From: Antoine Tenart <antoine.tenart@free-electrons.com>
To: herbert@gondor.apana.org.au, davem@davemloft.net
Cc: Antoine Tenart <antoine.tenart@free-electrons.com>,
thomas.petazzoni@free-electrons.com,
gregory.clement@free-electrons.com, oferh@marvell.com,
igall@marvell.com, nadavh@marvell.com,
linux-crypto@vger.kernel.org
Subject: Re: [PATCH 1/2] crypto: inside-secure - fix invalidation check in hmac_sha1_setkey
Date: Tue, 18 Jul 2017 15:07:32 +0200 [thread overview]
Message-ID: <20170718130732.GF2563@kwain> (raw)
In-Reply-To: <20170717094520.3497-1-antoine.tenart@free-electrons.com>
[-- Attachment #1: Type: text/plain, Size: 1749 bytes --]
Hi,
On Mon, Jul 17, 2017 at 11:45:19AM +0200, Antoine Tenart wrote:
> The safexcel_hmac_sha1_setkey function checks if an invalidation command
> should be issued, i.e. when the context ipad/opad change. This checks is
> done after filling the ipad/opad which and it can't be true. The patch
> fixes this by moving the check before the ipad/opad memcpy operations.
>
> Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
This patch should have stable: and fixes: tags. I'll add them and send a
v2.
Thanks,
Antoine
> ---
> drivers/crypto/inside-secure/safexcel_hash.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/crypto/inside-secure/safexcel_hash.c b/drivers/crypto/inside-secure/safexcel_hash.c
> index 8527a5899a2f..a11b2edb41b9 100644
> --- a/drivers/crypto/inside-secure/safexcel_hash.c
> +++ b/drivers/crypto/inside-secure/safexcel_hash.c
> @@ -883,9 +883,6 @@ static int safexcel_hmac_sha1_setkey(struct crypto_ahash *tfm, const u8 *key,
> if (ret)
> return ret;
>
> - memcpy(ctx->ipad, &istate.state, SHA1_DIGEST_SIZE);
> - memcpy(ctx->opad, &ostate.state, SHA1_DIGEST_SIZE);
> -
> for (i = 0; i < ARRAY_SIZE(istate.state); i++) {
> if (ctx->ipad[i] != le32_to_cpu(istate.state[i]) ||
> ctx->opad[i] != le32_to_cpu(ostate.state[i])) {
> @@ -894,6 +891,9 @@ static int safexcel_hmac_sha1_setkey(struct crypto_ahash *tfm, const u8 *key,
> }
> }
>
> + memcpy(ctx->ipad, &istate.state, SHA1_DIGEST_SIZE);
> + memcpy(ctx->opad, &ostate.state, SHA1_DIGEST_SIZE);
> +
> return 0;
> }
>
> --
> 2.13.3
>
--
Antoine Ténart, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
prev parent reply other threads:[~2017-07-18 13:07 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-17 9:45 [PATCH 1/2] crypto: inside-secure - fix invalidation check in hmac_sha1_setkey Antoine Tenart
2017-07-17 9:45 ` [PATCH 2/2] crypto: inside-secure - fix the sha state length " Antoine Tenart
2017-07-18 13:07 ` Antoine Tenart [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170718130732.GF2563@kwain \
--to=antoine.tenart@free-electrons.com \
--cc=davem@davemloft.net \
--cc=gregory.clement@free-electrons.com \
--cc=herbert@gondor.apana.org.au \
--cc=igall@marvell.com \
--cc=linux-crypto@vger.kernel.org \
--cc=nadavh@marvell.com \
--cc=oferh@marvell.com \
--cc=thomas.petazzoni@free-electrons.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox