Since a crypto_ahash_import() can be called against a request context
that has not had a crypto_ahash_init() performed, the request context
needs to be cleared to insure there is no random data present. If not,
the random data can result in a kernel oops during crypto_ahash_update().
Cc: # 3.14.x-
Signed-off-by: Tom Lendacky
---
drivers/crypto/ccp/ccp-crypto-aes-cmac.c |1 +
drivers/crypto/ccp/ccp-crypto-sha.c |1 +
2 files changed, 2 insertions(+)
diff --git a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
index d095452..3d9acc5 100644
--- a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
+++ b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
@@ -244,6 +244,7 @@ static int ccp_aes_cmac_import(struct ahash_request *req,
const void *in)
/* 'in' may not be aligned so memcpy to local variable */
memcpy(&state, in, sizeof(state));
+ memset(rctx, 0, sizeof(*rctx));
rctx->null_msg = state.null_msg;
memcpy(rctx->iv, state.iv, sizeof(rctx->iv));
rctx->buf_count = state.buf_count;
diff --git a/drivers/crypto/ccp/ccp-crypto-sha.c
b/drivers/crypto/ccp/ccp-crypto-sha.c
index 7002c6b..8ef06fa 100644
--- a/drivers/crypto/ccp/ccp-crypto-sha.c
+++ b/drivers/crypto/ccp/ccp-crypto-sha.c
@@ -233,6 +233,7 @@ static int ccp_sha_import(struct ahash_request *req, const
void *in)
/* 'in' may not be aligned so memcpy to local variable */
memcpy(&state, in, sizeof(state));
+ memset(rctx, 0, sizeof(*rctx));
rctx->type = state.type;
rctx->msg_bits = state.msg_bits;
rctx->first = state.first;
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html