diff options
| author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-12-16 17:11:34 -0800 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-01-08 18:21:44 -0500 |
| commit | 1a4b7ee28bf7413af6513fb45ad0d0736048f866 (patch) | |
| tree | 79f6d8ea698cab8f2eaf4f54b793d2ca7a1451ce /poky/meta/recipes-kernel/cryptodev | |
| parent | 5b9ede0403237c7dace972affa65cf64a1aadd0e (diff) | |
| download | talos-openbmc-1a4b7ee28bf7413af6513fb45ad0d0736048f866.tar.gz talos-openbmc-1a4b7ee28bf7413af6513fb45ad0d0736048f866.zip | |
reset upstream subtrees to yocto 2.6
Reset the following subtrees on thud HEAD:
poky: 87e3a9739d
meta-openembedded: 6094ae18c8
meta-security: 31dc4e7532
meta-raspberrypi: a48743dc36
meta-xilinx: c42016e2e6
Also re-apply backports that didn't make it into thud:
poky:
17726d0 systemd-systemctl-native: handle Install wildcards
meta-openembedded:
4321a5d libtinyxml2: update to 7.0.1
042f0a3 libcereal: Add native and nativesdk classes
e23284f libcereal: Allow empty package
030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
179a1b9 gtest: update to 1.8.1
Squashed OpenBMC subtree compatibility updates:
meta-aspeed:
Brad Bishop (1):
aspeed: add yocto 2.6 compatibility
meta-ibm:
Brad Bishop (1):
ibm: prepare for yocto 2.6
meta-ingrasys:
Brad Bishop (1):
ingrasys: set layer compatibility to yocto 2.6
meta-openpower:
Brad Bishop (1):
openpower: set layer compatibility to yocto 2.6
meta-phosphor:
Brad Bishop (3):
phosphor: set layer compatibility to thud
phosphor: libgpg-error: drop patches
phosphor: react to fitimage artifact rename
Ed Tanous (4):
Dropbear: upgrade options for latest upgrade
yocto2.6: update openssl options
busybox: remove upstream watchdog patch
systemd: Rebase CONFIG_CGROUP_BPF patch
Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-kernel/cryptodev')
6 files changed, 524 insertions, 1 deletions
diff --git a/poky/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb b/poky/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb index 6052650c9..ed4327d40 100644 --- a/poky/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb +++ b/poky/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb @@ -11,6 +11,9 @@ SRC_URI += " \ file://0001-Disable-installing-header-file-provided-by-another-p.patch \ file://0001-ioctl.c-Fix-build-with-linux-4.13.patch \ file://0001-ioctl.c-Fix-build-with-linux-4.17.patch \ +file://0001-refactoring-split-big-function-to-simplify-maintaina.patch \ +file://0002-refactoring-relocate-code-to-simplify-later-patches.patch \ +file://0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch \ " EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"' diff --git a/poky/meta/recipes-kernel/cryptodev/cryptodev-tests_1.9.bb b/poky/meta/recipes-kernel/cryptodev/cryptodev-tests_1.9.bb index 9afb3de21..617db6cdd 100644 --- a/poky/meta/recipes-kernel/cryptodev/cryptodev-tests_1.9.bb +++ b/poky/meta/recipes-kernel/cryptodev/cryptodev-tests_1.9.bb @@ -2,10 +2,11 @@ require cryptodev.inc SUMMARY = "A test suite for /dev/crypto device driver" -DEPENDS += "openssl10" +DEPENDS += "openssl" SRC_URI += " \ file://0001-Add-the-compile-and-install-rules-for-cryptodev-test.patch \ +file://0001-Port-tests-to-openssl-1.1.patch \ " EXTRA_OEMAKE='KERNEL_DIR="${STAGING_EXECPREFIXDIR}" PREFIX="${D}"' diff --git