--- /dev/null
+From 1ba34e71e9e56ac29a52e0d42b6290f3dc5bfd90 Mon Sep 17 00:00:00 2001
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+Date: Tue, 21 May 2019 13:34:10 +0000
+Subject: crypto: talitos - check AES key size
+
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+
+commit 1ba34e71e9e56ac29a52e0d42b6290f3dc5bfd90 upstream.
+
+Although the HW accepts any size and silently truncates
+it to the correct length, the extra tests expects EINVAL
+to be returned when the key size is not valid.
+
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Fixes: 4de9d0b547b9 ("crypto: talitos - Add ablkcipher algorithms")
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/talitos.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -1528,6 +1528,18 @@ static int ablkcipher_setkey(struct cryp
+ return 0;
+ }
+
++static int ablkcipher_aes_setkey(struct crypto_ablkcipher *cipher,
++ const u8 *key, unsigned int keylen)
++{
++ if (keylen == AES_KEYSIZE_128 || keylen == AES_KEYSIZE_192 ||
++ keylen == AES_KEYSIZE_256)
++ return ablkcipher_setkey(cipher, key, keylen);
++
++ crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
++
++ return -EINVAL;
++}
++
+ static void common_nonsnoop_unmap(struct device *dev,
+ struct talitos_edesc *edesc,
+ struct ablkcipher_request *areq)
+@@ -2621,6 +2633,7 @@ static struct talitos_alg_template drive
+ .min_keysize = AES_MIN_KEY_SIZE,
+ .max_keysize = AES_MAX_KEY_SIZE,
+ .ivsize = AES_BLOCK_SIZE,
++ .setkey = ablkcipher_aes_setkey,
+ }
+ },
+ .desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
+@@ -2638,6 +2651,7 @@ static struct talitos_alg_template drive
+ .min_keysize = AES_MIN_KEY_SIZE,
+ .max_keysize = AES_MAX_KEY_SIZE,
+ .ivsize = AES_BLOCK_SIZE,
++ .setkey = ablkcipher_aes_setkey,
+ }
+ },
+ .desc_hdr_template = DESC_HDR_TYPE_AESU_CTR_NONSNOOP |
--- /dev/null
+From ee483d32ee1a1a7f7d7e918fbc350c790a5af64a Mon Sep 17 00:00:00 2001
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+Date: Tue, 21 May 2019 13:34:12 +0000
+Subject: crypto: talitos - check data blocksize in ablkcipher.
+
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+
+commit ee483d32ee1a1a7f7d7e918fbc350c790a5af64a upstream.
+
+When data size is not a multiple of the alg's block size,
+the SEC generates an error interrupt and dumps the registers.
+And for NULL size, the SEC does just nothing and the interrupt
+is awaited forever.
+
+This patch ensures the data size is correct before submitting
+the request to the SEC engine.
+
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Fixes: 4de9d0b547b9 ("crypto: talitos - Add ablkcipher algorithms")
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/talitos.c | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -1668,6 +1668,14 @@ static int ablkcipher_encrypt(struct abl
+ struct crypto_ablkcipher *cipher = crypto_ablkcipher_reqtfm(areq);
+ struct talitos_ctx *ctx = crypto_ablkcipher_ctx(cipher);
+ struct talitos_edesc *edesc;
++ unsigned int blocksize =
++ crypto_tfm_alg_blocksize(crypto_ablkcipher_tfm(cipher));
++
++ if (!areq->nbytes)
++ return 0;
++
++ if (areq->nbytes % blocksize)
++ return -EINVAL;
+
+ /* allocate extended descriptor */
+ edesc = ablkcipher_edesc_alloc(areq, true);
+@@ -1685,6 +1693,14 @@ static int ablkcipher_decrypt(struct abl
+ struct crypto_ablkcipher *cipher = crypto_ablkcipher_reqtfm(areq);
+ struct talitos_ctx *ctx = crypto_ablkcipher_ctx(cipher);
+ struct talitos_edesc *edesc;
++ unsigned int blocksize =
++ crypto_tfm_alg_blocksize(crypto_ablkcipher_tfm(cipher));
++
++ if (!areq->nbytes)
++ return 0;
++
++ if (areq->nbytes % blocksize)
++ return -EINVAL;
+
+ /* allocate extended descriptor */
+ edesc = ablkcipher_edesc_alloc(areq, false);
--- /dev/null
+From 7ede4c36cf7c6516986ee9d75b197c8bf73ea96f Mon Sep 17 00:00:00 2001
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+Date: Tue, 21 May 2019 13:34:14 +0000
+Subject: crypto: talitos - Do not modify req->cryptlen on decryption.
+
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+
+commit 7ede4c36cf7c6516986ee9d75b197c8bf73ea96f upstream.
+
+For decrypt, req->cryptlen includes the size of the authentication
+part while all functions of the driver expect cryptlen to be
+the size of the encrypted data.
+
+As it is not expected to change req->cryptlen, this patch
+implements local calculation of cryptlen.
+
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Fixes: 9c4a79653b35 ("crypto: talitos - Freescale integrated security engine (SEC) driver")
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/talitos.c | 31 +++++++++++++++++--------------
+ 1 file changed, 17 insertions(+), 14 deletions(-)
+
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -943,11 +943,13 @@ static void talitos_sg_unmap(struct devi
+
+ static void ipsec_esp_unmap(struct device *dev,
+ struct talitos_edesc *edesc,
+- struct aead_request *areq)
++ struct aead_request *areq, bool encrypt)
+ {
+ struct crypto_aead *aead = crypto_aead_reqtfm(areq);
+ struct talitos_ctx *ctx = crypto_aead_ctx(aead);
+ unsigned int ivsize = crypto_aead_ivsize(aead);
++ unsigned int authsize = crypto_aead_authsize(aead);
++ unsigned int cryptlen = areq->cryptlen - (encrypt ? 0 : authsize);
+
+ if (edesc->desc.hdr & DESC_HDR_TYPE_IPSEC_ESP)
+ unmap_single_talitos_ptr(dev, &edesc->desc.ptr[6],
+@@ -956,7 +958,7 @@ static void ipsec_esp_unmap(struct devic
+ unmap_single_talitos_ptr(dev, &edesc->desc.ptr[2], DMA_TO_DEVICE);
+ unmap_single_talitos_ptr(dev, &edesc->desc.ptr[0], DMA_TO_DEVICE);
+
+- talitos_sg_unmap(dev, edesc, areq->src, areq->dst, areq->cryptlen,
++ talitos_sg_unmap(dev, edesc, areq->src, areq->dst, cryptlen,
+ areq->assoclen);
+
+ if (edesc->dma_len)
+@@ -967,7 +969,7 @@ static void ipsec_esp_unmap(struct devic
+ unsigned int dst_nents = edesc->dst_nents ? : 1;
+
+ sg_pcopy_to_buffer(areq->dst, dst_nents, ctx->iv, ivsize,
+- areq->assoclen + areq->cryptlen - ivsize);
++ areq->assoclen + cryptlen - ivsize);
+ }
+ }
+
+@@ -988,7 +990,7 @@ static void ipsec_esp_encrypt_done(struc
+
+ edesc = container_of(desc, struct talitos_edesc, desc);
+
+- ipsec_esp_unmap(dev, edesc, areq);
++ ipsec_esp_unmap(dev, edesc, areq, true);
+
+ /* copy the generated ICV to dst */
+ if (edesc->icv_ool) {
+@@ -1020,7 +1022,7 @@ static void ipsec_esp_decrypt_swauth_don
+
+ edesc = container_of(desc, struct talitos_edesc, desc);
+
+- ipsec_esp_unmap(dev, edesc, req);
++ ipsec_esp_unmap(dev, edesc, req, false);
+
+ if (!err) {
+ char icvdata[SHA512_DIGEST_SIZE];
+@@ -1066,7 +1068,7 @@ static void ipsec_esp_decrypt_hwauth_don
+
+ edesc = container_of(desc, struct talitos_edesc, desc);
+
+- ipsec_esp_unmap(dev, edesc, req);
++ ipsec_esp_unmap(dev, edesc, req, false);
+
+ /* check ICV auth status */
+ if (!err && ((desc->hdr_lo & DESC_HDR_LO_ICCR1_MASK) !=
+@@ -1173,6 +1175,7 @@ static int talitos_sg_map(struct device
+ * fill in and submit ipsec_esp descriptor
+ */
