Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v5.2.16 2019-09-19T07:11:05+00:00 2019-09-19T07:11:05+00:00 Christophe Leroy christophe.leroy@c-s.fr 2019-05-21T13:34:15+00:00 urn:sha1:71f0dafe61ce593efc40aaf625f937509d66586f commit 4bbfb839259a9c96a0be872e16f7471b7136aee5 upstream. In that mode, hardware ICV verification is not supported. Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr> Fixes: 7405c8d7ff97 ("crypto: talitos - templates for AEAD using HMAC_SNOOP_NO_AFEU") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-09-19T07:11:05+00:00 Christophe Leroy christophe.leroy@c-s.fr 2019-05-21T13:34:14+00:00 urn:sha1:4569457036900e7f48be39efc57ddb9941fe9427 commit 7ede4c36cf7c6516986ee9d75b197c8bf73ea96f upstream. For decrypt, req->cryptlen includes the size of the authentication part while all functions of the driver expect cryptlen to be the size of the encrypted data. As it is not expected to change req->cryptlen, this patch implements local calculation of cryptlen. Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr> Fixes: 9c4a79653b35 ("crypto: talitos - Freescale integrated security engine (SEC) driver") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-09-19T07:11:05+00:00 Christophe Leroy christophe.leroy@c-s.fr 2019-05-21T13:34:13+00:00 urn:sha1:dcefbf43b00340f437364ae3488abe80566d6e75 commit d84cc9c9524ec5973a337533e6d8ccd3e5f05f2b upstream. ECB's ivsize must be 0. Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr> Fixes: 5e75ae1b3cef ("crypto: talitos - add new crypto modes") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-09-19T07:11:04+00:00 Christophe Leroy christophe.leroy@c-s.fr 2019-05-21T13:34:12+00:00 urn:sha1:291d9ef4461442fd6c38acb82d0139df873376ca commit ee483d32ee1a1a7f7d7e918fbc350c790a5af64a upstream. When data size is not a multiple of the alg's block size, the SEC generates an error interrupt and dumps the registers. And for NULL size, the SEC does just nothing and the interrupt is awaited forever. This patch ensures the data size is correct before submitting the request to the SEC engine. Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr> Fixes: 4de9d0b547b9 ("crypto: talitos - Add ablkcipher algorithms") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-09-19T07:11:04+00:00 Christophe Leroy christophe.leroy@c-s.fr 2019-05-21T13:34:11+00:00 urn:sha1:86545794d2e528d677a708e108e95f0fb471d0a6 commit b9a05b6041cb9810a291315569b2af0d63c3680a upstream. CTR has a blocksize of 1. Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr> Fixes: 5e75ae1b3cef ("crypto: talitos - add new crypto modes") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-09-19T07:11:04+00:00 Christophe Leroy christophe.leroy@c-s.fr 2019-05-21T13:34:10+00:00 urn:sha1:808a33cd37dd62603a6b6aabb68783be7118e8f3 commit 1ba34e71e9e56ac29a52e0d42b6290f3dc5bfd90 upstream. Although the HW accepts any size and silently truncates it to the correct length, the extra tests expects EINVAL to be returned when the key size is not valid. Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr> Fixes: 4de9d0b547b9 ("crypto: talitos - Add ablkcipher algorithms") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-09-06T08:23:47+00:00 Gary R Hook gary.hook@amd.com 2019-08-19T22:23:27+00:00 urn:sha1:90ff6dd4ced610dac6c32dbeaa3899aead7b2908 commit 5871cd93692c8071fb9358daccb715b5081316ac upstream. If a CCP is unconfigured (e.g. there are no available queues) then there will be no data structures allocated for the device. Thus, we must check for validity of a pointer before trying to access structure members. Fixes: 720419f01832f ("crypto: ccp - Introduce the AMD Secure Processor device") Cc: <stable@vger.kernel.org> Signed-off-by: Gary R Hook <gary.hook@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-08-16T08:10:51+00:00 Gary R Hook gary.hook@amd.com 2019-07-30T16:05:26+00:00 urn:sha1:dbf56732c4249c0e5e53f2adb24d15542683d6d1 commit e2664ecbb2f26225ac6646876f2899558ffb2604 upstream. AES GCM input buffers for decryption contain AAD+CTEXT+TAG. Only decrypt the ciphertext, and use the tag for comparison. Fixes: 36cf515b9bbe2 ("crypto: ccp - Enable support for AES GCM on v5 CCPs") Cc: <stable@vger.kernel.org> Signed-off-by: Gary R Hook <gary.hook@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-08-16T08:10:51+00:00 Gary R Hook gary.hook@amd.com 2019-07-30T16:05:24+00:00 urn:sha1:9552214366b55878d9b0958f00eea7fc61ca50a2 commit 9f00baf74e4b6f79a3a3dfab44fb7bb2e797b551 upstream. AES GCM encryption allows for authsize values of 4, 8, and 12-16 bytes. Validate the requested authsize, and retain it to save in the request context. Fixes: 36cf515b9bbe2 ("crypto: ccp - Enable support for AES GCM on v5 CCPs") Cc: <stable@vger.kernel.org> Signed-off-by: Gary R Hook <gary.hook@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-08-16T08:10:51+00:00 Gary R Hook gary.hook@amd.com 2019-07-30T16:05:22+00:00 urn:sha1:14c9a32ed2c6450fc2cf7c4147c4c4923de4aff4 commit 25e44338321af545ab34243a6081c3f0fc6107d0 upstream. A plaintext or ciphertext length of 0 is allowed in AES, in which case no encryption occurs. Ensure that we don't clean up data structures that were never allocated. Fixes: 36cf515b9bbe2 ("crypto: ccp - Enable support for AES GCM on v5 CCPs") Cc: <stable@vger.kernel.org> Signed-off-by: Gary R Hook <gary.hook@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>