crypto: omap-sham - fix SW fallback HMAC handling for omap2/omap3
authorTero Kristo <t-kristo@ti.com>
Thu, 4 Aug 2016 10:28:40 +0000 (13:28 +0300)
committerHerbert Xu <herbert@gondor.apana.org.au>
Tue, 13 Sep 2016 12:20:56 +0000 (20:20 +0800)
If software fallback is used on older hardware accelerator setup (OMAP2/
OMAP3), the first block of data must be purged from the buffer. The
first block contains the pre-generated ipad value required by the HW,
but the software fallback algorithm generates its own, causing wrong
results.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
drivers/crypto/omap-sham.c

index f788319f7ba72bf34f6b5b97b4f0e6efcd44c5bc..cf9f617cfcd7e9bd6e41fcc1c6a4e1fe5792354b 100644 (file)
@@ -1143,9 +1143,20 @@ static int omap_sham_final_shash(struct ahash_request *req)
 {
        struct omap_sham_ctx *tctx = crypto_tfm_ctx(req->base.tfm);
        struct omap_sham_reqctx *ctx = ahash_request_ctx(req);
+       int offset = 0;
+
+       /*
+        * If we are running HMAC on limited hardware support, skip
+        * the ipad in the beginning of the buffer if we are going for
+        * software fallback algorithm.
+        */
+       if (test_bit(FLAGS_HMAC, &ctx->flags) &&
+           !test_bit(FLAGS_AUTO_XOR, &ctx->dd->flags))
+               offset = get_block_size(ctx);
 
        return omap_sham_shash_digest(tctx->fallback, req->base.flags,
-                                     ctx->buffer, ctx->bufcnt, req->result);
+                                     ctx->buffer + offset,
+                                     ctx->bufcnt - offset, req->result);
 }
 
 static int omap_sham_final(struct ahash_request *req)