Patch "crypto: talitos - fix IPsec cipher in length" has been added to the 4.15-stable tree - Linux-stable-mirror

5 Apr 2018

This is a note to let you know that I've just added the patch titled
crypto: talitos - fix IPsec cipher in length
to the 4.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...
The filename of the patch is:
     crypto-talitos-fix-ipsec-cipher-in-length.patch
and it can be found in the queue-4.15 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let stable@vger.kernel.org know about it.
...
From 2b1227301a8e4729409694e323b72c064c47cb6b Mon Sep 17 00:00:00 2001
From: LEROY Christophe christophe.leroy@c-s.fr
Date: Thu, 22 Mar 2018 10:57:01 +0100
Subject: crypto: talitos - fix IPsec cipher in length
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From: LEROY Christophe christophe.leroy@c-s.fr
commit 2b1227301a8e4729409694e323b72c064c47cb6b upstream.
For SEC 2.x+, cipher in length must contain only the ciphertext length.
In case of using hardware ICV checking, the ICV length is provided via
the "extent" field of the descriptor pointer.
Cc: stable@vger.kernel.org # 4.8+
Fixes: 549bd8bc5987 ("crypto: talitos - Implement AEAD for SEC1 using HMAC_SNOOP_NO_AFEU")
Reported-by: Horia Geantă horia.geanta@nxp.com
Signed-off-by: Christophe Leroy christophe.leroy@c-s.fr
Tested-by: Horia Geantă horia.geanta@nxp.com
Signed-off-by: Herbert Xu herbert@gondor.apana.org.au
Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
---
 drivers/crypto/talitos.c |   36 ++++++++++++++++++++----------------
 1 file changed, 20 insertions(+), 16 deletions(-)

--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -1128,10 +1128,10 @@ next:
    return count;
 }
-static int talitos_sg_map(struct device *dev, struct scatterlist *src,
-		   unsigned int len, struct talitos_edesc *edesc,
-		   struct talitos_ptr *ptr,
-		   int sg_count, unsigned int offset, int tbl_off)
+static int talitos_sg_map_ext(struct device *dev, struct scatterlist *src,
+			      unsigned int len, struct talitos_edesc *edesc,
+			      struct talitos_ptr *ptr, int sg_count,
+			      unsigned int offset, int tbl_off, int elen)
 {
    struct talitos_private *priv = dev_get_drvdata(dev);
    bool is_sec1 = has_ftr_sec1(priv);
@@ -1140,6 +1140,7 @@ static int talitos_sg_map(struct device
    	to_talitos_ptr(ptr, 0, 0, is_sec1);
    	return 1;
    }
+	to_talitos_ptr_ext_set(ptr, elen, is_sec1);
    if (sg_count == 1) {
    	to_talitos_ptr(ptr, sg_dma_address(src) + offset, len, is_sec1);
    	return sg_count;
@@ -1148,7 +1149,7 @@ static int talitos_sg_map(struct device
    	to_talitos_ptr(ptr, edesc->dma_link_tbl + offset, len, is_sec1);
    	return sg_count;
    }
-	sg_count = sg_to_link_tbl_offset(src, sg_count, offset, len,
+	sg_count = sg_to_link_tbl_offset(src, sg_count, offset, len + elen,
    				 &edesc->link_tbl[tbl_off]);
    if (sg_count == 1) {
    	/* Only one segment now, so no link tbl needed*/
@@ -1162,6 +1163,15 @@ static int talitos_sg_map(struct device
    return sg_count;
 }
+static int talitos_sg_map(struct device *dev, struct scatterlist *src,
+			  unsigned int len, struct talitos_edesc *edesc,
+			  struct talitos_ptr *ptr, int sg_count,
+			  unsigned int offset, int tbl_off)
+{
+	return talitos_sg_map_ext(dev, src, len, edesc, ptr, sg_count, offset,
+				  tbl_off, 0);
+}
+
 /*
  * fill in and submit ipsec_esp descriptor
  */
@@ -1179,7 +1189,7 @@ static int ipsec_esp(struct talitos_edes
    unsigned int ivsize = crypto_aead_ivsize(aead);
    int tbl_off = 0;
    int sg_count, ret;
-	int sg_link_tbl_len;
+	int elen = 0;
    bool sync_needed = false;
    struct talitos_private *priv = dev_get_drvdata(dev);
    bool is_sec1 = has_ftr_sec1(priv);
@@ -1221,17 +1231,11 @@ static int ipsec_esp(struct talitos_edes
     * extent is bytes of HMAC postpended to ciphertext,
     * typically 12 for ipsec
     */
-	sg_link_tbl_len = cryptlen;
-
-	if (is_ipsec_esp) {
-		to_talitos_ptr_ext_set(&desc->ptr[4], authsize, is_sec1);
-
-		if (desc->hdr & DESC_HDR_MODE1_MDEU_CICV)
-			sg_link_tbl_len += authsize;
-	}
+	if (is_ipsec_esp && (desc->hdr & DESC_HDR_MODE1_MDEU_CICV))
+		elen = authsize;
-	ret = talitos_sg_map(dev, areq->src, sg_link_tbl_len, edesc,
-			     &desc->ptr[4], sg_count, areq->assoclen, tbl_off);
+	ret = talitos_sg_map_ext(dev, areq->src, cryptlen, edesc, &desc->ptr[4],
+				 sg_count, areq->assoclen, tbl_off, elen);
if (ret > 1) {
    	tbl_off += ret;
Patches currently in stable-queue which might be from christophe.leroy@c-s.fr are
queue-4.15/crypto-talitos-fix-ipsec-cipher-in-length.patch
queue-4.15/crypto-talitos-don-t-persistently-map-req_ctx-hw_context-and-req_ctx-buf.patch

    