--- /dev/null
+From 952bce9792e6bf36fda09c2e5718abb5d9327369 Mon Sep 17 00:00:00 2001
+From: Tom Lendacky <thomas.lendacky@amd.com>
+Date: Tue, 12 Jan 2016 11:17:38 -0600
+Subject: crypto: ccp - Add hash state import and export support
+
+From: Tom Lendacky <thomas.lendacky@amd.com>
+
+commit 952bce9792e6bf36fda09c2e5718abb5d9327369 upstream.
+
+Commit 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero")
+added a check to prevent ahash algorithms from successfully registering
+if the import and export functions were not implemented. This prevents
+an oops in the hash_accept function of algif_hash. This commit causes
+the ccp-crypto module SHA support and AES CMAC support from successfully
+registering and causing the ccp-crypto module load to fail because the
+ahash import and export functions are not implemented.
+
+Update the CCP Crypto API support to provide import and export support
+for ahash algorithms.
+
+Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/ccp/ccp-crypto-aes-cmac.c | 23 +++++++++++++++++++++++
+ drivers/crypto/ccp/ccp-crypto-sha.c | 23 +++++++++++++++++++++++
+ 2 files changed, 46 insertions(+)
+
+--- a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
++++ b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
+@@ -201,6 +201,26 @@ static int ccp_aes_cmac_digest(struct ah
+ return ccp_aes_cmac_finup(req);
+ }
+
++static int ccp_aes_cmac_export(struct ahash_request *req, void *out)
++{
++ struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
++ struct ccp_aes_cmac_req_ctx *state = out;
++
++ *state = *rctx;
++
++ return 0;
++}
++
++static int ccp_aes_cmac_import(struct ahash_request *req, const void *in)
++{
++ struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
++ const struct ccp_aes_cmac_req_ctx *state = in;
++
++ *rctx = *state;
++
++ return 0;
++}
++
+ static int ccp_aes_cmac_setkey(struct crypto_ahash *tfm, const u8 *key,
+ unsigned int key_len)
+ {
+@@ -332,10 +352,13 @@ int ccp_register_aes_cmac_algs(struct li
+ alg->final = ccp_aes_cmac_final;
+ alg->finup = ccp_aes_cmac_finup;
+ alg->digest = ccp_aes_cmac_digest;
++ alg->export = ccp_aes_cmac_export;
++ alg->import = ccp_aes_cmac_import;
+ alg->setkey = ccp_aes_cmac_setkey;
+
+ halg = &alg->halg;
+ halg->digestsize = AES_BLOCK_SIZE;
++ halg->statesize = sizeof(struct ccp_aes_cmac_req_ctx);
+
+ base = &halg->base;
+ snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "cmac(aes)");
+--- a/drivers/crypto/ccp/ccp-crypto-sha.c
++++ b/drivers/crypto/ccp/ccp-crypto-sha.c
+@@ -257,6 +257,26 @@ static int ccp_sha_digest(struct ahash_r
+ return ccp_sha_finup(req);
+ }
+
++static int ccp_sha_export(struct ahash_request *req, void *out)
++{
++ struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
++ struct ccp_sha_req_ctx *state = out;
++
++ *state = *rctx;
++
++ return 0;
++}
++
++static int ccp_sha_import(struct ahash_request *req, const void *in)
++{
++ struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
++ const struct ccp_sha_req_ctx *state = in;
++
++ *rctx = *state;
++
++ return 0;
++}
++
+ static int ccp_sha_setkey(struct crypto_ahash *tfm, const u8 *key,
+ unsigned int key_len)
+ {
+@@ -469,9 +489,12 @@ static int ccp_register_sha_alg(struct l
+ alg->final = ccp_sha_final;
+ alg->finup = ccp_sha_finup;
+ alg->digest = ccp_sha_digest;
++ alg->export = ccp_sha_export;
++ alg->import = ccp_sha_import;
+
+ halg = &alg->halg;
+ halg->digestsize = def->digest_size;
++ halg->statesize = sizeof(struct ccp_sha_req_ctx);
+
+ base = &halg->base;
+ snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "%s", def->name);
--- /dev/null
+From b31dde2a5cb1bf764282abf934266b7193c2bc7c Mon Sep 17 00:00:00 2001
+From: Tom Lendacky <thomas.lendacky@amd.com>
+Date: Tue, 2 Feb 2016 11:38:21 -0600
+Subject: crypto: ccp - Don't assume export/import areas are aligned
+
+From: Tom Lendacky <thomas.lendacky@amd.com>
+
+commit b31dde2a5cb1bf764282abf934266b7193c2bc7c upstream.
