lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 30 May 2019 17:17:38 +0200
From:   Ard Biesheuvel <ard.biesheuvel@...aro.org>
To:     Herbert Xu <herbert@...dor.apana.org.au>
Cc:     Iuliana Prodan <iuliana.prodan@....com>,
        Eric Biggers <ebiggers@...nel.org>,
        "David S. Miller" <davem@...emloft.net>,
        Horia Geanta <horia.geanta@....com>,
        Sascha Hauer <s.hauer@...gutronix.de>,
        "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" 
        <linux-crypto@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        dl-linux-imx <linux-imx@....com>
Subject: Re: [PATCH] crypto: gcm - fix cacheline sharing

On Thu, 30 May 2019 at 17:13, Herbert Xu <herbert@...dor.apana.org.au> wrote:
>
> On Thu, May 30, 2019 at 05:10:06PM +0200, Ard Biesheuvel wrote:
> >
> > Are there any generic templates relying on this for other algos than CBC?
>
> algif_skcipher relies on this.
>

I see.

In any case, that one line patch would still make things substantially
better, given that the output IV is already wrong for all algorithms
except CBC anyway, but with the patch applied, at least it no longer
corrupts the decrypted plaintext when using GCM or CCM.

Powered by blists - more mailing lists