| From a705360197260d28535746ae98c461ba2cfb7a9e Mon Sep 17 00:00:00 2001 |
| From: Cristian Stoica <cristian.stoica@nxp.com> |
| Date: Thu, 4 May 2017 15:06:22 +0300 |
| Subject: [PATCH 3/3] convert to new AEAD interface in kernels v4.2+ |
| |
| The crypto API for AEAD ciphers changed in recent kernels so that |
| associated data is now part of both source and destination scatter |
| gathers. The source, destination and associated data buffers need |
| to be stiched accordingly for the operations to succeed: |
| |
| src_sg: auth_buf + src_buf |
| dst_sg: auth_buf + (dst_buf + tag space) |
| |
| This patch fixes a kernel crash observed with cipher-gcm test. |
| |
| See also kernel patch: 81c4c35eb61a69c229871c490b011c1171511d5a |
| crypto: ccm - Convert to new AEAD interface |
| |
| Reported-by: Phil Sutter <phil@nwl.cc> |
| Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> |
| |
| Upstream-Status: Backport |
| |
| Commit ID: a705360197260d2853574 |
| |
| Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com> |
| --- |
| authenc.c | 40 ++++++++++++++++++++++++++++++++++++++-- |
| 1 file changed, 38 insertions(+), 2 deletions(-) |
| |
| diff --git a/authenc.c b/authenc.c |
| index 95727b4..692951f 100644 |
| --- a/authenc.c |
| +++ b/authenc.c |
| @@ -688,12 +688,20 @@ free_auth_buf: |
| |
| static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop) |
| { |
| - struct scatterlist *dst_sg, *auth_sg, *src_sg; |
| + struct scatterlist *dst_sg; |
| + struct scatterlist *src_sg; |
| struct crypt_auth_op *caop = &kcaop->caop; |
| unsigned char *auth_buf = NULL; |
| - struct scatterlist tmp; |
| int ret; |
| |
| +#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 2, 0)) |
| + struct scatterlist tmp; |
| + struct scatterlist *auth_sg; |
| +#else |
| + struct scatterlist auth1[2]; |
| + struct scatterlist auth2[2]; |
| +#endif |
| + |
| if (unlikely(ses_ptr->cdata.init == 0 || |
| (ses_ptr->cdata.stream == 0 && ses_ptr->cdata.aead == 0))) { |
| derr(0, "Only stream and AEAD ciphers are allowed for authenc"); |
| @@ -718,6 +726,7 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut |
| goto free_auth_buf; |
| } |
| |
| +#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 2, 0)) |
| if (caop->auth_src && caop->auth_len > 0) { |
| if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) { |
| derr(1, "unable to copy auth data from userspace."); |
| @@ -733,6 +742,33 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut |
| |
| ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len, |
| src_sg, dst_sg, caop->len); |
| +#else |
| + if (caop->auth_src && caop->auth_len > 0) { |
| + if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) { |
| + derr(1, "unable to copy auth data from userspace."); |
| + ret = -EFAULT; |
| + goto free_pages; |
| + } |
| + |
| + sg_init_table(auth1, 2); |
| + sg_set_buf(auth1, auth_buf, caop->auth_len); |
| + sg_chain(auth1, 2, src_sg); |
| + |
| + if (src_sg == dst_sg) { |
| + src_sg = auth1; |
| + dst_sg = auth1; |
| + } else { |
| + sg_init_table(auth2, 2); |
| + sg_set_buf(auth2, auth_buf, caop->auth_len); |
| + sg_chain(auth2, 2, dst_sg); |
| + src_sg = auth1; |
| + dst_sg = auth2; |
| + } |
| + } |
| + |
| + ret = auth_n_crypt(ses_ptr, kcaop, NULL, caop->auth_len, |
| + src_sg, dst_sg, caop->len); |
| +#endif |
| |
| free_pages: |
| release_user_pages(ses_ptr); |
| -- |
| 2.11.0 |
| |