crypto: ixp4xx - Fix error handling path in 'aead_perform()'

commit 28389575a8cf933a5f3c378556b9f4d3cce0efd2 upstream.

In commit 0f987e25cb8a, the source processing has been moved in front of
the destination processing, but the error handling path has not been
modified accordingly.
Free resources in the correct order to avoid some leaks.

Fixes: 0f987e25cb8a ("crypto: ixp4xx - Fix false lastlen uninitialised warning")
Reported-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/crypto/ixp4xx_crypto.c b/drivers/crypto/ixp4xx_crypto.c
index 771dd26c7076e1c3b9282ec9ab96d735aa08c2ff..6719e346b790a574a7da71051d97c30b9c1d6adb 100644 (file)
--- a/drivers/crypto/ixp4xx_crypto.c
+++ b/drivers/crypto/ixp4xx_crypto.c
@@ -1074,7 +1074,7 @@ static int aead_perform(struct aead_request *req, int encrypt,
                req_ctx->hmac_virt = dma_pool_alloc(buffer_pool, flags,
                                &crypt->icv_rev_aes);
                if (unlikely(!req_ctx->hmac_virt))
-                       goto free_buf_src;
+                       goto free_buf_dst;
                if (!encrypt) {
                        scatterwalk_map_and_copy(req_ctx->hmac_virt,
                                req->src, cryptlen, authsize, 0);
@@ -1089,10 +1089,10 @@ static int aead_perform(struct aead_request *req, int encrypt,
        BUG_ON(qmgr_stat_overflow(SEND_QID));
        return -EINPROGRESS;
 
-free_buf_src:
-       free_buf_chain(dev, req_ctx->src, crypt->src_buf);
 free_buf_dst:
        free_buf_chain(dev, req_ctx->dst, crypt->dst_buf);
+free_buf_src:
+       free_buf_chain(dev, req_ctx->src, crypt->src_buf);
        crypt->ctl_flags = CTL_FLAG_UNUSED;
        return -ENOMEM;
 }