On Fri, 16 Aug 2019 at 04:02, Eric Biggers <ebiggers@xxxxxxxxxx> wrote: > > On Thu, Aug 15, 2019 at 10:08:00PM +1000, Herbert Xu wrote: > > On Fri, Aug 09, 2019 at 08:14:57PM +0300, Ard Biesheuvel wrote: > > > Add support for the missing ciphertext stealing part of the XTS-AES > > > specification, which permits inputs of any size >= the block size. > > > > > > Cc: Pascal van Leeuwen <pvanleeuwen@xxxxxxxxxxxxxx> > > > Cc: Ondrej Mosnacek <omosnace@xxxxxxxxxx> > > > Tested-by: Milan Broz <gmazyland@xxxxxxxxx> > > > Signed-off-by: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> > > > --- > > > v2: fix scatterlist issue in async handling > > > remove stale comment > > > > > > crypto/xts.c | 152 +++++++++++++++++--- > > > 1 file changed, 132 insertions(+), 20 deletions(-) > > > > Patch applied. Thanks. > > -- > > I'm confused why this was applied as-is, since there are no test vectors for > this added yet. Nor were any other XTS implementations updated yet, so now > users see inconsistent behavior, and all the XTS comparison fuzz tests fail. > What is the plan for addressing these? I had assumed that as much as possible > would be fixed up at once. > I have the ARM/arm64 changes mostly ready to go [0], but I haven't had the opportunity to test them on actual hardware yet (nor will I until the end of next month). This branch contains the test vectors as well, which check out against these implementations and the generic one (and Pascal's safexcel one), but obviously, we cannot merge those until all drivers are fixed. The fuzz tests failing transiently is not a huge deal, IMO, but we do need a deadline when we apply the test vectors. We'll need volunteers to fix the x86, powerpc and s390 code. My branch adds some helpers that could be useful here, but it really needs the attention of people who can understand the code and are able to test it. [0] https://git.kernel.org/pub/scm/linux/kernel/git/ardb/linux.git/log/?h=xts-cts