Commit 891ebfdf authored by Herbert Xu's avatar Herbert Xu

crypto: sig - Fix verify call

The dst SG list needs to be set to NULL for verify calls.  Do
this as otherwise the underlying algorithm may fail.

Furthermore the digest needs to be copied just like the source.

Fixes: 6cb8815f ("crypto: sig - Add interface for sign/verify")
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 767cfee8
...@@ -192,12 +192,17 @@ EXPORT_SYMBOL_GPL(akcipher_register_instance); ...@@ -192,12 +192,17 @@ EXPORT_SYMBOL_GPL(akcipher_register_instance);
int crypto_akcipher_sync_prep(struct crypto_akcipher_sync_data *data) int crypto_akcipher_sync_prep(struct crypto_akcipher_sync_data *data)
{ {
unsigned int reqsize = crypto_akcipher_reqsize(data->tfm); unsigned int reqsize = crypto_akcipher_reqsize(data->tfm);
unsigned int mlen = max(data->slen, data->dlen);
struct akcipher_request *req; struct akcipher_request *req;
struct scatterlist *sg; struct scatterlist *sg;
unsigned int mlen;
unsigned int len; unsigned int len;
u8 *buf; u8 *buf;
if (data->dst)
mlen = max(data->slen, data->dlen);
else
mlen = data->slen + data->dlen;
len = sizeof(*req) + reqsize + mlen; len = sizeof(*req) + reqsize + mlen;
if (len < mlen) if (len < mlen)
return -EOVERFLOW; return -EOVERFLOW;
...@@ -213,9 +218,10 @@ int crypto_akcipher_sync_prep(struct crypto_akcipher_sync_data *data) ...@@ -213,9 +218,10 @@ int crypto_akcipher_sync_prep(struct crypto_akcipher_sync_data *data)
data->buf = buf; data->buf = buf;
memcpy(buf, data->src, data->slen); memcpy(buf, data->src, data->slen);
sg = data->sg; sg = &data->sg;
sg_init_one(sg, buf, mlen); sg_init_one(sg, buf, mlen);
akcipher_request_set_crypt(req, sg, sg, data->slen, data->dlen); akcipher_request_set_crypt(req, sg, data->dst ? sg : NULL,
data->slen, data->dlen);
crypto_init_wait(&data->cwait); crypto_init_wait(&data->cwait);
akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP,
......
...@@ -44,7 +44,7 @@ struct crypto_akcipher_sync_data { ...@@ -44,7 +44,7 @@ struct crypto_akcipher_sync_data {
struct akcipher_request *req; struct akcipher_request *req;
struct crypto_wait cwait; struct crypto_wait cwait;
struct scatterlist sg[2]; struct scatterlist sg;
u8 *buf; u8 *buf;
}; };
......
...@@ -128,9 +128,7 @@ int crypto_sig_verify(struct crypto_sig *tfm, ...@@ -128,9 +128,7 @@ int crypto_sig_verify(struct crypto_sig *tfm,
if (err) if (err)
return err; return err;
sg_init_table(data.sg, 2); memcpy(data.buf + slen, digest, dlen);
sg_set_buf(&data.sg[0], src, slen);
sg_set_buf(&data.sg[1], digest, dlen);
return crypto_akcipher_sync_post(&data, return crypto_akcipher_sync_post(&data,
crypto_akcipher_verify(data.req)); crypto_akcipher_verify(data.req));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment