Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp281634ybv; Thu, 6 Feb 2020 22:57:47 -0800 (PST) X-Google-Smtp-Source: APXvYqy5gDxopv4M0WYyff8C9benkt8JrvUrXK6l6d6G05fnBDgEejpRwFwNfcr1Ni4Zljr/zOjj X-Received: by 2002:a9d:7305:: with SMTP id e5mr1532720otk.64.1581058667266; Thu, 06 Feb 2020 22:57:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581058667; cv=none; d=google.com; s=arc-20160816; b=Vm5mX7M6yLKsavbGRidS2hw1uGTIEm+x5bTj8H0R3TnDYPLFlryvTdq6/nhu3NwySK bs+4t3mjft0O9cG1R5XHIOlzpPjGpvcEqy2am6HObVHHSITU2vW/qELhOm/ob5MApH3z NcNyO6spXQ40lKUMQRPkAstsueXZwypQs7XgcsiXPiAS+cetaT+jH/XzjZkzQqmo3F2A j7mEK6QnqTWOhgIqHkhPM52CD+NpWy5PfUx+G7yhDUZzLA2CermdFttnedTb4e7RYn2V YfDB7bI1VmzxZRqOWOuyhSFqMQRHvTG2Gp4FMj1PYo1jricqgPjdRB8+qxZMNuSBUFJ/ JYAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=a6XmDeI7IKa2zj1BQeF94mp/pu9/KnSQ7fH/UBSoypw=; b=JnRleMW4W+5llwZS2+fp9/N5FEp0O0gMGy1my2Y6KYEBH+pmP4QYIRwsPbjAVZNOz9 P9/1b6k++7f/Q94xAH55jGgHM4zla2JMRhTL07mu/1J6EAgZTqwmfMjzdSZlNqORN5Bn CbgC30UlBzaVD/wysPWcZyvEd2M0WLB9ClepZHZe+5SECWXQOO3p1p4hTJemvSIF8hM5 PyOd02gW3iBbThCw2OpHhJac38i9Um6mc1YYI6/kq87PrEl1/HvDY+lpSIqsbftjjl1T gEb9lErmb6LJl2erGDL/YPacnqXp7gN0M00i2e4//65Rt77J/3cgzihxKELkd+yirXLo tA9g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=GvmjZXIS; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t137si3475561oif.61.2020.02.06.22.57.23; Thu, 06 Feb 2020 22:57:47 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=GvmjZXIS; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726136AbgBGG5W (ORCPT + 99 others); Fri, 7 Feb 2020 01:57:22 -0500 Received: from mail.kernel.org ([198.145.29.99]:36850 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726130AbgBGG5W (ORCPT ); Fri, 7 Feb 2020 01:57:22 -0500 Received: from sol.localdomain (c-107-3-166-239.hsd1.ca.comcast.net [107.3.166.239]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 0BE5920726; Fri, 7 Feb 2020 06:57:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1581058641; bh=zTSBQNt4eq3J71YmoyHl3b2Ibnp+d/1SMhq+z2V2aj4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=GvmjZXISOJ3OLa2bXHHiCeq8bBInKZU+XsQU1q216RDyC5AUtT9UQOxLT1Yckafku UwXl9ubccSdjwBSmVcgnVbi69czGiUKRsWBQD1EMRBHcJdxC879MFqIAVqDdIcpjjZ M/LuGr01YFaZAFV/Ymxh8iAqvdTM67c1eUIcEpsU= Date: Thu, 6 Feb 2020 22:57:19 -0800 From: Eric Biggers To: Corentin Labbe Cc: herbert@gondor.apana.org.au, davem@davemloft.net, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [BUG] crypto: export() overran state buffer on test vector Message-ID: <20200207065719.GA8284@sol.localdomain> References: <20200206085442.GA5585@Red> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200206085442.GA5585@Red> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, Feb 06, 2020 at 09:54:42AM +0100, Corentin Labbe wrote: > Hello > > When working on adding hash support on sun8i-ce, I made a simple version which always fallback. > but booting it lead to this: > [ 52.274278] sun8i-ce 1c15000.crypto: Register sha1 > [ 52.279286] sun8i-ce 1c15000.crypto: sun8i_hash_crainit statesize is 96 > [ 52.285933] sun8i-ce 1c15000.crypto: Fallback for sha1-sun8i-ce is sha1-ce > [ 52.312423] shash_default_export descsize=104 > [ 52.316021] alg: ahash: sha1-sun8i-ce export() overran state buffer on test vector 0, cfg=\"import/export\" statesize=96 > [ 52.333189] sun8i-ce 1c15000.crypto: Register sha224 > [ 52.338387] sun8i-ce 1c15000.crypto: sun8i_hash_crainit statesize is 104 > [ 52.345097] sun8i-ce 1c15000.crypto: Fallback for sha224-sun8i-ce is sha224-ce > [ 52.371865] shash_default_export descsize=112 > [ 52.375459] alg: ahash: sha224-sun8i-ce export() overran state buffer on test vector 0, cfg=\"import/export\" statesize=104 > [ 52.393039] sun8i-ce 1c15000.crypto: Register sha256 > [ 52.398219] sun8i-ce 1c15000.crypto: sun8i_hash_crainit statesize is 104 > [ 52.404937] sun8i-ce 1c15000.crypto: Fallback for sha256-sun8i-ce is sha256-ce > [ 52.431476] shash_default_export descsize=112 > [ 52.435073] alg: ahash: sha256-sun8i-ce export() overran state buffer on test vector 0, cfg=\"import/export\" statesize=104 > > For sha1, sha224 and sha256, my driver fail to pass the test. > This is due to the fact that export() (and so shash_async_export/shash_default_export) use crypto_shash_descsize() as length but selftest expect it to be statesize. That doesn't appear to actually be the problem. shash_default_export() does assume descsize == statesize, but it's only used when that's the case. See shash_prepare_alg(). > Just in case, this is my export code: > int sun8i_hash_crainit(struct crypto_tfm *tfm) > { > struct sun8i_hash_tfm_ctx *op = crypto_tfm_ctx(tfm); > struct ahash_alg *alg = __crypto_ahash_alg(tfm->__crt_alg); > struct sun8i_ce_alg_template *algt; > > memset(op, 0, sizeof(struct sun8i_hash_tfm_ctx)); > > crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm), sizeof(struct sun8i_hash_reqctx)); > > op->fallback_tfm = crypto_alloc_ahash(crypto_tfm_alg_name(tfm), 0, CRYPTO_ALG_NEED_FALLBACK); > if (IS_ERR(op->fallback_tfm)) { > dev_err(algt->ce->dev, "Fallback driver cound no be loaded\n"); > return PTR_ERR(op->fallback_tfm); > } > dev_info(op->ce->dev, "%s statesize is %u\n", __func__, algt->alg.hash.halg.statesize); > dev_info(op->ce->dev, "Fallback for %s is %s\n", > crypto_tfm_alg_driver_name(tfm), > crypto_tfm_alg_driver_name(&op->fallback_tfm->base)); > return 0; > } > > int sun8i_hash_init(struct ahash_request *areq) > { > struct sun8i_hash_reqctx *rctx = ahash_request_ctx(areq); > struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq); > struct sun8i_hash_tfm_ctx *tfmctx = crypto_ahash_ctx(tfm); > > memset(rctx, 0, sizeof(struct sun8i_hash_reqctx)); > > ahash_request_set_tfm(&rctx->fallback_req, tfmctx->fallback_tfm); > rctx->fallback_req.base.flags = areq->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP; > > return crypto_ahash_init(&rctx->fallback_req); > } > > int sun8i_hash_export(struct ahash_request *areq, void *out) > { > struct sun8i_hash_reqctx *rctx = ahash_request_ctx(areq); > struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq); > struct sun8i_hash_tfm_ctx *tfmctx = crypto_ahash_ctx(tfm); > > ahash_request_set_tfm(&rctx->fallback_req, tfmctx->fallback_tfm); > rctx->fallback_req.base.flags = areq->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP; > > return crypto_ahash_export(&rctx->fallback_req, out); > } It seems the actual problem is that you're doing the export using a fallback algorithm, which may have a statesize different from the one you're setting. But I'm not sure what you should do here, since the correct statesize can only be known when a tfm is allocated, not when the algorithm is registered. Possibly statesize needs to be made a property of the tfm (struct crypto_ahash and crypto_shash) rather than the algorithm (struct hash_alg_common). But are you sure you actually need a fallback algorithm for any hash algorithms in your driver in the first place? - Eric