This is a note to let you know that I've just added the patch titled crypto: s5p-sss - Fix kernel Oops in AES-ECB mode to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: crypto-s5p-sss-fix-kernel-oops-in-aes-ecb-mode.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From c927b080c67e3e97193c81fc1d27f4251bf4e036 Mon Sep 17 00:00:00 2001 From: Kamil Konieczny <k.konieczny@xxxxxxxxxxxxxxxxxxx> Date: Wed, 7 Feb 2018 16:52:09 +0100 Subject: crypto: s5p-sss - Fix kernel Oops in AES-ECB mode From: Kamil Konieczny <k.konieczny@xxxxxxxxxxxxxxxxxxx> commit c927b080c67e3e97193c81fc1d27f4251bf4e036 upstream. In AES-ECB mode crypt is done with key only, so any use of IV can cause kernel Oops. Use IV only in AES-CBC and AES-CTR. Signed-off-by: Kamil Konieczny <k.konieczny@xxxxxxxxxxxxxxxxxxx> Reported-by: Anand Moon <linux.amoon@xxxxxxxxx> Reviewed-by: Krzysztof Kozlowski <krzk@xxxxxxxxxx> Tested-by: Anand Moon <linux.amoon@xxxxxxxxx> Cc: stable@xxxxxxxxxxxxxxx # can be applied after commit 8f9702aad138 Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/crypto/s5p-sss.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) --- a/drivers/crypto/s5p-sss.c +++ b/drivers/crypto/s5p-sss.c @@ -401,16 +401,21 @@ static void s5p_aes_crypt_start(struct s uint32_t aes_control; int err; unsigned long flags; + u8 *iv; aes_control = SSS_AES_KEY_CHANGE_MODE; if (mode & FLAGS_AES_DECRYPT) aes_control |= SSS_AES_MODE_DECRYPT; - if ((mode & FLAGS_AES_MODE_MASK) == FLAGS_AES_CBC) + if ((mode & FLAGS_AES_MODE_MASK) == FLAGS_AES_CBC) { aes_control |= SSS_AES_CHAIN_MODE_CBC; - else if ((mode & FLAGS_AES_MODE_MASK) == FLAGS_AES_CTR) + iv = req->info; + } else if ((mode & FLAGS_AES_MODE_MASK) == FLAGS_AES_CTR) { aes_control |= SSS_AES_CHAIN_MODE_CTR; - + iv = req->info; + } else { + iv = NULL; /* AES_ECB */ + } if (dev->ctx->keylen == AES_KEYSIZE_192) aes_control |= SSS_AES_KEY_SIZE_192; else if (dev->ctx->keylen == AES_KEYSIZE_256) @@ -440,7 +445,7 @@ static void s5p_aes_crypt_start(struct s goto outdata_error; SSS_AES_WRITE(dev, AES_CONTROL, aes_control); - s5p_set_aes(dev, dev->ctx->aes_key, req->info, dev->ctx->keylen); + s5p_set_aes(dev, dev->ctx->aes_key, iv, dev->ctx->keylen); s5p_set_dma_indata(dev, req->src); s5p_set_dma_outdata(dev, req->dst); Patches currently in stable-queue which might be from k.konieczny@xxxxxxxxxxxxxxxxxxx are queue-4.4/crypto-s5p-sss-fix-kernel-oops-in-aes-ecb-mode.patch