orinoco: Use shash instead of ahash for MIC calculations

commit 570b90fa230b8021f51a67fab2245fe8df6fe37d upstream. Eric Biggers pointed out that the orinoco driver pointed scatterlists at the stack. Fix it by switching from ahash to shash. The result should be simpler, faster, and more correct. kvalo: cherry picked from commit 1fef293b8a9850cfa124a53c1d8878d355010403 as I accidentally applied this patch to wireless-drivers-next when I was supposed to apply this wireless-drivers Reported-by: Eric Biggers <ebiggers3@gmail.com> Signed-off-by: Andy Lutomirski <luto@kernel.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Andrew Lutomirski <luto@kernel.org> 2016-12-12 15:55:55 -0500
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2017-01-19 14:18:03 -0500
commit: 4a940d6503e1ac6c6ba235a8f4c9b4fd61934fee (patch)
tree: d7086bf184a626d0c3d10e321b7783049f90455b
parent: 0edcc47cdb7f2d80c1e7236f5f797b7443cb2142 (diff)
3 files changed, 30 insertions, 21 deletions
diff --git a/drivers/net/wireless/intersil/orinoco/mic.c b/drivers/net/wireless/intersil/orinoco/mic.c
index bc7397d709d3..08bc7822f820 100644
--- a/drivers/net/wireless/intersil/orinoco/mic.c
+++ b/drivers/net/wireless/intersil/orinoco/mic.c
@@ -16,7 +16,7 @@
 /********************************************************************/
 int orinoco_mic_init(struct orinoco_private *priv)
 {
-        priv->tx_tfm_mic = crypto_alloc_ahash("michael_mic", 0,
+        priv->tx_tfm_mic = crypto_alloc_shash("michael_mic", 0,
                                              CRYPTO_ALG_ASYNC);
        if (IS_ERR(priv->tx_tfm_mic)) {
                printk(KERN_DEBUG "orinoco_mic_init: could not allocate "
@@ -25,7 +25,7 @@ int orinoco_mic_init(struct orinoco_private *priv)
                return -ENOMEM;
        }
-        priv->rx_tfm_mic = crypto_alloc_ahash("michael_mic", 0,
+        priv->rx_tfm_mic = crypto_alloc_shash("michael_mic", 0,
                                              CRYPTO_ALG_ASYNC);
        if (IS_ERR(priv->rx_tfm_mic)) {
                printk(KERN_DEBUG "orinoco_mic_init: could not allocate "
@@ -40,17 +40,16 @@ int orinoco_mic_init(struct orinoco_private *priv)
 void orinoco_mic_free(struct orinoco_private *priv)
 {
        if (priv->tx_tfm_mic)
-                crypto_free_ahash(priv->tx_tfm_mic);
+                crypto_free_shash(priv->tx_tfm_mic);
        if (priv->rx_tfm_mic)
-                crypto_free_ahash(priv->rx_tfm_mic);
+                crypto_free_shash(priv->rx_tfm_mic);
 }
-int orinoco_mic(struct crypto_ahash *tfm_michael, u8 *key,
+int orinoco_mic(struct crypto_shash *tfm_michael, u8 *key,
                u8 *da, u8 *sa, u8 priority,
                u8 *data, size_t data_len, u8 *mic)
 {
-        AHASH_REQUEST_ON_STACK(req, tfm_michael);
+        SHASH_DESC_ON_STACK(desc, tfm_michael);
-        struct scatterlist sg[2];
        u8 hdr[ETH_HLEN + 2]; /* size of header + padding */
        int err;
@@ -67,18 +66,27 @@ int orinoco_mic(struct crypto_ahash *tfm_michael, u8 *key,
        hdr[ETH_ALEN * 2 + 2] = 0;
        hdr[ETH_ALEN * 2 + 3] = 0;
-        /* Use scatter gather to MIC header and data in one go */
+        desc->tfm = tfm_michael;
-        sg_init_table(sg, 2);
+        desc->flags = 0;
-        sg_set_buf(&sg[0], hdr, sizeof(hdr));
-        sg_set_buf(&sg[1], data, data_len);
-        if (crypto_ahash_setkey(tfm_michael, key, MIC_KEYLEN))
+        err = crypto_shash_setkey(tfm_michael, key, MIC_KEYLEN);
-                return -1;
+        if (err)
+                return err;
+        err = crypto_shash_init(desc);
+        if (err)
+                return err;
+        err = crypto_shash_update(desc, hdr, sizeof(hdr));
+        if (err)
+                return err;
+        err = crypto_shash_update(desc, data, data_len);
+        if (err)
+                return err;
+        err = crypto_shash_final(desc, mic);
+        shash_desc_zero(desc);
-        ahash_request_set_tfm(req, tfm_michael);
-        ahash_request_set_callback(req, 0, NULL, NULL);
-        ahash_request_set_crypt(req, sg, mic, data_len + sizeof(hdr));
-        err = crypto_ahash_digest(req);
-        ahash_request_zero(req);
        return err;
 }
diff --git a/drivers/net/wireless/intersil/orinoco/mic.h b/drivers/net/wireless/intersil/orinoco/mic.h
index ce731d05cc98..e8724e889219 100644
--- a/drivers/net/wireless/intersil/orinoco/mic.h
+++ b/drivers/net/wireless/intersil/orinoco/mic.h
@@ -6,6 +6,7 @@
 #define _ORINOCO_MIC_H_
 #include <linux/types.h>
+#include <crypto/hash.h>
 #define MICHAEL_MIC_LEN 8
@@ -15,7 +16,7 @@ struct crypto_ahash;
 int orinoco_mic_init(struct orinoco_private *priv);
 void orinoco_mic_free(struct orinoco_private *priv);
-int orinoco_mic(struct crypto_ahash *tfm_michael, u8 *key,
+int orinoco_mic(struct crypto_shash *tfm_michael, u8 *key,
                u8 *da, u8 *sa, u8 priority,
                u8 *data, size_t data_len, u8 *mic);
diff --git a/drivers/net/wireless/intersil/orinoco/orinoco.h b/drivers/net/wireless/intersil/orinoco/orinoco.h
index 2f0c84b1c440..5fa1c3e3713f 100644
--- a/drivers/net/wireless/intersil/orinoco/orinoco.h
+++ b/drivers/net/wireless/intersil/orinoco/orinoco.h
@@ -152,8 +152,8 @@ struct orinoco_private {
        u8 *wpa_ie;
        int wpa_ie_len;
-        struct crypto_ahash *rx_tfm_mic;
+        struct crypto_shash *rx_tfm_mic;
-        struct crypto_ahash *tx_tfm_mic;
+        struct crypto_shash *tx_tfm_mic;
        unsigned int wpa_enabled:1;
        unsigned int tkip_cm_active:1;
author	Andrew Lutomirski <luto@kernel.org>	2016-12-12 15:55:55 -0500
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2017-01-19 14:18:03 -0500
commit	4a940d6503e1ac6c6ba235a8f4c9b4fd61934fee (patch)
tree	d7086bf184a626d0c3d10e321b7783049f90455b
parent	0edcc47cdb7f2d80c1e7236f5f797b7443cb2142 (diff)