------- Comment From [email protected] 2019-06-26 08:06 EDT------- When we remove the aes_s390 module, the GCM works and the error with the ping command is no longer visible.
------- Comment From [email protected] 2019-06-26 08:09 EDT------- I think this is then fixed with https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/s390/crypto?id=bef9f0ba300a55d79a69aa172156072182176515 commit bef9f0ba300a55d79a69aa172156072182176515 s390/crypto: fix gcm-aes-s390 selftest failures The current kernel uses improved crypto selftests. These tests showed that the current implementation of gcm-aes-s390 is not able to deal with chunks of output buffers which are not a multiple of 16 bytes. This patch introduces a rework of the gcm aes s390 scatter walk handling which now is able to handle any input and output scatter list chunk sizes correctly. Code has been verified by the crypto selftests, the tcrypt kernel module and additional tests ran via the af_alg interface. Cc: <[email protected]> Reported-by: Julian Wiedmann <[email protected]> Reviewed-by: Patrick Steuer <[email protected]> Signed-off-by: Harald Freudenberger <[email protected]> Signed-off-by: Heiko Carstens <[email protected]> ------- Comment From [email protected] 2019-06-26 08:10 EDT------- *** Bug 177436 has been marked as a duplicate of this bug. *** -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1828035 Title: StrongSwan with GCM and large packet sizes produces unstable behavior Status in Ubuntu on IBM z Systems: Incomplete Status in linux package in Ubuntu: Confirmed Status in strongswan package in Ubuntu: Incomplete Bug description: StrongSwan with GCM and large packet sizes produces unstable behavior when used in Linux native environment. ---uname output--- Linux ubu01 4.15.0-42-generic #45-Ubuntu SMP Thu Nov 15 19:29:11 UTC 2018 s390x s390x s390x GNU/Linux Machine Type = 3906 / M04 (z14), LPAR (dedicated) ---Debugger--- A debugger is not configured ---Steps to Reproduce--- On two separate machines (Linux native), install StrongSwan and on both machines, configure the encryption with aes128gcm8 for IPsec. Then run the following command from one of the machine: ``` $# ping <other_machine_ip> -s 1024 ``` Small packet sizes are working as expected. However, anything large (around 1024 bytes or more) are sometimes returning wrong values, or the packets are getting lost. This problem does not occur for ciphers not involving GCM. Userspace tool common name: StrongSwan The userspace tool has the following bit modes: both Userspace package: StrongSwan Userspace tool obtained from project website: na -Attach ltrace and strace of userspace application. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1828035/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
