1 files changed, 147 insertions, 0 deletions
diff --git a/recipes-kernel/cryptodev/sdk_patches/0093-Fix-ablkcipher-algorithms-usage-in-v4.8-kernels.patch b/recipes-kernel/cryptodev/sdk_patches/0093-Fix-ablkcipher-algorithms-usage-in-v4.8-kernels.patch
new file mode 100644
index 00000000..fcf2a3ee
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0093-Fix-ablkcipher-algorithms-usage-in-v4.8-kernels.patch
@@ -0,0 +1,147 @@
+From 871ecc5c5ebfbb9c6e1b17a7ff7a531ed1fab644 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Horia=20Geant=C4=83?= <horia.geanta@nxp.com>
+Date: Wed, 16 Nov 2016 15:38:39 +0200
+Subject: [PATCH 093/104] Fix ablkcipher algorithms usage in v4.8+ kernels
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+ablkcipher API is not completely removed from kernels <= v4.9.
+Thus it's still valid to use ablkcipher algorithms.
+Fix the case when implementers register ablkcipher algorithms
+and cryptodev casts them to skcipher without checking their type.
+Note: alg returned by crypto_ablkcipher_alg() is no longer checked
+to be non-NULL. This is guaranteed by the fact that ablkcipher_tfm
+(out->async.s) is valid.
+Fixes: cb186f682679 ("Support skcipher in addition to ablkcipher API")
+Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
+---
+ cipherapi.h |  4 ----
+ cryptlib.c  | 56 ++++++++++++++++++++++++++++++++++++++++++++------------
+ 2 files changed, 44 insertions(+), 16 deletions(-)
+diff --git a/cipherapi.h b/cipherapi.h
+index 07d9923..b6ed6c2 100644
+--- a/cipherapi.h
+++ b/cipherapi.h
+@@ -6,12 +6,10 @@
+ #if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 8, 0))
+ # include <linux/crypto.h>
+ 
+-typedef struct ablkcipher_alg cryptodev_blkcipher_alg_t;
+ typedef struct crypto_ablkcipher cryptodev_crypto_blkcipher_t;
+ typedef struct ablkcipher_request cryptodev_blkcipher_request_t;
+ 
+ # define cryptodev_crypto_alloc_blkcipher crypto_alloc_ablkcipher
+-# define cryptodev_crypto_blkcipher_alg crypto_ablkcipher_alg
+ # define cryptodev_crypto_blkcipher_blocksize crypto_ablkcipher_blocksize
+ # define cryptodev_crypto_blkcipher_ivsize crypto_ablkcipher_ivsize
+ # define cryptodev_crypto_blkcipher_alignmask crypto_ablkcipher_alignmask
+@@ -37,12 +35,10 @@ static inline void cryptodev_blkcipher_request_free(cryptodev_blkcipher_request_
+ #else
+ #include <crypto/skcipher.h>
+ 
+-typedef struct skcipher_alg cryptodev_blkcipher_alg_t;
+ typedef struct crypto_skcipher cryptodev_crypto_blkcipher_t;
+ typedef struct skcipher_request cryptodev_blkcipher_request_t;
+ 
+ # define cryptodev_crypto_alloc_blkcipher crypto_alloc_skcipher
+-# define cryptodev_crypto_blkcipher_alg crypto_skcipher_alg
+ # define cryptodev_crypto_blkcipher_blocksize crypto_skcipher_blocksize
+ # define cryptodev_crypto_blkcipher_ivsize crypto_skcipher_ivsize
+ # define cryptodev_crypto_blkcipher_alignmask crypto_skcipher_alignmask
+diff --git a/cryptlib.c b/cryptlib.c
+index 558d4b8..dcac3ec 100644
+--- a/cryptlib.c
+++ b/cryptlib.c
+@@ -39,6 +39,7 @@
+ #include "cryptodev_int.h"
+ #include "cipherapi.h"
+ 
+extern const struct crypto_type crypto_givcipher_type;
+ 
+ static void cryptodev_complete(struct crypto_async_request *req, int err)
+ {
+@@ -122,6 +123,19 @@ error:
+        return ret;
+ }
+ 
+/* Was correct key length supplied? */
+static int check_key_size(size_t keylen, const char *alg_name,
+                         unsigned int min_keysize, unsigned int max_keysize)
+{
+       if (max_keysize > 0 && unlikely((keylen < min_keysize) ||
+                                       (keylen > max_keysize))) {
+               ddebug(1, "Wrong keylen '%zu' for algorithm '%s'. Use %u to %u.",
+                      keylen, alg_name, min_keysize, max_keysize);
+               return -EINVAL;
+       }
+
+       return 0;
+}
+ 
+ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
+                                uint8_t *keyp, size_t keylen, int stream, int aead)
