Home Home > GIT Browse > SLE12-SP4
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2019-07-16 14:46:35 +0200
committerTakashi Iwai <tiwai@suse.de>2019-07-16 14:47:04 +0200
commit36965fe1a1b8ed8b563bc470f536c7d935cc2989 (patch)
tree2a8df244670320a0062255f85fb4a99e9cbe02fe
parentd1d286161e4697a68c043f89687bbbc2911f3796 (diff)
crypto: talitos - properly handle split ICV (bsc#1051510).
-rw-r--r--patches.fixes/crypto-talitos-properly-handle-split-ICV.patch94
-rw-r--r--series.conf1
2 files changed, 95 insertions, 0 deletions
diff --git a/patches.fixes/crypto-talitos-properly-handle-split-ICV.patch b/patches.fixes/crypto-talitos-properly-handle-split-ICV.patch
new file mode 100644
index 0000000000..ad4f579b94
--- /dev/null
+++ b/patches.fixes/crypto-talitos-properly-handle-split-ICV.patch
@@ -0,0 +1,94 @@
+From eae55a586c3c8b50982bad3c3426e9c9dd7a0075 Mon Sep 17 00:00:00 2001
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+Date: Tue, 21 May 2019 13:34:17 +0000
+Subject: [PATCH] crypto: talitos - properly handle split ICV.
+Git-commit: eae55a586c3c8b50982bad3c3426e9c9dd7a0075
+Patch-mainline: v5.3-rc1
+References: bsc#1051510
+
+The driver assumes that the ICV is as a single piece in the last
+element of the scatterlist. This assumption is wrong.
+
+This patch ensures that the ICV is properly handled regardless of
+the scatterlist layout.
+
+Fixes: 9c4a79653b35 ("crypto: talitos - Freescale integrated security engine (SEC) driver")
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/crypto/talitos.c | 26 +++++++++++++++-----------
+ 1 file changed, 15 insertions(+), 11 deletions(-)
+
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -988,7 +988,6 @@ static void ipsec_esp_encrypt_done(struc
+ struct crypto_aead *authenc = crypto_aead_reqtfm(areq);
+ unsigned int authsize = crypto_aead_authsize(authenc);
+ struct talitos_edesc *edesc;
+- struct scatterlist *sg;
+ void *icvdata;
+
+ edesc = container_of(desc, struct talitos_edesc, desc);
+@@ -1002,9 +1001,8 @@ static void ipsec_esp_encrypt_done(struc
+ else
+ icvdata = &edesc->link_tbl[edesc->src_nents +
+ edesc->dst_nents + 2];
+- sg = sg_last(areq->dst, edesc->dst_nents);
+- memcpy((char *)sg_virt(sg) + sg->length - authsize,
+- icvdata, authsize);
++ sg_pcopy_from_buffer(areq->dst, edesc->dst_nents ? : 1, icvdata,
++ authsize, areq->assoclen + areq->cryptlen);
+ }
+
+ kfree(edesc);
+@@ -1020,7 +1018,6 @@ static void ipsec_esp_decrypt_swauth_don
+ struct crypto_aead *authenc = crypto_aead_reqtfm(req);
+ unsigned int authsize = crypto_aead_authsize(authenc);
+ struct talitos_edesc *edesc;
+- struct scatterlist *sg;
+ char *oicv, *icv;
+ struct talitos_private *priv = dev_get_drvdata(dev);
+ bool is_sec1 = has_ftr_sec1(priv);
+@@ -1030,9 +1027,18 @@ static void ipsec_esp_decrypt_swauth_don
+ ipsec_esp_unmap(dev, edesc, req);
+
+ if (!err) {
++ char icvdata[SHA512_DIGEST_SIZE];
++ int nents = edesc->dst_nents ? : 1;
++ unsigned int len = req->assoclen + req->cryptlen;
++
+ /* auth check */
+- sg = sg_last(req->dst, edesc->dst_nents ? : 1);
+- icv = (char *)sg_virt(sg) + sg->length - authsize;
++ if (nents > 1) {
++ sg_pcopy_to_buffer(req->dst, nents, icvdata, authsize,
++ len - authsize);
++ icv = icvdata;
++ } else {
++ icv = (char *)sg_virt(req->dst) + len - authsize;
++ }
+
+ if (edesc->dma_len) {
+ if (is_sec1)
+@@ -1469,7 +1475,6 @@ static int aead_decrypt(struct aead_requ
+ struct talitos_ctx *ctx = crypto_aead_ctx(authenc);
+ struct talitos_private *priv = dev_get_drvdata(ctx->dev);
+ struct talitos_edesc *edesc;
+- struct scatterlist *sg;
+ void *icvdata;
+
+ req->cryptlen -= authsize;
+@@ -1505,9 +1510,8 @@ static int aead_decrypt(struct aead_requ
+ else
+ icvdata = &edesc->link_tbl[0];
+
+- sg = sg_last(req->src, edesc->src_nents ? : 1);
+-
+- memcpy(icvdata, (char *)sg_virt(sg) + sg->length - authsize, authsize);
++ sg_pcopy_to_buffer(req->src, edesc->src_nents ? : 1, icvdata, authsize,
++ req->assoclen + req->cryptlen - authsize);
+
+ return ipsec_esp(edesc, req, ipsec_esp_decrypt_swauth_done);
+ }
diff --git a/series.conf b/series.conf
index 47ca937300..cbf681411c 100644
--- a/series.conf
+++ b/series.conf
@@ -22820,6 +22820,7 @@
patches.fixes/crypto-talitos-fix-CTR-alg-blocksize.patch
patches.fixes/crypto-talitos-check-data-blocksize-in-ablkcipher.patch
patches.fixes/crypto-talitos-HMAC-SNOOP-NO-AFEU-mode-requires-SW-i.patch
+ patches.fixes/crypto-talitos-properly-handle-split-ICV.patch
patches.fixes/lib-scatterlist-Fix-mapping-iterator-when-sg-offset-.patch
patches.drivers/pwm-stm32-Use-3-cells-of_xlate.patch
patches.drivers/gpio-omap-fix-lack-of-irqstatus_raw0-for-OMAP4.patch