Commit a558f1d4 authored by Patrick McHardy's avatar Patrick McHardy Committed by Herbert Xu

[CRYPTO] tcrypt: Catch cipher destination memory corruption

    
Check whether the destination buffer is written to beyond the last
byte contained in the scatterlist.
    
Also change IDX1 of the cross-page access offsets to a multiple of 4.
This triggers a corruption in the HIFN driver and doesn't seem to
negatively impact other testcases.
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 692af5da
...@@ -39,7 +39,7 @@ ...@@ -39,7 +39,7 @@
/* /*
* Indexes into the xbuf to simulate cross-page access. * Indexes into the xbuf to simulate cross-page access.
*/ */
#define IDX1 37 #define IDX1 32
#define IDX2 32400 #define IDX2 32400
#define IDX3 1 #define IDX3 1
#define IDX4 8193 #define IDX4 8193
...@@ -211,7 +211,7 @@ static void test_hash(char *algo, struct hash_testvec *template, ...@@ -211,7 +211,7 @@ static void test_hash(char *algo, struct hash_testvec *template,
static void test_aead(char *algo, int enc, struct aead_testvec *template, static void test_aead(char *algo, int enc, struct aead_testvec *template,
unsigned int tcount) unsigned int tcount)
{ {
unsigned int ret, i, j, k, temp; unsigned int ret, i, j, k, n, temp;
char *q; char *q;
struct crypto_aead *tfm; struct crypto_aead *tfm;
char *key; char *key;
...@@ -353,7 +353,6 @@ static void test_aead(char *algo, int enc, struct aead_testvec *template, ...@@ -353,7 +353,6 @@ static void test_aead(char *algo, int enc, struct aead_testvec *template,
} }
printk(KERN_INFO "\ntesting %s %s across pages (chunking)\n", algo, e); printk(KERN_INFO "\ntesting %s %s across pages (chunking)\n", algo, e);
memset(xbuf, 0, XBUFSIZE);
memset(axbuf, 0, XBUFSIZE); memset(axbuf, 0, XBUFSIZE);
for (i = 0, j = 0; i < tcount; i++) { for (i = 0, j = 0; i < tcount; i++) {
...@@ -381,6 +380,7 @@ static void test_aead(char *algo, int enc, struct aead_testvec *template, ...@@ -381,6 +380,7 @@ static void test_aead(char *algo, int enc, struct aead_testvec *template,
goto out; goto out;
} }
memset(xbuf, 0, XBUFSIZE);
sg_init_table(sg, template[i].np); sg_init_table(sg, template[i].np);
for (k = 0, temp = 0; k < template[i].np; k++) { for (k = 0, temp = 0; k < template[i].np; k++) {
memcpy(&xbuf[IDX[k]], memcpy(&xbuf[IDX[k]],
...@@ -452,6 +452,14 @@ static void test_aead(char *algo, int enc, struct aead_testvec *template, ...@@ -452,6 +452,14 @@ static void test_aead(char *algo, int enc, struct aead_testvec *template,
0 : authsize)) ? 0 : authsize)) ?
"fail" : "pass"); "fail" : "pass");
for (n = 0; q[template[i].tap[k] + n]; n++)
;
if (n) {
printk("Result buffer corruption %u "
"bytes:\n", n);
hexdump(&q[template[i].tap[k]], n);
}
temp += template[i].tap[k]; temp += template[i].tap[k];
kunmap(sg_page(&sg[k])); kunmap(sg_page(&sg[k]));
} }
...@@ -466,7 +474,7 @@ static void test_aead(char *algo, int enc, struct aead_testvec *template, ...@@ -466,7 +474,7 @@ static void test_aead(char *algo, int enc, struct aead_testvec *template,
static void test_cipher(char *algo, int enc, static void test_cipher(char *algo, int enc,
struct cipher_testvec *template, unsigned int tcount) struct cipher_testvec *template, unsigned int tcount)
{ {
unsigned int ret, i, j, k, temp; unsigned int ret, i, j, k, n, temp;
char *q; char *q;
struct crypto_ablkcipher *tfm; struct crypto_ablkcipher *tfm;
struct ablkcipher_request *req; struct ablkcipher_request *req;
...@@ -574,7 +582,6 @@ static void test_cipher(char *algo, int enc, ...@@ -574,7 +582,6 @@ static void test_cipher(char *algo, int enc,
} }
printk("\ntesting %s %s across pages (chunking)\n", algo, e); printk("\ntesting %s %s across pages (chunking)\n", algo, e);
memset(xbuf, 0, XBUFSIZE);
j = 0; j = 0;
for (i = 0; i < tcount; i++) { for (i = 0; i < tcount; i++) {
...@@ -589,6 +596,7 @@ static void test_cipher(char *algo, int enc, ...@@ -589,6 +596,7 @@ static void test_cipher(char *algo, int enc,
printk("test %u (%d bit key):\n", printk("test %u (%d bit key):\n",
j, template[i].klen * 8); j, template[i].klen * 8);
memset(xbuf, 0, XBUFSIZE);
crypto_ablkcipher_clear_flags(tfm, ~0); crypto_ablkcipher_clear_flags(tfm, ~0);
if (template[i].wk) if (template[i].wk)
crypto_ablkcipher_set_flags( crypto_ablkcipher_set_flags(
...@@ -648,6 +656,14 @@ static void test_cipher(char *algo, int enc, ...@@ -648,6 +656,14 @@ static void test_cipher(char *algo, int enc,
memcmp(q, template[i].result + temp, memcmp(q, template[i].result + temp,
template[i].tap[k]) ? "fail" : template[i].tap[k]) ? "fail" :
"pass"); "pass");
for (n = 0; q[template[i].tap[k] + n]; n++)
;
if (n) {
printk("Result buffer corruption %u "
"bytes:\n", n);
hexdump(&q[template[i].tap[k]], n);
}
temp += template[i].tap[k]; temp += template[i].tap[k];
kunmap(sg_page(&sg[k])); kunmap(sg_page(&sg[k]));
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment