Thread (4 messages) 4 messages, 2 authors, 2016-02-01

Re: [PATCH v1] crypto: ccp - Limit the amount of information exported

From: Herbert Xu <herbert@gondor.apana.org.au>
Date: 2016-02-01 14:35:10
Also in: stable

On Fri, Jan 29, 2016 at 12:45:14PM -0600, Tom Lendacky wrote:
quoted hunk ↗ jump to hunk
Since the exported information can be exposed to user-space, instead of
exporting the entire request context only export the minimum information
needed.

Cc: <redacted> # 3.14.x-
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 drivers/crypto/ccp/ccp-crypto-aes-cmac.c |   16 +++++++++++-----
 drivers/crypto/ccp/ccp-crypto-sha.c      |   20 +++++++++++++++-----
 drivers/crypto/ccp/ccp-crypto.h          |   22 ++++++++++++++++++++++
 3 files changed, 48 insertions(+), 10 deletions(-)
diff --git a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
index 00207cf..6a2d836 100644
--- a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
+++ b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
@@ -223,9 +223,12 @@ static int ccp_aes_cmac_digest(struct ahash_request *req)
 static int ccp_aes_cmac_export(struct ahash_request *req, void *out)
 {
 	struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
-	struct ccp_aes_cmac_req_ctx *state = out;
+	struct ccp_aes_cmac_exp_ctx *state = out;
 
-	*state = *rctx;
+	state->null_msg = rctx->null_msg;
+	memcpy(state->iv, rctx->iv, sizeof(state->iv));
+	state->buf_count = rctx->buf_count;
+	memcpy(state->buf, rctx->buf, sizeof(state->buf));
 
 	return 0;
 }
BTW this code needs to be fixed to not assume that in/out are
aligned.

Cheers,
-- 
Email: Herbert Xu [off-list ref]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help