* [PATCH] crypto: caam - fix DKP detection logic @ 2019-05-03 12:05 Horia Geantă 2019-05-06 6:39 ` [v2 PATCH] " Herbert Xu 0 siblings, 1 reply; 8+ messages in thread From: Horia Geantă @ 2019-05-03 12:05 UTC (permalink / raw) To: Herbert Xu Cc: David S. Miller, Aymen Sghaier, linux-crypto, NXP Linux Team, Iuliana Prodan The detection whether DKP (Derived Key Protocol) is used relies on the setkey callback. Since "aead_setkey" was replaced in some cases with "des3_aead_setkey" (for 3DES weak key checking), the logic has to be updated - otherwise the DMA mapping direction is incorrect (leading to faults in case caam is behind an IOMMU). Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode") Signed-off-by: Horia Geantă <horia.geanta@nxp.com> --- This issue was noticed when testing with previously submitted IOMMU support: https://patchwork.kernel.org/project/linux-crypto/list/?series=110277&state=* drivers/crypto/caam/caamalg.c | 3 ++- drivers/crypto/caam/caamalg_qi.c | 3 ++- drivers/crypto/caam/caamalg_qi2.c | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c index 0030cee3e75d..015fca99d867 100644 --- a/drivers/crypto/caam/caamalg.c +++ b/drivers/crypto/caam/caamalg.c @@ -3418,7 +3418,8 @@ static int caam_aead_init(struct crypto_aead *tfm) struct caam_ctx *ctx = crypto_aead_ctx(tfm); return caam_init_common(ctx, &caam_alg->caam, - alg->setkey == aead_setkey); + alg->setkey == aead_setkey || + alg->setkey == des3_aead_setkey); } static void caam_exit_common(struct caam_ctx *ctx) diff --git a/drivers/crypto/caam/caamalg_qi.c b/drivers/crypto/caam/caamalg_qi.c index 70af211d2d01..4d98f5664d3e 100644 --- a/drivers/crypto/caam/caamalg_qi.c +++ b/drivers/crypto/caam/caamalg_qi.c @@ -2434,7 +2434,8 @@ static int caam_aead_init(struct crypto_aead *tfm) struct caam_ctx *ctx = crypto_aead_ctx(tfm); return caam_init_common(ctx, &caam_alg->caam, - alg->setkey == aead_setkey); + alg->setkey == aead_setkey || + alg->setkey == des3_aead_setkey); } static void caam_exit_common(struct caam_ctx *ctx) diff --git a/drivers/crypto/caam/caamalg_qi2.c b/drivers/crypto/caam/caamalg_qi2.c index 33a4df6b81de..5977e615ff10 100644 --- a/drivers/crypto/caam/caamalg_qi2.c +++ b/drivers/crypto/caam/caamalg_qi2.c @@ -1480,7 +1480,8 @@ static int caam_cra_init_aead(struct crypto_aead *tfm) crypto_aead_set_reqsize(tfm, sizeof(struct caam_request)); return caam_cra_init(crypto_aead_ctx(tfm), &caam_alg->caam, - alg->setkey == aead_setkey); + alg->setkey == aead_setkey || + alg->setkey == des3_aead_setkey); } static void caam_exit_common(struct caam_ctx *ctx) -- 2.17.1 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* [v2 PATCH] crypto: caam - fix DKP detection logic 2019-05-03 12:05 [PATCH] crypto: caam - fix DKP detection logic Horia Geantă @ 2019-05-06 6:39 ` Herbert Xu 2019-05-06 8:06 ` Horia Geanta 0 siblings, 1 reply; 8+ messages in thread From: Herbert Xu @ 2019-05-06 6:39 UTC (permalink / raw) To: Horia Geantă Cc: David S. Miller, Aymen Sghaier, linux-crypto, NXP Linux Team, Iuliana Prodan On Fri, May 03, 2019 at 03:05:48PM +0300, Horia Geantă wrote: > The detection whether DKP (Derived Key Protocol) is used relies on > the setkey callback. > Since "aead_setkey" was replaced in some cases with "des3_aead_setkey" > (for 3DES weak key checking), the logic has to be updated - otherwise > the DMA mapping direction is incorrect (leading to faults in case caam > is behind an