+
+Use a local variable for the exported and imported state so that
+alignment is not an issue. On export, set a local variable from the
+request context and then memcpy the contents of the local variable to
+the export memory area. On import, memcpy the import memory area into
+a local variable and then use the local variable to set the request
+context.
+
+Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/ccp/ccp-crypto-aes-cmac.c | 26 ++++++++++++++---------
+ drivers/crypto/ccp/ccp-crypto-sha.c | 34 ++++++++++++++++++-------------
+ 2 files changed, 36 insertions(+), 24 deletions(-)
+
+--- a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
++++ b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
+@@ -204,12 +204,15 @@ static int ccp_aes_cmac_digest(struct ah
+ static int ccp_aes_cmac_export(struct ahash_request *req, void *out)
+ {
+ struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
+- struct ccp_aes_cmac_exp_ctx *state = out;
++ struct ccp_aes_cmac_exp_ctx state;
+
+- state->null_msg = rctx->null_msg;
+- memcpy(state->iv, rctx->iv, sizeof(state->iv));
+- state->buf_count = rctx->buf_count;
+- memcpy(state->buf, rctx->buf, sizeof(state->buf));
++ state.null_msg = rctx->null_msg;
++ memcpy(state.iv, rctx->iv, sizeof(state.iv));
++ state.buf_count = rctx->buf_count;
++ memcpy(state.buf, rctx->buf, sizeof(state.buf));
++
++ /* 'out' may not be aligned so memcpy from local variable */
++ memcpy(out, &state, sizeof(state));
+
+ return 0;
+ }
+@@ -217,12 +220,15 @@ static int ccp_aes_cmac_export(struct ah
+ static int ccp_aes_cmac_import(struct ahash_request *req, const void *in)
+ {
+ struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
+- const struct ccp_aes_cmac_exp_ctx *state = in;
++ struct ccp_aes_cmac_exp_ctx state;
++
++ /* 'in' may not be aligned so memcpy to local variable */
++ memcpy(&state, in, sizeof(state));
+
+- rctx->null_msg = state->null_msg;
+- memcpy(rctx->iv, state->iv, sizeof(rctx->iv));
+- rctx->buf_count = state->buf_count;
+- memcpy(rctx->buf, state->buf, sizeof(rctx->buf));
++ rctx->null_msg = state.null_msg;
++ memcpy(rctx->iv, state.iv, sizeof(rctx->iv));
++ rctx->buf_count = state.buf_count;
++ memcpy(rctx->buf, state.buf, sizeof(rctx->buf));
+
+ return 0;
+ }
+--- a/drivers/crypto/ccp/ccp-crypto-sha.c
++++ b/drivers/crypto/ccp/ccp-crypto-sha.c
+@@ -260,14 +260,17 @@ static int ccp_sha_digest(struct ahash_r
+ static int ccp_sha_export(struct ahash_request *req, void *out)
+ {
+ struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
+- struct ccp_sha_exp_ctx *state = out;
++ struct ccp_sha_exp_ctx state;
+
+- state->type = rctx->type;
+- state->msg_bits = rctx->msg_bits;
+- state->first = rctx->first;
+- memcpy(state->ctx, rctx->ctx, sizeof(state->ctx));
+- state->buf_count = rctx->buf_count;
+- memcpy(state->buf, rctx->buf, sizeof(state->buf));
++ state.type = rctx->type;
++ state.msg_bits = rctx->msg_bits;
++ state.first = rctx->first;
++ memcpy(state.ctx, rctx->ctx, sizeof(state.ctx));
++ state.buf_count = rctx->buf_count;
++ memcpy(state.buf, rctx->buf, sizeof(state.buf));
++
++ /* 'out' may not be aligned so memcpy from local variable */
++ memcpy(out, &state, sizeof(state));
+
+ return 0;
+ }
+@@ -275,14 +278,17 @@ static int ccp_sha_export(struct ahash_r
+ static int ccp_sha_import(struct ahash_request *req, const void *in)
+ {
+ struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
+- const struct ccp_sha_exp_ctx *state = in;
++ struct ccp_sha_exp_ctx state;
++
++ /* 'in' may not be aligned so memcpy to local variable */
++ memcpy(&state, in, sizeof(state));
+
+- rctx->type = state->type;
+- rctx->msg_bits = state->msg_bits;
+- rctx->first = state->first;
+- memcpy(rctx->ctx, state->ctx, sizeof(rctx->ctx));
+- rctx->buf_count = state->buf_count;
+- memcpy(rctx->buf, state->buf, sizeof(rctx->buf));
++ rctx->type = state.type;
++ rctx->msg_bits = state.msg_bits;
++ rctx->first = state.first;
++ memcpy(rctx->ctx, state.ctx, sizeof(rctx->ctx));
++ rctx->buf_count = state.buf_count;
++ memcpy(rctx->buf, state.buf, sizeof(rctx->buf));
+
+ return 0;
+ }
--- /dev/null
+From d1662165ae612ec8b5f94a6b07e65ea58b6dce34 Mon Sep 17 00:00:00 2001
+From: Tom Lendacky <thomas.lendacky@amd.com>
+Date: Fri, 29 Jan 2016 12:45:14 -0600
+Subject: crypto: ccp - Limit the amount of information exported
+
+From: Tom Lendacky <thomas.lendacky@amd.com>
+
+commit d1662165ae612ec8b5f94a6b07e65ea58b6dce34 upstream.
