crypto: krb5 - Use SG miter instead of doing it by hand

The function crypto_shash_update_sg iterates through an SG by hand. It fails to handle corner cases such as SG entries longer than a page. Fix this by using the SG iterator. Fixes: 348f5669d1 ("crypto/krb5: Implement the Kerberos5 rfc3961 get_mic and verify_mic") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2025-08-05 16:54:27 +00:00 · 2025-03-13 13:14:56 +08:00 · 2025-03-13 13:14:56 +08:00 · da6f9bf40a
commit da6f9bf40a
parent fc8d5bba61
1 changed files with 15 additions and 20 deletions
--- a/crypto/krb5/rfc3961_simplified.c
+++ b/crypto/krb5/rfc3961_simplified.c
@ -67,9 +67,9 @@
 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt

 #include <linux/random.h>
+#include <linux/scatterlist.h>
 #include <linux/skbuff.h>
 #include <linux/slab.h>
-#include <linux/highmem.h>
 #include <linux/lcm.h>
 #include <linux/rtnetlink.h>
 #include <crypto/authenc.h>
@ -83,26 +83,21 @@
 int crypto_shash_update_sg(struct shash_desc *desc, struct scatterlist *sg,
 			   size_t offset, size_t len)
 {
-	do {
-		int ret;
+	struct sg_mapping_iter miter;
+	size_t i, n;
+	int ret = 0;

-		if (offset < sg->length) {
-			struct page *page = sg_page(sg);
-			void *p = kmap_local_page(page);
-			void *q = p + sg->offset + offset;
-			size_t seg = min_t(size_t, len, sg->length - offset);
-
-			ret = crypto_shash_update(desc, q, seg);
-			kunmap_local(p);
+	sg_miter_start(&miter, sg, sg_nents(sg),
+		       SG_MITER_FROM_SG | SG_MITER_LOCAL);
+	for (i = 0; i < len; i += n) {
+		sg_miter_next(&miter);
+		n = min(miter.length, len - i);
+		ret = crypto_shash_update(desc, miter.addr, n);
 		if (ret < 0)
-				return ret;
-			len -= seg;
-			offset = 0;
-		} else {
-			offset -= sg->length;
+			break;
 	}
-	} while (len > 0 && (sg = sg_next(sg)));
-	return 0;
+	sg_miter_stop(&miter);
+	return ret;
 }

 static int rfc3961_do_encrypt(struct crypto_sync_skcipher *tfm, void *iv,