+@@ -129,7 +143,12 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
+        int ret;
+ 
+        if (aead == 0) {
+-               cryptodev_blkcipher_alg_t *alg;
+               unsigned int min_keysize, max_keysize;
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 8, 0))
+               struct crypto_tfm *tfm;
+#else
+               struct ablkcipher_alg *alg;
+#endif
+ 
+                out->async.s = cryptodev_crypto_alloc_blkcipher(alg_name, 0, 0);
+                if (unlikely(IS_ERR(out->async.s))) {
+@@ -137,18 +156,31 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
+                                return -EINVAL;
+                }
+ 
+-               alg = cryptodev_crypto_blkcipher_alg(out->async.s);
+-               if (alg != NULL) {
+-                       /* Was correct key length supplied? */
+-                       if (alg->max_keysize > 0 &&
+-                                       unlikely((keylen < alg->min_keysize) ||
+-                                       (keylen > alg->max_keysize))) {
+-                               ddebug(1, "Wrong keylen '%zu' for algorithm '%s'. Use %u to %u.",
+-                                               keylen, alg_name, alg->min_keysize, alg->max_keysize);
+-                               ret = -EINVAL;
+-                               goto error;
+-                       }
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 8, 0))
+               tfm = crypto_skcipher_tfm(out->async.s);
+               if ((tfm->__crt_alg->cra_type == &crypto_ablkcipher_type) ||
+                   (tfm->__crt_alg->cra_type == &crypto_givcipher_type)) {
+                       struct ablkcipher_alg *alg;
+
+                       alg = &tfm->__crt_alg->cra_ablkcipher;
+                       min_keysize = alg->min_keysize;
+                       max_keysize = alg->max_keysize;
+               } else {
+                       struct skcipher_alg *alg;
+
+                       alg = crypto_skcipher_alg(out->async.s);
+                       min_keysize = alg->min_keysize;
+                       max_keysize = alg->max_keysize;
+                }
+#else
+               alg = crypto_ablkcipher_alg(out->async.s);
+               min_keysize = alg->min_keysize;
+               max_keysize = alg->max_keysize;
+#endif
+               ret = check_key_size(keylen, alg_name, min_keysize,
+                                    max_keysize);
+               if (ret)
+                       goto error;
+ 
+                out->blocksize = cryptodev_crypto_blkcipher_blocksize(out->async.s);
+                out->ivsize = cryptodev_crypto_blkcipher_ivsize(out->async.s);
+-- 
+2.10.2

diff --git a/recipes-kernel/cryptodev/sdk_patches/0093-Fix-ablkcipher-algorithms-usage-in-v4.8-kernels.patch b/recipes-kernel/cryptodev/sdk_patches/0093-Fix-ablkcipher-algorithms-usage-in-v4.8-kernels.patch new file mode 100644 index 00000000..fcf2a3ee --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0093-Fix-ablkcipher-algorithms-usage-in-v4.8-kernels.patch
@@ -0,0 +1,147 @@
	1	From 871ecc5c5ebfbb9c6e1b17a7ff7a531ed1fab644 Mon Sep 17 00:00:00 2001
	2	From: =?UTF-8?q?Horia=20Geant=C4=83?= <horia.geanta@nxp.com>
	3	Date: Wed, 16 Nov 2016 15:38:39 +0200
	4	Subject: [PATCH 093/104] Fix ablkcipher algorithms usage in v4.8+ kernels
	5	MIME-Version: 1.0
	6	Content-Type: text/plain; charset=UTF-8
	7	Content-Transfer-Encoding: 8bit
	8
	9	ablkcipher API is not completely removed from kernels <= v4.9.
	10	Thus it's still valid to use ablkcipher algorithms.
	11
	12	Fix the case when implementers register ablkcipher algorithms
	13	and cryptodev casts them to skcipher without checking their type.
	14
	15	Note: alg returned by crypto_ablkcipher_alg() is no longer checked
	16	to be non-NULL. This is guaranteed by the fact that ablkcipher_tfm
	17	(out->async.s) is valid.
