--- /dev/null
+From c054a076a1bd4731820a9c4d638b13d5c9bf5935 Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Thu, 4 Nov 2010 14:38:39 -0400
+Subject: crypto: padlock - Fix AES-CBC handling on odd-block-sized input
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit c054a076a1bd4731820a9c4d638b13d5c9bf5935 upstream.
+
+On certain VIA chipsets AES-CBC requires the input/output to be
+a multiple of 64 bytes. We had a workaround for this but it was
+buggy as it sent the whole input for processing when it is meant
+to only send the initial number of blocks which makes the rest
+a multiple of 64 bytes.
+
+As expected this causes memory corruption whenever the workaround
+kicks in.
+
+Reported-by: Phil Sutter <phil@nwl.cc>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/crypto/padlock-aes.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/crypto/padlock-aes.c
++++ b/drivers/crypto/padlock-aes.c
+@@ -285,7 +285,7 @@ static inline u8 *padlock_xcrypt_cbc(con
+ if (initial)
+ asm volatile (".byte 0xf3,0x0f,0xa7,0xd0" /* rep xcryptcbc */
+ : "+S" (input), "+D" (output), "+a" (iv)
+- : "d" (control_word), "b" (key), "c" (count));
++ : "d" (control_word), "b" (key), "c" (initial));
+
+ asm volatile (".byte 0xf3,0x0f,0xa7,0xd0" /* rep xcryptcbc */
+ : "+S" (input), "+D" (output), "+a" (iv)
can-bcm-fix-minor-heap-overflow.patch
v4l-dvb-ivtvfb-prevent-reading-uninitialized-stack-memory.patch
x25-prevent-crashing-when-parsing-bad-x.25-facilities.patch
+crypto-padlock-fix-aes-cbc-handling-on-odd-block-sized-input.patch
net-truncate-recvfrom-and-sendto-length-to-int_max.patch
net-limit-socket-i-o-iovec-total-length-to-int_max.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
