1 files changed, 54 insertions, 0 deletions
diff --git a/recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch b/recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch
new file mode 100644
index 00000000..1fce5580
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch
@@ -0,0 +1,54 @@
+From ec2529027a6565fdede79e7bda4a0232757acf70 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Wed, 14 Jun 2017 11:23:18 +0300
+Subject: [PATCH 8/9] check session flags early to avoid incorrect failure
+ modes
+This verification of aead flag was incorrectly removed in
+"refactoring: split big function to simplify maintainance"
+20dcf071bc3076ee7db9d603cfbe6a06e86c7d5f
+resulting in an incorrect dispatching of functions.
+Add back this check and at the same time remove the second check from
+the called function which now becomes redundant.
+Add another guard check for aead modes and reject not supported combinations.
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ authenc.c | 11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+diff --git a/authenc.c b/authenc.c
+index 692951f..fc32f43 100644
+--- a/authenc.c
+++ b/authenc.c
+@@ -643,10 +643,6 @@ static int crypto_auth_zc_tls(struct csession *ses_ptr, struct kernel_crypt_auth
+        struct scatterlist tmp;
+        int ret;
+ 
+-       if (unlikely(ses_ptr->cdata.aead != 0)) {
+-               return -EINVAL;
+-       }
+-
+        if (unlikely(caop->auth_len > PAGE_SIZE)) {
+                derr(1, "auth data len is excessive.");
+                return -EINVAL;
+@@ -787,10 +783,13 @@ __crypto_auth_run_zc(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcao
+ 
+        if (caop->flags & COP_FLAG_AEAD_SRTP_TYPE) {
+                ret = crypto_auth_zc_srtp(ses_ptr, kcaop);
+-       } else if (caop->flags & COP_FLAG_AEAD_TLS_TYPE) {
+       } else if (caop->flags & COP_FLAG_AEAD_TLS_TYPE &&
+                  ses_ptr->cdata.aead == 0) {
+                ret = crypto_auth_zc_tls(ses_ptr, kcaop);
+-       } else {
+       } else if (ses_ptr->cdata.aead) {
+                ret = crypto_auth_zc_aead(ses_ptr, kcaop);
+       } else {
+               ret = -EINVAL;
+        }
+ 
+        return ret;
+-- 
+2.7.4

diff --git a/recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch b/recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch new file mode 100644 index 00000000..1fce5580 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch
@@ -0,0 +1,54 @@
	1	From ec2529027a6565fdede79e7bda4a0232757acf70 Mon Sep 17 00:00:00 2001
	2	From: Cristian Stoica <cristian.stoica@nxp.com>
	3	Date: Wed, 14 Jun 2017 11:23:18 +0300
	4	Subject: [PATCH 8/9] check session flags early to avoid incorrect failure
	5	modes
	6
	7	This verification of aead flag was incorrectly removed in
	8	"refactoring: split big function to simplify maintainance"
	9	20dcf071bc3076ee7db9d603cfbe6a06e86c7d5f
	10	resulting in an incorrect dispatching of functions.
	11
	12	Add back this check and at the same time remove the second check from
	13	the called function which now becomes redundant.
	14	Add another guard check for aead modes and reject not supported combinations.
	15
	16	Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
	17	---
	18	authenc.c \| 11 +++++------
	19	1 file changed, 5 insertions(+), 6 deletions(-)
	20
	21	diff --git a/authenc.c b/authenc.c
	22	index 692951f..fc32f43 100644
	23	--- a/authenc.c
	24	+++ b/authenc.c
	25	@@ -643,10 +643,6 @@ static int crypto_auth_zc_tls(struct csession *ses_ptr, struct kernel_crypt_auth
	26	struct scatterlist tmp;
	27	int ret;
	28
	29	- if (unlikely(ses_ptr->cdata.aead != 0)) {
	30	- return -EINVAL;
	31	- }
	32	-
	33	if (unlikely(caop->auth_len > PAGE_SIZE)) {
	34	derr(1, "auth data len is excessive.");
	35	return -EINVAL;
	36	@@ -787,10 +783,13 @@ __crypto_auth_run_zc(struct csession ses_ptr, struct kernel_crypt_auth_op kcao
	37
	38	if (caop->flags & COP_FLAG_AEAD_SRTP_TYPE) {
	39	ret = crypto_auth_zc_srtp(ses_ptr, kcaop);
	40	- } else if (caop->flags & COP_FLAG_AEAD_TLS_TYPE) {
	41	+ } else if (caop->flags & COP_FLAG_AEAD_TLS_TYPE &&
	42	+ ses_ptr->cdata.aead == 0) {
	43	ret = crypto_auth_zc_tls(ses_ptr, kcaop);
	44	- } else {
	45	+ } else if (ses_ptr->cdata.aead) {
	46	ret = crypto_auth_zc_aead(ses_ptr, kcaop);
	47	+ } else {
	48	+ ret = -EINVAL;
	49	}
	50
	51	return ret;
	52	--
	53	2.7.4
	54