ubifs: fix wrong use of crypto_shash_descsize()
crypto_shash_descsize() returns the size of the shash_desc context needed to compute the hash, not the size of the hash itself. crypto_shash_digestsize() would be correct, or alternatively using c->hash_len and c->hmac_desc_len which already store the correct values. But actually it's simpler to just use stack arrays, so do that instead. Fixes:49525e5eec
("ubifs: Add helper functions for authentication support") Fixes:da8ef65f95
("ubifs: Authenticate replayed journal") Cc: <stable@vger.kernel.org> # v4.20+ Cc: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Eric Biggers <ebiggers@google.com> Acked-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>
This commit is contained in:
parent
ecf84096a5
commit
3c3c32f85b
@ -79,13 +79,9 @@ int ubifs_prepare_auth_node(struct ubifs_info *c, void *node,
|
|||||||
struct shash_desc *inhash)
|
struct shash_desc *inhash)
|
||||||
{
|
{
|
||||||
struct ubifs_auth_node *auth = node;
|
struct ubifs_auth_node *auth = node;
|
||||||
u8 *hash;
|
u8 hash[UBIFS_HASH_ARR_SZ];
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
hash = kmalloc(crypto_shash_descsize(c->hash_tfm), GFP_NOFS);
|
|
||||||
if (!hash)
|
|
||||||
return -ENOMEM;
|
|
||||||
|
|
||||||
{
|
{
|
||||||
SHASH_DESC_ON_STACK(hash_desc, c->hash_tfm);
|
SHASH_DESC_ON_STACK(hash_desc, c->hash_tfm);
|
||||||
|
|
||||||
@ -94,21 +90,16 @@ int ubifs_prepare_auth_node(struct ubifs_info *c, void *node,
|
|||||||
|
|
||||||
err = crypto_shash_final(hash_desc, hash);
|
err = crypto_shash_final(hash_desc, hash);
|
||||||
if (err)
|
if (err)
|
||||||
goto out;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
err = ubifs_hash_calc_hmac(c, hash, auth->hmac);
|
err = ubifs_hash_calc_hmac(c, hash, auth->hmac);
|
||||||
if (err)
|
if (err)
|
||||||
goto out;
|
return err;
|
||||||
|
|
||||||
auth->ch.node_type = UBIFS_AUTH_NODE;
|
auth->ch.node_type = UBIFS_AUTH_NODE;
|
||||||
ubifs_prepare_node(c, auth, ubifs_auth_node_sz(c), 0);
|
ubifs_prepare_node(c, auth, ubifs_auth_node_sz(c), 0);
|
||||||
|
return 0;
|
||||||
err = 0;
|
|
||||||
out:
|
|
||||||
kfree(hash);
|
|
||||||
|
|
||||||
return err;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct shash_desc *ubifs_get_desc(const struct ubifs_info *c,
|
static struct shash_desc *ubifs_get_desc(const struct ubifs_info *c,
|
||||||
|
@ -601,18 +601,12 @@ static int authenticate_sleb(struct ubifs_info *c, struct ubifs_scan_leb *sleb,
|
|||||||
struct ubifs_scan_node *snod;
|
struct ubifs_scan_node *snod;
|
||||||
int n_nodes = 0;
|
int n_nodes = 0;
|
||||||
int err;
|
int err;
|
||||||
u8 *hash, *hmac;
|
u8 hash[UBIFS_HASH_ARR_SZ];
|
||||||
|
u8 hmac[UBIFS_HMAC_ARR_SZ];
|
||||||
|
|
||||||
if (!ubifs_authenticated(c))
|
if (!ubifs_authenticated(c))
|
||||||
return sleb->nodes_cnt;
|
return sleb->nodes_cnt;
|
||||||
|
|
||||||
hash = kmalloc(crypto_shash_descsize(c->hash_tfm), GFP_NOFS);
|
|
||||||
hmac = kmalloc(c->hmac_desc_len, GFP_NOFS);
|
|
||||||
if (!hash || !hmac) {
|
|
||||||
err = -ENOMEM;
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
list_for_each_entry(snod, &sleb->nodes, list) {
|
list_for_each_entry(snod, &sleb->nodes, list) {
|
||||||
|
|
||||||
n_nodes++;
|
n_nodes++;
|
||||||
@ -662,9 +656,6 @@ static int authenticate_sleb(struct ubifs_info *c, struct ubifs_scan_leb *sleb,
|
|||||||
err = 0;
|
err = 0;
|
||||||
}
|
}
|
||||||
out:
|
out:
|
||||||
kfree(hash);
|
|
||||||
kfree(hmac);
|
|
||||||
|
|
||||||
return err ? err : n_nodes - n_not_auth;
|
return err ? err : n_nodes - n_not_auth;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user