| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200110.112010.1346105549012746598.davem@davemloft.net>
Date: Fri, 10 Jan 2020 11:20:10 -0800 (PST)
From: David Miller <davem@...emloft.net>
To: jakub.kicinski@...ronome.com
Cc: netdev@...r.kernel.org, oss-drivers@...ronome.com,
borisp@...lanox.com, aviadye@...lanox.com,
john.fastabend@...il.com, daniel@...earbox.net,
david.beckett@...ronome.com, simon.horman@...ronome.com
Subject: Re: [PATCH net] net/tls: avoid spurious decryption error with HW
resync
From: Jakub Kicinski <jakub.kicinski@...ronome.com>
Date: Fri, 10 Jan 2020 04:36:55 -0800
> When device loses sync mid way through a record - kernel
> has to re-encrypt the part of the record which the device
> already decrypted to be able to decrypt and authenticate
> the record in its entirety.
>
> The re-encryption piggy backs on the decryption routine,
> but obviously because the partially decrypted record can't
> be authenticated crypto API returns an error which is then
> ignored by tls_device_reencrypt().
>
> Commit 5c5ec6685806 ("net/tls: add TlsDecryptError stat")
> added a statistic to count decryption errors, this statistic
> can't be incremented when we see the expected re-encryption
> error. Move the inc to the caller.
>
> Reported-and-tested-by: David Beckett <david.beckett@...ronome.com>
> Fixes: 5c5ec6685806 ("net/tls: add TlsDecryptError stat")
> Signed-off-by: Jakub Kicinski <jakub.kicinski@...ronome.com>
> Reviewed-by: Simon Horman <simon.horman@...ronome.com>
Applied.
Powered by blists - more mailing lists