| Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame] | 1 | From a705360197260d28535746ae98c461ba2cfb7a9e Mon Sep 17 00:00:00 2001 |
| 2 | From: Cristian Stoica <cristian.stoica@nxp.com> |
| 3 | Date: Thu, 4 May 2017 15:06:22 +0300 |
| 4 | Subject: [PATCH 3/3] convert to new AEAD interface in kernels v4.2+ |
| 5 | |
| 6 | The crypto API for AEAD ciphers changed in recent kernels so that |
| 7 | associated data is now part of both source and destination scatter |
| 8 | gathers. The source, destination and associated data buffers need |
| 9 | to be stiched accordingly for the operations to succeed: |
| 10 | |
| 11 | src_sg: auth_buf + src_buf |
| 12 | dst_sg: auth_buf + (dst_buf + tag space) |
| 13 | |
| 14 | This patch fixes a kernel crash observed with cipher-gcm test. |
| 15 | |
| 16 | See also kernel patch: 81c4c35eb61a69c229871c490b011c1171511d5a |
| 17 | crypto: ccm - Convert to new AEAD interface |
| 18 | |
| 19 | Reported-by: Phil Sutter <phil@nwl.cc> |
| 20 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> |
| 21 | |
| 22 | Upstream-Status: Backport |
| 23 | |
| 24 | Commit ID: a705360197260d2853574 |
| 25 | |
| 26 | Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com> |
| 27 | --- |
| 28 | authenc.c | 40 ++++++++++++++++++++++++++++++++++++++-- |
| 29 | 1 file changed, 38 insertions(+), 2 deletions(-) |
| 30 | |
| 31 | diff --git a/authenc.c b/authenc.c |
| 32 | index 95727b4..692951f 100644 |
| 33 | --- a/authenc.c |
| 34 | +++ b/authenc.c |
| 35 | @@ -688,12 +688,20 @@ free_auth_buf: |
| 36 | |
| 37 | static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop) |
| 38 | { |
| 39 | - struct scatterlist *dst_sg, *auth_sg, *src_sg; |
| 40 | + struct scatterlist *dst_sg; |
| 41 | + struct scatterlist *src_sg; |
| 42 | struct crypt_auth_op *caop = &kcaop->caop; |
| 43 | unsigned char *auth_buf = NULL; |
| 44 | - struct scatterlist tmp; |
| 45 | int ret; |
| 46 | |
| 47 | +#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 2, 0)) |
| 48 | + struct scatterlist tmp; |
| 49 | + struct scatterlist *auth_sg; |
| 50 | +#else |
| 51 | + struct scatterlist auth1[2]; |
| 52 | + struct scatterlist auth2[2]; |
| 53 | +#endif |
| 54 | + |
| 55 | if (unlikely(ses_ptr->cdata.init == 0 || |
| 56 | (ses_ptr->cdata.stream == 0 && ses_ptr->cdata.aead == 0))) { |
| 57 | derr(0, "Only stream and AEAD ciphers are allowed for authenc"); |
| 58 | @@ -718,6 +726,7 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut |
| 59 | goto free_auth_buf; |
| 60 | } |
| 61 | |
| 62 | +#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 2, 0)) |
| 63 | if (caop->auth_src && caop->auth_len > 0) { |
| 64 | if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) { |
| 65 | derr(1, "unable to copy auth data from userspace."); |
| 66 | @@ -733,6 +742,33 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut |
| 67 | |
| 68 | ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len, |
| 69 | src_sg, dst_sg, caop->len); |
| 70 | +#else |
| 71 | + if (caop->auth_src && caop->auth_len > 0) { |
| 72 | + if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) { |
| 73 | + derr(1, "unable to copy auth data from userspace."); |
| 74 | + ret = -EFAULT; |
| 75 | + goto free_pages; |
| 76 | + } |
| 77 | + |
| 78 | + sg_init_table(auth1, 2); |
| 79 | + sg_set_buf(auth1, auth_buf, caop->auth_len); |
| 80 | + sg_chain(auth1, 2, src_sg); |
| 81 | + |
| 82 | + if (src_sg == dst_sg) { |
| 83 | + src_sg = auth1; |
| 84 | + dst_sg = auth1; |
| 85 | + } else { |
| 86 | + sg_init_table(auth2, 2); |
| 87 | + sg_set_buf(auth2, auth_buf, caop->auth_len); |
| 88 | + sg_chain(auth2, 2, dst_sg); |
| 89 | + src_sg = auth1; |
| 90 | + dst_sg = auth2; |
| 91 | + } |
| 92 | + } |
| 93 | + |
| 94 | + ret = auth_n_crypt(ses_ptr, kcaop, NULL, caop->auth_len, |
| 95 | + src_sg, dst_sg, caop->len); |
| 96 | +#endif |
| 97 | |
| 98 | free_pages: |
| 99 | release_user_pages(ses_ptr); |
| 100 | -- |
| 101 | 2.11.0 |
| 102 | |