2.6.21.3 release with geode-aes security fix

diff --git a/releases/2.6.21.3/geode-aes-allow-in-place-operations.patch b/releases/2.6.21.3/geode-aes-allow-in-place-operations.patch
new file mode 100644 (file)
index 0000000..6af81db
--- /dev/null
+++ b/releases/2.6.21.3/geode-aes-allow-in-place-operations.patch
@@ -0,0 +1,73 @@
+From stable-bounces@linux.kernel.org  Thu May 24 04:36:51 2007
+Date: Thu, 24 May 2007 21:36:35 +1000
+From: Herbert Xu <herbert@gondor.apana.org.au>
+To: stable@kernel.org
+Message-ID: <20070524113635.GA9924@gondor.apana.org.au>
+Subject: GEODE-AES: Allow in-place operations [CVE-2007-2451]
+
+From: Jordan Crouse <jordan.crouse@amd.com>
+
+Allow in-place crypto operations.  Also remove the coherent user flag
+(we use it automagically now), and by default use the user written
+key rather then the HW hidden key - this makes crypto just work without
+any special considerations, and thats OK, since its our only usage
+model.
+
+Signed-off-by: Jordan Crouse <jordan.crouse@amd.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+---
+
+ drivers/crypto/geode-aes.c |   12 +++++++++---
+ drivers/crypto/geode-aes.h |    3 +--
+ 2 files changed, 10 insertions(+), 5 deletions(-)
+
+--- linux-2.6.21.2.orig/drivers/crypto/geode-aes.c
++++ linux-2.6.21.2/drivers/crypto/geode-aes.c
+@@ -102,10 +102,15 @@ geode_aes_crypt(struct geode_aes_op *op)
+       u32 flags = 0;
+       unsigned long iflags;
+ 
+-      if (op->len == 0 || op->src == op->dst)
++      if (op->len == 0)
+               return 0;
+ 
+-      if (op->flags & AES_FLAGS_COHERENT)
++      /* If the source and destination is the same, then
++       * we need to turn on the coherent flags, otherwise
++       * we don't need to worry
++       */
++
++      if (op->src == op->dst)
+               flags |= (AES_CTRL_DCA | AES_CTRL_SCA);
+ 
+       if (op->dir == AES_DIR_ENCRYPT)
+@@ -120,7 +125,7 @@ geode_aes_crypt(struct geode_aes_op *op)
+               _writefield(AES_WRITEIV0_REG, op->iv);
+       }
+ 
+-      if (op->flags & AES_FLAGS_USRKEY) {
++      if (!(op->flags & AES_FLAGS_HIDDENKEY)) {
+               flags |= AES_CTRL_WRKEY;
+               _writefield(AES_WRITEKEY0_REG, op->key);
+       }
+@@ -289,6 +294,7 @@ static struct crypto_alg geode_cbc_alg =
+                       .setkey                 =       geode_setkey,
+                       .encrypt                =       geode_cbc_encrypt,
+                       .decrypt                =       geode_cbc_decrypt,
++                      .ivsize                 =       AES_IV_LENGTH,
+               }
+       }
+ };
+--- linux-2.6.21.2.orig/drivers/crypto/geode-aes.h
++++ linux-2.6.21.2/drivers/crypto/geode-aes.h
+@@ -20,8 +20,7 @@
+ #define AES_DIR_DECRYPT 0
+ #define AES_DIR_ENCRYPT 1
+ 
+-#define AES_FLAGS_USRKEY   (1 << 0)
+-#define AES_FLAGS_COHERENT (1 << 1)
++#define AES_FLAGS_HIDDENKEY (1 << 0)
+ 
+ struct geode_aes_op {
+ 

diff --git a/releases/2.6.21.3/series b/releases/2.6.21.3/series
new file mode 100644 (file)
index 0000000..f4a2185
--- /dev/null
+++ b/releases/2.6.21.3/series
@@ -0,0 +1 @@
+geode-aes-allow-in-place-operations.patch