Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit aca1e765 authored by Linux Build Service Account's avatar Linux Build Service Account Committed by Gerrit - the friendly Code Review server
Browse files

Merge "crypto: msm: Fix buffer overflow issue"

parents fde5844b b9805a3d

drivers/crypto/msm/qcedev.c

+41 −10
Original line number Diff line number Diff line
@@ -57,6 +57,7 @@ static uint8_t _std_init_vector_sha256_uint8[] = { 


static DEFINE_MUTEX(send_cmd_lock);

static DEFINE_MUTEX(qcedev_sent_bw_req);

static DEFINE_MUTEX(hash_access_lock);



static int qcedev_control_clocks(struct qcedev_control *podev, bool enable)

{
@@ -1699,12 +1700,18 @@ static inline long qcedev_ioctl(struct file *file, 
					(void __user *)arg,

					sizeof(struct qcedev_sha_op_req)))

			return -EFAULT;

		if (qcedev_check_sha_params(&qcedev_areq.sha_op_req, podev))

		mutex_lock(&hash_access_lock);

		if (qcedev_check_sha_params(&qcedev_areq.sha_op_req, podev)) {

			mutex_unlock(&hash_access_lock);

			return -EINVAL;

		}

		qcedev_areq.op_type = QCEDEV_CRYPTO_OPER_SHA;

		err = qcedev_hash_init(&qcedev_areq, handle, &sg_src);

		if (err)

		if (err) {

			mutex_unlock(&hash_access_lock);

			return err;

		}

		mutex_unlock(&hash_access_lock);

		if (copy_to_user((void __user *)arg, &qcedev_areq.sha_op_req,

					sizeof(struct qcedev_sha_op_req)))

			return -EFAULT;
@@ -1722,32 +1729,42 @@ static inline long qcedev_ioctl(struct file *file, 
					(void __user *)arg,

					sizeof(struct qcedev_sha_op_req)))

			return -EFAULT;

		if (qcedev_check_sha_params(&qcedev_areq.sha_op_req, podev))

		mutex_lock(&hash_access_lock);

		if (qcedev_check_sha_params(&qcedev_areq.sha_op_req, podev)) {

			mutex_unlock(&hash_access_lock);

			return -EINVAL;

		}

		qcedev_areq.op_type = QCEDEV_CRYPTO_OPER_SHA;



		if (qcedev_areq.sha_op_req.alg == QCEDEV_ALG_AES_CMAC) {

			err = qcedev_hash_cmac(&qcedev_areq, handle, &sg_src);

			if (err)

			if (err) {

				mutex_unlock(&hash_access_lock);

				return err;

			}

		} else {

			if (handle->sha_ctxt.init_done == false) {

				pr_err("%s Init was not called\n", __func__);

				mutex_unlock(&hash_access_lock);

				return -EINVAL;

			}

			err = qcedev_hash_update(&qcedev_areq, handle, &sg_src);

			if (err)

			if (err) {

				mutex_unlock(&hash_access_lock);

				return err;

			}

		}



		if (handle->sha_ctxt.diglen > QCEDEV_MAX_SHA_DIGEST) {

			pr_err("Invalid sha_ctxt.diglen %d\n",

					handle->sha_ctxt.diglen);

			mutex_unlock(&hash_access_lock);

			return -EINVAL;

		}

		memcpy(&qcedev_areq.sha_op_req.digest[0],

				&handle->sha_ctxt.digest[0],

				handle->sha_ctxt.diglen);

		mutex_unlock(&hash_access_lock);

		if (copy_to_user((void __user *)arg, &qcedev_areq.sha_op_req,

					sizeof(struct qcedev_sha_op_req)))

			return -EFAULT;
@@ -1764,16 +1781,22 @@ static inline long qcedev_ioctl(struct file *file, 
					(void __user *)arg,

					sizeof(struct qcedev_sha_op_req)))

			return -EFAULT;

		if (qcedev_check_sha_params(&qcedev_areq.sha_op_req, podev))

		mutex_lock(&hash_access_lock);

		if (qcedev_check_sha_params(&qcedev_areq.sha_op_req, podev)) {

			mutex_unlock(&hash_access_lock);

			return -EINVAL;

		}

		qcedev_areq.op_type = QCEDEV_CRYPTO_OPER_SHA;

		err = qcedev_hash_final(&qcedev_areq, handle);

		if (err)

		if (err) {

			mutex_unlock(&hash_access_lock);

			return err;

		}

		qcedev_areq.sha_op_req.diglen = handle->sha_ctxt.diglen;

		memcpy(&qcedev_areq.sha_op_req.digest[0],

				&handle->sha_ctxt.digest[0],

				handle->sha_ctxt.diglen);

		mutex_unlock(&hash_access_lock);

		if (copy_to_user((void __user *)arg, &qcedev_areq.sha_op_req,

					sizeof(struct qcedev_sha_op_req)))

			return -EFAULT;
@@ -1788,20 +1811,28 @@ static inline long qcedev_ioctl(struct file *file, 
					(void __user *)arg,

					sizeof(struct qcedev_sha_op_req)))

			return -EFAULT;

		if (qcedev_check_sha_params(&qcedev_areq.sha_op_req, podev))

		mutex_lock(&hash_access_lock);

		if (qcedev_check_sha_params(&qcedev_areq.sha_op_req, podev)) {

			mutex_unlock(&hash_access_lock);

			return -EINVAL;

		}

		qcedev_areq.op_type = QCEDEV_CRYPTO_OPER_SHA;

		qcedev_hash_init(&qcedev_areq, handle, &sg_src);

		err = qcedev_hash_update(&qcedev_areq, handle, &sg_src);

		if (err)

		if (err) {

			mutex_unlock(&hash_access_lock);

			return err;

		}

		err = qcedev_hash_final(&qcedev_areq, handle);

		if (err)

		if (err) {

			mutex_unlock(&hash_access_lock);

			return err;

		}

		qcedev_areq.sha_op_req.diglen =	handle->sha_ctxt.diglen;

		memcpy(&qcedev_areq.sha_op_req.digest[0],

				&handle->sha_ctxt.digest[0],

				handle->sha_ctxt.diglen);

		mutex_unlock(&hash_access_lock);

		if (copy_to_user((void __user *)arg, &qcedev_areq.sha_op_req,

					sizeof(struct qcedev_sha_op_req)))

			return -EFAULT;