Re: crypto: skcipher - Use eseqiv even on UP machines

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Steffen Klassert <steffen.klassert@xxxxxxxxxxx>
Date: Fri, 25 Oct 2013 08:50:49 +0200

> On Thu, Oct 24, 2013 at 08:41:49PM +0800, Herbert Xu wrote:
>> Hi:
>>     
>> Previously we would use eseqiv on all async ciphers in all cases,
>> and sync ciphers if we have more than one CPU.  This meant that
>> chainiv is only used in the case of sync ciphers on a UP machine.
>> 
>> As chainiv may aid attackers by making the IV predictable, even
>> though this risk itself is small, the above usage pattern causes
>> it to further leak information about the host.
>> 
>> This patch addresses these issues by using eseqiv even if we're
>> on a UP machine.
>> 
>> Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
>> 
> 
> That's fine by me.
> 
> Acked-by: Steffen Klassert <steffen.klassert@xxxxxxxxxxx>

I'm ok with this too:

Acked-by: David S. Miller <davem@xxxxxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux