Message ID | 20201119155233.3974286-5-thara.gopinath@linaro.org |
---|---|
State | Accepted |
Commit | 1148a9654b5a69611d33e14719251c6ec20f5f2c |
Headers | show |
Series | None | expand |
Quoting Thara Gopinath (2020-11-19 07:52:31) > Partial hash was being copied into the final result buffer without the > entire message block processed. Depending on how the end user processes > this result buffer, errors vary from result buffer corruption to result > buffer poisoing. Fix this issue by ensuring that only the final hash value > is copied into the result buffer. > > Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org> > Signed-off-by: Thara Gopinath <thara.gopinath@linaro.org> > --- Any Fixes tag?
diff --git a/drivers/crypto/qce/sha.c b/drivers/crypto/qce/sha.c index 87be96a0b0bb..61c418c12345 100644 --- a/drivers/crypto/qce/sha.c +++ b/drivers/crypto/qce/sha.c @@ -48,7 +48,7 @@ static void qce_ahash_done(void *data) dma_unmap_sg(qce->dev, &rctx->result_sg, 1, DMA_FROM_DEVICE); memcpy(rctx->digest, result->auth_iv, digestsize); - if (req->result) + if (req->result && rctx->last_blk) memcpy(req->result, result->auth_iv, digestsize); rctx->byte_count[0] = cpu_to_be32(result->auth_byte_count[0]);