From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Thara Gopinath <thara.gopinath@linaro.org>,
Bjorn Andersson <bjorn.andersson@linaro.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
Sasha Levin <sashal@kernel.org>,
linux-crypto@vger.kernel.org
Subject: [PATCH AUTOSEL 4.19 52/87] crypto: qce - Fix SHA result buffer corruption issues
Date: Tue, 22 Dec 2020 21:20:28 -0500 [thread overview]
Message-ID: <20201223022103.2792705-52-sashal@kernel.org> (raw)
In-Reply-To: <20201223022103.2792705-1-sashal@kernel.org>
From: Thara Gopinath <thara.gopinath@linaro.org>
[ Upstream commit 1148a9654b5a69611d33e14719251c6ec20f5f2c ]
Partial hash was being copied into the final result buffer without the
entire message block processed. Depending on how the end user processes
this result buffer, errors vary from result buffer corruption to result
buffer poisoing. Fix this issue by ensuring that only the final hash value
is copied into the result buffer.
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Thara Gopinath <thara.gopinath@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/qce/sha.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/qce/sha.c b/drivers/crypto/qce/sha.c
index d8a5db11b7ea1..49e29cb6d5b8d 100644
--- a/drivers/crypto/qce/sha.c
+++ b/drivers/crypto/qce/sha.c
@@ -55,7 +55,7 @@ static void qce_ahash_done(void *data)
dma_unmap_sg(qce->dev, &rctx->result_sg, 1, DMA_FROM_DEVICE);
memcpy(rctx->digest, result->auth_iv, digestsize);
- if (req->result)
+ if (req->result && rctx->last_blk)
memcpy(req->result, result->auth_iv, digestsize);
rctx->byte_count[0] = cpu_to_be32(result->auth_byte_count[0]);
--
2.27.0
prev parent reply other threads:[~2020-12-23 2:46 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20201223022103.2792705-1-sashal@kernel.org>
2020-12-23 2:19 ` [PATCH AUTOSEL 4.19 03/87] crypto: omap-aes - fix the reference count leak of omap device Sasha Levin
2020-12-23 2:19 ` [PATCH AUTOSEL 4.19 18/87] s390/trng: set quality to 1024 Sasha Levin
2020-12-23 2:20 ` Sasha Levin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201223022103.2792705-52-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=bjorn.andersson@linaro.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=thara.gopinath@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).