[PATCH 22.11] crypto/ipsec_mb: fix incorrectly setting cipher keys

Luca Boccassi bluca at debian.org
Mon Apr 8 11:22:45 CEST 2024

Previous message (by thread): [PATCH 22.11] crypto/ipsec_mb: fix incorrectly setting cipher keys
Next message (by thread): [PATCH 22.11] crypto/ipsec_mb: fix incorrectly setting cipher keys
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 8 Apr 2024 at 08:17, Power, Ciara <ciara.power at intel.com> wrote:
>
> Hi Luca,
>
> > -----Original Message-----
> > From: Luca Boccassi <luca.boccassi at gmail.com>
> > Sent: Friday, April 5, 2024 3:44 PM
> > To: Power, Ciara <ciara.power at intel.com>
> > Cc: stable at dpdk.org; De Lara Guarch, Pablo <pablo.de.lara.guarch at intel.com>;
> > Ji, Kai <kai.ji at intel.com>
> > Subject: Re: [PATCH 22.11] crypto/ipsec_mb: fix incorrectly setting cipher keys
> >
> > On Fri, 5 Apr 2024 at 11:46, Ciara Power <ciara.power at intel.com> wrote:
> > >
> > > The encryption and decryption keys were incorrectly being reset based
> > > on authentication algorithm after already being set earlier in the
> > > code based on cipher algorithm.
> > > In cases when 3DES was used, the keys were being incorrectly
> > > overwritten.
> > >
> > > For CPU path, there is no need to have the keys set for XCBC and CMAC
> > > cases.
> > >
> > > Fixes: 010230a1543b ("crypto/aesni_mb: support Chacha20-Poly1305")
> > > Fixes: b0a37e8cd2ac ("crypto/ipsec_mb: fix cipher key setting")
> > > Fixes: a2c6d3f34f90 ("crypto/aesni_mb: support CPU crypto")
> > >
> > > Signed-off-by: Ciara Power <ciara.power at intel.com>
> > > ---
> > > Cc: pablo.de.lara.guarch at intel.com
> > > ---
> > >  drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 14 --------------
> > >  1 file changed, 14 deletions(-)
> >
> > I have already tagged rc1 - is this fixing a regression introduced in
> > rc1 itself? If not, how important is it, could it wait for the next release?
>
> No, it is fixing an issue that existed before 22.11 itself. I have also sent the fix for 21.11 LTS.
> The bug was reported by an external user as it caused seg faults for their algorithm use case, so the sooner the better for fix to be merged.
> Would it be suitable for merge in rc2?

I am not planning an rc2, but if you can confirm you have tested this
patch on top of rc1 on the affected platform then I can merge it for
the final release.

Previous message (by thread): [PATCH 22.11] crypto/ipsec_mb: fix incorrectly setting cipher keys
Next message (by thread): [PATCH 22.11] crypto/ipsec_mb: fix incorrectly setting cipher keys
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list