IOMMU). > > Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode") > Signed-off-by: Horia Geantă <horia.geanta@nxp.com> > --- > > This issue was noticed when testing with previously submitted IOMMU support: > https://patchwork.kernel.org/project/linux-crypto/list/?series=110277&state=* Thanks for catching this Horia! My preference would be to encode this logic separately rather than relying on the setkey test. How about this patch? ---8<--- The detection for DKP (Derived Key Protocol) relied on the value of the setkey function. This was broken by the recent change which added des3_aead_setkey. This patch fixes this by introducing a new flag for DKP and setting that where needed. Reported-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c index 3e23d4b2cce2..c0ece44f303b 100644 --- a/drivers/crypto/caam/caamalg.c +++ b/drivers/crypto/caam/caamalg.c @@ -89,6 +89,7 @@ struct caam_alg_entry { int class2_alg_type; bool rfc3686; bool geniv; + bool nodkp; }; struct caam_aead_alg { @@ -2052,6 +2053,7 @@ static struct caam_aead_alg driver_aeads[] = { }, .caam = { .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, + .nodkp = true, }, }, { @@ -2070,6 +2072,7 @@ static struct caam_aead_alg driver_aeads[] = { }, .caam = { .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, + .nodkp = true, }, }, /* Galois Counter Mode */ @@ -2089,6 +2092,7 @@ static struct caam_aead_alg driver_aeads[] = { }, .caam = { .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, + .nodkp = true, }, }, /* single-pass ipsec_esp descriptor */ @@ -3334,6 +3338,7 @@ static struct caam_aead_alg driver_aeads[] = { OP_ALG_AAI_AEAD, .class2_alg_type = OP_ALG_ALGSEL_POLY1305 | OP_ALG_AAI_AEAD, + .nodkp = true, }, }, { @@ -3356,6 +3361,7 @@ static struct caam_aead_alg driver_aeads[] = { OP_ALG_AAI_AEAD, .class2_alg_type = OP_ALG_ALGSEL_POLY1305 | OP_ALG_AAI_AEAD, + .nodkp = true, }, }, }; @@ -3417,8 +3423,7 @@ static int caam_aead_init(struct crypto_aead *tfm) container_of(alg, struct caam_aead_alg, aead); struct caam_ctx *ctx = crypto_aead_ctx(tfm); - return caam_init_common(ctx, &caam_alg->caam, - alg->setkey == aead_setkey); + return caam_init_common(ctx, &caam_alg->caam, !caam_alg->caam.nodkp); } static void caam_exit_common(struct caam_ctx *ctx) diff --git a/drivers/crypto/caam/caamalg_qi.c b/drivers/crypto/caam/caamalg_qi.c index 70af211d2d01..d290d6b41825 100644 --- a/drivers/crypto/caam/caamalg_qi.c +++ b/drivers/crypto/caam/caamalg_qi.c @@ -36,6 +36,7 @@ struct caam_alg_entry { int class2_alg_type; bool rfc3686; bool geniv; + bool nodkp; }; struct caam_aead_alg { @@ -1523,6 +1524,7 @@ static struct caam_aead_alg driver_aeads[] = { }, .caam = { .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, + .nodkp = true, }, }, { @@ -1541,6 +1543,7 @@ static struct caam_aead_alg driver_aeads[] = { }, .caam = { .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, + .nodkp = true, }, }, /* Galois Counter Mode */ @@ -1560,6 +1563,7 @@ static struct caam_aead_alg driver_aeads[] = { }, .caam = { .