------- Comment From <email address hidden> 2020-02-07 03:29 EDT-------
The code is upstream available now ... with one exception (see below):
These are the available upstream commits:
888edbc48857 s390/pkey: Add support for key blob with clear key value
6f3196b74d64 s390/crypto: Rework on paes implementation
but you may want to pick these commits as a pre-requirement (in this sequence):
f9cac4fd8878 s390/pkey: fix memory leak within _copy_apqns_from_user()
8b57e7c852fc s390/pkey: use memdup_user() to simplify code
6733775a92ea s390/zcrypt: handle new reply code FILTERED_BY_HYPERVISOR
94dd3bada53e s390/zcrypt: Fix CCA cipher key gen with clear key value function
0c874cd04292 s390/zcrypt: move ap device reset from bus to driver code
One patch is missing which is the enable patch on the common code on crypto/testmgr.c. This patch is still in Herbert Xu's pipe and not upstream
accepted jet. Maybe a green light comes here within the next few days.
However, we need these patches as they are a pre requirement for LP1853303 "[20.04 FEAT] [SEC1811] Enhanced handling of secure keys and protected keys - kernel part"
The '6f3196b74d64 s390/crypto: Rework on paes implementation' patch does not apply cleanly. There are two ways to resolve this:
a) apply
d00c06398154 crypto: s390/paes - convert to skcipher API
674f368a952c crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN
before applying the the paes rework patch
b) use my reworked version of this paes rework patch. I'll attach this
version here.
------- Comment From <email address hidden> 2020-02-07 03:29 EDT-------
The code is upstream available now ... with one exception (see below):
These are the available upstream commits:
888edbc48857 s390/pkey: Add support for key blob with clear key value
6f3196b74d64 s390/crypto: Rework on paes implementation
but you may want to pick these commits as a pre-requirement (in this sequence):
f9cac4fd8878 s390/pkey: fix memory leak within _copy_apqns_ from_user( ) BY_HYPERVISOR
8b57e7c852fc s390/pkey: use memdup_user() to simplify code
6733775a92ea s390/zcrypt: handle new reply code FILTERED_
94dd3bada53e s390/zcrypt: Fix CCA cipher key gen with clear key value function
0c874cd04292 s390/zcrypt: move ap device reset from bus to driver code
One patch is missing which is the enable patch on the common code on crypto/testmgr.c. This patch is still in Herbert Xu's pipe and not upstream
accepted jet. Maybe a green light comes here within the next few days.
However, we need these patches as they are a pre requirement for LP1853303 "[20.04 FEAT] [SEC1811] Enhanced handling of secure keys and protected keys - kernel part"
The '6f3196b74d64 s390/crypto: Rework on paes implementation' patch does not apply cleanly. There are two ways to resolve this: TFM_RES_ BAD_KEY_ LEN
a) apply
d00c06398154 crypto: s390/paes - convert to skcipher API
674f368a952c crypto: remove CRYPTO_
before applying the the paes rework patch
b) use my reworked version of this paes rework patch. I'll attach this
version here.