Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 81781e68 authored by Herbert Xu's avatar Herbert Xu
Browse files

crypto: picoxcell - Clamp AEAD SG list by input length 



Currently the driver assumes that the SG list contains exactly
the number of bytes required.  This assumption is incorrect.

Up until now this has been harmless.  However with the new AEAD
interface this now breaks as the AD SG list contains more bytes
than just the AD.

This patch fixes this by always clamping the AD SG list by the
specified AD length.

Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 1a5b951f

drivers/crypto/picoxcell_crypto.c

+11 −3
Original line number Diff line number Diff line
@@ -318,6 +318,7 @@ static int spacc_aead_make_ddts(struct spacc_req *req, u8 *giv) 
	struct spacc_ddt *src_ddt, *dst_ddt;

	unsigned ivsize = crypto_aead_ivsize(crypto_aead_reqtfm(areq));

	unsigned nents = sg_count(areq->src, areq->cryptlen);

	unsigned total;

	dma_addr_t iv_addr;

	struct scatterlist *cur;

	int i, dst_ents, src_ents, assoc_ents;
@@ -361,11 +362,18 @@ static int spacc_aead_make_ddts(struct spacc_req *req, u8 *giv) 
	 * Map the associated data. For decryption we don't copy the

	 * associated data.

	 */

	total = areq->assoclen;

	for_each_sg(areq->assoc, cur, assoc_ents, i) {

		ddt_set(src_ddt++, sg_dma_address(cur), sg_dma_len(cur));

		unsigned len = sg_dma_len(cur);



		if (len > total)

			len = total;



		total -= len;



		ddt_set(src_ddt++, sg_dma_address(cur), len);

		if (req->is_encrypt)

			ddt_set(dst_ddt++, sg_dma_address(cur),

				sg_dma_len(cur));

			ddt_set(dst_ddt++, sg_dma_address(cur), len);

	}

	ddt_set(src_ddt++, iv_addr, ivsize);