crypto: talitos – fix skcipher failure due to wrong output IV [Linux 4.9.187]

This Linux kernel change "crypto: talitos – fix skcipher failure due to wrong output IV" is included in the Linux 4.9.187 release. This change is authored by Christophe Leroy <christophe.leroy [at] c-s.fr> on Wed May 15 12:29:03 2019 +0000. The commit for this change in Linux stable tree is 920cceb (patch) which is from upstream commit 3e03e79. The same Linux upstream change may have been applied to various maintained Linux releases and you can find all Linux releases containing changes from upstream 3e03e79.

crypto: talitos - fix skcipher failure due to wrong output IV

[ Upstream commit 3e03e792865ae48b8cfc69a0b4d65f02f467389f ]

Selftests report the following:

[    2.984845] alg: skcipher: cbc-aes-talitos encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
[    2.995377] 00000000: 3d af ba 42 9d 9e b4 30 b4 22 da 80 2c 9f ac 41
[    3.032673] alg: skcipher: cbc-des-talitos encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
[    3.043185] 00000000: fe dc ba 98 76 54 32 10
[    3.063238] alg: skcipher: cbc-3des-talitos encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
[    3.073818] 00000000: 7d 33 88 93 0f 93 b2 42

This above dumps show that the actual output IV is indeed the input IV.
This is due to the IV not being copied back into the request.

This patch fixes that.

Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>

There are 4 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 drivers/crypto/talitos.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index 5a24a48..0b12772 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -1544,11 +1544,15 @@ static void ablkcipher_done(struct device *dev,
                int err)
 {
    struct ablkcipher_request *areq = context;
+   struct crypto_ablkcipher *cipher = crypto_ablkcipher_reqtfm(areq);
+   struct talitos_ctx *ctx = crypto_ablkcipher_ctx(cipher);
+   unsigned int ivsize = crypto_ablkcipher_ivsize(cipher);
    struct talitos_edesc *edesc;

    edesc = container_of(desc, struct talitos_edesc, desc);

    common_nonsnoop_unmap(dev, edesc, areq);
+   memcpy(areq->info, ctx->iv, ivsize);

    kfree(edesc);

Leave a Reply

Your email address will not be published. Required fields are marked *