Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp4185017ybl; Mon, 27 Jan 2020 18:35:30 -0800 (PST) X-Google-Smtp-Source: APXvYqx3fxfkRvJGmaR3d6W9InCCdFW/I01yAkO21dkDIp7xiBO4FqeraYoiWdo5W1yiYT8a8GO8 X-Received: by 2002:a54:4010:: with SMTP id x16mr1541191oie.174.1580178930269; Mon, 27 Jan 2020 18:35:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1580178930; cv=none; d=google.com; s=arc-20160816; b=srWq90fZJ0aFzu4V6ZRLMagupGxaCthCIUAZv/0JkwFR7tPVrwv6nQfT8DSI8YP5I4 57U3x/SvtWmX/GaD/DFRyJkMsS8MUH8xC9Uk9/Nt7mEiswdycX/rZNX72mc2PSqr7iRp wGHvK49jRL/6VnTaN0gglo1AYvEno0UJFQg54yyEdOAe2c7lIJnRrmMeSRy2p7ETNgzz GwaY/pzrcCF3q+7NdMM9C/NKAXRNCzLzoobYOy/YB/Od2NZgZLME5g7YSL9woeqxgdbr dJ9EJusK04qZDmQKJ7bBW7IdffryksYuK+4rdOAAQS4ShiMt5BiZmpnaV8jO8Joyiadq Lt9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=ImnezbqpxVV3WPBM9ahFOvNXgRE3EJ6CSN6m20ZGTWU=; b=VB6Zr+S+BOTbtg2bU62Tw29bFezffnKlsz9KyUjau4v/18qWQXRkvgF+op4vKsVyF/ wz/Qu8R8wmUpI7VfYNUlLHrnNo+kvowY8wiskYToWTqomqj2BAbGzeuv/Crpi99KV2qf sMtv+5WR3DTQ6TCADnKqIhQjIx1BXotL+epP+x/kCEOz+WJxSrL0v4TxrycHjqZZlSoM /AMKXZ1CL2kN0rqWBQUvzOKHsyYdIVzqQ+VMa7FI+RNQHvd7NbigfK+20rAML8+eZTcY 6PVLX1te9vO8DgPcsGxpiifnygmaoHYJriSKHF6aKSY5UH0S0Hz4oRhCOu/XzT8GIF4Q qeNg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=mJAJeuPd; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x5si4454810oic.72.2020.01.27.18.35.02; Mon, 27 Jan 2020 18:35:30 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=mJAJeuPd; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726101AbgA1Ce6 (ORCPT + 99 others); Mon, 27 Jan 2020 21:34:58 -0500 Received: from mail.kernel.org ([198.145.29.99]:38870 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726080AbgA1Ce6 (ORCPT ); Mon, 27 Jan 2020 21:34:58 -0500 Received: from sol.localdomain (c-107-3-166-239.hsd1.ca.comcast.net [107.3.166.239]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3DA0C24656; Tue, 28 Jan 2020 02:34:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1580178897; bh=O6/aCXTO535hblnPIlwq6N86x4jkZI6LZb22nam/RN0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=mJAJeuPdaIwDVxcPFDIzs8z23ZIe0ftCiWqSwGuFEJG110srYnheecdKV79rlczsr WkMDOXhETjBGT9G7KqspS4HM9qG+crPjqRZCV3SUOlurNswRi8h12gFiNFnzVvYHGS wK+3OQN9HDjO7r42EXjz5M+BrRacNb/8HDID30QU= Date: Mon, 27 Jan 2020 18:34:55 -0800 From: Eric Biggers To: Gilad Ben-Yossef , Stephan Mueller , Herbert Xu Cc: Linux Crypto Mailing List , Geert Uytterhoeven , David Miller , Ofir Drang Subject: Re: Possible issue with new inauthentic AEAD in extended crypto tests Message-ID: <20200128023455.GC960@sol.localdomain> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Mon, Jan 27, 2020 at 10:04:26AM +0200, Gilad Ben-Yossef wrote: > > When both vec->alen and vec->plen are 0, which can happen as > generate_random_bytes will happily generate zero length from time to > time, > we seem to be getting a scatterlist with the first entry (as well as > the 2nd) being a NULL. > > This seems to violate the words of wisdom from aead.h and much more > important to me crashes the ccree driver :-) > > Is there anything I am missing or is this a valid concern? > My understanding is that all crypto API functions that take scatterlists only forbid zero-length scatterlist elements in the part of the scatterlist that's actually passed to the API call. The input to these functions is never simply a scatterlist, but rather a (scatterlist, length) pair. Algorithms shouldn't look beyond 'length', so in the case of 'length == 0', they shouldn't look at the scatterlist at all -- which may be just a NULL pointer. If that's the case, there's no problem with this test code. I'm not sure the comment in aead.h is relevant here. It sounds like it's warning about not providing an empty scatterlist element for the AAD when it's followed by a nonempty scatterlist element for the plaintext. I'm not sure it's meant to also cover the case where both are empty. Herbert and Stephan, any thoughts on what was intended? - Eric