DivestOS/Patches/Linux_CVEs/CVE-2017-11059/0.patch

84 lines
2.8 KiB
Diff

From be632ce97422dfe533944186e2f4420b87b87ad5 Mon Sep 17 00:00:00 2001
From: Oleg Matcovschi <omatcovschi@google.com>
Date: Wed, 9 Aug 2017 23:18:19 -0700
Subject: [PATCH] crypto: msm: Fix several race condition issues in crypto
drivers
Check areq before referencing, replace xchg to automic_xchg and
verify return values of set key during SHA operations.
Bug: 37284397
Signed-off-by: Brahmaji K <bkomma@codeaurora.org>
Signed-off-by: Paresh Purabhiya <ppurab@codeaurora.org>
Change-Id: I98a9541a1d3a8c8d5e974348c76b92da1d5102e6
---
drivers/crypto/msm/qce50.c | 4 ++++
drivers/crypto/msm/qcrypto.c | 14 ++++++++++----
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/drivers/crypto/msm/qce50.c b/drivers/crypto/msm/qce50.c
index 0e017b3c0c3ff..6bd9d56b13566 100644
--- a/drivers/crypto/msm/qce50.c
+++ b/drivers/crypto/msm/qce50.c
@@ -2055,6 +2055,10 @@ static int _sha_complete(struct qce_device *pce_dev)
uint32_t status;
areq = (struct ahash_request *) pce_dev->areq;
+ if (!areq) {
+ pr_err("sha operation error. areq is NULL\n");
+ return -ENXIO;
+ }
qce_dma_unmap_sg(pce_dev->pdev, areq->src, pce_dev->src_nents,
DMA_TO_DEVICE);
memcpy(digest, (char *)(&pce_dev->ce_sps.result->auth_iv[0]),
diff --git a/drivers/crypto/msm/qcrypto.c b/drivers/crypto/msm/qcrypto.c
index 04b28a58e38bd..e64d1dd51cb5f 100644
--- a/drivers/crypto/msm/qcrypto.c
+++ b/drivers/crypto/msm/qcrypto.c
@@ -3514,6 +3514,7 @@ static int _sha1_hmac_setkey(struct crypto_ahash *tfm, const u8 *key,
unsigned int len)
{
struct qcrypto_sha_ctx *sha_ctx = crypto_tfm_ctx(&tfm->base);
+ int ret = 0;
memset(&sha_ctx->authkey[0], 0, SHA1_BLOCK_SIZE);
if (len <= SHA1_BLOCK_SIZE) {
memcpy(&sha_ctx->authkey[0], key, len);
@@ -3521,16 +3522,19 @@ static int _sha1_hmac_setkey(struct crypto_ahash *tfm, const u8 *key,
} else {
sha_ctx->alg = QCE_HASH_SHA1;
sha_ctx->diglen = SHA1_DIGEST_SIZE;
- _sha_hmac_setkey(tfm, key, len);
+ ret = _sha_hmac_setkey(tfm, key, len);
+ if (ret)
+ pr_err("SHA1 hmac setkey failed\n");
sha_ctx->authkey_in_len = SHA1_BLOCK_SIZE;
}
- return 0;
+ return ret;
}
static int _sha256_hmac_setkey(struct crypto_ahash *tfm, const u8 *key,
unsigned int len)
{
struct qcrypto_sha_ctx *sha_ctx = crypto_tfm_ctx(&tfm->base);
+ int ret = 0;
memset(&sha_ctx->authkey[0], 0, SHA256_BLOCK_SIZE);
if (len <= SHA256_BLOCK_SIZE) {
@@ -3539,11 +3543,13 @@ static int _sha256_hmac_setkey(struct crypto_ahash *tfm, const u8 *key,
} else {
sha_ctx->alg = QCE_HASH_SHA256;
sha_ctx->diglen = SHA256_DIGEST_SIZE;
- _sha_hmac_setkey(tfm, key, len);
+ ret = _sha_hmac_setkey(tfm, key, len);
+ if (ret)
+ pr_err("SHA256 hmac setkey failed\n");
sha_ctx->authkey_in_len = SHA256_BLOCK_SIZE;
}
- return 0;
+ return ret;
}
static int _sha_hmac_init_ihash(struct ahash_request *req,