crypto: caam: fix array out of bound access

All arrays in question have six elements but the index is seven bits
wide. Make sure the index is bound by ARRAY_SIZE to avoid incorrect
memory accesses

Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
Change-Id: Ic1a65f55e9aa76dc7828021010bac8ebac75b565
Reviewed-on: http://git.am.freescale.net:8181/19802
Reviewed-by: Horia Ioan Geanta Neag <horia.geanta@freescale.com>
Reviewed-by: Mircea Pop <mircea.pop@freescale.com>
Tested-by: Review Code-CDREVIEW <CDREVIEW@freescale.com>
Reviewed-by: Matthew Weigel <Matthew.Weigel@freescale.com>

1 files changed, 14 insertions, 4 deletions

diff --git a/drivers/crypto/caam/caamalg_qi.c b/drivers/crypto/caam/caamalg_qi.c
index aa0423a..4334f82 100644
--- a/drivers/crypto/caam/caamalg_qi.c
+++ b/drivers/crypto/caam/caamalg_qi.c
@@ -2109,6 +2109,7 @@ static int caam_cra_init(struct crypto_tfm *tfm)
 		SHA384_DIGEST_SIZE,
 		SHA512_DIGEST_SIZE
 	};
+	u8 op_id;
 
 	/*
 	 * distribute tfms across job rings to ensure in-order
@@ -2129,11 +2130,20 @@ static int caam_cra_init(struct crypto_tfm *tfm)
 	 * Need authsize, in case setauthsize callback not called
 	 * by upper layer (e.g. TLS).
 	 */
-	if (caam_alg->alg_op)
-		ctx->authsize = digest_size[(ctx->alg_op &
-				OP_ALG_ALGSEL_SUBMASK) >> OP_ALG_ALGSEL_SHIFT];
-	else
+	if (caam_alg->alg_op) {
+		op_id = (ctx->alg_op & OP_ALG_ALGSEL_SUBMASK)
+				>> OP_ALG_ALGSEL_SHIFT;
+		if (op_id < ARRAY_SIZE(digest_size)) {
+			ctx->authsize = digest_size[op_id];
+		} else {
+			dev_err(ctx->jrdev, "incorrect op_id %d; must be less than %d\n",
+					op_id, ARRAY_SIZE(digest_size));
+			caam_jr_free(ctx->jrdev);
+			return -EINVAL;
+		}
+	} else {
 		ctx->authsize = 0;
+	}
 
 	ctx->qidev = priv->qidev;