summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--crypto/hmac.c2
-rw-r--r--include/crypto/hash.h8
2 files changed, 9 insertions, 1 deletions
diff --git a/crypto/hmac.c b/crypto/hmac.c
index a68c1266121f..241b1868c1d0 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -157,6 +157,8 @@ static int hmac_init_tfm(struct crypto_tfm *tfm)
parent->descsize = sizeof(struct shash_desc) +
crypto_shash_descsize(hash);
+ if (WARN_ON(parent->descsize > HASH_MAX_DESCSIZE))
+ return -EINVAL;
ctx->hash = hash;
return 0;
diff --git a/include/crypto/hash.h b/include/crypto/hash.h
index d21bea2c4382..d6702b4a457f 100644
--- a/include/crypto/hash.h
+++ b/include/crypto/hash.h
@@ -150,7 +150,13 @@ struct shash_desc {
};
#define HASH_MAX_DIGESTSIZE 64
-#define HASH_MAX_DESCSIZE 360
+
+/*
+ * Worst case is hmac(sha3-224-generic). Its context is a nested 'shash_desc'
+ * containing a 'struct sha3_state'.
+ */
+#define HASH_MAX_DESCSIZE (sizeof(struct shash_desc) + 360)
+
#define HASH_MAX_STATESIZE 512
#define SHASH_DESC_ON_STACK(shash, ctx) \