lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <f4d355cc-66c0-1757-4a9b-781db451cfbc@oss.nxp.com>
Date:   Wed, 4 Oct 2023 21:30:24 +0300
From:   "Radu Pirea (OSS)" <radu-nicolae.pirea@....nxp.com>
To:     Sabrina Dubroca <sd@...asysnail.net>
Cc:     sgoutham@...vell.com, gakula@...vell.com, sbhatta@...vell.com,
        hkelam@...vell.com, davem@...emloft.net, edumazet@...gle.com,
        kuba@...nel.org, pabeni@...hat.com, borisp@...dia.com,
        saeedm@...dia.com, leon@...nel.org, andrew@...n.ch,
        hkallweit1@...il.com, linux@...linux.org.uk,
        richardcochran@...il.com, sebastian.tobuschat@....nxp.com,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
        linux-rdma@...r.kernel.org
Subject: Re: [PATCH net-next v6 05/10] octeontx2-pf: mcs: update PN only when
 update_pn is true



On 03.10.2023 16:15, Sabrina Dubroca wrote:
> 2023-09-28, 11:44:25 +0300, Radu Pirea (NXP OSS) wrote:
>> When updating SA, update the PN only when the update_pn flag is true.
>> Otherwise, the PN will be reset to its previous value.
> 
> This is a bugfix and should go through the net tree with a Fixes
> tag. I'd suggest taking patches 3,5,6 out of this series and
> submitting them all to net, with a Fixes tag for patches 5 and
> 6. Patch 7 doesn't fix a bug and could go through the net-next tree.
> 

Patch 7 does not look like a bug fix, but it is.
Without patch 7 a user will be able to update the SA using the initial 
PN value like this:

ip link add link eth0 macsec0 type macsec encrypt on offload phy
ip macsec add macsec0 tx sa 0 pn 1 on key 00 
ead3664f508eb06c40ac7104cdae4ce5
ip macsec set macsec0 tx sa 0 pn 1 off #this command does not fail, but 
it should

-- 
Radu P.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