summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2008-05-08 19:27:47 +0800
committerHerbert Xu <herbert@gondor.apana.org.au>2008-07-10 20:35:12 +0800
commita558f1d4f8730f055b004b4c8ca1605aeb957daa (patch)
tree244ca2967ce2f0004ca46905b6c4eba927a7774d /crypto
parent692af5da779e018fc6a3b480b67adb33e3c6e1f0 (diff)
downloadlinux-stable-a558f1d4f8730f055b004b4c8ca1605aeb957daa.tar.gz
linux-stable-a558f1d4f8730f055b004b4c8ca1605aeb957daa.tar.bz2
linux-stable-a558f1d4f8730f055b004b4c8ca1605aeb957daa.zip
[CRYPTO] tcrypt: Catch cipher destination memory corruption
Check whether the destination buffer is written to beyond the last byte contained in the scatterlist. Also change IDX1 of the cross-page access offsets to a multiple of 4. This triggers a corruption in the HIFN driver and doesn't seem to negatively impact other testcases. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/tcrypt.c26
1 files changed, 21 insertions, 5 deletions
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 285c093abb72..69eb29e1a53b 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -39,7 +39,7 @@
/*
* Indexes into the xbuf to simulate cross-page access.
*/
-#define IDX1 37
+#define IDX1 32
#define IDX2 32400
#define IDX3 1
#define IDX4 8193
@@ -211,7 +211,7 @@ out:
static void test_aead(char *algo, int enc, struct aead_testvec *template,
unsigned int tcount)
{
- unsigned int ret, i, j, k, temp;
+ unsigned int ret, i, j, k, n, temp;
char *q;
struct crypto_aead *tfm;
char *key;
@@ -353,7 +353,6 @@ next_one:
}
printk(KERN_INFO "\ntesting %s %s across pages (chunking)\n", algo, e);
- memset(xbuf, 0, XBUFSIZE);
memset(axbuf, 0, XBUFSIZE);
for (i = 0, j = 0; i < tcount; i++) {
@@ -381,6 +380,7 @@ next_one:
goto out;
}
+ memset(xbuf, 0, XBUFSIZE);
sg_init_table(sg, template[i].np);
for (k = 0, temp = 0; k < template[i].np; k++) {
memcpy(&xbuf[IDX[k]],
@@ -452,6 +452,14 @@ next_one:
0 : authsize)) ?
"fail" : "pass");
+ for (n = 0; q[template[i].tap[k] + n]; n++)
+ ;
+ if (n) {
+ printk("Result buffer corruption %u "
+ "bytes:\n", n);
+ hexdump(&q[template[i].tap[k]], n);
+ }
+
temp += template[i].tap[k];
kunmap(sg_page(&sg[k]));
}
@@ -466,7 +474,7 @@ out:
static void test_cipher(char *algo, int enc,
struct cipher_testvec *template, unsigned int tcount)
{
- unsigned int ret, i, j, k, temp;
+ unsigned int ret, i, j, k, n, temp;
char *q;
struct crypto_ablkcipher *tfm;
struct ablkcipher_request *req;
@@ -574,7 +582,6 @@ static void test_cipher(char *algo, int enc,
}
printk("\ntesting %s %s across pages (chunking)\n", algo, e);
- memset(xbuf, 0, XBUFSIZE);
j = 0;
for (i = 0; i < tcount; i++) {
@@ -589,6 +596,7 @@ static void test_cipher(char *algo, int enc,
printk("test %u (%d bit key):\n",
j, template[i].klen * 8);
+ memset(xbuf, 0, XBUFSIZE);
crypto_ablkcipher_clear_flags(tfm, ~0);
if (template[i].wk)
crypto_ablkcipher_set_flags(
@@ -648,6 +656,14 @@ static void test_cipher(char *algo, int enc,
memcmp(q, template[i].result + temp,
template[i].tap[k]) ? "fail" :
"pass");
+
+ for (n = 0; q[template[i].tap[k] + n]; n++)
+ ;
+ if (n) {
+ printk("Result buffer corruption %u "
+ "bytes:\n", n);
+ hexdump(&q[template[i].tap[k]], n);
+ }
temp += template[i].tap[k];
kunmap(sg_page(&sg[k]));
}