Prevent improper use of req->digest field in ahash update, init, export and
import functions in drivers code. A driver should use ahash request context
if it needs to save internal state.
Signed-off-by: Kamil Konieczny <[email protected]>
---
include/crypto/hash.h | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/include/crypto/hash.h b/include/crypto/hash.h
index 2d1849dffb80..e97c2e662d6a 100644
--- a/include/crypto/hash.h
+++ b/include/crypto/hash.h
@@ -74,7 +74,8 @@ struct ahash_request {
* @init: **[mandatory]** Initialize the transformation context. Intended only to initialize the
* state of the HASH transformation at the beginning. This shall fill in
* the internal structures used during the entire duration of the whole
- * transformation. No data processing happens at this point.
+ * transformation. No data processing happens at this point. Driver code
+ * implementation must not use req->digest.
* @update: **[mandatory]** Push a chunk of data into the driver for transformation. This
* function actually pushes blocks of data from upper layers into the
* driver, which then passes those to the hardware as seen fit. This
@@ -83,7 +84,8 @@ struct ahash_request {
* transformation. This function shall not modify the transformation
* context, as this function may be called in parallel with the same
* transformation object. Data processing can happen synchronously
- * [SHASH] or asynchronously [AHASH] at this point.
+ * [SHASH] or asynchronously [AHASH] at this point. Driver must not use
+ * req->digest.
* @final: **[mandatory]** Retrieve result from the driver. This function finalizes the
* transformation and retrieves the resulting hash from the driver and
* pushes it back to upper layers. No data processing happens at this
@@ -120,11 +122,12 @@ struct ahash_request {
* you want to save partial result of the transformation after
* processing certain amount of data and reload this partial result
* multiple times later on for multiple re-use. No data processing
- * happens at this point.
+ * happens at this point. Driver must not use req->digest.
* @import: Import partial state of the transformation. This function loads the
* entire state of the ongoing transformation from a provided block of
* data so the transformation can continue from this point onward. No
- * data processing happens at this point.
+ * data processing happens at this point. Driver must not use
+ * req->digest.
* @halg: see struct hash_alg_common
*/
struct ahash_alg {
--
2.16.2
On 3/6/2018 5:45 AM, Kamil Konieczny wrote:
> Prevent improper use of req->digest field in ahash update, init, export and
Shouldn't that be req->result (here and below)?
Thanks,
Tom
> import functions in drivers code. A driver should use ahash request context
> if it needs to save internal state.
>
> Signed-off-by: Kamil Konieczny <[email protected]>
> ---
> include/crypto/hash.h | 11 +++++++----
> 1 file changed, 7 insertions(+), 4 deletions(-)
>
> diff --git a/include/crypto/hash.h b/include/crypto/hash.h
> index 2d1849dffb80..e97c2e662d6a 100644
> --- a/include/crypto/hash.h
> +++ b/include/crypto/hash.h
> @@ -74,7 +74,8 @@ struct ahash_request {
> * @init: **[mandatory]** Initialize the transformation context. Intended only to initialize the
> * state of the HASH transformation at the beginning. This shall fill in
> * the internal structures used during the entire duration of the whole
> - * transformation. No data processing happens at this point.
> + * transformation. No data processing happens at this point. Driver code
> + * implementation must not use req->digest.
> * @update: **[mandatory]** Push a chunk of data into the driver for transformation. This
> * function actually pushes blocks of data from upper layers into the
> * driver, which then passes those to the hardware as seen fit. This
> @@ -83,7 +84,8 @@ struct ahash_request {
> * transformation. This function shall not modify the transformation
> * context, as this function may be called in parallel with the same
> * transformation object. Data processing can happen synchronously
> - * [SHASH] or asynchronously [AHASH] at this point.
> + * [SHASH] or asynchronously [AHASH] at this point. Driver must not use
> + * req->digest.
> * @final: **[mandatory]** Retrieve result from the driver. This function finalizes the
> * transformation and retrieves the resulting hash from the driver and
> * pushes it back to upper layers. No data processing happens at this
> @@ -120,11 +122,12 @@ struct ahash_request {
> * you want to save partial result of the transformation after
> * processing certain amount of data and reload this partial result
> * multiple times later on for multiple re-use. No data processing
> - * happens at this point.
> + * happens at this point. Driver must not use req->digest.
> * @import: Import partial state of the transformation. This function loads the
> * entire state of the ongoing transformation from a provided block of
> * data so the transformation can continue from this point onward. No
> - * data processing happens at this point.
> + * data processing happens at this point. Driver must not use
> + * req->digest.
> * @halg: see struct hash_alg_common
> */
> struct ahash_alg {
>
On 06.03.2018 19:04, Tom Lendacky wrote:
> On 3/6/2018 5:45 AM, Kamil Konieczny wrote:
>> Prevent improper use of req->digest field in ahash update, init, export and
>
> Shouldn't that be req->result (here and below)?
Yes, it should, I will send version 2 soon,
thank you.
Best regards,
Kamil Konieczny
>> import functions in drivers code. A driver should use ahash request context
>> if it needs to save internal state.
>>
>> Signed-off-by: Kamil Konieczny <[email protected]>
>> ---
>> include/crypto/hash.h | 11 +++++++----
>> 1 file changed, 7 insertions(+), 4 deletions(-)
>>
>> diff --git a/include/crypto/hash.h b/include/crypto/hash.h
>> index 2d1849dffb80..e97c2e662d6a 100644
>> --- a/include/crypto/hash.h
>> +++ b/include/crypto/hash.h
>> @@ -74,7 +74,8 @@ struct ahash_request {
>> * @init: **[mandatory]** Initialize the transformation context. Intended only to initialize the
>> * state of the HASH transformation at the beginning. This shall fill in
>> * the internal structures used during the entire duration of the whole
>> - * transformation. No data processing happens at this point.
>> + * transformation. No data processing happens at this point. Driver code
>> + * implementation must not use req->digest.
>> * @update: **[mandatory]** Push a chunk of data into the driver for transformation. This
>> * function actually pushes blocks of data from upper layers into the
>> * driver, which then passes those to the hardware as seen fit. This
>> @@ -83,7 +84,8 @@ struct ahash_request {
>> * transformation. This function shall not modify the transformation
>> * context, as this function may be called in parallel with the same
>> * transformation object. Data processing can happen synchronously
>> - * [SHASH] or asynchronously [AHASH] at this point.
>> + * [SHASH] or asynchronously [AHASH] at this point. Driver must not use
>> + * req->digest.
>> * @final: **[mandatory]** Retrieve result from the driver. This function finalizes the
>> * transformation and retrieves the resulting hash from the driver and
>> * pushes it back to upper layers. No data processing happens at this
>> @@ -120,11 +122,12 @@ struct ahash_request {
>> * you want to save partial result of the transformation after
>> * processing certain amount of data and reload this partial result
>> * multiple times later on for multiple re-use. No data processing
>> - * happens at this point.
>> + * happens at this point. Driver must not use req->digest.
>> * @import: Import partial state of the transformation. This function loads the
>> * entire state of the ongoing transformation from a provided block of
>> * data so the transformation can continue from this point onward. No
>> - * data processing happens at this point.
>> + * data processing happens at this point. Driver must not use
>> + * req->digest.
>> * @halg: see struct hash_alg_common
>> */
>> struct ahash_alg {
>>
>
>
>