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, + .nodkp = true, } }, /* single-pass ipsec_esp descriptor */ @@ -2433,8 +2437,7 @@ static int caam_aead_init(struct crypto_aead *tfm) aead); struct caam_ctx *ctx = crypto_aead_ctx(tfm); - return caam_init_common(ctx, &caam_alg->caam, - alg->setkey == aead_setkey); + return caam_init_common(ctx, &caam_alg->caam, !caam_alg->caam.nodkp); } static void caam_exit_common(struct caam_ctx *ctx) diff --git a/drivers/crypto/caam/caamalg_qi2.c b/drivers/crypto/caam/caamalg_qi2.c index 33a4df6b81de..2b2980a8a9b9 100644 --- a/drivers/crypto/caam/caamalg_qi2.c +++ b/drivers/crypto/caam/caamalg_qi2.c @@ -42,6 +42,7 @@ struct caam_alg_entry { int class2_alg_type; bool rfc3686; bool geniv; + bool nodkp; }; struct caam_aead_alg { @@ -1480,7 +1481,7 @@ static int caam_cra_init_aead(struct crypto_aead *tfm) crypto_aead_set_reqsize(tfm, sizeof(struct caam_request)); return caam_cra_init(crypto_aead_ctx(tfm), &caam_alg->caam, - alg->setkey == aead_setkey); + !caam_alg->caam.nodkp); } static void caam_exit_common(struct caam_ctx *ctx) @@ -1641,6 +1642,7 @@ static struct caam_aead_alg driver_aeads[] = { }, .caam = { .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, + .nodkp = true, }, }, { @@ -1659,6 +1661,7 @@ static struct caam_aead_alg driver_aeads[] = { }, .caam = { .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, + .nodkp = true, }, }, /* Galois Counter Mode */ @@ -1678,6 +1681,7 @@ static struct caam_aead_alg driver_aeads[] = { }, .caam = { .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, + .nodkp = true, } }, /* single-pass ipsec_esp descriptor */ @@ -2755,6 +2759,7 @@ static struct caam_aead_alg driver_aeads[] = { OP_ALG_AAI_AEAD, .class2_alg_type = OP_ALG_ALGSEL_POLY1305 | OP_ALG_AAI_AEAD, + .nodkp = true, }, }, { @@ -2777,6 +2782,7 @@ static struct caam_aead_alg driver_aeads[] = { OP_ALG_AAI_AEAD, .class2_alg_type = OP_ALG_ALGSEL_POLY1305 | OP_ALG_AAI_AEAD, + .nodkp = true, }, }, { -- Email: Herbert Xu <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [v2 PATCH] crypto: caam - fix DKP detection logic 2019-05-06 6:39 ` [v2 PATCH] " Herbert Xu @ 2019-05-06 8:06 ` Horia Geanta 2019-05-30 11:36 ` Horia Geanta 0 siblings, 1 reply; 8+ messages in thread From: Horia Geanta @ 2019-05-06 8:06 UTC (permalink / raw) To: Herbert Xu Cc: David S. Miller, Aymen Sghaier, linux-crypto, dl-linux-imx, Iuliana Prodan On 5/6/2019 9:40 AM, Herbert Xu wrote: > On Fri, May 03, 2019 at 03:05:48PM +0300, Horia Geantă wrote: >> The detection whether DKP (Derived Key Protocol) is used relies on >> the setkey callback. >> Since "aead_setkey" was replaced in some cases with "des3_aead_setkey" >> (for 3DES weak key checking), the logic has to be updated - otherwise >> the DMA mapping direction is incorrect (leading to faults in case caam >> is behind an IOMMU). >> >> Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode") >> Signed-off-by: Horia Geantă <horia.geanta@nxp.com> >> --- >> >> This issue was noticed when testing with previously submitted IOMMU support: >> https://patchwork.kernel.org/project/linux-crypto/list/?series=110277&state=* > > Thanks for catching this Horia! > > My preference would be to encode this logic separately rather than > relying on the setkey test. How about this patch? > This is probably more reliable. > ---8<--- > The detection for DKP (Derived Key Protocol) relied on the value > of the setkey function. This was broken by the recent change which > added des3_aead_setkey. > > This patch fixes this by introducing a new flag for DKP and setting > that where needed. > > Reported-by: Horia Geantă <horia.geanta@nxp.com> > Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Tested-by: Horia Geantă <horia.geanta@nxp.com> Thanks, Horia ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [v2 PATCH] crypto: caam - fix DKP detection logic 2019-05-06 8:06 ` Horia Geanta @ 2019-05-30 11:36 ` Horia Geanta 2019-06-03 7:52 ` Greg Kroah-Hartman 0 siblings, 1 reply; 8+ messages in thread From: Horia Geanta @ 2019-05-30 11:36 UTC (permalink / raw) To: Herbert Xu, Greg Kroah-Hartman Cc: David S. Miller, Aymen Sghaier, linux-crypto, dl-linux-imx, Iuliana Prodan, Valentin Ciocoi Radulescu, stable On 5/6/2019 11:06 AM, Horia Geanta wrote: > On 5/6/2019 9:40 AM, Herbert Xu wrote: >> On Fri, May 03, 2019 at 03:05:48PM +0300, Horia Geantă wrote: >>> The detection whether DKP (Derived Key Protocol) is used relies on >>> the setkey callback. >>> Since "aead_setkey" was replaced in some cases with "des3_aead_setkey" >>> (for 3DES weak key checking), the logic has to be updated - otherwise >>> the DMA mapping direction is incorrect (leading to faults in case caam >>> is behind an IOMMU). >>> >>> Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode") >>> Signed-off-by: Horia Geantă <horia.geanta@nxp.com> >>> --- >>> >>> This issue was noticed when testing with previously submitted IOMMU support: >>> https://patchwork.kernel.org/project/linux-crypto/list/?series=110277&state=* >> >> Thanks for catching this Horia! >> >> My preference would be to encode this logic separately rather than >> relying on the setkey test. How about this patch? >> > This is probably more reliable. > >> ---8<--- >> The detection for DKP (Derived Key Protocol) relied on the value >> of the setkey function. This was broken by the recent change which >> added des3_aead_setkey. >> >> This patch fixes this by introducing a new flag for DKP and setting >> that where needed. >> >> Reported-by: Horia Geantă <horia.geanta@nxp.com> >> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> > Tested-by: Horia Geantă <horia.geanta@nxp.com> > Unfortunately the commit message dropped the tag provided in v1: Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode") This fix was merged in v5.2-rc1 (commit 24586b5feaf17ecf85ae6259fe3ea7815dee432d upstream) but should also be queued up for 5.1.y. Thanks, Horia ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [v2 PATCH] crypto: caam - fix DKP detection logic 2019-05-30 11:36 ` Horia Geanta @ 2019-06-03 7:52 ` Greg Kroah-Hartman 2019-06-03 8:10 ` Horia Geanta 0 siblings, 1 reply; 8+ messages in thread From: Greg Kroah-Hartman @ 2019-06-03 7:52 UTC (permalink / raw) To: Horia Geanta Cc: Herbert Xu, David S. Miller, Aymen Sghaier, linux-crypto, dl-linux-imx, Iuliana Prodan, Valentin Ciocoi Radulescu, stable On Thu, May 30, 2019 at 11:36:25AM +0000, Horia Geanta wrote: > On 5/6/2019 11:06 AM, Horia Geanta wrote: > > On 5/6/2019 9:40 AM, Herbert Xu wrote: > >> On Fri, May 03, 2019 at 03:05:48PM +0300, Horia Geantă wrote: > >>> The detection whether DKP (Derived Key Protocol) is used relies on > >>> the setkey callback. > >>> Since "aead_setkey" was replaced in some cases with "des3_aead_setkey" > >>> (for 3DES weak key checking), the logic has to be updated - otherwise > >>> the DMA mapping direction is incorrect (leading to faults in case caam > >>> is behind an IOMMU). > >>> > >>> Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode") > >>> Signed-off-by: Horia Geantă <horia.geanta@nxp.com> > >>> --- > >>> > >>> This issue was noticed when testing with previously submitted IOMMU support: > >>> https://patchwork.kernel.org/project/linux-crypto/list/?series=110277&state=* > >> > >> Thanks