From: Sasha Levin Date: Tue, 23 Apr 2019 15:45:12 +0000 (-0400) Subject: patches for 3.18 X-Git-Tag: v3.18.139~45^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e53ada87b75731163048316bb03bcfe63aab0915;p=thirdparty%2Fkernel%2Fstable-queue.git patches for 3.18 Signed-off-by: Sasha Levin --- diff --git a/queue-3.18/crypto-crypto4xx-properly-set-iv-after-de-and-encryp.patch b/queue-3.18/crypto-crypto4xx-properly-set-iv-after-de-and-encryp.patch new file mode 100644 index 00000000000..af3212fe9b8 --- /dev/null +++ b/queue-3.18/crypto-crypto4xx-properly-set-iv-after-de-and-encryp.patch @@ -0,0 +1,81 @@ +From 037513e385bda32145f43685093cc96469cc2ebd Mon Sep 17 00:00:00 2001 +From: Christian Lamparter +Date: Thu, 19 Apr 2018 18:41:55 +0200 +Subject: crypto: crypto4xx - properly set IV after de- and encrypt + +[ Upstream commit fc340115ffb8235c1bbd200c28855e6373d0dd1a ] + +This patch fixes cts(cbc(aes)) test when cbc-aes-ppc4xx is used. +alg: skcipher: Test 1 failed (invalid result) on encryption for cts(cbc-aes-ppc4xx) +00000000: 4b 10 75 fc 2f 14 1b 6a 27 35 37 33 d1 b7 70 05 +00000010: 97 +alg: skcipher: Failed to load transform for cts(cbc(aes)): -2 + +The CTS cipher mode expect the IV (req->iv) of skcipher_request +to contain the last ciphertext block after the {en,de}crypt +operation is complete. + +Fix this issue for the AMCC Crypto4xx hardware engine. +The tcrypt test case for cts(cbc(aes)) is now correctly passed. + +name : cts(cbc(aes)) +driver : cts(cbc-aes-ppc4xx) +module : cts +priority : 300 +refcnt : 1 +selftest : passed +internal : no +type : skcipher +async : yes +blocksize : 16 +min keysize : 16 +max keysize : 32 +ivsize : 16 +chunksize : 16 +walksize : 16 + +Signed-off-by: Christian Lamparter +Signed-off-by: Herbert Xu +Signed-off-by: Sasha Levin +--- + drivers/crypto/amcc/crypto4xx_alg.c | 3 ++- + drivers/crypto/amcc/crypto4xx_core.c | 9 +++++++++ + 2 files changed, 11 insertions(+), 1 deletion(-) + +diff --git a/drivers/crypto/amcc/crypto4xx_alg.c b/drivers/crypto/amcc/crypto4xx_alg.c +index 4afca3968773..e3b8bebfdd30 100644 +--- a/drivers/crypto/amcc/crypto4xx_alg.c ++++ b/drivers/crypto/amcc/crypto4xx_alg.c +@@ -138,7 +138,8 @@ static int crypto4xx_setkey_aes(struct crypto_ablkcipher *cipher, + sa = (struct dynamic_sa_ctl *) ctx->sa_in; + ctx->hash_final = 0; + +- set_dynamic_sa_command_0(sa, SA_NOT_SAVE_HASH, SA_NOT_SAVE_IV, ++ set_dynamic_sa_command_0(sa, SA_NOT_SAVE_HASH, (cm == CRYPTO_MODE_CBC ? ++ SA_SAVE_IV : SA_NOT_SAVE_IV), + SA_LOAD_HASH_FROM_SA, SA_LOAD_IV_FROM_STATE, + SA_NO_HEADER_PROC, SA_HASH_ALG_NULL, + SA_CIPHER_ALG_AES, SA_PAD_TYPE_ZERO, +diff --git a/drivers/crypto/amcc/crypto4xx_core.c b/drivers/crypto/amcc/crypto4xx_core.c +index 45df1c74fa03..f8fd4f5f0f1a 100644 +--- a/drivers/crypto/amcc/crypto4xx_core.c ++++ b/drivers/crypto/amcc/crypto4xx_core.c +@@ -645,6 +645,15 @@ static u32 crypto4xx_ablkcipher_done(struct crypto4xx_device *dev, + addr = dma_map_page(dev->core_dev->device, sg_page(dst), + dst->offset, dst->length, DMA_FROM_DEVICE); + } ++ ++ if (pd_uinfo->sa_va->sa_command_0.bf.save_iv == SA_SAVE_IV) { ++ struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req); ++ ++ crypto4xx_memcpy_from_le32((u32 *)req->iv, ++ pd_uinfo->sr_va->save_iv, ++ crypto_skcipher_ivsize(skcipher)); ++ } ++ + crypto4xx_ret_sg_desc(dev, pd_uinfo); + if (ablk_req->base.complete != NULL) + ablk_req->base.complete(&ablk_req->base, 0); +-- +2.19.1 + diff --git a/queue-3.18/series b/queue-3.18/series index 0930bef5e23..7f75c8fea37 100644 --- a/queue-3.18/series +++ b/queue-3.18/series @@ -85,3 +85,5 @@ lib-div64.c-off-by-one-in-shift.patch include-linux-swap.h-use-offsetof-instead-of-custom-.patch inet-update-the-ip-id-generation-algorithm-to-higher-standards.patch appletalk-fix-compile-regression.patch +crypto-crypto4xx-properly-set-iv-after-de-and-encryp.patch +tpm-tpm_i2c_atmel-return-e2big-when-the-transfer-is-.patch diff --git a/queue-3.18/tpm-tpm_i2c_atmel-return-e2big-when-the-transfer-is-.patch b/queue-3.18/tpm-tpm_i2c_atmel-return-e2big-when-the-transfer-is-.patch new file mode 100644 index 00000000000..363f0b362d5 --- /dev/null +++ b/queue-3.18/tpm-tpm_i2c_atmel-return-e2big-when-the-transfer-is-.patch @@ -0,0 +1,44 @@ +From 30a816e9892ee8d170a10c9be123fbad5a5c4c80 Mon Sep 17 00:00:00 2001 +From: Jarkko Sakkinen +Date: Tue, 23 Apr 2019 15:46:59 +0300 +Subject: tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete + +commit 442601e87a4769a8daba4976ec3afa5222ca211d upstream + +Return -E2BIG when the transfer is incomplete. The upper layer does +not retry, so not doing that is incorrect behaviour. + +Cc: stable@vger.kernel.org +Fixes: a2871c62e186 ("tpm: Add support for Atmel I2C TPMs") +Signed-off-by: Jarkko Sakkinen +Reviewed-by: Stefan Berger +Reviewed-by: Jerry Snitselaar +Signed-off-by: Sasha Levin +--- + drivers/char/tpm/tpm_i2c_atmel.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/drivers/char/tpm/tpm_i2c_atmel.c b/drivers/char/tpm/tpm_i2c_atmel.c +index 503a85ae176c..0ea430cc606f 100644 +--- a/drivers/char/tpm/tpm_i2c_atmel.c ++++ b/drivers/char/tpm/tpm_i2c_atmel.c +@@ -65,7 +65,15 @@ static int i2c_atmel_send(struct tpm_chip *chip, u8 *buf, size_t len) + dev_dbg(chip->dev, + "%s(buf=%*ph len=%0zx) -> sts=%d\n", __func__, + (int)min_t(size_t, 64, len), buf, len, status); +- return status; ++ ++ if (status < 0) ++ return status; ++ ++ /* The upper layer does not support incomplete sends. */ ++ if (status != len) ++ return -E2BIG; ++ ++ return 0; + } + + static int i2c_atmel_recv(struct tpm_chip *chip, u8 *buf, size_t count) +-- +2.19.1 +