a/poky/meta/recipes-kernel/cryptodev/files/0001-Port-tests-to-openssl-1.1.patch b/poky/meta/recipes-kernel/cryptodev/files/0001-Port-tests-to-openssl-1.1.patch new file mode 100644 index 000000000..c9691265f --- /dev/null +++ b/poky/meta/recipes-kernel/cryptodev/files/0001-Port-tests-to-openssl-1.1.patch @@ -0,0 +1,103 @@ +From 2fe4bdeb8cdd0b0f46d9caed807812855d51ea56 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Wed, 28 Mar 2018 20:11:05 +0300 +Subject: [PATCH] Port tests to openssl 1.1 + +Upstream-Status: Accepted [https://github.com/cryptodev-linux/cryptodev-linux/pull/36] +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> + +--- + tests/openssl_wrapper.c | 33 +++++++++++++++++++++++++++++++++ + 1 file changed, 33 insertions(+) + +diff --git a/tests/openssl_wrapper.c b/tests/openssl_wrapper.c +index 038c58f..dea2496 100644 +--- a/tests/openssl_wrapper.c ++++ b/tests/openssl_wrapper.c +@@ -4,6 +4,7 @@ + #include <openssl/aes.h> + #include <openssl/evp.h> + #include <openssl/hmac.h> ++#include <openssl/opensslv.h> + + //#define DEBUG + +@@ -23,10 +24,17 @@ enum ctx_type { + ctx_type_md, + }; + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++union openssl_ctx { ++ HMAC_CTX *hmac; ++ EVP_MD_CTX *md; ++}; ++#else + union openssl_ctx { + HMAC_CTX hmac; + EVP_MD_CTX md; + }; ++#endif + + struct ctx_mapping { + __u32 ses; +@@ -63,6 +71,16 @@ static void remove_mapping(__u32 ses) + switch (mapping->type) { + case ctx_type_none: + break; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ case ctx_type_hmac: ++ dbgp("%s: calling HMAC_CTX_free\n", __func__); ++ HMAC_CTX_free(mapping->ctx.hmac); ++ break; ++ case ctx_type_md: ++ dbgp("%s: calling EVP_MD_CTX_free\n", __func__); ++ EVP_MD_CTX_free(mapping->ctx.md); ++ break; ++#else + case ctx_type_hmac: + dbgp("%s: calling HMAC_CTX_cleanup\n", __func__); + HMAC_CTX_cleanup(&mapping->ctx.hmac); +@@ -71,6 +89,7 @@ static void remove_mapping(__u32 ses) + dbgp("%s: calling EVP_MD_CTX_cleanup\n", __func__); + EVP_MD_CTX_cleanup(&mapping->ctx.md); + break; ++#endif + } + memset(mapping, 0, sizeof(*mapping)); + } +@@ -127,10 +146,17 @@ static int openssl_hmac(struct session_op *sess, struct crypt_op *cop) + + mapping->ses = sess->ses; + mapping->type = ctx_type_hmac; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ ctx = mapping->ctx.hmac; ++ ++ dbgp("calling HMAC_CTX_new"); ++ ctx = HMAC_CTX_new(); ++#else + ctx = &mapping->ctx.hmac; + + dbgp("calling HMAC_CTX_init"); + HMAC_CTX_init(ctx); ++#endif + dbgp("calling HMAC_Init_ex"); + if (!HMAC_Init_ex(ctx, sess->mackey, sess->mackeylen, + sess_to_evp_md(sess), NULL)) { +@@ -172,10 +198,17 @@ static int openssl_md(struct session_op *sess, struct crypt_op *cop) + + mapping->ses = sess->ses; + mapping->type = ctx_type_md; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ ctx = mapping->ctx.md; ++ ++ dbgp("calling EVP_MD_CTX_new"); ++ ctx = EVP_MD_CTX_new(); ++#else + ctx = &mapping->ctx.md; + + dbgp("calling EVP_MD_CTX_init"); + EVP_MD_CTX_init(ctx); ++#endif + dbgp("calling EVP_DigestInit"); + EVP_DigestInit(ctx, sess_to_evp_md(sess)); + } diff --git a/poky/meta/recipes-kernel/cryptodev/files/0001-refactoring-split-big-function-to-simplify-maintaina.patch b/poky/meta/recipes-kernel/cryptodev/files/0001-refactoring-split-big-function-to-simplify-maintaina.patch