From: Tadeusz Struk <tadeusz.struk@intel.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH] crypto: aesni - fix failing setkey for rfc4106-gcm-aesni
Date: Thu, 25 Jun 2015 11:59:04 -0700 [thread overview]
Message-ID: <558C4F78.8020806@intel.com> (raw)
In-Reply-To: <20150625142525.GA10550@gondor.apana.org.au>
On 06/25/2015 07:25 AM, Herbert Xu wrote:
> On Wed, Jun 24, 2015 at 07:14:21AM -0700, Tadeusz Struk wrote:
>> rfc4106(gcm(aes)) uses cbc(aes) to generate hash key. cbc(aes) needs
>> chainiv, but the chainiv gets initialized after aesni_intel when both
>> are statically linked so the setkey fails.
>> This patch forces aesni_intel to be initialized after chainiv.
>>
>> Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
>
> Aha, this could indeed the explain the setkey error that Linus
> saw. Once the AEAD conversion is complete this would actually
> become unnecessary because seqiv for blkcipher would disappear.
Yes, after the conversion is finished we can revert this patch.
>
> Linus, could you confirm that you have AESNI built into the kernel
> and not as a module?
>
> However, this is still brittle because you have the same ordering
> issue with ctr. IOW aesni may be registered before ctr. In fact
> you don't actually need ctr here. You could just replace it with
> plain aes plus a xor.
So this will fix it for ctr too.
>
> That should be more robust as you can then just use aesni for the
> aes and you wouldn't depend on anything external to aesni.
>
> Could you make a patch for that Tadeusz?
I can start working on this after my vacation
next prev parent reply other threads:[~2015-06-25 18:59 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-24 14:14 [PATCH] crypto: aesni - fix failing setkey for rfc4106-gcm-aesni Tadeusz Struk
2015-06-25 14:25 ` Herbert Xu
2015-06-25 18:59 ` Tadeusz Struk [this message]
2015-06-25 23:37 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=558C4F78.8020806@intel.com \
--to=tadeusz.struk@intel.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.