From patchwork Tue Jan 13 23:07:03 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Herbert Xu X-Patchwork-Id: 5624761 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Original-To: patchwork-linux-crypto@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id C9B42C058D for ; Tue, 13 Jan 2015 23:07:12 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id F0B75202F2 for ; Tue, 13 Jan 2015 23:07:11 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id C7E3F2012D for ; Tue, 13 Jan 2015 23:07:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751285AbbAMXHJ (ORCPT ); Tue, 13 Jan 2015 18:07:09 -0500 Received: from helcar.apana.org.au ([209.40.204.226]:36543 "EHLO helcar.apana.org.au" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751217AbbAMXHJ (ORCPT ); Tue, 13 Jan 2015 18:07:09 -0500 Received: from gondolin.me.apana.org.au ([192.168.0.6]) by fornost.hengli.com.au with esmtp (Exim 4.80 #3 (Debian)) id 1YBAYF-0002cm-0b; Wed, 14 Jan 2015 10:07:07 +1100 Received: from herbert by gondolin.me.apana.org.au with local (Exim 4.80) (envelope-from ) id 1YBAYC-0003JF-8m; Wed, 14 Jan 2015 10:07:04 +1100 Date: Wed, 14 Jan 2015 10:07:03 +1100 From: Herbert Xu To: Tadeusz Struk Cc: davem@davemloft.net, linux-crypto@vger.kernel.org, qat-linux@intel.com Subject: crypto: qat - Ensure ipad and opad are zeroed Message-ID: <20150113230703.GA12608@gondor.apana.org.au> References: <20150113202753.32216.26250.stgit@tstruk-mobl1> <20150113212515.GA11562@gondor.apana.org.au> <54B59A86.10803@intel.com> <20150113224756.GA12432@gondor.apana.org.au> <54B5A25C.9070007@intel.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <54B5A25C.9070007@intel.com> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On Tue, Jan 13, 2015 at 02:55:24PM -0800, Tadeusz Struk wrote: > On 01/13/2015 02:47 PM, Herbert Xu wrote: > > Why are you allocating this qat_auth_state anyway? Just do > > ipad/opad[block_size] and be done with it. > > You are right. I don't need qat_auth_state really. Let me send you v2 in > 2 mins. Don't worry, I fixed it for you. -- >8 -- The patch ad511e260a27b8e35d273cc0ecfe5a8ff9543181 (crypto: qat - Fix incorrect uses of memzero_explicit) broke hashing because the code was in fact overwriting the qat_auth_state variable. In fact there is no reason for the variable to exist anyway since all we are using it for is to store ipad and opad. So we could simply create ipad and opad directly and avoid this whole mess. Signed-off-by: Herbert Xu Cheers, diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c index a0d95f3..e2c4b25 100644 --- a/drivers/crypto/qat/qat_common/qat_algs.c +++ b/drivers/crypto/qat/qat_common/qat_algs.c @@ -160,33 +160,30 @@ static int qat_alg_do_precomputes(struct icp_qat_hw_auth_algo_blk *hash, const uint8_t *auth_key, unsigned int auth_keylen) { - struct qat_auth_state auth_state; SHASH_DESC_ON_STACK(shash, ctx->hash_tfm); struct sha1_state sha1; struct sha256_state sha256; struct sha512_state sha512; int block_size = crypto_shash_blocksize(ctx->hash_tfm); int digest_size = crypto_shash_digestsize(ctx->hash_tfm); - uint8_t *ipad = auth_state.data; - uint8_t *opad = ipad + block_size; + char ipad[block_size]; + char opad[block_size]; __be32 *hash_state_out; __be64 *hash512_state_out; int i, offset; - memset(auth_state.data, 0, sizeof(auth_state.data)); + memset(ipad, 0, block_size); + memset(opad, 0, block_size); shash->tfm = ctx->hash_tfm; shash->flags = 0x0; if (auth_keylen > block_size) { - char buff[SHA512_BLOCK_SIZE]; int ret = crypto_shash_digest(shash, auth_key, - auth_keylen, buff); + auth_keylen, ipad); if (ret) return ret; - memcpy(ipad, buff, digest_size); - memcpy(opad, buff, digest_size); - memzero_explicit(buff, sizeof(buff)); + memcpy(opad, ipad, digest_size); } else { memcpy(ipad, auth_key, auth_keylen); memcpy(opad, auth_key, auth_keylen);