1 files changed, 0 insertions, 131 deletions
diff --git a/recipes-kernel/cryptodev/cryptodev-fsl/0014-use-static-allocation-for-keys-copied-from-userspace.patch b/recipes-kernel/cryptodev/cryptodev-fsl/0014-use-static-allocation-for-keys-copied-from-userspace.patch
deleted file mode 100644
index c68f3d7..0000000
--- a/recipes-kernel/cryptodev/cryptodev-fsl/0014-use-static-allocation-for-keys-copied-from-userspace.patch
+++ /dev/null
@@ -1,131 +0,0 @@
-From 50c116780f736b3e6a11389c9d9b3f4a1d5cab90 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Wed, 19 Mar 2014 17:59:17 +0200
-Subject: [[Patch][fsl 14/16] use static allocation for keys copied from
- userspace
-Upstream-status: Pending
-There is no need to keep keys around for the entire duration of the
-session. The keys are copied from user-space and then used to initialize
-the ciphers. After this, the original keys can be discarded.
-The total required space for keys is small and known in advance. This
-patch uses this information to allocate required space on stack.
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
---
- cryptodev_int.h |    1 -
- ioctl.c         |   38 ++++++++++++++++++++------------------
- 2 files changed, 20 insertions(+), 19 deletions(-)
-diff --git a/cryptodev_int.h b/cryptodev_int.h
-index 8beeef0..7ea6976 100644
--- a/cryptodev_int.h
-+++ b/cryptodev_int.h
-@@ -212,7 +212,6 @@ struct csession {
-        struct hash_data hdata;
-        uint32_t sid;
-        uint32_t alignmask;
-       uint8_t *key;
- 
-        unsigned int array_size;
-        unsigned int used_pages; /* the number of pages that are used */
-diff --git a/ioctl.c b/ioctl.c
-index 1752880..16ce72c 100644
--- a/ioctl.c
-+++ b/ioctl.c
-@@ -46,6 +46,8 @@
- #include <linux/uaccess.h>
- #include <crypto/cryptodev.h>
- #include <linux/scatterlist.h>
-+#include <linux/rtnetlink.h>
-+#include <crypto/authenc.h>
- 
- #include <linux/sysctl.h>
- 
-@@ -136,9 +138,17 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
-        const char *alg_name = NULL;
-        const char *hash_name = NULL;
-        int hmac_mode = 1, stream = 0, aead = 0;
-       uint8_t *key = NULL;
-       unsigned int keylen;
-       uint8_t mackey[CRYPTO_HMAC_MAX_KEY_LEN];
-+       /*
-+        * With aead, only ckey is used and it can cover all the struct space;
-+        * otherwise both keys may be used simultaneously but they are confined
-+        * to their spaces
-+        */
-+       struct {
-+               uint8_t ckey[CRYPTO_CIPHER_MAX_KEY_LEN];
-+               uint8_t mkey[CRYPTO_HMAC_MAX_KEY_LEN];
-+               /* padding space for aead keys */
-+               uint8_t pad[RTA_SPACE(sizeof(struct crypto_authenc_key_param))];
-+       } keys;
- 
-        /* Does the request make sense? */
-        if (unlikely(!sop->cipher && !sop->mac)) {
-@@ -257,23 +267,17 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
- 
-        /* Set-up crypto transform. */
-        if (alg_name) {
-+               unsigned int keylen;
-                ret = cryptodev_get_cipher_keylen(&keylen, sop, aead);
-                if (unlikely(ret < 0))
-                        goto error_cipher;
- 
-               key = kmalloc(keylen, GFP_KERNEL);
-               ses_new->key = key;