+ static int ipsec_esp(struct talitos_edesc *edesc, struct aead_request *areq,
++ bool encrypt,
+ void (*callback)(struct device *dev,
+ struct talitos_desc *desc,
+ void *context, int error))
+@@ -1182,7 +1185,7 @@ static int ipsec_esp(struct talitos_edes
+ struct talitos_ctx *ctx = crypto_aead_ctx(aead);
+ struct device *dev = ctx->dev;
+ struct talitos_desc *desc = &edesc->desc;
+- unsigned int cryptlen = areq->cryptlen;
++ unsigned int cryptlen = areq->cryptlen - (encrypt ? 0 : authsize);
+ unsigned int ivsize = crypto_aead_ivsize(aead);
+ int tbl_off = 0;
+ int sg_count, ret;
+@@ -1324,7 +1327,7 @@ static int ipsec_esp(struct talitos_edes
+
+ ret = talitos_submit(dev, ctx->ch, desc, callback, areq);
+ if (ret != -EINPROGRESS) {
+- ipsec_esp_unmap(dev, edesc, areq);
++ ipsec_esp_unmap(dev, edesc, areq, encrypt);
+ kfree(edesc);
+ }
+ return ret;
+@@ -1433,9 +1436,10 @@ static struct talitos_edesc *aead_edesc_
+ unsigned int authsize = crypto_aead_authsize(authenc);
+ struct talitos_ctx *ctx = crypto_aead_ctx(authenc);
+ unsigned int ivsize = crypto_aead_ivsize(authenc);
++ unsigned int cryptlen = areq->cryptlen - (encrypt ? 0 : authsize);
+
+ return talitos_edesc_alloc(ctx->dev, areq->src, areq->dst,
+- iv, areq->assoclen, areq->cryptlen,
++ iv, areq->assoclen, cryptlen,
+ authsize, ivsize, icv_stashing,
+ areq->base.flags, encrypt);
+ }
+@@ -1454,7 +1458,7 @@ static int aead_encrypt(struct aead_requ
+ /* set encrypt */
+ edesc->desc.hdr = ctx->desc_hdr_template | DESC_HDR_MODE0_ENCRYPT;
+
+- return ipsec_esp(edesc, req, ipsec_esp_encrypt_done);
++ return ipsec_esp(edesc, req, true, ipsec_esp_encrypt_done);
+ }
+
+ static int aead_decrypt(struct aead_request *req)
+@@ -1466,8 +1470,6 @@ static int aead_decrypt(struct aead_requ
+ struct talitos_edesc *edesc;
+ void *icvdata;
+
+- req->cryptlen -= authsize;
+-
+ /* allocate extended descriptor */
+ edesc = aead_edesc_alloc(req, req->iv, 1, false);
+ if (IS_ERR(edesc))
+@@ -1485,7 +1487,8 @@ static int aead_decrypt(struct aead_requ
+ /* reset integrity check result bits */
+ edesc->desc.hdr_lo = 0;
+
+- return ipsec_esp(edesc, req, ipsec_esp_decrypt_hwauth_done);
++ return ipsec_esp(edesc, req, false,
++ ipsec_esp_decrypt_hwauth_done);
+ }
+
+ /* Have to check the ICV with software */
+@@ -1501,7 +1504,7 @@ static int aead_decrypt(struct aead_requ
+ sg_pcopy_to_buffer(req->src, edesc->src_nents ? : 1, icvdata, authsize,
+ req->assoclen + req->cryptlen - authsize);
+
+- return ipsec_esp(edesc, req, ipsec_esp_decrypt_swauth_done);
++ return ipsec_esp(edesc, req, false, ipsec_esp_decrypt_swauth_done);
+ }
+
+ static int ablkcipher_setkey(struct crypto_ablkcipher *cipher,
--- /dev/null
+From b9a05b6041cb9810a291315569b2af0d63c3680a Mon Sep 17 00:00:00 2001
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+Date: Tue, 21 May 2019 13:34:11 +0000
+Subject: crypto: talitos - fix CTR alg blocksize
+
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+
+commit b9a05b6041cb9810a291315569b2af0d63c3680a upstream.