+
+Since the exported information can be exposed to user-space, instead of
+exporting the entire request context only export the minimum information
+needed.
+
+Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/ccp/ccp-crypto-aes-cmac.c | 16 +++++++++++-----
+ drivers/crypto/ccp/ccp-crypto-sha.c | 20 +++++++++++++++-----
+ drivers/crypto/ccp/ccp-crypto.h | 22 ++++++++++++++++++++++
+ 3 files changed, 48 insertions(+), 10 deletions(-)
+
+--- a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
++++ b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
+@@ -204,9 +204,12 @@ static int ccp_aes_cmac_digest(struct ah
+ static int ccp_aes_cmac_export(struct ahash_request *req, void *out)
+ {
+ struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
+- struct ccp_aes_cmac_req_ctx *state = out;
++ struct ccp_aes_cmac_exp_ctx *state = out;
+
+- *state = *rctx;
++ state->null_msg = rctx->null_msg;
++ memcpy(state->iv, rctx->iv, sizeof(state->iv));
++ state->buf_count = rctx->buf_count;
++ memcpy(state->buf, rctx->buf, sizeof(state->buf));
+
+ return 0;
+ }
+@@ -214,9 +217,12 @@ static int ccp_aes_cmac_export(struct ah
+ static int ccp_aes_cmac_import(struct ahash_request *req, const void *in)
+ {
+ struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
+- const struct ccp_aes_cmac_req_ctx *state = in;
++ const struct ccp_aes_cmac_exp_ctx *state = in;
+
+- *rctx = *state;
++ rctx->null_msg = state->null_msg;
++ memcpy(rctx->iv, state->iv, sizeof(rctx->iv));
++ rctx->buf_count = state->buf_count;
++ memcpy(rctx->buf, state->buf, sizeof(rctx->buf));
+
+ return 0;
+ }
+@@ -358,7 +364,7 @@ int ccp_register_aes_cmac_algs(struct li
+
+ halg = &alg->halg;
+ halg->digestsize = AES_BLOCK_SIZE;
+- halg->statesize = sizeof(struct ccp_aes_cmac_req_ctx);
++ halg->statesize = sizeof(struct ccp_aes_cmac_exp_ctx);
+
+ base = &halg->base;
+ snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "cmac(aes)");
+--- a/drivers/crypto/ccp/ccp-crypto-sha.c
++++ b/drivers/crypto/ccp/ccp-crypto-sha.c
+@@ -260,9 +260,14 @@ static int ccp_sha_digest(struct ahash_r
+ static int ccp_sha_export(struct ahash_request *req, void *out)
+ {
+ struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
+- struct ccp_sha_req_ctx *state = out;
++ struct ccp_sha_exp_ctx *state = out;
+
+- *state = *rctx;
++ state->type = rctx->type;
++ state->msg_bits = rctx->msg_bits;
++ state->first = rctx->first;
++ memcpy(state->ctx, rctx->ctx, sizeof(state->ctx));
++ state->buf_count = rctx->buf_count;
++ memcpy(state->buf, rctx->buf, sizeof(state->buf));
+
+ return 0;
+ }
+@@ -270,9 +275,14 @@ static int ccp_sha_export(struct ahash_r
+ static int ccp_sha_import(struct ahash_request *req, const void *in)
+ {
+ struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
+- const struct ccp_sha_req_ctx *state = in;
++ const struct ccp_sha_exp_ctx *state = in;
+
+- *rctx = *state;
++ rctx->type = state->type;
++ rctx->msg_bits = state->msg_bits;
++ rctx->first = state->first;
++ memcpy(rctx->ctx, state->ctx, sizeof(rctx->ctx));
++ rctx->buf_count = state->buf_count;
++ memcpy(rctx->buf, state->buf, sizeof(rctx->buf));
+
+ return 0;
+ }
+@@ -494,7 +504,7 @@ static int ccp_register_sha_alg(struct l
