From 4cb45495937da4689aa91e047531d318bcf8c50d Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@suse.de>
Date: Tue, 7 Dec 2010 12:26:17 -0800
Subject: [PATCH] .32 patches

---
 ...bc-handling-on-odd-block-sized-input.patch | 37 +++++++++++++++++++
 queue-2.6.32/series                           |  1 +
 2 files changed, 38 insertions(+)
 create mode 100644 queue-2.6.32/crypto-padlock-fix-aes-cbc-handling-on-odd-block-sized-input.patch

diff --git a/queue-2.6.32/crypto-padlock-fix-aes-cbc-handling-on-odd-block-sized-input.patch b/queue-2.6.32/crypto-padlock-fix-aes-cbc-handling-on-odd-block-sized-input.patch
new file mode 100644
index 00000000000..70d8b766946
--- /dev/null
+++ b/queue-2.6.32/crypto-padlock-fix-aes-cbc-handling-on-odd-block-sized-input.patch
@@ -0,0 +1,37 @@
+From c054a076a1bd4731820a9c4d638b13d5c9bf5935 Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Thu, 4 Nov 2010 14:38:39 -0400
+Subject: crypto: padlock - Fix AES-CBC handling on odd-block-sized input
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit c054a076a1bd4731820a9c4d638b13d5c9bf5935 upstream.
+
+On certain VIA chipsets AES-CBC requires the input/output to be
+a multiple of 64 bytes.  We had a workaround for this but it was
+buggy as it sent the whole input for processing when it is meant
+to only send the initial number of blocks which makes the rest
+a multiple of 64 bytes.
+
+As expected this causes memory corruption whenever the workaround
+kicks in.
+
+Reported-by: Phil Sutter <phil@nwl.cc>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/crypto/padlock-aes.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/crypto/padlock-aes.c
++++ b/drivers/crypto/padlock-aes.c
+@@ -285,7 +285,7 @@ static inline u8 *padlock_xcrypt_cbc(con
+ 	if (initial)
+ 		asm volatile (".byte 0xf3,0x0f,0xa7,0xd0"	/* rep xcryptcbc */
+ 			      : "+S" (input), "+D" (output), "+a" (iv)
+-			      : "d" (control_word), "b" (key), "c" (count));
++			      : "d" (control_word), "b" (key), "c" (initial));
+ 
+ 	asm volatile (".byte 0xf3,0x0f,0xa7,0xd0"	/* rep xcryptcbc */
+ 		      : "+S" (input), "+D" (output), "+a" (iv)
diff --git a/queue-2.6.32/series b/queue-2.6.32/series
index 1fa30963a82..9785a061900 100644
--- a/queue-2.6.32/series
+++ b/queue-2.6.32/series
@@ -110,5 +110,6 @@ memory-corruption-in-x.25-facilities-parsing.patch
 can-bcm-fix-minor-heap-overflow.patch
 v4l-dvb-ivtvfb-prevent-reading-uninitialized-stack-memory.patch
 x25-prevent-crashing-when-parsing-bad-x.25-facilities.patch
+crypto-padlock-fix-aes-cbc-handling-on-odd-block-sized-input.patch
 net-truncate-recvfrom-and-sendto-length-to-int_max.patch
 net-limit-socket-i-o-iovec-total-length-to-int_max.patch
-- 
2.47.3