+
+CTR has a blocksize of 1.
+
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Fixes: 5e75ae1b3cef ("crypto: talitos - add new crypto modes")
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/talitos.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -2644,7 +2644,7 @@ static struct talitos_alg_template drive
+ .alg.crypto = {
+ .cra_name = "ctr(aes)",
+ .cra_driver_name = "ctr-aes-talitos",
+- .cra_blocksize = AES_BLOCK_SIZE,
++ .cra_blocksize = 1,
+ .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER |
+ CRYPTO_ALG_ASYNC,
+ .cra_ablkcipher = {
--- /dev/null
+From d84cc9c9524ec5973a337533e6d8ccd3e5f05f2b Mon Sep 17 00:00:00 2001
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+Date: Tue, 21 May 2019 13:34:13 +0000
+Subject: crypto: talitos - fix ECB algs ivsize
+
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+
+commit d84cc9c9524ec5973a337533e6d8ccd3e5f05f2b upstream.
+
+ECB's ivsize must be 0.
+
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Fixes: 5e75ae1b3cef ("crypto: talitos - add new crypto modes")
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/talitos.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -2666,7 +2666,6 @@ static struct talitos_alg_template drive
+ .cra_ablkcipher = {
+ .min_keysize = AES_MIN_KEY_SIZE,
+ .max_keysize = AES_MAX_KEY_SIZE,
+- .ivsize = AES_BLOCK_SIZE,
+ .setkey = ablkcipher_aes_setkey,
+ }
+ },
--- /dev/null
+From 4bbfb839259a9c96a0be872e16f7471b7136aee5 Mon Sep 17 00:00:00 2001
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+Date: Tue, 21 May 2019 13:34:15 +0000
+Subject: crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking.
+
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+
+commit 4bbfb839259a9c96a0be872e16f7471b7136aee5 upstream.
+
+In that mode, hardware ICV verification is not supported.
+
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Fixes: 7405c8d7ff97 ("crypto: talitos - templates for AEAD using HMAC_SNOOP_NO_AFEU")
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/talitos.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -1475,7 +1475,8 @@ static int aead_decrypt(struct aead_requ
+ if (IS_ERR(edesc))
+ return PTR_ERR(edesc);
+
+- if ((priv->features & TALITOS_FTR_HW_AUTH_CHECK) &&
++ if ((edesc->desc.hdr & DESC_HDR_TYPE_IPSEC_ESP) &&
++ (priv->features & TALITOS_FTR_HW_AUTH_CHECK) &&
+ ((!edesc->src_nents && !edesc->dst_nents) ||
+ priv->features & TALITOS_FTR_SRC_LINK_TBL_LEN_INCLUDES_EXTENT)) {
+
clk-rockchip-don-t-yell-about-bad-mmc-phases-when-getting.patch
mtd-rawnand-mtk-fix-wrongly-assigned-oob-buffer-pointer-issue.patch
driver-core-fix-use-after-free-and-double-free-on-glue-directory.patch
+crypto-talitos-check-aes-key-size.patch
+crypto-talitos-fix-ctr-alg-blocksize.patch
+crypto-talitos-check-data-blocksize-in-ablkcipher.patch
+crypto-talitos-fix-ecb-algs-ivsize.patch
+crypto-talitos-do-not-modify-req-cryptlen-on-decryption.patch
+crypto-talitos-hmac-snoop-no-afeu-mode-requires-sw-icv-checking.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
