[PATCH 22.11] crypto/ipsec_mb: fix incorrectly setting cipher keys
Power, Ciara
ciara.power at intel.com
Wed Apr 10 09:56:31 CEST 2024
> -----Original Message-----
> From: Luca Boccassi <bluca at debian.org>
> Sent: Monday, April 8, 2024 10:23 AM
> To: Power, Ciara <ciara.power at intel.com>
> Cc: stable at dpdk.org; De Lara Guarch, Pablo <pablo.de.lara.guarch at intel.com>;
> Ji, Kai <kai.ji at intel.com>
> Subject: Re: [PATCH 22.11] crypto/ipsec_mb: fix incorrectly setting cipher keys
>
> On Mon, 8 Apr 2024 at 08:17, Power, Ciara <ciara.power at intel.com> wrote:
> >
> > Hi Luca,
> >
> > > -----Original Message-----
> > > From: Luca Boccassi <luca.boccassi at gmail.com>
> > > Sent: Friday, April 5, 2024 3:44 PM
> > > To: Power, Ciara <ciara.power at intel.com>
> > > Cc: stable at dpdk.org; De Lara Guarch, Pablo
> > > <pablo.de.lara.guarch at intel.com>; Ji, Kai <kai.ji at intel.com>
> > > Subject: Re: [PATCH 22.11] crypto/ipsec_mb: fix incorrectly setting
> > > cipher keys
> > >
> > > On Fri, 5 Apr 2024 at 11:46, Ciara Power <ciara.power at intel.com> wrote:
> > > >
> > > > The encryption and decryption keys were incorrectly being reset
> > > > based on authentication algorithm after already being set earlier
> > > > in the code based on cipher algorithm.
> > > > In cases when 3DES was used, the keys were being incorrectly
> > > > overwritten.
> > > >
> > > > For CPU path, there is no need to have the keys set for XCBC and
> > > > CMAC cases.
> > > >
> > > > Fixes: 010230a1543b ("crypto/aesni_mb: support Chacha20-Poly1305")
> > > > Fixes: b0a37e8cd2ac ("crypto/ipsec_mb: fix cipher key setting")
> > > > Fixes: a2c6d3f34f90 ("crypto/aesni_mb: support CPU crypto")
> > > >
> > > > Signed-off-by: Ciara Power <ciara.power at intel.com>
> > > > ---
> > > > Cc: pablo.de.lara.guarch at intel.com
> > > > ---
> > > > drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 14 --------------
> > > > 1 file changed, 14 deletions(-)
> > >
> > > I have already tagged rc1 - is this fixing a regression introduced
> > > in
> > > rc1 itself? If not, how important is it, could it wait for the next release?
> >
> > No, it is fixing an issue that existed before 22.11 itself. I have also sent the fix
> for 21.11 LTS.
> > The bug was reported by an external user as it caused seg faults for their
> algorithm use case, so the sooner the better for fix to be merged.
> > Would it be suitable for merge in rc2?
>
> I am not planning an rc2, but if you can confirm you have tested this patch on
> top of rc1 on the affected platform then I can merge it for the final release.
Hi Luca,
Ah no RC2, ok yes I understand.
I have tested with SW PMD autotests and perf tests on 22.11.5-rc1 + patch, all seems ok.
But if you would prefer to wait until next LTS release, that is fine with me - user can get the fix from the mailing list if needed in the meantime.
Thanks,
Ciara
More information about the stable
mailing list