The function crypto_shash_update_sg iterates through an SG by
hand. It fails to handle corner cases such as SG entries longer
than a page. Fix this by using the SG iterator.
Fixes: 348f5669d1f6 ("crypto/krb5: Implement the Kerberos5 rfc3961 get_mic and verify_mic")
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
---
crypto/krb5/rfc3961_simplified.c | 34 ++++++++++++++------------------
1 file changed, 15 insertions(+), 19 deletions(-)
diff --git a/crypto/krb5/rfc3961_simplified.c b/crypto/krb5/rfc3961_simplified.c
index c1dcb0dd3a00..d9cf1bfa11a5 100644
--- a/crypto/krb5/rfc3961_simplified.c
+++ b/crypto/krb5/rfc3961_simplified.c
@@ -67,6 +67,7 @@
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/random.h>
+#include <linux/scatterlist.h>
#include <linux/skbuff.h>
#include <linux/slab.h>
#include <linux/highmem.h>
@@ -83,26 +84,21 @@
int crypto_shash_update_sg(struct shash_desc *desc, struct scatterlist *sg,
size_t offset, size_t len)
{
- do {
- int ret;
+ struct sg_mapping_iter miter;
+ size_t i, n;
+ int ret;
- if (offset < sg->length) {
- struct page *page = sg_page(sg);
- void *p = kmap_local_page(page);
- void *q = p + sg->offset + offset;
- size_t seg = min_t(size_t, len, sg->length - offset);
-
- ret = crypto_shash_update(desc, q, seg);
- kunmap_local(p);
- if (ret < 0)
- return ret;
- len -= seg;
- offset = 0;
- } else {
- offset -= sg->length;
- }
- } while (len > 0 && (sg = sg_next(sg)));
- return 0;
+ sg_miter_start(&miter, sg, sg_nents(sg),
+ SG_MITER_FROM_SG | SG_MITER_ATOMIC);
+ for (i = 0; i < len; i += n) {
+ sg_miter_next(&miter);
+ n = min(miter.length, len - i);
+ ret = crypto_shash_update(desc, miter.addr, n);
+ if (ret < 0)
+ break;
+ }
+ sg_miter_stop(&miter);
+ return ret;
}
static int rfc3961_do_encrypt(struct crypto_sync_skcipher *tfm, void *iv,
--
2.39.5
