[SRU][B][C][D][Patch 0/1] s390/crypto: fix gcm-aes-s390 selftest failures (LP: 1832623)

[frank.heimes at canonical.com]

Buglink: https://bugs.launchpad.net/bugs/1832623

SRU Justification:

[Impact]

* Wrong encryption/decryption with gcm-aes-s390 on z14.

* gcm-aes-s390 does not process scatter-gather input and output lists correctly if list entries of sizes being not multiples of the blocksize (16 bytes) are used, which results in wrong calculations.

[Fix]

* bef9f0ba300a55d79a69aa172156072182176515 bef9f0b "s390/crypto: fix gcm-aes-s390 selftest failures"

[Test Case]

* z14 with kernel >= 5.1 needed

* If disabled, enable the crypto self tests.

* Monitor syslog during modprobe of the aes_s390 kernel module. As this module usually gets automatically inserted during system startup you may need to unload the aes_s390 kernel module before re-inserting it.

* Without the fix a message like "kernel: alg: aead: gcm-aes-s390 encryption test failed (wrong result) on test vector 1,..." will show up.

* With the fix, all selftests will pass and nothing is reported in syslog.

[Regression Potential] 

* The regression potential can be considered as low since this is purely s390x specific

* affects one mode of the hardware crypto facility CPACF

* and happens only on z14 (since z14 is the only model that currently supports the gcm-aes-s390 mode).

* Applications using aes-gcm via the AF_ALG interface are not affected since this API ensures scatter/gather list entries with chunk sizes in multiples of 16 bytes.

* Changes are limited to a single s390x crypto file /arch/s390/crypto/aes_s390.c

[Other Info]

* Problem was found during tests at IBM and is a so called 'preventive fix'

* Since this affects z14 only, final test need to be done by IBM.

* Applied cleanly for me on bionic master-next.

Harald Freudenberger (1):
  From: Harald Freudenberger <freude at linux.ibm.com>

 arch/s390/crypto/aes_s390.c | 148 ++++++++++++++++++++++++++++++++------------
 1 file changed, 107 insertions(+), 41 deletions(-)

-- 
2.7.4