The empty message checks may trigger on non-empty messages split
over an update operation followed by a final operation (where
req->nbytes can/should be set to zero).
Fixes: b56403a25af7 ("crypto: stm32/hash - Support Ux500 hash")
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
diff --git a/drivers/crypto/stm32/stm32-hash.c b/drivers/crypto/stm32/stm32-hash.c
index 7bf805563ac2..acf8bfc8de4b 100644
--- a/drivers/crypto/stm32/stm32-hash.c
+++ b/drivers/crypto/stm32/stm32-hash.c
@@ -148,6 +148,7 @@ struct stm32_hash_request_ctx {
int nents;
u8 data_type;
+ bool nonempty;
u8 buffer[HASH_BUFLEN] __aligned(sizeof(u32));
@@ -310,7 +311,7 @@ static void stm32_hash_write_ctrl(struct stm32_hash_dev *hdev, int bufcnt)
* On the Ux500 we need to set a special flag to indicate that
* the message is zero length.
*/
- if (hdev->pdata->ux500 && bufcnt == 0)
+ if (hdev->pdata->ux500 && !rctx->nonempty)
reg |= HASH_CR_UX500_EMPTYMSG;
if (!hdev->polled)
@@ -754,6 +755,7 @@ static int stm32_hash_init(struct ahash_request *req)
rctx->total = 0;
rctx->offset = 0;
rctx->data_type = HASH_DATA_8_BITS;
+ rctx->nonempty = false;
memset(rctx->buffer, 0, HASH_BUFLEN);
@@ -832,7 +834,7 @@ static void stm32_hash_copy_hash(struct ahash_request *req)
__be32 *hash = (void *)rctx->digest;
unsigned int i, hashsize;
- if (hdev->pdata->broken_emptymsg && !req->nbytes)
+ if (hdev->pdata->broken_emptymsg && !rctx->nonempty)
return stm32_hash_emptymsg_fallback(req);
switch (rctx->flags & HASH_FLAGS_ALGO_MASK) {
@@ -986,6 +988,8 @@ static int stm32_hash_update(struct ahash_request *req)
{
struct stm32_hash_request_ctx *rctx = ahash_request_ctx(req);
+ rctx->nonempty = !!req->nbytes;
+
if (!req->nbytes || !(rctx->flags & HASH_FLAGS_CPU))
return 0;
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
