mirror of
https://git.yoctoproject.org/poky
synced 2026-05-04 22:39:49 +02:00
01f70f0265
The crypto API for AEAD ciphers changed in recent kernels, so that associated data is now part of both source and destination scatter gathers. The source, destination and associated data buffers need to be stiched accordingly for the operations to succeed. (From OE-Core rev: 76da04571b8cb2241b3f46dec4935ff299639b7d) Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
103 lines
3.1 KiB
Diff
103 lines
3.1 KiB
Diff
From a705360197260d28535746ae98c461ba2cfb7a9e Mon Sep 17 00:00:00 2001
|
|
From: Cristian Stoica <cristian.stoica@nxp.com>
|
|
Date: Thu, 4 May 2017 15:06:22 +0300
|
|
Subject: [PATCH 3/3] convert to new AEAD interface in kernels v4.2+
|
|
|
|
The crypto API for AEAD ciphers changed in recent kernels so that
|
|
associated data is now part of both source and destination scatter
|
|
gathers. The source, destination and associated data buffers need
|
|
to be stiched accordingly for the operations to succeed:
|
|
|
|
src_sg: auth_buf + src_buf
|
|
dst_sg: auth_buf + (dst_buf + tag space)
|
|
|
|
This patch fixes a kernel crash observed with cipher-gcm test.
|
|
|
|
See also kernel patch: 81c4c35eb61a69c229871c490b011c1171511d5a
|
|
crypto: ccm - Convert to new AEAD interface
|
|
|
|
Reported-by: Phil Sutter <phil@nwl.cc>
|
|
Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
|
|
|
|
Upstream-Status: Backport
|
|
|
|
Commit ID: a705360197260d2853574
|
|
|
|
Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com>
|
|
---
|
|
authenc.c | 40 ++++++++++++++++++++++++++++++++++++++--
|
|
1 file changed, 38 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/authenc.c b/authenc.c
|
|
index 95727b4..692951f 100644
|
|
--- a/authenc.c
|
|
+++ b/authenc.c
|
|
@@ -688,12 +688,20 @@ free_auth_buf:
|
|
|
|
static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
|
|
{
|
|
- struct scatterlist *dst_sg, *auth_sg, *src_sg;
|
|
+ struct scatterlist *dst_sg;
|
|
+ struct scatterlist *src_sg;
|
|
struct crypt_auth_op *caop = &kcaop->caop;
|
|
unsigned char *auth_buf = NULL;
|
|
- struct scatterlist tmp;
|
|
int ret;
|
|
|
|
+#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 2, 0))
|
|
+ struct scatterlist tmp;
|
|
+ struct scatterlist *auth_sg;
|
|
+#else
|
|
+ struct scatterlist auth1[2];
|
|
+ struct scatterlist auth2[2];
|
|
+#endif
|
|
+
|
|
if (unlikely(ses_ptr->cdata.init == 0 ||
|
|
(ses_ptr->cdata.stream == 0 && ses_ptr->cdata.aead == 0))) {
|
|
derr(0, "Only stream and AEAD ciphers are allowed for authenc");
|
|
@@ -718,6 +726,7 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut
|
|
goto free_auth_buf;
|
|
}
|
|
|
|
+#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 2, 0))
|
|
if (caop->auth_src && caop->auth_len > 0) {
|
|
if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
|
|
derr(1, "unable to copy auth data from userspace.");
|
|
@@ -733,6 +742,33 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut
|
|
|
|
ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
|
|
src_sg, dst_sg, caop->len);
|
|
+#else
|
|
+ if (caop->auth_src && caop->auth_len > 0) {
|
|
+ if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
|
|
+ derr(1, "unable to copy auth data from userspace.");
|
|
+ ret = -EFAULT;
|
|
+ goto free_pages;
|
|
+ }
|
|
+
|
|
+ sg_init_table(auth1, 2);
|
|
+ sg_set_buf(auth1, auth_buf, caop->auth_len);
|
|
+ sg_chain(auth1, 2, src_sg);
|
|
+
|
|
+ if (src_sg == dst_sg) {
|
|
+ src_sg = auth1;
|
|
+ dst_sg = auth1;
|
|
+ } else {
|
|
+ sg_init_table(auth2, 2);
|
|
+ sg_set_buf(auth2, auth_buf, caop->auth_len);
|
|
+ sg_chain(auth2, 2, dst_sg);
|
|
+ src_sg = auth1;
|
|
+ dst_sg = auth2;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ ret = auth_n_crypt(ses_ptr, kcaop, NULL, caop->auth_len,
|
|
+ src_sg, dst_sg, caop->len);
|
|
+#endif
|
|
|
|
free_pages:
|
|
release_user_pages(ses_ptr);
|
|
--
|
|
2.11.0
|
|
|