Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 48eb3691 authored by Herbert Xu's avatar Herbert Xu
Browse files

crypto: qat - Ensure ipad and opad are zeroed 



The patch ad511e26 (crypto: qat -
Fix incorrect uses of memzero_explicit) broke hashing because the
code was in fact overwriting the qat_auth_state variable.

In fact there is no reason for the variable to exist anyway since
all we are using it for is to store ipad and opad.  So we could
simply create ipad and opad directly and avoid this whole mess.

Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent e31ac32d

drivers/crypto/qat/qat_common/qat_algs.c

+6 −9
Original line number Diff line number Diff line
@@ -160,33 +160,30 @@ static int qat_alg_do_precomputes(struct icp_qat_hw_auth_algo_blk *hash, 
				  const uint8_t *auth_key,

				  unsigned int auth_keylen)

{

	struct qat_auth_state auth_state;

	SHASH_DESC_ON_STACK(shash, ctx->hash_tfm);

	struct sha1_state sha1;

	struct sha256_state sha256;

	struct sha512_state sha512;

	int block_size = crypto_shash_blocksize(ctx->hash_tfm);

	int digest_size = crypto_shash_digestsize(ctx->hash_tfm);

	uint8_t *ipad = auth_state.data;

	uint8_t *opad = ipad + block_size;

	char ipad[block_size];

	char opad[block_size];

	__be32 *hash_state_out;

	__be64 *hash512_state_out;

	int i, offset;



	memset(auth_state.data, 0, sizeof(auth_state.data));

	memset(ipad, 0, block_size);

	memset(opad, 0, block_size);

	shash->tfm = ctx->hash_tfm;

	shash->flags = 0x0;



	if (auth_keylen > block_size) {

		char buff[SHA512_BLOCK_SIZE];

		int ret = crypto_shash_digest(shash, auth_key,

					      auth_keylen, buff);

					      auth_keylen, ipad);

		if (ret)

			return ret;



		memcpy(ipad, buff, digest_size);

		memcpy(opad, buff, digest_size);

		memzero_explicit(buff, sizeof(buff));

		memcpy(opad, ipad, digest_size);

	} else {

		memcpy(ipad, auth_key, auth_keylen);

		memcpy(opad, auth_key, auth_keylen);