for catching this Horia! > >> > >> My preference would be to encode this logic separately rather than > >> relying on the setkey test. How about this patch? > >> > > This is probably more reliable. > > > >> ---8<--- > >> The detection for DKP (Derived Key Protocol) relied on the value > >> of the setkey function. This was broken by the recent change which > >> added des3_aead_setkey. > >> > >> This patch fixes this by introducing a new flag for DKP and setting > >> that where needed. > >> > >> Reported-by: Horia Geantă <horia.geanta@nxp.com> > >> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> > > Tested-by: Horia Geantă <horia.geanta@nxp.com> > > > Unfortunately the commit message dropped the tag provided in v1: > Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode") > > This fix was merged in v5.2-rc1 (commit 24586b5feaf17ecf85ae6259fe3ea7815dee432d > upstream) but should also be queued up for 5.1.y. I do not understand, sorry. What exact patches need to be applied to 5.1.y? thanks, greg k-h ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [v2 PATCH] crypto: caam - fix DKP detection logic 2019-06-03 7:52 ` Greg Kroah-Hartman @ 2019-06-03 8:10 ` Horia Geanta 2019-06-03 8:42 ` Greg Kroah-Hartman 0 siblings, 1 reply; 8+ messages in thread From: Horia Geanta @ 2019-06-03 8:10 UTC (permalink / raw) To: Greg Kroah-Hartman Cc: Herbert Xu, David S. Miller, Aymen Sghaier, linux-crypto, dl-linux-imx, Iuliana Prodan, Valentin Ciocoi Radulescu, stable On 6/3/2019 10:52 AM, Greg Kroah-Hartman wrote: > On Thu, May 30, 2019 at 11:36:25AM +0000, Horia Geanta wrote: >> On 5/6/2019 11:06 AM, Horia Geanta wrote: >>> On 5/6/2019 9:40 AM, Herbert Xu wrote: >>>> On Fri, May 03, 2019 at 03:05:48PM +0300, Horia Geantă wrote: >>>>> The detection whether DKP (Derived Key Protocol) is used relies on >>>>> the setkey callback. >>>>> Since "aead_setkey" was replaced in some cases with "des3_aead_setkey" >>>>> (for 3DES weak key checking), the logic has to be updated - otherwise >>>>> the DMA mapping direction is incorrect (leading to faults in case caam >>>>> is behind an IOMMU). >>>>> >>>>> Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode") >>>>> Signed-off-by: Horia Geantă <horia.geanta@nxp.com> >>>>> --- >>>>> >>>>> This issue was noticed when testing with previously submitted IOMMU support: >>>>> https://patchwork.kernel.org/project/linux-crypto/list/?series=110277&state=* >>>> >>>> Thanks for catching this Horia! >>>> >>>> My preference would be to encode this logic separately rather than >>>> relying on the setkey test. How about this patch? >>>> >>> This is probably more reliable. >>> >>>> ---8<--- >>>> The detection for DKP (Derived Key Protocol) relied on the value >>>> of the setkey function. This was broken by the recent change which >>>> added des3_aead_setkey. >>>> >>>> This patch fixes this by introducing a new flag for DKP and setting >>>> that where needed. >>>> >>>> Reported-by: Horia Geantă <horia.geanta@nxp.com> >>>> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> >>> Tested-by: Horia Geantă <horia.geanta@nxp.com> >>> >> Unfortunately the commit message dropped the tag provided in v1: >> Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode") >> >> This fix was merged in v5.2-rc1 (commit 24586b5feaf17ecf85ae6259fe3ea7815dee432d >> upstream) but should also be queued up for 5.1.y. > > I do not understand, sorry. What exact patches need