-               if (unlikely(!key)) {
-                       ret = -ENOMEM;
-                       goto error_cipher;
-               }
-
-               ret = cryptodev_get_cipher_key(key, sop, aead);
-+               ret = cryptodev_get_cipher_key(keys.ckey, sop, aead);
-                if (unlikely(ret < 0))
-                        goto error_cipher;
- 
-               ret = cryptodev_cipher_init(&ses_new->cdata, alg_name, key, keylen,
-                               stream, aead);
-+               ret = cryptodev_cipher_init(&ses_new->cdata, alg_name,
-+                       keys.ckey, keylen, stream, aead);
-                if (ret < 0) {
-                        ddebug(1, "Failed to load cipher for %s", alg_name);
-                        ret = -EINVAL;
-@@ -289,14 +293,14 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
-                        goto error_hash;
-                }
- 
-               if (sop->mackey && unlikely(copy_from_user(mackey, sop->mackey,
-                                           sop->mackeylen))) {
-+               if (sop->mackey && unlikely(copy_from_user(keys.mkey,
-+                       sop->mackey, sop->mackeylen))) {
-                        ret = -EFAULT;
-                        goto error_hash;
-                }
- 
-                ret = cryptodev_hash_init(&ses_new->hdata, hash_name, hmac_mode,
-                                                       mackey, sop->mackeylen);
-+                       keys.mkey, sop->mackeylen);
-                if (ret != 0) {
-                        ddebug(1, "Failed to load hash for %s", hash_name);
-                        ret = -EINVAL;
-@@ -349,7 +353,6 @@ error_hash:
-        kfree(ses_new->sg);
-        kfree(ses_new->pages);
- error_cipher:
-       kfree(key);
-        kfree(ses_new);
- 
-        return ret;
-@@ -370,7 +373,6 @@ crypto_destroy_session(struct csession *ses_ptr)
-        ddebug(2, "freeing space for %d user pages", ses_ptr->array_size);
-        kfree(ses_ptr->pages);
-        kfree(ses_ptr->sg);
-       kfree(ses_ptr->key);
-        mutex_unlock(&ses_ptr->sem);
-        mutex_destroy(&ses_ptr->sem);
-        kfree(ses_ptr);
-- 
-1.7.9.7

diff --git a/recipes-kernel/cryptodev/cryptodev-fsl/0014-use-static-allocation-for-keys-copied-from-userspace.patch b/recipes-kernel/cryptodev/cryptodev-fsl/0014-use-static-allocation-for-keys-copied-from-userspace.patch deleted file mode 100644 index c68f3d7..0000000 --- a/recipes-kernel/cryptodev/cryptodev-fsl/0014-use-static-allocation-for-keys-copied-from-userspace.patch +++ /dev/null
@@ -1,131 +0,0 @@
1	From 50c116780f736b3e6a11389c9d9b3f4a1d5cab90 Mon Sep 17 00:00:00 2001
2	From: Cristian Stoica <cristian.stoica@freescale.com>
3	Date: Wed, 19 Mar 2014 17:59:17 +0200
4	Subject: [[Patch][fsl 14/16] use static allocation for keys copied from
5	userspace
6
7	Upstream-status: Pending
8
9	There is no need to keep keys around for the entire duration of the
10	session. The keys are copied from user-space and then used to initialize
11	the ciphers. After this, the original keys can be discarded.
12	The total required space for keys is small and known in advance. This
13	patch uses this information to allocate required space on stack.
14
15	Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
16	---
17	cryptodev_int.h \| 1 -
18	ioctl.c \| 38 ++++++++++++++++++++------------------
19	2 files changed, 20 insertions(+), 19 deletions(-)
20
21	diff --git a/cryptodev_int.h b/cryptodev_int.h
22	index 8beeef0..7ea6976 100644
23	--- a/cryptodev_int.h
24	+++ b/cryptodev_int.h
25	@@ -212,7 +212,6 @@ struct csession {
26	struct hash_data hdata;
27	uint32_t sid;
28	uint32_t alignmask;
29	- uint8_t *key;
30
31	unsigned int array_size;
32	unsigned int used_pages; /* the number of pages that are used */
33	diff --git a/ioctl.c b/ioctl.c
34	index 1752880..16ce72c 100644
35	--- a/ioctl.c
36	+++ b/ioctl.c
37	@@ -46,6 +46,8 @@
38	#include <linux/uaccess.h>
39	#include <crypto/cryptodev.h>
40	#include <linux/scatterlist.h>
41	+#include <linux/rtnetlink.h>
42	+#include <crypto/authenc.h>
43
44	#include <linux/sysctl.h>
45
46	@@ -136,9 +138,17 @@ crypto_create_session(struct fcrypt fcr, struct session_op sop)
47	const char *alg_name = NULL;
48	const char *hash_name = NULL;
49	int hmac_mode = 1, stream = 0, aead = 0;
50	- uint8_t *key = NULL;
51	- unsigned int keylen;
52	- uint8_t mackey[CRYPTO_HMAC_MAX_KEY_LEN];
53	+ /*
54	+ * With aead, only ckey is used and it can cover all the struct space;
55	+ * otherwise both keys may be used simultaneously but they are confined
56	+ * to their spaces
57	+ */
58	+ struct {
59	+ uint8_t ckey[CRYPTO_CIPHER_MAX_KEY_LEN];
60	+ uint8_t mkey[CRYPTO_HMAC_MAX_KEY_LEN];
61	+ /* padding space for aead keys */
62	+ uint8_t pad[RTA_SPACE(sizeof(struct crypto_authenc_key_param))];
63	+ } keys;
64
65	/* Does the request make sense? */
66	if (unlikely(!sop->cipher && !sop->mac)) {
67	@@ -257,23 +267,17 @@ crypto_create_session(struct fcrypt fcr, struct session_op sop)
68
69	/* Set-up crypto transform. */
70	if (alg_name) {
71	+ unsigned int keylen;
72	ret = cryptodev_get_cipher_keylen(&keylen, sop, aead);
73	if (unlikely(ret < 0))
74	goto error_cipher;
75
76	- key = kmalloc(keylen, GFP_KERNEL);
77	- ses_new->key = key;
78	- if (unlikely(!key)) {
79	- ret = -ENOMEM;
80	- goto error_cipher;
81	- }
82	-
83	- ret = cryptodev_get_cipher_key(key, sop, aead);
84	+ ret = cryptodev_get_cipher_key(keys.ckey, sop, aead);
85	if (unlikely(ret < 0))
86	goto error_cipher;
87
88	- ret = cryptodev_cipher_init(&ses_new->cdata, alg_name, key, keylen,
89	- stream, aead);
90	+ ret = cryptodev_cipher_init(&ses_new->cdata, alg_name,
91	+ keys.ckey, keylen, stream, aead);
92	if (ret < 0) {
93	ddebug(1, "Failed to load cipher for %s", alg_name);
94	ret = -EINVAL;
95	@@ -289,14 +293,14 @@ crypto_create_session(struct fcrypt fcr, struct session_op sop)
96	goto error_hash;
97	}
98
99	- if (sop->mackey && unlikely(copy_from_user(mackey, sop->mackey,
100	- sop->mackeylen))) {
101	+ if (sop->mackey && unlikely(copy_from_user(keys.mkey,
102	+ sop->mackey, sop->mackeylen))) {
103	ret = -EFAULT;
104	goto error_hash;
105	}
106
107	ret = cryptodev_hash_init(&ses_new->hdata, hash_name, hmac_mode,
108	- mackey, sop->mackeylen);
109	+ keys.mkey, sop->mackeylen);
110	if (ret != 0) {
111	ddebug(1, "Failed to load hash for %s", hash_name);
112	ret = -EINVAL;
113	@@ -349,7 +353,6 @@ error_hash:
114	kfree(ses_new->sg);
115	kfree(ses_new->pages);
116	error_cipher:
117	- kfree(key);
118	kfree(ses_new);
119
120	return ret;
121	@@ -370,7 +373,6 @@ crypto_destroy_session(struct csession *ses_ptr)
122	ddebug(2, "freeing space for %d user pages", ses_ptr->array_size);
123	kfree(ses_ptr->pages);
124	kfree(ses_ptr->sg);
125	- kfree(ses_ptr->key);
126	mutex_unlock(&ses_ptr->sem);
127	mutex_destroy(&ses_ptr->sem);
128	kfree(ses_ptr);
129	--
130	1.7.9.7
131