[CRYPTO] hmac: Avoid calling virt_to_page on key

When HMAC gets a key longer than the block size of the hash, it needs to feed it as input to the hash to reduce it to a fixed length. As it is HMAC converts the key to a scatter and gather list. However, this doesn't work on certain platforms if the key is not allocated via kmalloc. For example, the keys from tcrypt are stored in the rodata section and this causes it to fail with HMAC on x86-64. This patch fixes this by copying the key to memory obtained via kmalloc before hashing it. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

[CRYPTO] hmac: Avoid calling virt_to_page on key
When HMAC gets a key longer than the block size of the hash, it needs to feed it as input to the hash to reduce it to a fixed length. As it is HMAC converts the key to a scatter and gather list. However, this doesn't work on certain platforms if the key is not allocated via kmalloc. For example, the keys from tcrypt are stored in the rodata section and this causes it to fail with HMAC on x86-64. This patch fixes this by copying the key to memory obtained via kmalloc before hashing it. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu
1 parent c0a18111e5
Showing 1 changed file with 23 additions and 2 deletions Side-by-side Diff
crypto/hmac.c
@@ -57,14 +57,35 @@
 	if (keylen > bs) {
 		struct hash_desc desc;
 		struct scatterlist tmp;
+		int tmplen;
 		int err;
  
 		desc.tfm = tfm;
 		desc.flags = crypto_hash_get_flags(parent);
 		desc.flags &= CRYPTO_TFM_REQ_MAY_SLEEP;
-		sg_init_one(&tmp, inkey, keylen);
  
-		err = crypto_hash_digest(&desc, &tmp, keylen, digest);
+		err = crypto_hash_init(&desc);
+		if (err)
+			return err;
+
+		tmplen = bs * 2 + ds;
+		sg_init_one(&tmp, ipad, tmplen);
+
+		for (; keylen > tmplen; inkey += tmplen, keylen -= tmplen) {
+			memcpy(ipad, inkey, tmplen);
+			err = crypto_hash_update(&desc, &tmp, tmplen);
+			if (err)
+				return err;
+		}
+
+		if (keylen) {
+			memcpy(ipad, inkey, keylen);
+			err = crypto_hash_update(&desc, &tmp, keylen);
+			if (err)
+				return err;
+		}
+
+		err = crypto_hash_final(&desc, digest);
 		if (err)
 			return err;
...	...	@@ -57,14 +57,35 @@
57	57	if (keylen > bs) {
58	58	struct hash_desc desc;
59	59	struct scatterlist tmp;
	60	+ int tmplen;
60	61	int err;
61	62
62	63	desc.tfm = tfm;
63	64	desc.flags = crypto_hash_get_flags(parent);
64	65	desc.flags &= CRYPTO_TFM_REQ_MAY_SLEEP;
65		- sg_init_one(&tmp, inkey, keylen);
66	66
67		- err = crypto_hash_digest(&desc, &tmp, keylen, digest);
	67	+ err = crypto_hash_init(&desc);
	68	+ if (err)
	69	+ return err;
	70	+
	71	+ tmplen = bs * 2 + ds;
	72	+ sg_init_one(&tmp, ipad, tmplen);
	73	+
	74	+ for (; keylen > tmplen; inkey += tmplen, keylen -= tmplen) {
	75	+ memcpy(ipad, inkey, tmplen);
	76	+ err = crypto_hash_update(&desc, &tmp, tmplen);
	77	+ if (err)
	78	+ return err;
	79	+ }
	80	+
	81	+ if (keylen) {
	82	+ memcpy(ipad, inkey, keylen);
	83	+ err = crypto_hash_update(&desc, &tmp, keylen);
	84	+ if (err)
	85	+ return err;
	86	+ }
	87	+
	88	+ err = crypto_hash_final(&desc, digest);
68	89	if (err)
69	90	return err;
70	91