]> err.no Git - linux-2.6/commitdiff
projects / linux-2.6 / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c0a1811)
[CRYPTO] hmac: Avoid calling virt_to_page on key
authorHerbert Xu <herbert@gondor.apana.org.au>
Tue, 6 May 2008 12:46:49 +0000 (20:46 +0800)
committerHerbert Xu <herbert@gondor.apana.org.au>
Wed, 7 May 2008 13:08:56 +0000 (21:08 +0800)
When HMAC gets a key longer than the block size of the hash, it needs
to feed it as input to the hash to reduce it to a fixed length.  As
it is HMAC converts the key to a scatter and gather list.  However,
this doesn't work on certain platforms if the key is not allocated
via kmalloc.  For example, the keys from tcrypt are stored in the
rodata section and this causes it to fail with HMAC on x86-64.

This patch fixes this by copying the key to memory obtained via
kmalloc before hashing it.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto/hmac.c patch | blob | history

diff --git a/crypto/hmac.c b/crypto/hmac.c
index b60c3c7aa320ba08548c050f4fc05d231321de61..14c6351e639d9484aa093fac191c7919a99127b4 100644 (file)
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -57,14 +57,35 @@ static int hmac_setkey(struct crypto_hash *parent,
        if (keylen > bs) {
                struct hash_desc desc;
                struct scatterlist tmp;
+               int tmplen;
                int err;
 
                desc.tfm = tfm;
                desc.flags = crypto_hash_get_flags(parent);
                desc.flags &= CRYPTO_TFM_REQ_MAY_SLEEP;
-               sg_init_one(&tmp, inkey, keylen);
 
-               err = crypto_hash_digest(&desc, &tmp, keylen, digest);
+               err = crypto_hash_init(&desc);
+               if (err)
+                       return err;
+
+               tmplen = bs * 2 + ds;
+               sg_init_one(&tmp, ipad, tmplen);
+
+               for (; keylen > tmplen; inkey += tmplen, keylen -= tmplen) {
+                       memcpy(ipad, inkey, tmplen);
+                       err = crypto_hash_update(&desc, &tmp, tmplen);
+                       if (err)
+                               return err;
+               }
+
+               if (keylen) {
+                       memcpy(ipad, inkey, keylen);
+                       err = crypto_hash_update(&desc, &tmp, keylen);
+                       if (err)
+                               return err;
+               }
+
+               err = crypto_hash_final(&desc, digest);
                if (err)
                        return err;
 
Linux 2.6 source tree