4.4-stable patches

added patches:
	crypto-talitos-check-aes-key-size.patch
	crypto-talitos-check-data-blocksize-in-ablkcipher.patch

diff --git a/queue-4.4/crypto-talitos-check-aes-key-size.patch b/queue-4.4/crypto-talitos-check-aes-key-size.patch
new file mode 100644 (file)
index 0000000..9f9a07f
--- /dev/null
+++ b/queue-4.4/crypto-talitos-check-aes-key-size.patch
@@ -0,0 +1,51 @@
+From 1ba34e71e9e56ac29a52e0d42b6290f3dc5bfd90 Mon Sep 17 00:00:00 2001
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+Date: Tue, 21 May 2019 13:34:10 +0000
+Subject: crypto: talitos - check AES key size
+
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+
+commit 1ba34e71e9e56ac29a52e0d42b6290f3dc5bfd90 upstream.
+
+Although the HW accepts any size and silently truncates
+it to the correct length, the extra tests expects EINVAL
+to be returned when the key size is not valid.
+
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Fixes: 4de9d0b547b9 ("crypto: talitos - Add ablkcipher algorithms")
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/talitos.c |   13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -1426,6 +1426,18 @@ static void unmap_sg_talitos_ptr(struct
+       }
+ }
+ 
++static int ablkcipher_aes_setkey(struct crypto_ablkcipher *cipher,
++                                const u8 *key, unsigned int keylen)
++{
++      if (keylen == AES_KEYSIZE_128 || keylen == AES_KEYSIZE_192 ||
++          keylen == AES_KEYSIZE_256)
++              return ablkcipher_setkey(cipher, key, keylen);
++
++      crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
++
++      return -EINVAL;
++}
++
+ static void common_nonsnoop_unmap(struct device *dev,
+                                 struct talitos_edesc *edesc,
+                                 struct ablkcipher_request *areq)
+@@ -2379,6 +2391,7 @@ static struct talitos_alg_template drive
+                               .min_keysize = AES_MIN_KEY_SIZE,
+                               .max_keysize = AES_MAX_KEY_SIZE,
+                               .ivsize = AES_BLOCK_SIZE,
++                              .setkey = ablkcipher_aes_setkey,
+                       }
+               },
+               .desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |

diff --git a/queue-4.4/crypto-talitos-check-data-blocksize-in-ablkcipher.patch b/queue-4.4/crypto-talitos-check-data-blocksize-in-ablkcipher.patch
new file mode 100644 (file)
index 0000000..b3145f2
--- /dev/null
+++ b/queue-4.4/crypto-talitos-check-data-blocksize-in-ablkcipher.patch
@@ -0,0 +1,58 @@
+From ee483d32ee1a1a7f7d7e918fbc350c790a5af64a Mon Sep 17 00:00:00 2001
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+Date: Tue, 21 May 2019 13:34:12 +0000
+Subject: crypto: talitos - check data blocksize in ablkcipher.
+
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+
+commit ee483d32ee1a1a7f7d7e918fbc350c790a5af64a upstream.
+
+When data size is not a multiple of the alg's block size,
+the SEC generates an error interrupt and dumps the registers.
+And for NULL size, the SEC does just nothing and the interrupt
+is awaited forever.
+
+This patch ensures the data size is correct before submitting
+the request to the SEC engine.
+
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Fixes: 4de9d0b547b9 ("crypto: talitos - Add ablkcipher algorithms")
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/talitos.c |   16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -1641,6 +1641,14 @@ static int ablkcipher_encrypt(struct abl
+       struct crypto_ablkcipher *cipher = crypto_ablkcipher_reqtfm(areq);
+       struct talitos_ctx *ctx = crypto_ablkcipher_ctx(cipher);
+       struct talitos_edesc *edesc;
++      unsigned int blocksize =
++                      crypto_tfm_alg_blocksize(crypto_ablkcipher_tfm(cipher));
++
++      if (!areq->nbytes)
++              return 0;
++
++      if (areq->nbytes % blocksize)
++              return -EINVAL;
+ 
+       /* allocate extended descriptor */
+       edesc = ablkcipher_edesc_alloc(areq, true);
+@@ -1658,6 +1666,14 @@ static int ablkcipher_decrypt(struct abl
+       struct crypto_ablkcipher *cipher = crypto_ablkcipher_reqtfm(areq);
+       struct talitos_ctx *ctx = crypto_ablkcipher_ctx(cipher);
+       struct talitos_edesc *edesc;
++      unsigned int blocksize =
++                      crypto_tfm_alg_blocksize(crypto_ablkcipher_tfm(cipher));
++
++      if (!areq->nbytes)
++              return 0;
++
++      if (areq->nbytes % blocksize)
++              return -EINVAL;
+ 
+       /* allocate extended descriptor */
+       edesc = ablkcipher_edesc_alloc(areq, false);

diff --git a/queue-4.4/series b/queue-4.4/series
index f3433b7d2b062466df19183248fe8d885a89d74b..16f86189d9ea3f3ea0c45f924b61d44b0cd0d51b 100644 (file)
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -19,3 +19,5 @@ mips-vdso-prevent-use-of-smp_processor_id.patch
 mips-vdso-use-same-m-float-cflag-as-the-kernel-proper.patch
 clk-rockchip-don-t-yell-about-bad-mmc-phases-when-getting.patch
 driver-core-fix-use-after-free-and-double-free-on-glue-directory.patch
+crypto-talitos-check-aes-key-size.patch
+crypto-talitos-check-data-blocksize-in-ablkcipher.patch