From: Horia Geanta <horia.geanta@nxp.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
Aymen Sghaier <aymen.sghaier@nxp.com>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
dl-linux-imx <linux-imx@nxp.com>,
Iuliana Prodan <iuliana.prodan@nxp.com>,
Valentin Ciocoi Radulescu <valentin.ciocoi@nxp.com>,
"stable@vger.kernel.org" <stable@vger.kernel.org>
Subject: Re: [v2 PATCH] crypto: caam - fix DKP detection logic
Date: Mon, 3 Jun 2019 08:10:15 +0000 [thread overview]
Message-ID: <VI1PR0402MB3485DFE0BB41351836D4BF3598140@VI1PR0402MB3485.eurprd04.prod.outlook.com> (raw)
In-Reply-To: 20190603075215.GA7814@kroah.com
On 6/3/2019 10:52 AM, Greg Kroah-Hartman wrote:
> On Thu, May 30, 2019 at 11:36:25AM +0000, Horia Geanta wrote:
>> On 5/6/2019 11:06 AM, Horia Geanta wrote:
>>> On 5/6/2019 9:40 AM, Herbert Xu wrote:
>>>> On Fri, May 03, 2019 at 03:05:48PM +0300, Horia Geantă wrote:
>>>>> The detection whether DKP (Derived Key Protocol) is used relies on
>>>>> the setkey callback.
>>>>> Since "aead_setkey" was replaced in some cases with "des3_aead_setkey"
>>>>> (for 3DES weak key checking), the logic has to be updated - otherwise
>>>>> the DMA mapping direction is incorrect (leading to faults in case caam
>>>>> is behind an IOMMU).
>>>>>
>>>>> Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode")
>>>>> Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
>>>>> ---
>>>>>
>>>>> This issue was noticed when testing with previously submitted IOMMU support:
>>>>> https://patchwork.kernel.org/project/linux-crypto/list/?series=110277&state=*
>>>>
>>>> Thanks for catching this Horia!
>>>>
>>>> My preference would be to encode this logic separately rather than
>>>> relying on the setkey test. How about this patch?
>>>>
>>> This is probably more reliable.
>>>
>>>> ---8<---
>>>> The detection for DKP (Derived Key Protocol) relied on the value
>>>> of the setkey function. This was broken by the recent change which
>>>> added des3_aead_setkey.
>>>>
>>>> This patch fixes this by introducing a new flag for DKP and setting
>>>> that where needed.
>>>>
>>>> Reported-by: Horia Geantă <horia.geanta@nxp.com>
>>>> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
>>> Tested-by: Horia Geantă <horia.geanta@nxp.com>
>>>
>> Unfortunately the commit message dropped the tag provided in v1:
>> Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode")
>>
>> This fix was merged in v5.2-rc1 (commit 24586b5feaf17ecf85ae6259fe3ea7815dee432d
>> upstream) but should also be queued up for 5.1.y.
>
> I do not understand, sorry. What exact patches need to be applied to
> 5.1.y?
>
Commit 24586b5feaf1 ("crypto: caam - fix DKP detection logic").
Thanks,
Horia
next prev parent reply other threads:[~2019-06-03 8:10 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-03 12:05 [PATCH] crypto: caam - fix DKP detection logic Horia Geantă
2019-05-06 6:39 ` [v2 PATCH] " Herbert Xu
2019-05-06 8:06 ` Horia Geanta
2019-05-30 11:36 ` Horia Geanta
2019-06-03 7:52 ` Greg Kroah-Hartman
2019-06-03 8:10 ` Horia Geanta [this message]
2019-06-03 8:42 ` Greg Kroah-Hartman
2019-06-03 12:07 ` Horia Geanta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=VI1PR0402MB3485DFE0BB41351836D4BF3598140@VI1PR0402MB3485.eurprd04.prod.outlook.com \
--to=horia.geanta@nxp.com \
--cc=aymen.sghaier@nxp.com \
--cc=davem@davemloft.net \
--cc=gregkh@linuxfoundation.org \
--cc=herbert@gondor.apana.org.au \
--cc=iuliana.prodan@nxp.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-imx@nxp.com \
--cc=stable@vger.kernel.org \
--cc=valentin.ciocoi@nxp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.