Re: [PATCH] crypto: aesni - fix failing setkey for rfc4106-gcm-aesni

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jun 24, 2015 at 07:14:21AM -0700, Tadeusz Struk wrote:
> rfc4106(gcm(aes)) uses cbc(aes) to generate hash key. cbc(aes) needs
> chainiv, but the chainiv gets initialized after aesni_intel when both
> are statically linked so the setkey fails.
> This patch forces aesni_intel to be initialized after chainiv.
> 
> Signed-off-by: Tadeusz Struk <tadeusz.struk@xxxxxxxxx>

Aha, this could indeed the explain the setkey error that Linus
saw.  Once the AEAD conversion is complete this would actually
become unnecessary because seqiv for blkcipher would disappear.

Linus, could you confirm that you have AESNI built into the kernel
and not as a module?

However, this is still brittle because you have the same ordering
issue with ctr.  IOW aesni may be registered before ctr.  In fact
you don't actually need ctr here.  You could just replace it with
plain aes plus a xor.

That should be more robust as you can then just use aesni for the
aes and you wouldn't depend on anything external to aesni.

Could you make a patch for that Tadeusz?

Thanks!
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux