Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp440316ybl; Fri, 23 Aug 2019 03:14:32 -0700 (PDT) X-Google-Smtp-Source: APXvYqwbyT8kMdIDgMpm+8erLCyfoDlIN63HxTP78KGrd2T81Ib3WWRmmAdMMO42wq/CWdVgucZj X-Received: by 2002:a63:ff65:: with SMTP id s37mr3235891pgk.102.1566555271956; Fri, 23 Aug 2019 03:14:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1566555271; cv=none; d=google.com; s=arc-20160816; b=fc6EZxwMf4Hdnre7/1GigAu7Wdr/fM0kw4pWAnrkDsU50l5YiDwv7Rqh1xzjn9GBRx IAXhMhL2TC9uhwSahQSqEJjsXX1NKaRVL0ngKF+YkZXr32Z4xrW25m4ODBG8CfoyI22h a36WOwRCCFEErq17DbJ+CYp5An8NeEFEdis58lEWi5RL3KbOskJ2PPPRPCfwEcXveL4V LEMC4d8Pbmx1qtVlxzejsn7umRttv2Uj89ziAbFqASwDukWs0IxSSjZlZ6+9ahwXXyaq vDOV/UiyxFjcwbUaR4v6Z8ZgVQUlGDZOesDrhWDASyoP7rpGaVhDpXKkHF7tqbAj+1Wd 7qFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:to:subject; bh=OsqVLR+Inw7k/pqtoPA7M2sVcpfO/gY4iQAtrESHOw8=; b=uz3nPPm6xn4ifW8lUlKKhrpXlQZVCetDuyQwLz0HEHAsHNYGHx0ZtvadZy9vy6s6X6 +QGXi2eNmurUxruO8fbvHMVw9gZQDii9lTI0prXZME389bvmGsj895Nu+JbL831ddSnF nmSzRotTloDZxLu39Lr7OUqOGZzrqMuPHy02WYFFxp37eU+wqFkvngllHiHyXY33FRBN EFdYN+PfqU9HeL1deydjSvLQtl71R3Y9bPL/398HKqS/9H0l0sa9mE0flVWzNWP06jh+ eXyKVKmx6wdmEMrqsWTRSdEoCNh0rlNPgfBvnr6HpiVUaw9LGkUank94qTaoY5j/cRwD u5SA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q1si1585808pgv.58.2019.08.23.03.14.14; Fri, 23 Aug 2019 03:14:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730411AbfHWHSI (ORCPT + 99 others); Fri, 23 Aug 2019 03:18:08 -0400 Received: from regular1.263xmail.com ([211.150.70.199]:36998 "EHLO regular1.263xmail.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728493AbfHWHSH (ORCPT ); Fri, 23 Aug 2019 03:18:07 -0400 X-Greylist: delayed 459 seconds by postgrey-1.27 at vger.kernel.org; Fri, 23 Aug 2019 03:18:03 EDT Received: from zhangzj?rock-chips.com (unknown [192.168.167.172]) by regular1.263xmail.com (Postfix) with ESMTP id AEDB0407 for ; Fri, 23 Aug 2019 15:10:09 +0800 (CST) X-263anti-spam: KSV:0;BIG:0; X-MAIL-GRAY: 0 X-MAIL-DELIVERY: 1 X-KSVirus-check: 0 X-ADDR-CHECKED4: 1 X-ABS-CHECKED: 1 X-SKE-CHECKED: 1 X-ANTISPAM-LEVEL: 2 Received: from [172.16.9.224] (unknown [58.22.7.114]) by smtp.263.net (postfix) whith ESMTP id P7360T140429191169792S1566544207442490_; Fri, 23 Aug 2019 15:10:08 +0800 (CST) X-IP-DOMAINF: 1 X-UNIQUE-TAG: X-RL-SENDER: zhangzj@rock-chips.com X-SENDER: zhangzj@rock-chips.com X-LOGIN-NAME: zhangzj@rock-chips.com X-FST-TO: ebiggers@kernel.org X-SENDER-IP: 58.22.7.114 X-ATTACHMENT-NUM: 0 X-DNS-TYPE: 0 Subject: Re: cbc mode broken in rk3288 driver To: Ard Biesheuvel , "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" , Herbert Xu , Eric Biggers References: From: Elon Zhang Message-ID: Date: Fri, 23 Aug 2019 15:10:09 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hi Ard, I will try to fix this bug. Furthermore, I will submit a patch to  set crypto node default disable in rk3288.dtsi. On 8/20/2019 23:45, Ard Biesheuvel wrote: > Hello all, > > While playing around with the fuzz tests on kernelci.org (which has a > couple of rk3288 based boards for boot testing), I noticed that the > rk3288 cbc mode driver is still broken (both AES and DES fail). > > For instance, one of the runs failed with > > alg: skcipher: cbc-aes-rk encryption test failed (wrong result) on > test vector \"random: len=6848 klen=32\", cfg=\"random: may_sleep > use_digest src_divs=[93.41%@+1655, 2.19%@+3968, 4.40%@+22]\" > > (but see below for the details of a few runs) > > However, more importantly, it looks like the driver violates the > scatterlist API, by assuming that sg entries are always mapped and > that sg_virt() and/or page_address(sg_page()) can always be called on > arbitrary scatterlist entries > > The failures in question all occur with inputs whose size > PAGE_SIZE, > so it looks like the PAGE_SIZE limit is interacting poorly with the > way the next IV is obtained. > > Broken CBC is a recipe for disaster, and so this should really be > fixed, or the driver disabled. >