On 02/01/2016 08:35 AM, Herbert Xu wrote:

On Fri, Jan 29, 2016 at 12:45:14PM -0600, Tom Lendacky wrote:

quoted

Since the exported information can be exposed to user-space, instead of
exporting the entire request context only export the minimum information
needed.

Cc: <redacted> # 3.14.x-
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 drivers/crypto/ccp/ccp-crypto-aes-cmac.c |   16 +++++++++++-----
 drivers/crypto/ccp/ccp-crypto-sha.c      |   20 +++++++++++++++-----
 drivers/crypto/ccp/ccp-crypto.h          |   22 ++++++++++++++++++++++
 3 files changed, 48 insertions(+), 10 deletions(-)

diff --git a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
index 00207cf..6a2d836 100644
--- a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
+++ b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c

@@ -223,9 +223,12 @@ static int ccp_aes_cmac_digest(struct ahash_request *req)
 static int ccp_aes_cmac_export(struct ahash_request *req, void *out)
 {
 	struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
-	struct ccp_aes_cmac_req_ctx *state = out;
+	struct ccp_aes_cmac_exp_ctx *state = out;
 
-	*state = *rctx;
+	state->null_msg = rctx->null_msg;
+	memcpy(state->iv, rctx->iv, sizeof(state->iv));
+	state->buf_count = rctx->buf_count;
+	memcpy(state->buf, rctx->buf, sizeof(state->buf));
 
 	return 0;
 }

BTW this code needs to be fixed to not assume that in/out are
aligned.

Ugh, yeah I missed that.  I'll follow up with (yet) another patch
to be alignment safe.

Thanks,
Tom

Cheers,