]> www.infradead.org Git - users/willy/pagecache.git/commitdiff
projects / users / willy / pagecache.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9c6bd0c)
crypto: ccp - memset request context to zero during import
authorTom Lendacky <thomas.lendacky@amd.com>
Thu, 25 Feb 2016 22:48:13 +0000 (16:48 -0600)
committerHerbert Xu <herbert@gondor.apana.org.au>
Sat, 27 Feb 2016 19:26:35 +0000 (03:26 +0800)
Since a crypto_ahash_import() can be called against a request context
that has not had a crypto_ahash_init() performed, the request context
needs to be cleared to insure there is no random data present. If not,
the random data can result in a kernel oops during crypto_ahash_update().

Cc: <stable@vger.kernel.org> # 3.14.x-
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
drivers/crypto/ccp/ccp-crypto-aes-cmac.c patch | blob | history
drivers/crypto/ccp/ccp-crypto-sha.c patch | blob | history

diff --git a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
index d095452b8828e6c50b30c8ac3254975f9f8cef6c..3d9acc53d2473818d1e37c4af432a4afcbdf4ec4 100644 (file)
--- a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
+++ b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
@@ -244,6 +244,7 @@ static int ccp_aes_cmac_import(struct ahash_request *req, const void *in)
        /* 'in' may not be aligned so memcpy to local variable */
        memcpy(&state, in, sizeof(state));
 
+       memset(rctx, 0, sizeof(*rctx));
        rctx->null_msg = state.null_msg;
        memcpy(rctx->iv, state.iv, sizeof(rctx->iv));
        rctx->buf_count = state.buf_count;
diff --git a/drivers/crypto/ccp/ccp-crypto-sha.c b/drivers/crypto/ccp/ccp-crypto-sha.c
index 7002c6b283e5763b48ce71bcb84d56963875ae40..8ef06fad8b141487a5546d33a509b3f0a40ba079 100644 (file)
--- a/drivers/crypto/ccp/ccp-crypto-sha.c
+++ b/drivers/crypto/ccp/ccp-crypto-sha.c
@@ -233,6 +233,7 @@ static int ccp_sha_import(struct ahash_request *req, const void *in)
        /* 'in' may not be aligned so memcpy to local variable */
        memcpy(&state, in, sizeof(state));
 
+       memset(rctx, 0, sizeof(*rctx));
        rctx->type = state.type;
        rctx->msg_bits = state.msg_bits;
        rctx->first = state.first;
Unnamed repository; edit this file 'description' to name the repository.