From 78c5c6cec7fc5d1dfe1f7a9da5bc4a7036f21b1c Mon Sep 17 00:00:00 2001 From: Chris Wright Date: Thu, 24 May 2007 15:55:00 -0700 Subject: [PATCH] 2.6.21.3 release with geode-aes security fix --- .../geode-aes-allow-in-place-operations.patch | 73 +++++++++++++++++++ releases/2.6.21.3/series | 1 + 2 files changed, 74 insertions(+) create mode 100644 releases/2.6.21.3/geode-aes-allow-in-place-operations.patch create mode 100644 releases/2.6.21.3/series diff --git a/releases/2.6.21.3/geode-aes-allow-in-place-operations.patch b/releases/2.6.21.3/geode-aes-allow-in-place-operations.patch new file mode 100644 index 00000000000..6af81db845a --- /dev/null +++ b/releases/2.6.21.3/geode-aes-allow-in-place-operations.patch @@ -0,0 +1,73 @@ +From stable-bounces@linux.kernel.org Thu May 24 04:36:51 2007 +Date: Thu, 24 May 2007 21:36:35 +1000 +From: Herbert Xu +To: stable@kernel.org +Message-ID: <20070524113635.GA9924@gondor.apana.org.au> +Subject: GEODE-AES: Allow in-place operations [CVE-2007-2451] + +From: Jordan Crouse + +Allow in-place crypto operations. Also remove the coherent user flag +(we use it automagically now), and by default use the user written +key rather then the HW hidden key - this makes crypto just work without +any special considerations, and thats OK, since its our only usage +model. + +Signed-off-by: Jordan Crouse +Signed-off-by: Herbert Xu +Signed-off-by: Chris Wright +--- + + drivers/crypto/geode-aes.c | 12 +++++++++--- + drivers/crypto/geode-aes.h | 3 +-- + 2 files changed, 10 insertions(+), 5 deletions(-) + +--- linux-2.6.21.2.orig/drivers/crypto/geode-aes.c ++++ linux-2.6.21.2/drivers/crypto/geode-aes.c +@@ -102,10 +102,15 @@ geode_aes_crypt(struct geode_aes_op *op) + u32 flags = 0; + unsigned long iflags; + +- if (op->len == 0 || op->src == op->dst) ++ if (op->len == 0) + return 0; + +- if (op->flags & AES_FLAGS_COHERENT) ++ /* If the source and destination is the same, then ++ * we need to turn on the coherent flags, otherwise ++ * we don't need to worry ++ */ ++ ++ if (op->src == op->dst) + flags |= (AES_CTRL_DCA | AES_CTRL_SCA); + + if (op->dir == AES_DIR_ENCRYPT) +@@ -120,7 +125,7 @@ geode_aes_crypt(struct geode_aes_op *op) + _writefield(AES_WRITEIV0_REG, op->iv); + } + +- if (op->flags & AES_FLAGS_USRKEY) { ++ if (!(op->flags & AES_FLAGS_HIDDENKEY)) { + flags |= AES_CTRL_WRKEY; + _writefield(AES_WRITEKEY0_REG, op->key); + } +@@ -289,6 +294,7 @@ static struct crypto_alg geode_cbc_alg = + .setkey = geode_setkey, + .encrypt = geode_cbc_encrypt, + .decrypt = geode_cbc_decrypt, ++ .ivsize = AES_IV_LENGTH, + } + } + }; +--- linux-2.6.21.2.orig/drivers/crypto/geode-aes.h ++++ linux-2.6.21.2/drivers/crypto/geode-aes.h +@@ -20,8 +20,7 @@ + #define AES_DIR_DECRYPT 0 + #define AES_DIR_ENCRYPT 1 + +-#define AES_FLAGS_USRKEY (1 << 0) +-#define AES_FLAGS_COHERENT (1 << 1) ++#define AES_FLAGS_HIDDENKEY (1 << 0) + + struct geode_aes_op { + diff --git a/releases/2.6.21.3/series b/releases/2.6.21.3/series new file mode 100644 index 00000000000..f4a2185a904 --- /dev/null +++ b/releases/2.6.21.3/series @@ -0,0 +1 @@ +geode-aes-allow-in-place-operations.patch -- 2.47.2