[PATCH 0/2] crypto: ccree: aead fixes

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 0/2] crypto: ccree: aead fixes
@ 2019-07-29 10:40 Gilad Ben-Yossef
  2019-07-29 10:40 ` [PATCH 1/2] crypto: ccree: use the full crypt length value Gilad Ben-Yossef
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Gilad Ben-Yossef @ 2019-07-29 10:40 UTC (permalink / raw)
  To: Herbert Xu, David S. Miller; +Cc: Ofir Drang, linux-crypto, linux-kernel

Fix AEAD handling of authentication failures.

Gilad Ben-Yossef (2):
  crypto: ccree: use the full crypt length value
  crypto: ccree: use std api sg_zero_buffer

 drivers/crypto/ccree/cc_aead.c       |  3 ++-
 drivers/crypto/ccree/cc_buffer_mgr.c | 21 ---------------------
 drivers/crypto/ccree/cc_buffer_mgr.h |  2 --
 3 files changed, 2 insertions(+), 24 deletions(-)

-- 
2.21.0


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH 1/2] crypto: ccree: use the full crypt length value
  2019-07-29 10:40 [PATCH 0/2] crypto: ccree: aead fixes Gilad Ben-Yossef
@ 2019-07-29 10:40 ` Gilad Ben-Yossef
  2019-07-29 10:40 ` [PATCH 2/2] crypto: ccree: use std api sg_zero_buffer Gilad Ben-Yossef
  2019-08-09  6:09 ` [PATCH 0/2] crypto: ccree: aead fixes Herbert Xu
  2 siblings, 0 replies; 4+ messages in thread
From: Gilad Ben-Yossef @ 2019-07-29 10:40 UTC (permalink / raw)
  To: Herbert Xu, David S. Miller
  Cc: Ofir Drang, stable, linux-crypto, linux-kernel

In case of AEAD decryption verifcation error we were using the
wrong value to zero out the plaintext buffer leaving the end of
the buffer with the false plaintext.

Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Fixes: ff27e85a85bb ("crypto: ccree - add AEAD support")
CC: stable@vger.kernel.org # v4.17+
---
 drivers/crypto/ccree/cc_aead.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/ccree/cc_aead.c b/drivers/crypto/ccree/cc_aead.c
index 19abb872329c..8a6c825d40e8 100644
--- a/drivers/crypto/ccree/cc_aead.c
+++ b/drivers/crypto/ccree/cc_aead.c
@@ -268,7 +268,7 @@ static void cc_aead_complete(struct device *dev, void *cc_req, int err)
 			/* In case of payload authentication failure, MUST NOT
 			 * revealed the decrypted message --> zero its memory.
 			 */
-			cc_zero_sgl(areq->dst, areq_ctx->cryptlen);
+			cc_zero_sgl(areq->dst, areq->cryptlen);
 			err = -EBADMSG;
 		}
 	/*ENCRYPT*/
-- 
2.21.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [PATCH 2/2] crypto: ccree: use std api sg_zero_buffer
  2019-07-29 10:40 [PATCH 0/2] crypto: ccree: aead fixes Gilad Ben-Yossef
  2019-07-29 10:40 ` [PATCH 1/2] crypto: ccree: use the full crypt length value Gilad Ben-Yossef
@ 2019-07-29 10:40 ` Gilad Ben-Yossef
  2019-08-09  6:09 ` [PATCH 0/2] crypto: ccree: aead fixes Herbert Xu
  2 siblings, 0 replies; 4+ messages in thread
From: Gilad Ben-Yossef @ 2019-07-29 10:40 UTC (permalink / raw)
  To: Herbert Xu, David S. Miller; +Cc: Ofir Drang, linux-crypto, linux-kernel

Replace internal cc_zero_sgl() with kernel API of the same function
sg_zero_buffer().

Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
---
 drivers/crypto/ccree/cc_aead.c       |  3 ++-
 drivers/crypto/ccree/cc_buffer_mgr.c | 21 ---------------------
 drivers/crypto/ccree/cc_buffer_mgr.h |  2 --
 3 files changed, 2 insertions(+), 24 deletions(-)

diff --git a/drivers/crypto/ccree/cc_aead.c b/drivers/crypto/ccree/cc_aead.c
index 8a6c825d40e8..f807875b541f 100644
--- a/drivers/crypto/ccree/cc_aead.c
+++ b/drivers/crypto/ccree/cc_aead.c
@@ -268,7 +268,8 @@ static void cc_aead_complete(struct device *dev, void *cc_req, int err)
 			/* In case of payload authentication failure, MUST NOT
 			 * revealed the decrypted message --> zero its memory.
 			 */
-			cc_zero_sgl(areq->dst, areq->cryptlen);
+			sg_zero_buffer(areq->dst, sg_nents(areq->dst),
+				       areq->cryptlen, 0);
 			err = -EBADMSG;
 		}
 	/*ENCRYPT*/
diff --git a/drivers/crypto/ccree/cc_buffer_mgr.c b/drivers/crypto/ccree/cc_buffer_mgr.c
index c81ad33f9115..a72586eccd81 100644
--- a/drivers/crypto/ccree/cc_buffer_mgr.c
+++ b/drivers/crypto/ccree/cc_buffer_mgr.c
@@ -99,27 +99,6 @@ static unsigned int cc_get_sgl_nents(struct device *dev,
 	return nents;
 }
 
-/**
- * cc_zero_sgl() - Zero scatter scatter list data.
- *
- * @sgl:
- */
-void cc_zero_sgl(struct scatterlist *sgl, u32 data_len)
-{
-	struct scatterlist *current_sg = sgl;
-	int sg_index = 0;
-
-	while (sg_index <= data_len) {
-		if (!current_sg) {
-			/* reached the end of the sgl --> just return back */
-			return;
-		}
-		memset(sg_virt(current_sg), 0, current_sg->length);
-		sg_index += current_sg->length;
-		current_sg = sg_next(current_sg);
-	}
-}
-
 /**
  * cc_copy_sg_portion() - Copy scatter list data,
  * from to_skip to end, to dest and vice versa
diff --git a/drivers/crypto/ccree/cc_buffer_mgr.h b/drivers/crypto/ccree/cc_buffer_mgr.h
index a726016bdbc1..af434872c6ff 100644
--- a/drivers/crypto/ccree/cc_buffer_mgr.h
+++ b/drivers/crypto/ccree/cc_buffer_mgr.h
@@ -66,6 +66,4 @@ void cc_unmap_hash_request(struct device *dev, void *ctx,
 void cc_copy_sg_portion(struct device *dev, u8 *dest, struct scatterlist *sg,
 			u32 to_skip, u32 end, enum cc_sg_cpy_direct direct);
 
-void cc_zero_sgl(struct scatterlist *sgl, u32 data_len);
-
 #endif /*__BUFFER_MGR_H__*/
-- 
2.21.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH 0/2] crypto: ccree: aead fixes
  2019-07-29 10:40 [PATCH 0/2] crypto: ccree: aead fixes Gilad Ben-Yossef
  2019-07-29 10:40 ` [PATCH 1/2] crypto: ccree: use the full crypt length value Gilad Ben-Yossef
  2019-07-29 10:40 ` [PATCH 2/2] crypto: ccree: use std api sg_zero_buffer Gilad Ben-Yossef
@ 2019-08-09  6:09 ` Herbert Xu
  2 siblings, 0 replies; 4+ messages in thread
From: Herbert Xu @ 2019-08-09  6:09 UTC (permalink / raw)
  To: Gilad Ben-Yossef; +Cc: David S. Miller, Ofir Drang, linux-crypto, linux-kernel

On Mon, Jul 29, 2019 at 01:40:17PM +0300, Gilad Ben-Yossef wrote:
> Fix AEAD handling of authentication failures.
> 
> Gilad Ben-Yossef (2):
>   crypto: ccree: use the full crypt length value
>   crypto: ccree: use std api sg_zero_buffer
> 
>  drivers/crypto/ccree/cc_aead.c       |  3 ++-
>  drivers/crypto/ccree/cc_buffer_mgr.c | 21 ---------------------
>  drivers/crypto/ccree/cc_buffer_mgr.h |  2 --
>  3 files changed, 2 insertions(+), 24 deletions(-)

All applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2019-08-09  6:10 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-29 10:40 [PATCH 0/2] crypto: ccree: aead fixes Gilad Ben-Yossef
2019-07-29 10:40 ` [PATCH 1/2] crypto: ccree: use the full crypt length value Gilad Ben-Yossef
2019-07-29 10:40 ` [PATCH 2/2] crypto: ccree: use std api sg_zero_buffer Gilad Ben-Yossef
2019-08-09  6:09 ` [PATCH 0/2] crypto: ccree: aead fixes Herbert Xu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).