to be applied to > 5.1.y? > Commit 24586b5feaf1 ("crypto: caam - fix DKP detection logic"). Thanks, Horia ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [v2 PATCH] crypto: caam - fix DKP detection logic 2019-06-03 8:10 ` Horia Geanta @ 2019-06-03 8:42 ` Greg Kroah-Hartman 2019-06-03 12:07 ` Horia Geanta 0 siblings, 1 reply; 8+ messages in thread From: Greg Kroah-Hartman @ 2019-06-03 8:42 UTC (permalink / raw) To: Horia Geanta Cc: Herbert Xu, David S. Miller, Aymen Sghaier, linux-crypto, dl-linux-imx, Iuliana Prodan, Valentin Ciocoi Radulescu, stable On Mon, Jun 03, 2019 at 08:10:15AM +0000, Horia Geanta wrote: > On 6/3/2019 10:52 AM, Greg Kroah-Hartman wrote: > > On Thu, May 30, 2019 at 11:36:25AM +0000, Horia Geanta wrote: > >> On 5/6/2019 11:06 AM, Horia Geanta wrote: > >>> On 5/6/2019 9:40 AM, Herbert Xu wrote: > >>>> On Fri, May 03, 2019 at 03:05:48PM +0300, Horia Geantă wrote: > >>>>> The detection whether DKP (Derived Key Protocol) is used relies on > >>>>> the setkey callback. > >>>>> Since "aead_setkey" was replaced in some cases with "des3_aead_setkey" > >>>>> (for 3DES weak key checking), the logic has to be updated - otherwise > >>>>> the DMA mapping direction is incorrect (leading to faults in case caam > >>>>> is behind an IOMMU). > >>>>> > >>>>> Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode") > >>>>> Signed-off-by: Horia Geantă <horia.geanta@nxp.com> > >>>>> --- > >>>>> > >>>>> This issue was noticed when testing with previously submitted IOMMU support: > >>>>> https://patchwork.kernel.org/project/linux-crypto/list/?series=110277&state=* > >>>> > >>>> Thanks for catching this Horia! > >>>> > >>>> My preference would be to encode this logic separately rather than > >>>> relying on the setkey test. How about this patch? > >>>> > >>> This is probably more reliable. > >>> > >>>> ---8<--- > >>>> The detection for DKP (Derived Key Protocol) relied on the value > >>>> of the setkey function. This was broken by the recent change which > >>>> added des3_aead_setkey. > >>>> > >>>> This patch fixes this by introducing a new flag for DKP and setting > >>>> that where needed. > >>>> > >>>> Reported-by: Horia Geantă <horia.geanta@nxp.com> > >>>> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> > >>> Tested-by: Horia Geantă <horia.geanta@nxp.com> > >>> > >> Unfortunately the commit message dropped the tag provided in v1: > >> Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode") > >> > >> This fix was merged in v5.2-rc1 (commit 24586b5feaf17ecf85ae6259fe3ea7815dee432d > >> upstream) but should also be queued up for 5.1.y. > > > > I do not understand, sorry. What exact patches need to be applied to > > 5.1.y? > > > Commit 24586b5feaf1 ("crypto: caam - fix DKP detection logic"). But that commit says: Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode") which is only contained in 5.2-rc1, so why would I want to apply the first one to 5.1.y? Still confused, greg k-h ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [v2 PATCH] crypto: caam - fix DKP detection logic 2019-06-03 8:42 ` Greg Kroah-Hartman @ 2019-06-03 12:07 ` Horia Geanta 0 siblings, 0 replies; 8+ messages in thread From: Horia Geanta @ 2019-06-03 12:07 UTC (permalink / raw) To: Greg Kroah-Hartman Cc: Herbert Xu, David S. Miller, Aymen Sghaier, linux-crypto, dl-linux-imx, Iuliana Prodan, Valentin Ciocoi Radulescu, stable On 6/3/2019 11:43 AM, Greg Kroah-Hartman wrote: > On