	18
	19	Fixes: cb186f682679 ("Support skcipher in addition to ablkcipher API")
	20	Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
	21	---
	22	cipherapi.h \| 4 ----
	23	cryptlib.c \| 56 ++++++++++++++++++++++++++++++++++++++++++++------------
	24	2 files changed, 44 insertions(+), 16 deletions(-)
	25
	26	diff --git a/cipherapi.h b/cipherapi.h
	27	index 07d9923..b6ed6c2 100644
	28	--- a/cipherapi.h
	29	+++ b/cipherapi.h
	30	@@ -6,12 +6,10 @@
	31	#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 8, 0))
	32	# include <linux/crypto.h>
	33
	34	-typedef struct ablkcipher_alg cryptodev_blkcipher_alg_t;
	35	typedef struct crypto_ablkcipher cryptodev_crypto_blkcipher_t;
	36	typedef struct ablkcipher_request cryptodev_blkcipher_request_t;
	37
	38	# define cryptodev_crypto_alloc_blkcipher crypto_alloc_ablkcipher
	39	-# define cryptodev_crypto_blkcipher_alg crypto_ablkcipher_alg
	40	# define cryptodev_crypto_blkcipher_blocksize crypto_ablkcipher_blocksize
	41	# define cryptodev_crypto_blkcipher_ivsize crypto_ablkcipher_ivsize
	42	# define cryptodev_crypto_blkcipher_alignmask crypto_ablkcipher_alignmask
	43	@@ -37,12 +35,10 @@ static inline void cryptodev_blkcipher_request_free(cryptodev_blkcipher_request_
	44	#else
	45	#include <crypto/skcipher.h>
	46
	47	-typedef struct skcipher_alg cryptodev_blkcipher_alg_t;
	48	typedef struct crypto_skcipher cryptodev_crypto_blkcipher_t;
	49	typedef struct skcipher_request cryptodev_blkcipher_request_t;
	50
	51	# define cryptodev_crypto_alloc_blkcipher crypto_alloc_skcipher
	52	-# define cryptodev_crypto_blkcipher_alg crypto_skcipher_alg
	53	# define cryptodev_crypto_blkcipher_blocksize crypto_skcipher_blocksize
	54	# define cryptodev_crypto_blkcipher_ivsize crypto_skcipher_ivsize
	55	# define cryptodev_crypto_blkcipher_alignmask crypto_skcipher_alignmask
	56	diff --git a/cryptlib.c b/cryptlib.c
	57	index 558d4b8..dcac3ec 100644
	58	--- a/cryptlib.c
	59	+++ b/cryptlib.c
	60	@@ -39,6 +39,7 @@
	61	#include "cryptodev_int.h"
	62	#include "cipherapi.h"
	63
	64	+extern const struct crypto_type crypto_givcipher_type;
	65
	66	static void cryptodev_complete(struct crypto_async_request *req, int err)
	67	{
	68	@@ -122,6 +123,19 @@ error:
	69	return ret;
	70	}
	71
	72	+/* Was correct key length supplied? */
	73	+static int check_key_size(size_t keylen, const char *alg_name,
	74	+ unsigned int min_keysize, unsigned int max_keysize)
	75	+{
	76	+ if (max_keysize > 0 && unlikely((keylen < min_keysize) \|\|
	77	+ (keylen > max_keysize))) {
	78	+ ddebug(1, "Wrong keylen '%zu' for algorithm '%s'. Use %u to %u.",
	79	+ keylen, alg_name, min_keysize, max_keysize);
	80	+ return -EINVAL;
	81	+ }
	82	+
	83	+ return 0;
	84	+}
	85
	86	int cryptodev_cipher_init(struct cipher_data out, const char alg_name,
	87	uint8_t *keyp, size_t keylen, int stream, int aead)
	88	@@ -129,7 +143,12 @@ int cryptodev_cipher_init(struct cipher_data out, const char alg_name,
	89	int ret;
	90
	91	if (aead == 0) {
	92	- cryptodev_blkcipher_alg_t *alg;
	93	+ unsigned int min_keysize, max_keysize;
	94	+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 8, 0))
	95	+ struct crypto_tfm *tfm;
	96	+#else
	97	+ struct ablkcipher_alg *alg;
	98	+#endif
	99
	100	out->async.s = cryptodev_crypto_alloc_blkcipher(alg_name, 0, 0);
	101	if (unlikely(IS_ERR(out->async.s))) {
	102	@@ -137,18 +156,31 @@ int cryptodev_cipher_init(struct cipher_data out, const char alg_name,
	103	return -EINVAL;
	104	}
	105
	106	- alg = cryptodev_crypto_blkcipher_alg(out->async.s);
	107	- if (alg != NULL) {
	108	- /* Was correct key length supplied? */
	109	- if (alg->max_keysize > 0 &&
	110	- unlikely((keylen < alg->min_keysize) \|\|
	111	- (keylen > alg->max_keysize))) {
	112	- ddebug(1, "Wrong keylen '%zu' for algorithm '%s'. Use %u to %u.",
	113	- keylen, alg_name, alg->min_keysize, alg->max_keysize);
	114	- ret = -EINVAL;
	115	- goto error;
	116	- }
	117	+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 8, 0))
	118	+ tfm = crypto_skcipher_tfm(out->async.s);
	119	+ if ((tfm->__crt_alg->cra_type == &crypto_ablkcipher_type) \|\|
	120	+ (tfm->__crt_alg->cra_type == &crypto_givcipher_type)) {
	121	+ struct ablkcipher_alg *alg;
	122	+
	123	+ alg = &tfm->__crt_alg->cra_ablkcipher;
	124	+ min_keysize = alg->min_keysize;
	125	+ max_keysize = alg->max_keysize;
	126	+ } else {
	127	+ struct skcipher_alg *alg;
	128	+
	129	+ alg = crypto_skcipher_alg(out->async.s);
	130	+ min_keysize = alg->min_keysize;
	131	+ max_keysize = alg->max_keysize;
	132	}
	133	+#else
	134	+ alg = crypto_ablkcipher_alg(out->async.s);
	135	+ min_keysize = alg->min_keysize;
	136	+ max_keysize = alg->max_keysize;
	137	+#endif
	138	+ ret = check_key_size(keylen, alg_name, min_keysize,
	139	+ max_keysize);
	140	+ if (ret)
	141	+ goto error;
	142
	143	out->blocksize = cryptodev_crypto_blkcipher_blocksize(out->async.s);
	144	out->ivsize = cryptodev_crypto_blkcipher_ivsize(out->async.s);
	145	--
	146	2.10.2
	147