From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 28 Oct 2016 17:58:43 +0000 (-0400)
Subject: 4.4-stable patches
X-Git-Tag: v4.4.29~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b982339ddc576616745eca53826d385d810d4c80;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	crypto-arm-ghash-ce-add-missing-async-import-export.patch
	crypto-gcm-fix-iv-buffer-size-in-crypto_gcm_setkey.patch
---

diff --git a/queue-4.4/crypto-arm-ghash-ce-add-missing-async-import-export.patch b/queue-4.4/crypto-arm-ghash-ce-add-missing-async-import-export.patch
new file mode 100644
index 00000000000..99f7280eee1
--- /dev/null
+++ b/queue-4.4/crypto-arm-ghash-ce-add-missing-async-import-export.patch
@@ -0,0 +1,64 @@
+From ed4767d612fd2c39e2c4c69eba484c1219dcddb6 Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Date: Thu, 1 Sep 2016 14:25:42 +0100
+Subject: crypto: arm/ghash-ce - add missing async import/export
+
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+
+commit ed4767d612fd2c39e2c4c69eba484c1219dcddb6 upstream.
+
+Since commit 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero"),
+all ahash drivers are required to implement import()/export(), and must have
+a non-zero statesize. Fix this for the ARM Crypto Extensions GHASH
+implementation.
+
+Fixes: 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero")
+Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/crypto/ghash-ce-glue.c |   24 ++++++++++++++++++++++++
+ 1 file changed, 24 insertions(+)
+
+--- a/arch/arm/crypto/ghash-ce-glue.c
++++ b/arch/arm/crypto/ghash-ce-glue.c
+@@ -226,6 +226,27 @@ static int ghash_async_digest(struct aha
+ 	}
+ }
+ 
++static int ghash_async_import(struct ahash_request *req, const void *in)
++{
++	struct ahash_request *cryptd_req = ahash_request_ctx(req);
++	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
++	struct ghash_async_ctx *ctx = crypto_ahash_ctx(tfm);
++	struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
++
++	desc->tfm = cryptd_ahash_child(ctx->cryptd_tfm);
++	desc->flags = req->base.flags;
++
++	return crypto_shash_import(desc, in);
++}
++
++static int ghash_async_export(struct ahash_request *req, void *out)
++{
++	struct ahash_request *cryptd_req = ahash_request_ctx(req);
++	struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
++
++	return crypto_shash_export(desc, out);
++}
++
+ static int ghash_async_setkey(struct crypto_ahash *tfm, const u8 *key,
+ 			      unsigned int keylen)
+ {
+@@ -274,7 +295,10 @@ static struct ahash_alg ghash_async_alg
+ 	.final			= ghash_async_final,
+ 	.setkey			= ghash_async_setkey,
+ 	.digest			= ghash_async_digest,
++	.import			= ghash_async_import,
++	.export			= ghash_async_export,
+ 	.halg.digestsize	= GHASH_DIGEST_SIZE,
++	.halg.statesize		= sizeof(struct ghash_desc_ctx),
+ 	.halg.base		= {
+ 		.cra_name	= "ghash",
+ 		.cra_driver_name = "ghash-ce",
diff --git a/queue-4.4/crypto-gcm-fix-iv-buffer-size-in-crypto_gcm_setkey.patch b/queue-4.4/crypto-gcm-fix-iv-buffer-size-in-crypto_gcm_setkey.patch
new file mode 100644
index 00000000000..2b63a10db52
--- /dev/null
+++ b/queue-4.4/crypto-gcm-fix-iv-buffer-size-in-crypto_gcm_setkey.patch
@@ -0,0 +1,35 @@
+From 50d2e6dc1f83db0563c7d6603967bf9585ce934b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ondrej=20Mosn=C3=A1=C4=8Dek?= <omosnacek@gmail.com>
+Date: Fri, 23 Sep 2016 10:47:32 +0200
+Subject: crypto: gcm - Fix IV buffer size in crypto_gcm_setkey
+
+From: Ondrej MosnÃ¡Äek <omosnacek@gmail.com>
+
+commit 50d2e6dc1f83db0563c7d6603967bf9585ce934b upstream.
+
+The cipher block size for GCM is 16 bytes, and thus the CTR transform
+used in crypto_gcm_setkey() will also expect a 16-byte IV. However,
+the code currently reserves only 8 bytes for the IV, causing
+an out-of-bounds access in the CTR transform. This patch fixes
+the issue by setting the size of the IV buffer to 16 bytes.
+
+Fixes: 84c911523020 ("[CRYPTO] gcm: Add support for async ciphers")
+Signed-off-by: Ondrej Mosnacek <omosnacek@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/gcm.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/crypto/gcm.c
++++ b/crypto/gcm.c
+@@ -117,7 +117,7 @@ static int crypto_gcm_setkey(struct cryp
+ 	struct crypto_ablkcipher *ctr = ctx->ctr;
+ 	struct {
+ 		be128 hash;
+-		u8 iv[8];
++		u8 iv[16];
+ 
+ 		struct crypto_gcm_setkey_result result;
+ 
diff --git a/queue-4.4/series b/queue-4.4/series
index 3f83ce7d3a3..7ec2f9b6b3f 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -27,3 +27,5 @@ uio-fix-dmem_region_start-computation.patch
 arm-clk-imx35-fix-name-for-ckil-clk.patch
 spi-spi-fsl-dspi-drop-extra-spi_master_put-in-device-remove-function.patch
 mwifiex-correct-aid-value-during-tdls-setup.patch
+crypto-gcm-fix-iv-buffer-size-in-crypto_gcm_setkey.patch
+crypto-arm-ghash-ce-add-missing-async-import-export.patch