crypto: caam - fix DMA corruption on long hmac keys

When a key longer than block size is supplied, it is copied and then
hashed into the real key.  The memory allocated for the copy needs to
be rounded to DMA cache alignment, as otherwise the hashed key may
corrupt neighbouring memory.

The rounding was performed, but never actually used for the allocation.
Fix this by replacing kmemdup with kmalloc for a larger buffer,
followed by memcpy.

Fixes: 199354d7fb6e ("crypto: caam - Remove GFP_DMA and add DMA alignment padding")
Reported-by: Paul Bunyan <pbunyan@redhat.com>
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c
index 628c43a7efc41fe5b5b091daaab4d77f691f9865..44122208f70cb94c7186e4995680bb8a1085b60a 100644 (file)
--- a/drivers/crypto/caam/caamhash.c
+++ b/drivers/crypto/caam/caamhash.c
@@ -441,9 +441,10 @@ static int ahash_setkey(struct crypto_ahash *ahash,
                if (aligned_len < keylen)
                        return -EOVERFLOW;
 
-               hashed_key = kmemdup(key, keylen, GFP_KERNEL);
+               hashed_key = kmalloc(aligned_len, GFP_KERNEL);
                if (!hashed_key)
                        return -ENOMEM;
+               memcpy(hashed_key, key, keylen);
                ret = hash_digest_key(ctx, &keylen, hashed_key, digestsize);
                if (ret)
                        goto bad_free_key;