Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp468402ybl; Fri, 23 Aug 2019 03:42:44 -0700 (PDT) X-Google-Smtp-Source: APXvYqynitb8776FuZgpX+Veh4l1vQ06errx13sPPY6BQgx8QnduRjMfxmBFCecmjPTC2ivHlYiT X-Received: by 2002:a17:902:8488:: with SMTP id c8mr3802889plo.164.1566556964637; Fri, 23 Aug 2019 03:42:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1566556964; cv=none; d=google.com; s=arc-20160816; b=qJWA+oyIypIZWtrq/Nro0JQanxVGgZeEHFmYEKhpg5hmvfBFsAp/jXipfB18VRuR2H x/Pzj0548HDsO6sge8Whwm+JabwrhuINALB1msjgHe42JlkoU7y3LAi3sTAgEKW6nc93 TGmo94VmYuqPMmV3hAqQlQq2dh9iq4YjGmC5XpbWFTuFmGx9i9Xzs8Fi25uS41gwvwwd BRDurx0NlAz3IiNof66Wh5kT9VcFxe7s5yW3Ds7CCS2QVuk/Gu2ZOaHBNEHhDu3mL4+u 9+iVi6ZSaKHqgdLdIG+E1fBOZnE+0aM5Wac/pDJdWeKd/xv2JAlY4R1T4Wrtdo/7w4pN /UoA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=c3cFi/IyHdvfC8iPjSbvMdsaCrF0PROqSYybrwDS3GU=; b=kRE4a972efxFG94yO8OP2FOLNyeOPRpRYpud350YcJNhC9hdZNatbOhv+jvKxa2g7z UqWS73p2bMHZ0RCahrPBR3MRq1prWVwY060vWHIAxcyX6U2TkysBpGVm9WeuCzpNyd+i GRWkN7587cGJLi02C5Eq8vBjpuj47J+8jO1hsHWd2o52FCQ1DojK4eMlsiMsXFeGonQL LymLZwBcnHse47CBs3B9ERs3G9bXo2CmwuRzk+9ng00PRUgGMX2kSBNoJQ9VE/f+3WS8 PVNDIOxUsUd6Sb/PbLjG6HAKuGRHLfpKU8WewTq17EuqDxAaUlsNqjHOpujp7cFmEejA qsKg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v1si2120439plo.118.2019.08.23.03.42.29; Fri, 23 Aug 2019 03:42:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732041AbfHWIVL (ORCPT + 99 others); Fri, 23 Aug 2019 04:21:11 -0400 Received: from regular1.263xmail.com ([211.150.70.204]:59590 "EHLO regular1.263xmail.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729113AbfHWIVL (ORCPT ); Fri, 23 Aug 2019 04:21:11 -0400 Received: from zhangzj?rock-chips.com (unknown [192.168.167.206]) by regular1.263xmail.com (Postfix) with ESMTP id E196B2AF for ; Fri, 23 Aug 2019 16:20:56 +0800 (CST) X-263anti-spam: KSV:0;BIG:0; X-MAIL-GRAY: 0 X-MAIL-DELIVERY: 1 X-KSVirus-check: 0 X-ADDR-CHECKED4: 1 X-ABS-CHECKED: 1 X-SKE-CHECKED: 1 X-ANTISPAM-LEVEL: 2 Received: from [172.16.9.224] (unknown [58.22.7.114]) by smtp.263.net (postfix) whith ESMTP id P22205T139694631266048S1566548451384610_; Fri, 23 Aug 2019 16:20:53 +0800 (CST) X-IP-DOMAINF: 1 X-UNIQUE-TAG: <017c1798ed0425f281e164a60387e635> X-RL-SENDER: zhangzj@rock-chips.com X-SENDER: zhangzj@rock-chips.com X-LOGIN-NAME: zhangzj@rock-chips.com X-FST-TO: ebiggers@kernel.org X-SENDER-IP: 58.22.7.114 X-ATTACHMENT-NUM: 0 X-DNS-TYPE: 0 Subject: Re: cbc mode broken in rk3288 driver To: Ard Biesheuvel Cc: "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" , Herbert Xu , Eric Biggers References: From: Elon Zhang Message-ID: Date: Fri, 23 Aug 2019 16:20:53 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 8/23/2019 15:33, Ard Biesheuvel wrote: > On Fri, 23 Aug 2019 at 10:10, Elon Zhang wrote: >> Hi Ard, >> >> I will try to fix this bug. > Good > >> Furthermore, I will submit a patch to set >> crypto node default disable in rk3288.dtsi. >> > Please don't. The ecb mode works fine, and 'fixing' the DT only helps > if you use the one that ships with the kernel, which is not always the > case. > But crypto node default 'okay' in SoC dtsi is not good since not all boards need this hardware function. It is better that default 'disbale' in SoC dtsi and enabled in specific board dts. > >> On 8/20/2019 23:45, Ard Biesheuvel wrote: >>> Hello all, >>> >>> While playing around with the fuzz tests on kernelci.org (which has a >>> couple of rk3288 based boards for boot testing), I noticed that the >>> rk3288 cbc mode driver is still broken (both AES and DES fail). >>> >>> For instance, one of the runs failed with >>> >>> alg: skcipher: cbc-aes-rk encryption test failed (wrong result) on >>> test vector \"random: len=6848 klen=32\", cfg=\"random: may_sleep >>> use_digest src_divs=[93.41%@+1655, 2.19%@+3968, 4.40%@+22]\" >>> >>> (but see below for the details of a few runs) >>> >>> However, more importantly, it looks like the driver violates the >>> scatterlist API, by assuming that sg entries are always mapped and >>> that sg_virt() and/or page_address(sg_page()) can always be called on >>> arbitrary scatterlist entries >>> >>> The failures in question all occur with inputs whose size > PAGE_SIZE, >>> so it looks like the PAGE_SIZE limit is interacting poorly with the >>> way the next IV is obtained. >>> >>> Broken CBC is a recipe for disaster, and so this should really be >>> fixed, or the driver disabled. >>> >> > >