

That is, do not rely on checks done on asm level, as they vary and
may change over updates. Also handle consistently invalid key sizes
by returning an error, and eliminate calls to abort().

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

11 files changed, 24 insertions, 6 deletions

diff --git a/lib/accelerated/cryptodev-gcm.c b/lib/accelerated/cryptodev-gcm.c
index dd4e8fdc0e..e0d72e3f8f 100644
--- a/lib/accelerated/cryptodev-gcm.c
+++ b/lib/accelerated/cryptodev-gcm.c
@@ -99,6 +99,8 @@ aes_gcm_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
 {
 	struct cryptodev_gcm_ctx *ctx = _ctx;
 
+	CHECK_AES_KEYSIZE(keysize);
+
 	ctx->sess.keylen = keysize;
 	ctx->sess.key = (void *) userkey;
 
diff --git a/lib/accelerated/cryptodev.c b/lib/accelerated/cryptodev.c
index 012221dffb..fc8e754005 100644
--- a/lib/accelerated/cryptodev.c
+++ b/lib/accelerated/cryptodev.c
@@ -90,6 +90,8 @@ cryptodev_cipher_setkey(void *_ctx, const void *key, size_t keysize)
 {
 	struct cryptodev_ctx *ctx = _ctx;
 
+	CHECK_AES_KEYSIZE(keysize);
+
 	ctx->sess.keylen = keysize;
 	ctx->sess.key = (void *) key;
 
diff --git a/lib/accelerated/x86/aes-cbc-x86-aesni.c b/lib/accelerated/x86/aes-cbc-x86-aesni.c
index 74a67e7da4..dd5ae9524b 100644
--- a/lib/accelerated/x86/aes-cbc-x86-aesni.c
+++ b/lib/accelerated/x86/aes-cbc-x86-aesni.c
@@ -65,6 +65,8 @@ aes_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
 	struct aes_ctx *ctx = _ctx;
 	int ret;
 
+	CHECK_AES_KEYSIZE(keysize);
+
 	if (ctx->enc)
 		ret =
 		    aesni_set_encrypt_key(userkey, keysize * 8,
diff --git a/lib/accelerated/x86/aes-cbc-x86-ssse3.c b/lib/accelerated/x86/aes-cbc-x86-ssse3.c
index bbcd2934d9..fe2d0a3a27 100644
--- a/lib/accelerated/x86/aes-cbc-x86-ssse3.c
+++ b/lib/accelerated/x86/aes-cbc-x86-ssse3.c
@@ -65,8 +65,7 @@ aes_ssse3_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
 	struct aes_ctx *ctx = _ctx;
 	int ret;
 
-	if (keysize != 16 && keysize != 24 && keysize != 32)
-		return GNUTLS_E_INVALID_REQUEST;
+	CHECK_AES_KEYSIZE(keysize);
 
 	if (ctx->enc)
 		ret =
diff --git a/lib/accelerated/x86/aes-gcm-padlock.c b/lib/accelerated/x86/aes-gcm-padlock.c
index 3362a21a9a..5ec28d81a5 100644
--- a/lib/accelerated/x86/aes-gcm-padlock.c
+++ b/lib/accelerated/x86/aes-gcm-padlock.c
@@ -131,7 +131,8 @@ aes_gcm_cipher_setkey(void *_ctx, const void *key, size_t keysize)
 	} else if (keysize == 32) {
 		GCM_SET_KEY(ctx, padlock_aes256_set_encrypt_key, padlock_aes_encrypt,
 			    key);
-	} else abort();
+	} else
+		return GNUTLS_E_INVALID_REQUEST;
 
 	return 0;
 }
diff --git a/lib/accelerated/x86/aes-gcm-x86-aesni.c b/lib/accelerated/x86/aes-gcm-x86-aesni.c
index 2a89f46a8b..fa65af777a 100644
--- a/lib/accelerated/x86/aes-gcm-x86-aesni.c
+++ b/lib/accelerated/x86/aes-gcm-x86-aesni.c
@@ -115,7 +115,8 @@ aes_gcm_cipher_setkey(void *_ctx, const void *key, size_t length)
 	} else if (length == 32) {
 		GCM_SET_KEY(ctx, x86_aes256_set_encrypt_key, x86_aes_encrypt,
 			    key);
-	} else abort();
+	} else
+		return GNUTLS_E_INVALID_REQUEST;
 
 	return 0;
 }
diff --git a/lib/accelerated/x86/aes-gcm-x86-pclmul.c b/lib/accelerated/x86/aes-gcm-x86-pclmul.c
index 47a6bfe197..e928598827 100644
--- a/lib/accelerated/x86/aes-gcm-x86-pclmul.c
+++ b/lib/accelerated/x86/aes-gcm-x86-pclmul.c
@@ -95,6 +95,8 @@ aes_gcm_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
 	struct aes_gcm_ctx *ctx = _ctx;
 	int ret;
 
+	CHECK_AES_KEYSIZE(keysize);
+
 	ret =
 	    aesni_set_encrypt_key(userkey, keysize * 8,
 				  ALIGN16(&ctx->expanded_key));
diff --git a/lib/accelerated/x86/aes-gcm-x86-ssse3.c b/lib/accelerated/x86/aes-gcm-x86-ssse3.c
index f828f0a3b1..e3ccf8dce3 100644
--- a/lib/accelerated/x86/aes-gcm-x86-ssse3.c
+++ b/lib/accelerated/x86/aes-gcm-x86-ssse3.c
@@ -120,7 +120,8 @@ aes_gcm_cipher_setkey(void *_ctx, const void *key, size_t keysize)
 	} else if (keysize == 32) {
 		GCM_SET_KEY(ctx, x86_aes_256_set_encrypt_key, x86_aes_encrypt,
 			    key);
-	} else abort();
+	} else
+		return GNUTLS_E_INVALID_REQUEST;
 
 	return 0;
 }
diff --git a/lib/accelerated/x86/aes-padlock.c b/lib/accelerated/x86/aes-padlock.c
index dd193ee69b..b308398f12 100644
--- a/lib/accelerated/x86/aes-padlock.c
+++ b/lib/accelerated/x86/aes-padlock.c
@@ -104,7 +104,7 @@ padlock_aes_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
 		break;
 #endif
 	default:
-		return gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED);
+		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 	}
 
 	padlock_reload_key();
diff --git a/lib/accelerated/x86/aes-x86.h b/lib/accelerated/x86/aes-x86.h
index c0e56e31a8..fcfff82383 100644
--- a/lib/accelerated/x86/aes-x86.h
+++ b/lib/accelerated/x86/aes-x86.h
@@ -18,6 +18,10 @@ typedef struct {
 	uint32_t rounds;
 } AES_KEY;
 
+#define CHECK_AES_KEYSIZE(s) \
+	if (s != 16 && s != 24 && s != 32) \
+		return GNUTLS_E_INVALID_REQUEST
+
 void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out,
 		       size_t len, const AES_KEY * key, int enc);
 
diff --git a/lib/accelerated/x86/x86-common.h b/lib/accelerated/x86/x86-common.h
index 6261bce534..ed3bd0c2ff 100644
--- a/lib/accelerated/x86/x86-common.h
+++ b/lib/accelerated/x86/x86-common.h
@@ -39,6 +39,10 @@ unsigned int gnutls_have_cpuid(void);
 
 #endif
 
+#define CHECK_AES_KEYSIZE(s) \
+	if (s != 16 && s != 24 && s != 32) \
+		return GNUTLS_E_INVALID_REQUEST
+
 #define NN_HASH(name, update_func, digest_func, NAME) {	\
  #name,						\
  sizeof(struct name##_ctx),			\