From: Antoine Tenart <antoine.tenart@free-electrons.com>
To: herbert@gondor.apana.org.au, davem@davemloft.net
Cc: Antoine Tenart <antoine.tenart@free-electrons.com>,
thomas.petazzoni@free-electrons.com,
gregory.clement@free-electrons.com, oferh@marvell.com,
igall@marvell.com, nadavh@marvell.com,
linux-crypto@vger.kernel.org
Subject: Re: [PATCH 1/2] crypto: inside-secure - fix invalidation check in hmac_sha1_setkey
Date: Tue, 18 Jul 2017 15:07:32 +0200 [thread overview]
Message-ID: <20170718130732.GF2563@kwain> (raw)
In-Reply-To: <20170717094520.3497-1-antoine.tenart@free-electrons.com>
[-- Attachment #1: Type: text/plain, Size: 1749 bytes --]
Hi,
On Mon, Jul 17, 2017 at 11:45:19AM +0200, Antoine Tenart wrote:
> The safexcel_hmac_sha1_setkey function checks if an invalidation command
> should be issued, i.e. when the context ipad/opad change. This checks is
> done after filling the ipad/opad which and it can't be true. The patch
> fixes this by moving the check before the ipad/opad memcpy operations.
>
> Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
This patch should have stable: and fixes: tags. I'll add them and send a
v2.
Thanks,
Antoine
> ---
> drivers/crypto/inside-secure/safexcel_hash.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/crypto/inside-secure/safexcel_hash.c b/drivers/crypto/inside-secure/safexcel_hash.c
> index 8527a5899a2f..a11b2edb41b9 100644
> --- a/drivers/crypto/inside-secure/safexcel_hash.c
> +++ b/drivers/crypto/inside-secure/safexcel_hash.c
> @@ -883,9 +883,6 @@ static int safexcel_hmac_sha1_setkey(struct crypto_ahash *tfm, const u8 *key,
> if (ret)
> return ret;
>
> - memcpy(ctx->ipad, &istate.state, SHA1_DIGEST_SIZE);
> - memcpy(ctx->opad, &ostate.state, SHA1_DIGEST_SIZE);
> -
> for (i = 0; i < ARRAY_SIZE(istate.state); i++) {
> if (ctx->ipad[i] != le32_to_cpu(istate.state[i]) ||
> ctx->opad[i] != le32_to_cpu(ostate.state[i])) {
> @@ -894,6 +891,9 @@ static int safexcel_hmac_sha1_setkey(struct crypto_ahash *tfm, const u8 *key,
> }
> }
>
> + memcpy(ctx->ipad, &istate.state, SHA1_DIGEST_SIZE);
> + memcpy(ctx->opad, &ostate.state, SHA1_DIGEST_SIZE);
> +
> return 0;
> }
>
> --
> 2.13.3
>
--
Antoine Ténart, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
prev parent reply other threads:[~2017-07-18 13:07 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-17 9:45 [PATCH 1/2] crypto: inside-secure - fix invalidation check in hmac_sha1_setkey Antoine Tenart
2017-07-17 9:45 ` [PATCH 2/2] crypto: inside-secure - fix the sha state length " Antoine Tenart
2017-07-18 13:07 ` Antoine Tenart [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170718130732.GF2563@kwain \
--to=antoine.tenart@free-electrons.com \
--cc=davem@davemloft.net \
--cc=gregory.clement@free-electrons.com \
--cc=herbert@gondor.apana.org.au \
--cc=igall@marvell.com \
--cc=linux-crypto@vger.kernel.org \
--cc=nadavh@marvell.com \
--cc=oferh@marvell.com \
--cc=thomas.petazzoni@free-electrons.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.