aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2008-05-08 07:27:47 -0400
committerHerbert Xu <herbert@gondor.apana.org.au>2008-07-10 08:35:12 -0400
commita558f1d4f8730f055b004b4c8ca1605aeb957daa (patch)
tree244ca2967ce2f0004ca46905b6c4eba927a7774d
parent692af5da779e018fc6a3b480b67adb33e3c6e1f0 (diff)
[CRYPTO] tcrypt: Catch cipher destination memory corruption
Check whether the destination buffer is written to beyond the last byte contained in the scatterlist. Also change IDX1 of the cross-page access offsets to a multiple of 4. This triggers a corruption in the HIFN driver and doesn't seem to negatively impact other testcases. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r--crypto/tcrypt.c26
1 files changed, 21 insertions, 5 deletions
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 285c093abb72..69eb29e1a53b 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -39,7 +39,7 @@
39/* 39/*
40 * Indexes into the xbuf to simulate cross-page access. 40 * Indexes into the xbuf to simulate cross-page access.
41 */ 41 */
42#define IDX1 37 42#define IDX1 32
43#define IDX2 32400 43#define IDX2 32400
44#define IDX3 1 44#define IDX3 1
45#define IDX4 8193 45#define IDX4 8193
@@ -211,7 +211,7 @@ out:
211static void test_aead(char *algo, int enc, struct aead_testvec *template, 211static void test_aead(char *algo, int enc, struct aead_testvec *template,
212 unsigned int tcount) 212 unsigned int tcount)
213{ 213{
214 unsigned int ret, i, j, k, temp; 214 unsigned int ret, i, j, k, n, temp;
215 char *q; 215 char *q;
216 struct crypto_aead *tfm; 216 struct crypto_aead *tfm;
217 char *key; 217 char *key;
@@ -353,7 +353,6 @@ next_one:
353 } 353 }
354 354
355 printk(KERN_INFO "\ntesting %s %s across pages (chunking)\n", algo, e); 355 printk(KERN_INFO "\ntesting %s %s across pages (chunking)\n", algo, e);
356 memset(xbuf, 0, XBUFSIZE);
357 memset(axbuf, 0, XBUFSIZE); 356 memset(axbuf, 0, XBUFSIZE);
358 357
359 for (i = 0, j = 0; i < tcount; i++) { 358 for (i = 0, j = 0; i < tcount; i++) {
@@ -381,6 +380,7 @@ next_one:
381 goto out; 380 goto out;
382 } 381 }
383 382
383 memset(xbuf, 0, XBUFSIZE);
384 sg_init_table(sg, template[i].np); 384 sg_init_table(sg, template[i].np);
385 for (k = 0, temp = 0; k < template[i].np; k++) { 385 for (k = 0, temp = 0; k < template[i].np; k++) {
386 memcpy(&xbuf[IDX[k]], 386 memcpy(&xbuf[IDX[k]],
@@ -452,6 +452,14 @@ next_one:
452 0 : authsize)) ? 452 0 : authsize)) ?
453 "fail" : "pass"); 453 "fail" : "pass");
454 454
455 for (n = 0; q[template[i].tap[k] + n]; n++)
456 ;
457 if (n) {
458 printk("Result buffer corruption %u "
459 "bytes:\n", n);
460 hexdump(&q[template[i].tap[k]], n);
461 }
462
455 temp += template[i].tap[k]; 463 temp += template[i].tap[k];
456 kunmap(sg_page(&sg[k])); 464 kunmap(sg_page(&sg[k]));
457 } 465 }
@@ -466,7 +474,7 @@ out:
466static void test_cipher(char *algo, int enc, 474static void test_cipher(char *algo, int enc,
467 struct cipher_testvec *template, unsigned int tcount) 475 struct cipher_testvec *template, unsigned int tcount)
468{ 476{
469 unsigned int ret, i, j, k, temp; 477 unsigned int ret, i, j, k, n, temp;
470 char *q; 478 char *q;
471 struct crypto_ablkcipher *tfm; 479 struct crypto_ablkcipher *tfm;
472 struct ablkcipher_request *req; 480 struct ablkcipher_request *req;
@@ -574,7 +582,6 @@ static void test_cipher(char *algo, int enc,
574 } 582 }
575 583
576 printk("\ntesting %s %s across pages (chunking)\n", algo, e); 584 printk("\ntesting %s %s across pages (chunking)\n", algo, e);
577 memset(xbuf, 0, XBUFSIZE);
578 585
579 j = 0; 586 j = 0;
580 for (i = 0; i < tcount; i++) { 587 for (i = 0; i < tcount; i++) {
@@ -589,6 +596,7 @@ static void test_cipher(char *algo, int enc,
589 printk("test %u (%d bit key):\n", 596 printk("test %u (%d bit key):\n",
590 j, template[i].klen * 8); 597 j, template[i].klen * 8);
591 598
599 memset(xbuf, 0, XBUFSIZE);
592 crypto_ablkcipher_clear_flags(tfm, ~0); 600 crypto_ablkcipher_clear_flags(tfm, ~0);
593 if (template[i].wk) 601 if (template[i].wk)
594 crypto_ablkcipher_set_flags( 602 crypto_ablkcipher_set_flags(
@@ -648,6 +656,14 @@ static void test_cipher(char *algo, int enc,
648 memcmp(q, template[i].result + temp, 656 memcmp(q, template[i].result + temp,
649 template[i].tap[k]) ? "fail" : 657 template[i].tap[k]) ? "fail" :
650 "pass"); 658 "pass");
659
660 for (n = 0; q[template[i].tap[k] + n]; n++)
661 ;
662 if (n) {
663 printk("Result buffer corruption %u "
664 "bytes:\n", n);
665 hexdump(&q[template[i].tap[k]], n);
666 }
651 temp += template[i].tap[k]; 667 temp += template[i].tap[k];
652 kunmap(sg_page(&sg[k])); 668 kunmap(sg_page(&sg[k]));
653 } 669 }