new file mode 100644 index 000000000..f557b5dff --- /dev/null +++ b/poky/meta/recipes-kernel/cryptodev/files/0001-refactoring-split-big-function-to-simplify-maintaina.patch @@ -0,0 +1,250 @@ +From 20dcf071bc3076ee7db9d603cfbe6a06e86c7d5f Mon Sep 17 00:00:00 2001 +From: Cristian Stoica <cristian.stoica@nxp.com> +Date: Thu, 4 May 2017 15:06:20 +0300 +Subject: [PATCH 1/3] refactoring: split big function to simplify maintainance + +The setup of auth_buf in tls and aead is now duplicated but this +is temporary and allows necessary corrections for the aead case +with v4.2+ kernels. + +Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> + +Upstream-Status: Backport + +Commit ID: 20dcf071bc3076ee7db9d603c + +Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com> +--- + authenc.c | 197 ++++++++++++++++++++++++++++++++++++++++---------------------- + 1 file changed, 126 insertions(+), 71 deletions(-) + +diff --git a/authenc.c b/authenc.c +index 1bd7377..28eb0f9 100644 +--- a/authenc.c ++++ b/authenc.c +@@ -609,96 +609,151 @@ auth_n_crypt(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop, + return 0; + } + +-/* This is the main crypto function - zero-copy edition */ +-static int +-__crypto_auth_run_zc(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop) ++static int crypto_auth_zc_srtp(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop) + { +- struct scatterlist *dst_sg, *auth_sg, *src_sg; ++ struct scatterlist *dst_sg, *auth_sg; + struct crypt_auth_op *caop = &kcaop->caop; +- int ret = 0; ++ int ret; + +- if (caop->flags & COP_FLAG_AEAD_SRTP_TYPE) { +- if (unlikely(ses_ptr->cdata.init != 0 && +- (ses_ptr->cdata.stream == 0 || +- ses_ptr->cdata.aead != 0))) { +- derr(0, "Only stream modes are allowed in SRTP mode (but not AEAD)"); +- return -EINVAL; +- } ++ if (unlikely(ses_ptr->cdata.init != 0 && ++ (ses_ptr->cdata.stream == 0 || ses_ptr->cdata.aead != 0))) { ++ derr(0, "Only stream modes are allowed in SRTP mode (but not AEAD)"); ++ return -EINVAL; ++ } + +- ret = get_userbuf_srtp(ses_ptr, kcaop, &auth_sg, &dst_sg); +- if (unlikely(ret)) { +- derr(1, "get_userbuf_srtp(): Error getting user pages."); +- return ret; +- } ++ ret = get_userbuf_srtp(ses_ptr, kcaop, &auth_sg, &dst_sg); ++ if (unlikely(ret)) { ++ derr(1, "get_userbuf_srtp(): Error getting user pages."); ++ return ret; ++ } + +- ret = srtp_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len, +- dst_sg, caop->len); ++ ret = srtp_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len, ++ dst_sg, caop->len); + +- release_user_pages(ses_ptr); +- } else { /* TLS and normal cases. Here auth data are usually small +- * so we just copy them to a free page, instead of trying +- * to map them. +- */ +- unsigned char *auth_buf = NULL; +- struct scatterlist tmp; ++ release_user_pages(ses_ptr); + +- if (unlikely(caop->auth_len > PAGE_SIZE)) { +- derr(1, "auth data len is excessive."); +- return -EINVAL; +- } ++ return ret; ++} + +- auth_buf = (char *)__get_free_page(GFP_KERNEL); +- if (unlikely(!auth_buf)) { +- derr(1, "unable to get a free page."); +- return -ENOMEM; +- } ++static int crypto_auth_zc_tls(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop) ++{ ++ struct crypt_auth_op *caop = &kcaop->caop; ++ struct scatterlist *dst_sg, *auth_sg; ++ unsigned char *auth_buf = NULL; ++ struct scatterlist tmp; ++ int ret; + +- if (caop->auth_src && caop->auth_len > 0) { +- if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) { +- derr(1, "unable to copy auth data from userspace."); +- ret = -EFAULT; +- goto free_auth_buf; +- } ++ if (unlikely(ses_ptr->cdata.aead != 0)) { ++ return -EINVAL; ++ } ++ ++ if (unlikely(caop->auth_len > PAGE_SIZE)) { ++ derr(1, "auth data len is excessive."); ++ return -EINVAL; ++ } ++ ++ auth_buf = (char *)__get_free_page(GFP_KERNEL); ++ if (unlikely(!auth_buf)) { ++ derr(1, "unable to get a free page."); ++ return -ENOMEM; ++ } + +- sg_init_one(&tmp, auth_buf, caop->auth_len); +- auth_sg = &tmp; +- } else { +- auth_sg = NULL; ++ if (caop->auth_src && caop->auth_len > 0) { ++ if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) { ++ derr(1, "unable to copy auth data from userspace."); ++ ret = -EFAULT; ++ goto free_auth_buf; + } + +- if (caop->flags & COP_FLAG_AEAD_TLS_TYPE && ses_ptr->cdata.aead == 0) { +- ret = get_userbuf_tls(ses_ptr, kcaop, &dst_sg); +- if (unlikely(ret)) { +- derr(1, "get_userbuf_tls(): Error getting user pages."); +- goto free_auth_buf; +- } ++ sg_init_one(&tmp, auth_buf, caop->auth_len); ++ auth_sg = &tmp; ++ } else { ++ auth_sg = NULL; ++ } + +- ret = tls_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len, +- dst_sg, caop->len); +- } else { +- if (unlikely(ses_ptr->cdata.init == 0 || +- (ses_ptr->cdata.stream == 0 && +- ses_ptr->cdata.aead == 0))) { +- derr(0, "Only stream and AEAD ciphers are allowed for authenc"); +- ret = -EINVAL; +- goto free_auth_buf; +- } ++ ret = get_userbuf_tls(ses_ptr, kcaop, &dst_sg); ++ if (unlikely(ret)) { ++ derr(1, "get_userbuf_tls(): Error getting user pages."); ++ goto free_auth_buf; ++ } + +- ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len, +- kcaop->task, kcaop->mm, &src_sg, &dst_sg); +- if (unlikely(ret)) { +- derr(1, "get_userbuf(): Error getting user pages."); +- goto free_auth_buf; +- } ++ ret = tls_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len, ++ dst_sg, caop->len); ++ release_user_pages(ses_ptr); ++ ++free_auth_buf: ++ free_page((unsigned long)auth_buf); ++ return ret; ++} ++ ++static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop) ++{ ++ struct scatterlist *dst_sg, *auth_sg, *src_sg; ++ struct crypt_auth_op *caop = &kcaop->caop; ++ unsigned char *auth_buf = NULL; ++ struct scatterlist tmp; ++ int ret; + +- ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len, +- src_sg, dst_sg, caop->len); ++ if (unlikely(ses_ptr->cdata.init == 0 || ++ (ses_ptr->cdata.stream == 0 && ses_ptr->cdata.aead == 0))) { ++ derr(0, "Only stream and AEAD ciphers are allowed for authenc"); ++ return -EINVAL; ++ } ++ ++ if (unlikely(caop->auth_len > PAGE_SIZE)) { ++ derr(1, "auth data len is excessive."); ++ return -EINVAL; ++ } ++ ++ auth_buf = (char *)__get_free_page(GFP_KERNEL); ++ if (unlikely(!auth_buf)) { ++ derr(1, "unable to get a free page."); ++ return -ENOMEM; ++ } ++ ++ if (caop->auth_src && caop->auth_len > 0) { ++ if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) { ++ derr(1, "unable to copy auth data from userspace."); ++ ret = -EFAULT; ++ goto free_auth_buf; + } + +- release_user_pages(ses_ptr); ++ sg_init_one(&tmp, auth_buf, caop->auth_len); ++ auth_sg = &tmp; ++ } else { ++ auth_sg = NULL; ++ } ++ ++ ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len, ++ kcaop->task, kcaop->mm, &src_sg, &dst_sg); ++ if (unlikely(ret)) { ++ derr(1, "get_userbuf(): Error getting user pages."); ++ goto free_auth_buf; ++ } ++ ++ ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len, ++ src_sg, dst_sg, caop->len); ++ ++ release_user_pages(ses_ptr); + + free_auth_buf: +- free_page((unsigned long)auth_buf); ++ free_page((unsigned long)auth_buf); ++ ++ return ret; ++} ++ ++static int ++__crypto_auth_run_zc(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop) ++{ ++ struct crypt_auth_op *caop = &kcaop->caop; ++ int ret; ++ ++ if (caop->flags & COP_FLAG_AEAD_SRTP_TYPE) { ++ ret = crypto_auth_zc_srtp(ses_ptr, kcaop); ++ } else if (caop->flags & COP_FLAG_AEAD_TLS_TYPE) { ++ ret = crypto_auth_zc_tls(ses_ptr, kcaop); ++ } else { ++ ret = crypto_auth_zc_aead(ses_ptr, kcaop); + } + + return ret; +-- +2.11.0 + diff --git a/poky/meta/recipes-kernel/cryptodev/files/0002-refactoring-relocate-code-to-simplify-later-patches.patch b/poky/meta/recipes-kernel/cryptodev/files/0002-refactoring-relocate-code-to-simplify-later-patches.patch new file mode 100644 index 000000000..83d9005a0 --- /dev/null +++ b/poky/meta/recipes-kernel/cryptodev/files/0002-refactoring-relocate-code-to-simplify-later-patches.patch @@ -0,0 +1,64 @@ +From c2bf0e42b1d9fda60cde4a3a682784d349ef1c0b Mon Sep 17 00:00:00 2001 +From: Cristian Stoica <cristian.stoica@nxp.com> +Date: Thu, 4 May 2017 15:06:21 +0300 +Subject: [PATCH 2/3] refactoring: relocate code to simplify later patches + +This code move will simplify the conversion to new AEAD interface in +next patches + +Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> + +Upstream-Status: Backport + +Commit ID: c2bf0e42b1d9fda + +Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com> +--- + authenc.c | 17 +++++++++-------- + 1 file changed, 9 insertions(+), 8 deletions(-) + +diff --git a/authenc.c b/authenc.c +index 28eb0f9..95727b4 100644 +--- a/authenc.c ++++ b/authenc.c +@@ -711,11 +711,18 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut + return -ENOMEM; + } + ++ ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len, ++ kcaop->task, kcaop->mm, &src_sg, &dst_sg); ++ if (unlikely(ret)) { ++ derr(1, "get_userbuf(): Error getting user pages."); ++ goto free_auth_buf; ++ } ++ + if (caop->auth_src && caop->auth_len > 0) { + if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) { + derr(1, "unable to copy auth data from userspace."); + ret = -EFAULT; +- goto free_auth_buf; ++ goto free_pages; + } + + sg_init_one(&tmp, auth_buf, caop->auth_len); +@@ -724,16 +731,10 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut + auth_sg = NULL; + } + +- ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len, +- kcaop->task, kcaop->mm, &src_sg, &dst_sg); +- if (unlikely(ret)) { +- derr(1, "get_userbuf(): Error getting user pages."); +- goto free_auth_buf; +- } +- + ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len, + src_sg, dst_sg, caop->len); + ++free_pages: + release_user_pages(ses_ptr); + + free_auth_buf: +-- +2.11.0 + diff --git a/poky/meta/recipes-kernel/cryptodev/files/0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch b/poky/meta/recipes-kernel/cryptodev/files/0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch new file mode 100644 index 000000000..860230778 --- /dev/null +++ b/poky/meta/recipes-kernel/cryptodev/files/0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch @@ -0,0 +1,102 @@ +From a705360197260d28535746ae98c461ba2cfb7a9e Mon Sep 17 00:00:00 2001 +From: Cristian Stoica <cristian.stoica@nxp.com> +Date: Thu, 4 May 2017 15:06:22 +0300 +Subject: [PATCH 3/3] convert to new AEAD interface in kernels v4.2+ + +The crypto API for AEAD ciphers changed in recent kernels so that +associated data is now part of both source and destination scatter +gathers. The source, destination and associated data buffers need +to be stiched accordingly for the operations to succeed: + +src_sg: auth_buf + src_buf +dst_sg: auth_buf + (dst_buf + tag space) + +This patch fixes a kernel crash observed with cipher-gcm test. + +See also kernel patch: 81c4c35eb61a69c229871c490b011c1171511d5a + crypto: ccm - Convert to new AEAD interface + +Reported-by: Phil Sutter <phil@nwl.cc> +Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> + +Upstream-Status: Backport + +Commit ID: a705360197260d2853574 + +Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com> +--- + authenc.c | 40 ++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 38 insertions(+), 2 deletions(-) + +diff --git a/authenc.c b/authenc.c +index 95727b4..692951f 100644 +--- a/authenc.c ++++ b/authenc.c +@@ -688,12 +688,20 @@ free_auth_buf: + + static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop) + { +- struct scatterlist *dst_sg, *auth_sg, *src_sg; ++ struct scatterlist *dst_sg; ++ struct scatterlist *src_sg; + struct crypt_auth_op *caop = &kcaop->caop; + unsigned char *auth_buf = NULL; +- struct scatterlist tmp; + int ret; + ++#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 2, 0)) ++ struct scatterlist tmp; ++ struct scatterlist *auth_sg; ++#else ++ struct scatterlist auth1[2]; ++ struct scatterlist auth2[2]; ++#endif ++ + if (unlikely(ses_ptr->cdata.init == 0 || + (ses_ptr->cdata.stream == 0 && ses_ptr->cdata.aead == 0))) { + derr(0, "Only stream and AEAD ciphers are allowed for authenc"); +@@ -718,6 +726,7 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut + goto free_auth_buf; + } + ++#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 2, 0)) + if (caop->auth_src && caop->auth_len > 0) { + if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) { + derr(1, "unable to copy auth data from userspace."); +@@ -733,6 +742,33 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut + + ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len, + src_sg, dst_sg, caop->len); ++#else ++ if (caop->auth_src && caop->auth_len > 0) { ++ if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) { ++ derr(1, "unable to copy auth data from userspace."); ++ ret = -EFAULT; ++ goto free_pages; ++ } ++ ++ sg_init_table(auth1, 2); ++ sg_set_buf(auth1, auth_buf, caop->auth_len); ++ sg_chain(auth1, 2, src_sg); ++ ++ if (src_sg == dst_sg) { ++ src_sg = auth1; ++ dst_sg = auth1; ++ } else { ++ sg_init_table(auth2, 2); ++ sg_set_buf(auth2, auth_buf, caop->auth_len); ++ sg_chain(auth2, 2, dst_sg); ++ src_sg = auth1; ++ dst_sg = auth2; ++ } ++ } ++ ++ ret = auth_n_crypt(ses_ptr, kcaop, NULL, caop->auth_len, ++ src_sg, dst_sg, caop->len); ++#endif + + free_pages: + release_user_pages(ses_ptr); +-- +2.11.0 + |
