Re: [PATCH] crypto: talitos - fix IPsec cipher in length

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 3/22/2018 12:04 PM, Christophe LEROY wrote:
> Le 16/03/2018 à 15:07, Horia Geantă a écrit :
>> On 3/16/2018 2:42 PM, Christophe LEROY wrote:
>>> Le 16/03/2018 à 09:48, Horia Geantă a écrit :
>>>> For SEC 2.x+, cipher in length must contain only the ciphertext length.
>>>> In case of using hardware ICV checking, the ICV length is provided via
>>>> the "extent" field of the descriptor pointer.
>>>>
>>>> Cc: <stable@xxxxxxxxxxxxxxx> # 4.8+
>>>> Fixes: 549bd8bc5987 ("crypto: talitos - Implement AEAD for SEC1 using HMAC_SNOOP_NO_AFEU")
>>>
>>> It looks like the issue comes more from commit fbb22137c4d9b ("crypto:
>>> talitos - fix use of sg_link_tbl_len"), doesn't it ?
>>>
>> No, the first commit that breaks IPsec for SEC 2.x+ is the one I mentioned.
> 
> Today without your patch, IPsec works well on my mpc8321E. It was broken
> by 549bd8bc5987 and fixed by fbb22137c4d9b.
> But it seems the fix is not complete as it doesn't work yet in your case.
> 
Ok, I checked closer.
It seems the "extent" field is required starting with SEC 3.x, that's why I am
seeing the failure (I am testing on P2020, P1022).
In your case it's working since MPC8321E has a SEC 2.x.

> I have proposed a v2 version of your patch which takes it into 
> talitos_sg_map() hence avoiding direct access to ptr[4] without using 
> the helpers.
> 
Thanks.

Horia




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux