The lskcipher simple template does not allow nesting. The intention
is to prevent instances such as ecb(ecb(aes)). However, as the
simple template itself can obviously be nested (e.g., xts(ecb(aes))),
move the check into ecb instead.
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
---
crypto/ecb.c | 4 ++++
crypto/lskcipher.c | 5 -----
2 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/crypto/ecb.c b/crypto/ecb.c
index e3a67789050e..2b61c557e307 100644
--- a/crypto/ecb.c
+++ b/crypto/ecb.c
@@ -189,6 +189,10 @@ static int crypto_ecb_create(struct crypto_template *tmpl, struct rtattr **tb)
if (cipher_alg->co.ivsize)
return -EINVAL;
+ /* Don't allow nesting. */
+ if ((cipher_alg->co.base.cra_flags & CRYPTO_ALG_INSTANCE))
+ return -ELOOP;
+
inst->alg.co.base.cra_ctxsize = cipher_alg->co.base.cra_ctxsize;
inst->alg.setkey = cipher_alg->setkey;
inst->alg.encrypt = cipher_alg->encrypt;
diff --git a/crypto/lskcipher.c b/crypto/lskcipher.c
index 10e082f3cde6..8660d6e3ccce 100644
--- a/crypto/lskcipher.c
+++ b/crypto/lskcipher.c
@@ -636,11 +636,6 @@ struct lskcipher_instance *lskcipher_alloc_instance_simple(
"%s(%s)", tmpl->name, cipher_name) >=
CRYPTO_MAX_ALG_NAME)
goto err_free_inst;
- } else {
- /* Don't allow nesting. */
- err = -ELOOP;
- if ((cipher_alg->co.base.cra_flags & CRYPTO_ALG_INSTANCE))
- goto err_free_inst;
}
inst->free = lskcipher_free_instance_simple;
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
