From: Herbert Xu Subject: Re: [PATCH] crypto: aesni - fix "by8" variant for 128 bit keys Date: Mon, 5 Jan 2015 21:36:55 +1100 Message-ID: <20150105103655.GB25200@gondor.apana.org.au> References: <1419976254-30208-1-git-send-email-minipli@googlemail.com> <54A57F02.1020502@openvpn.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Mathias Krause , "David S. Miller" , linux-crypto@vger.kernel.org, Romain Francoise , Chandramouli Narayanan To: James Yonan Return-path: Received: from helcar.apana.org.au ([209.40.204.226]:33304 "EHLO helcar.apana.org.au" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751511AbbAEKhK (ORCPT ); Mon, 5 Jan 2015 05:37:10 -0500 Content-Disposition: inline In-Reply-To: <54A57F02.1020502@openvpn.net> Sender: linux-crypto-owner@vger.kernel.org List-ID: On Thu, Jan 01, 2015 at 10:08:18AM -0700, James Yonan wrote: > On 30/12/2014 14:50, Mathias Krause wrote: > >The "by8" counter mode optimization is broken for 128 bit keys with > >input data longer than 128 bytes. It uses the wrong key material for > >en- and decryption. > > > >The key registers xkey0, xkey4, xkey8 and xkey12 need to be preserved > >in case we're handling more than 128 bytes of input data -- they won't > >get reloaded after the initial load. They must therefore be (a) loaded > >on the first iteration and (b) be preserved for the latter ones. The > >implementation for 128 bit keys does not comply with (a) nor (b). > > > >Fix this by bringing the implementation back to its original source > >and correctly load the key registers and preserve their values by > >*not* re-using the registers for other purposes. > > > >Kudos to James for reporting the issue and providing a test case > >showing the discrepancies. > > > >Reported-by: James Yonan > >Cc: Chandramouli Narayanan > >Cc: # v3.18 > >Signed-off-by: Mathias Krause > > This looks great, fixes the issue on 3.18.1 for all of our use cases. > > Thanks to Mathias for putting this together. Patch applied to crypto. Thanks a lot! -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt