Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp1297959ybv; Thu, 6 Feb 2020 01:25:50 -0800 (PST) X-Google-Smtp-Source: APXvYqysmKB2gzw3d4aab+TK4EuckeEem/WAGrXvjUq2KaOWeTG8h13ibbPTLQex+7TOOgKy73Hf X-Received: by 2002:a05:6808:618:: with SMTP id y24mr6079643oih.86.1580981150874; Thu, 06 Feb 2020 01:25:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1580981150; cv=none; d=google.com; s=arc-20160816; b=vM47NFrLzqoziCA9Jfmx+W3g9GJWsG3ae+V/+1NuNOuXvgREFLZTDLAtJ1G2qLMYBY 0eXuvrgj3rrHocevCF9BBsMVwo/ocqdHLOwZR8XcG0nepuyrYPSG4DJvz8VHaon+pOyj hripsSmFvEPJr5fHVfz7n4pry6fg43FGCItDaARh+F1gj+7nOzT5ZDDjQzfl2q17sqm0 Epu9xtsy+NI3p9bFGN5o2oGQvXkr97YYl3xtUwDro6OjBgdUc0xJ+ngidwt7RxlvhiU8 0fOpD0vD4/yQh+NdSeb1L3ekDgTlX/QDQRJIe/t6015dt50Nj7g3bTtqiCPJApxGz8MR L3eA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:content-disposition :mime-version:message-id:subject:cc:to:from:date:dkim-signature; bh=n8K6Uk60ZBI22hEL5Rq+bbY+6RRavZ414qeizloZ1Yc=; b=E0yKvpvacty/wCv1wKu3moBrZeKRcNOZV6ILd+Cvzvsd2KGgyKxwvEdO99eJM/y46F HFfUwMjlRvZ6A/RL7fPqxCZbQnpTOjF/T1f0hzBxgDlu1As2WAtSSsxg0GjMLpgrlgob PmpEyLso5vg10bVEK3IPIRCW6tfUYD4iuvCNiPthM90dA64LdEEwGKj8xMSXAST6FMni ckUYUi4j9SvpBIemJ5ACK3fU5lrJdm3IsujZGIgGwGe6r6DiYbKoazyuh41gTi7942qM NHJG+BhYLukuhpR0gKKRaQvd4HB1sZ+jmvpAuWcuQChFUozYHFjFPqzeqg5wJP91U74K MFMQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=iEsaXv9E; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a6si1666446oia.33.2020.02.06.01.25.29; Thu, 06 Feb 2020 01:25:50 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=iEsaXv9E; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727874AbgBFIyq (ORCPT + 99 others); Thu, 6 Feb 2020 03:54:46 -0500 Received: from mail-wm1-f41.google.com ([209.85.128.41]:40626 "EHLO mail-wm1-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727778AbgBFIyq (ORCPT ); Thu, 6 Feb 2020 03:54:46 -0500 Received: by mail-wm1-f41.google.com with SMTP id t14so5944982wmi.5; Thu, 06 Feb 2020 00:54:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:mime-version:content-disposition :user-agent; bh=n8K6Uk60ZBI22hEL5Rq+bbY+6RRavZ414qeizloZ1Yc=; b=iEsaXv9ELIvSxdNO3w56aQeUZ95VKct3OWPJOlOyiRswf1qJYdioOUJS4NkWQBvA16 l6EP7XpsczRW0tf+bFPfcOZZpb53tuyrDr/sxJIIbhrndPGWhXteM9864ah2C8wmbqYr +GEbqmq2uxsgdgLP1cnpDNGEBeVzyFqQOmA0tjDmtwxmLEbctqQpyUwfmrJreAjQClP0 gWlMzd0LYOMF9IAHKcW02I5nou4tOK7PtN7VX+KbchhE8h25hiUHVmVA0rZMZfF1xm0g f6G80yXwXcrO447ciY9tqeLgbniLoMkmFtbpG8udWeOU+qZ5OFpD7NBUxSxMCDnrbZdD 4jlg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition:user-agent; bh=n8K6Uk60ZBI22hEL5Rq+bbY+6RRavZ414qeizloZ1Yc=; b=R1EMhHmLncowRy+82Jlrgozy6LL/lYUWLSKoNPs2Rd0/SXmPCUmrZX7X4gmSZ6Du2r qXII2DwYJbBpDzURyYsq6JGNsoGEGtGqOCexbJ112TKREcizF955D48orQkllQXzmyFu 35Nm1lx64GoXQ8K/zU5Me3jYsMBdXjX82MD3/iJIpWNdkuJ5rSjghfee7eYmA6L9mv8E fQmuMAvEG6G+Ux8JPSUgOYfMOjuJaF+8BC9pOC87eXuVm9sIqvY+T6VDOEmamN8pGaRS 61CdZ4HOdQYaHAYX2wje+cLgHS5HK+Wxd8VeW8CN95bMHyImH1gqFEkE9sb4t1oOiEWa ht5g== X-Gm-Message-State: APjAAAVTu0i7HUT9+5cXwMAlQZW7Fxa5KvkEgb+ftVvdTugB+xYNDyiz NVn8nVtXi0SkZ9QlzBlRLSuVOQ91 X-Received: by 2002:a05:600c:285:: with SMTP id 5mr3189763wmk.120.1580979284401; Thu, 06 Feb 2020 00:54:44 -0800 (PST) Received: from Red ([2a01:cb1d:3d5:a100:2e56:dcff:fed2:c6d6]) by smtp.googlemail.com with ESMTPSA id 11sm2989068wmb.14.2020.02.06.00.54.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Feb 2020 00:54:43 -0800 (PST) Date: Thu, 6 Feb 2020 09:54:42 +0100 From: Corentin Labbe To: herbert@gondor.apana.org.au, davem@davemloft.net, linux-crypto@vger.kernel.org Cc: linux-kernel@vger.kernel.org Subject: [BUG] crypto: export() overran state buffer on test vector Message-ID: <20200206085442.GA5585@Red> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hello When working on adding hash support on sun8i-ce, I made a simple version which always fallback. but booting it lead to this: [ 52.274278] sun8i-ce 1c15000.crypto: Register sha1 [ 52.279286] sun8i-ce 1c15000.crypto: sun8i_hash_crainit statesize is 96 [ 52.285933] sun8i-ce 1c15000.crypto: Fallback for sha1-sun8i-ce is sha1-ce [ 52.312423] shash_default_export descsize=104 [ 52.316021] alg: ahash: sha1-sun8i-ce export() overran state buffer on test vector 0, cfg=\"import/export\" statesize=96 [ 52.333189] sun8i-ce 1c15000.crypto: Register sha224 [ 52.338387] sun8i-ce 1c15000.crypto: sun8i_hash_crainit statesize is 104 [ 52.345097] sun8i-ce 1c15000.crypto: Fallback for sha224-sun8i-ce is sha224-ce [ 52.371865] shash_default_export descsize=112 [ 52.375459] alg: ahash: sha224-sun8i-ce export() overran state buffer on test vector 0, cfg=\"import/export\" statesize=104 [ 52.393039] sun8i-ce 1c15000.crypto: Register sha256 [ 52.398219] sun8i-ce 1c15000.crypto: sun8i_hash_crainit statesize is 104 [ 52.404937] sun8i-ce 1c15000.crypto: Fallback for sha256-sun8i-ce is sha256-ce [ 52.431476] shash_default_export descsize=112 [ 52.435073] alg: ahash: sha256-sun8i-ce export() overran state buffer on test vector 0, cfg=\"import/export\" statesize=104 For sha1, sha224 and sha256, my driver fail to pass the test. This is due to the fact that export() (and so shash_async_export/shash_default_export) use crypto_shash_descsize() as length but selftest expect it to be statesize. Just in case, this is my export code: int sun8i_hash_crainit(struct crypto_tfm *tfm) { struct sun8i_hash_tfm_ctx *op = crypto_tfm_ctx(tfm); struct ahash_alg *alg = __crypto_ahash_alg(tfm->__crt_alg); struct sun8i_ce_alg_template *algt; memset(op, 0, sizeof(struct sun8i_hash_tfm_ctx)); crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm), sizeof(struct sun8i_hash_reqctx)); op->fallback_tfm = crypto_alloc_ahash(crypto_tfm_alg_name(tfm), 0, CRYPTO_ALG_NEED_FALLBACK); if (IS_ERR(op->fallback_tfm)) { dev_err(algt->ce->dev, "Fallback driver cound no be loaded\n"); return PTR_ERR(op->fallback_tfm); } dev_info(op->ce->dev, "%s statesize is %u\n", __func__, algt->alg.hash.halg.statesize); dev_info(op->ce->dev, "Fallback for %s is %s\n", crypto_tfm_alg_driver_name(tfm), crypto_tfm_alg_driver_name(&op->fallback_tfm->base)); return 0; } int sun8i_hash_init(struct ahash_request *areq) { struct sun8i_hash_reqctx *rctx = ahash_request_ctx(areq); struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq); struct sun8i_hash_tfm_ctx *tfmctx = crypto_ahash_ctx(tfm); memset(rctx, 0, sizeof(struct sun8i_hash_reqctx)); ahash_request_set_tfm(&rctx->fallback_req, tfmctx->fallback_tfm); rctx->fallback_req.base.flags = areq->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP; return crypto_ahash_init(&rctx->fallback_req); } int sun8i_hash_export(struct ahash_request *areq, void *out) { struct sun8i_hash_reqctx *rctx = ahash_request_ctx(areq); struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq); struct sun8i_hash_tfm_ctx *tfmctx = crypto_ahash_ctx(tfm); ahash_request_set_tfm(&rctx->fallback_req, tfmctx->fallback_tfm); rctx->fallback_req.base.flags = areq->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP; return crypto_ahash_export(&rctx->fallback_req, out); } Regards