+
+ halg = &alg->halg;
+ halg->digestsize = def->digest_size;
+- halg->statesize = sizeof(struct ccp_sha_req_ctx);
++ halg->statesize = sizeof(struct ccp_sha_exp_ctx);
+
+ base = &halg->base;
+ snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "%s", def->name);
+--- a/drivers/crypto/ccp/ccp-crypto.h
++++ b/drivers/crypto/ccp/ccp-crypto.h
+@@ -132,6 +132,15 @@ struct ccp_aes_cmac_req_ctx {
+ struct ccp_cmd cmd;
+ };
+
++struct ccp_aes_cmac_exp_ctx {
++ unsigned int null_msg;
++
++ u8 iv[AES_BLOCK_SIZE];
++
++ unsigned int buf_count;
++ u8 buf[AES_BLOCK_SIZE];
++};
++
+ /***** SHA related defines *****/
+ #define MAX_SHA_CONTEXT_SIZE SHA256_DIGEST_SIZE
+ #define MAX_SHA_BLOCK_SIZE SHA256_BLOCK_SIZE
+@@ -174,6 +183,19 @@ struct ccp_sha_req_ctx {
+ struct ccp_cmd cmd;
+ };
+
++struct ccp_sha_exp_ctx {
++ enum ccp_sha_type type;
++
++ u64 msg_bits;
++
++ unsigned int first;
++
++ u8 ctx[MAX_SHA_CONTEXT_SIZE];
++
++ unsigned int buf_count;
++ u8 buf[MAX_SHA_BLOCK_SIZE];
++};
++
+ /***** Common Context Structure *****/
+ struct ccp_ctx {
+ int (*complete)(struct crypto_async_request *req, int ret);
--- /dev/null
+From ce0ae266feaf35930394bd770c69778e4ef03ba9 Mon Sep 17 00:00:00 2001
+From: Tom Lendacky <thomas.lendacky@amd.com>
+Date: Thu, 25 Feb 2016 16:48:13 -0600
+Subject: crypto: ccp - memset request context to zero during import
+
+From: Tom Lendacky <thomas.lendacky@amd.com>
+
+commit ce0ae266feaf35930394bd770c69778e4ef03ba9 upstream.
+
+Since a crypto_ahash_import() can be called against a request context
+that has not had a crypto_ahash_init() performed, the request context
+needs to be cleared to insure there is no random data present. If not,
+the random data can result in a kernel oops during crypto_ahash_update().
+
+Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/ccp/ccp-crypto-aes-cmac.c | 1 +
+ drivers/crypto/ccp/ccp-crypto-sha.c | 1 +
+ 2 files changed, 2 insertions(+)
+
+--- a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
++++ b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
+@@ -225,6 +225,7 @@ static int ccp_aes_cmac_import(struct ah
+ /* 'in' may not be aligned so memcpy to local variable */
+ memcpy(&state, in, sizeof(state));
+
++ memset(rctx, 0, sizeof(*rctx));
+ rctx->null_msg = state.null_msg;
+ memcpy(rctx->iv, state.iv, sizeof(rctx->iv));
+ rctx->buf_count = state.buf_count;
+--- a/drivers/crypto/ccp/ccp-crypto-sha.c
++++ b/drivers/crypto/ccp/ccp-crypto-sha.c
+@@ -283,6 +283,7 @@ static int ccp_sha_import(struct ahash_r
+ /* 'in' may not be aligned so memcpy to local variable */
+ memcpy(&state, in, sizeof(state));
+
++ memset(rctx, 0, sizeof(*rctx));
+ rctx->type = state.type;
+ rctx->msg_bits = state.msg_bits;
+ rctx->first = state.first;
bluetooth-btusb-add-new-ar3012-id-13d3-3395.patch
bluetooth-btusb-add-a-new-ar3012-id-04ca-3014.patch
bluetooth-btusb-add-a-new-ar3012-id-13d3-3472.patch
+crypto-ccp-add-hash-state-import-and-export-support.patch
+crypto-ccp-limit-the-amount-of-information-exported.patch
+crypto-ccp-don-t-assume-export-import-areas-are-aligned.patch
+crypto-ccp-memset-request-context-to-zero-during-import.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
