On Mon, 9 Jul 2012 03:38:54 -0500 Geanta Neag Horia Ioan-B05471 <[email protected]> wrote:
> On Mon, 9 Jul 2012 11:19:35 +0300, Herbert Xu <[email protected]> > wrote: > > On Mon, Jul 09, 2012 at 11:17:43AM +0300, Horia Geanta wrote: > >> In case of AEAD, some crypto engines expect assoc data and iv to be > >> contiguous. This is how native IPsec works; make testmgr's behaviour > >> the same. (Alternative would be to fix this in the crypto engine > >> drivers, but this is pricy since it would involve memory allocation and > >> copy in the hot path.) > >> > >> Signed-off-by: Horia Geanta <[email protected]> > > > > I think we should fix the buggy driver instead. technically it's buggy h/w. Even though SEC 2/3 descriptors have separate fields for assoc and iv data, the h/w produces incorrect results if they are disjoint. > Ok, then we'll see how to work around the HW limitation in the driver, > without affecting performance too much. If it comes down to more than a simple unlikely(assoc_addr + assoclen == iv_addr) check, then we may want to introduce a TALITOS_STRICT config, which may be further made dependent on !CRYPTO_MANAGER_DISABLE_TESTS. Kim -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
