From: Tero Kristo <t-kristo@ti.com>
To: <herbert@gondor.apana.org.au>, <davem@davemloft.net>,
<linux-crypto@vger.kernel.org>
Cc: <linux-omap@vger.kernel.org>
Subject: [RESEND PATCHv3 4/7] crypto: omap-sham: huge buffer access fixes
Date: Wed, 27 May 2020 15:24:26 +0300 [thread overview]
Message-ID: <20200527122429.14888-5-t-kristo@ti.com> (raw)
In-Reply-To: <20200527122429.14888-1-t-kristo@ti.com>
The ctx internal buffer can only hold buflen amount of data, don't try
to copy over more than that. Also, initialize the context sg pointer
if we only have data in the context internal buffer, this can happen
when closing a hash with certain data amounts.
Signed-off-by: Tero Kristo <t-kristo@ti.com>
---
drivers/crypto/omap-sham.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/omap-sham.c b/drivers/crypto/omap-sham.c
index 0c837bbd8f0c..9823d7dfca9c 100644
--- a/drivers/crypto/omap-sham.c
+++ b/drivers/crypto/omap-sham.c
@@ -751,8 +751,15 @@ static int omap_sham_align_sgs(struct scatterlist *sg,
int offset = rctx->offset;
int bufcnt = rctx->bufcnt;
- if (!sg || !sg->length || !nbytes)
+ if (!sg || !sg->length || !nbytes) {
+ if (bufcnt) {
+ sg_init_table(rctx->sgl, 1);
+ sg_set_buf(rctx->sgl, rctx->dd->xmit_buf, bufcnt);
+ rctx->sg = rctx->sgl;
+ }
+
return 0;
+ }
new_len = nbytes;
@@ -896,7 +903,7 @@ static int omap_sham_prepare_request(struct ahash_request *req, bool update)
if (hash_later < 0)
hash_later = 0;
- if (hash_later) {
+ if (hash_later && hash_later <= rctx->buflen) {
scatterwalk_map_and_copy(rctx->buffer,
req->src,
req->nbytes - hash_later,
--
2.17.1
--
Texas Instruments Finland Oy, Porkkalankatu 22, 00180 Helsinki. Y-tunnus/Business ID: 0615521-4. Kotipaikka/Domicile: Helsinki
next prev parent reply other threads:[~2020-05-27 12:24 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-27 12:24 [RESEND PATCHv3 0/7] crypto: omap: various fixes Tero Kristo
2020-05-27 12:24 ` [RESEND PATCHv3 1/7] crypto: omap-aes: avoid spamming console with self tests Tero Kristo
2020-05-27 12:24 ` [RESEND PATCHv3 2/7] crypto: omap-sham: force kernel driver usage for sha algos Tero Kristo
2020-05-27 12:24 ` [RESEND PATCHv3 3/7] crypto: omap-crypto: fix userspace copied buffer access Tero Kristo
2020-05-27 12:24 ` Tero Kristo [this message]
2020-05-27 12:24 ` [RESEND PATCHv3 5/7] crypto: omap-sham: fix very small data size handling Tero Kristo
2020-05-27 12:24 ` [RESEND PATCHv3 6/7] crypto: omap-aes: prevent unregistering algorithms twice Tero Kristo
2020-05-27 12:24 ` [RESEND PATCHv3 7/7] crypto: omap-sham: add proper load balancing support for multicore Tero Kristo
2020-06-04 12:17 ` [RESEND PATCHv3 0/7] crypto: omap: various fixes Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200527122429.14888-5-t-kristo@ti.com \
--to=t-kristo@ti.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-omap@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).