Mon, Jun 03, 2019 at 08:10:15AM +0000, Horia Geanta wrote: >> On 6/3/2019 10:52 AM, Greg Kroah-Hartman wrote: >>> On Thu, May 30, 2019 at 11:36:25AM +0000, Horia Geanta wrote: >>>> On 5/6/2019 11:06 AM, Horia Geanta wrote: >>>>> On 5/6/2019 9:40 AM, Herbert Xu wrote: >>>>>> On Fri, May 03, 2019 at 03:05:48PM +0300, Horia Geantă wrote: >>>>>>> The detection whether DKP (Derived Key Protocol) is used relies on >>>>>>> the setkey callback. >>>>>>> Since "aead_setkey" was replaced in some cases with "des3_aead_setkey" >>>>>>> (for 3DES weak key checking), the logic has to be updated - otherwise >>>>>>> the DMA mapping direction is incorrect (leading to faults in case caam >>>>>>> is behind an IOMMU). >>>>>>> >>>>>>> Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode") >>>>>>> Signed-off-by: Horia Geantă <horia.geanta@nxp.com> >>>>>>> --- >>>>>>> >>>>>>> This issue was noticed when testing with previously submitted IOMMU support: >>>>>>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatchwork.kernel.org%2Fproject%2Flinux-crypto%2Flist%2F%3Fseries%3D110277%26state%3D*&data=02%7C01%7Choria.geanta%40nxp.com%7C0531d21296e1471cd12708d6e7ff7ed1%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C636951481867509241&sdata=vpeK41WQcINZTn4REHwk1Zgh5kIwPJNqiB75sT3ABV0%3D&reserved=0 >>>>>> >>>>>> Thanks for catching this Horia! >>>>>> >>>>>> My preference would be to encode this logic separately rather than >>>>>> relying on the setkey test. How about this patch? >>>>>> >>>>> This is probably more reliable. >>>>> >>>>>> ---8<--- >>>>>> The detection for DKP (Derived Key Protocol) relied on the value >>>>>> of the setkey function. This was broken by the recent change which >>>>>> added des3_aead_setkey. >>>>>> >>>>>> This patch fixes this by introducing a new flag for DKP and setting >>>>>> that where needed. >>>>>> >>>>>> Reported-by: Horia Geantă <horia.geanta@nxp.com> >>>>>> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> >>>>> Tested-by: Horia Geantă <horia.geanta@nxp.com> >>>>> >>>> Unfortunately the commit message dropped the tag provided in v1: >>>> Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode") >>>> >>>> This fix was merged in v5.2-rc1 (commit 24586b5feaf17ecf85ae6259fe3ea7815dee432d >>>> upstream) but should also be queued up for 5.1.y. >>> >>> I do not understand, sorry. What exact patches need to be applied to >>> 5.1.y? >>> >> Commit 24586b5feaf1 ("crypto: caam - fix DKP detection logic"). > > But that commit says: > Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode") > which is only contained in 5.2-rc1, so why would I want to apply the > first one to 5.1.y? > Sorry, my bad. I've looked at the failing kernel version: 5.1.0-09365-g8ea5b2abd07e and seeing that commit 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode") is in the tree, concluded it was delivered in 5.1 and would need the fix. Please disregard the request. Thanks, Horia ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2019-06-03 12:07 UTC | newest] Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-05-03 12:05 [PATCH] crypto: caam - fix DKP detection logic Horia Geantă 2019-05-06 6:39 ` [v2 PATCH] " Herbert Xu 2019-05-06 8:06 ` Horia Geanta 2019-05-30 11:36 ` Horia Geanta 2019-06-03 7:52 ` Greg Kroah-Hartman 2019-06-03 8:10 ` Horia Geanta 2019-06-03 8:42 ` Greg Kroah-Hartman 2019-06-03 12:07 ` Horia Geanta
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.