Received: by 2002:ac0:da4c:0:0:0:0:0 with SMTP id a12csp154715imi; Wed, 20 Jul 2022 19:53:26 -0700 (PDT) X-Google-Smtp-Source: AGRyM1ufk7kBYYBrUmf2NTP7uggA0giugtbVPuO6ANYZgkizkMRI162k8UixvkSHPpyHBnTTaey3 X-Received: by 2002:a17:90b:3c4f:b0:1f0:b59f:8b86 with SMTP id pm15-20020a17090b3c4f00b001f0b59f8b86mr8839893pjb.225.1658372006052; Wed, 20 Jul 2022 19:53:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658372006; cv=none; d=google.com; s=arc-20160816; b=UWZK7zUSgVUF6KjtUWwqpZcw3dx0SFG2gIVqwODmOL7uz3/W66qkuiziTo6KZNxAfp e7CTT4T9AFq1mnV9/v5sNfksU6IHcqBYfc1zkgrU/rKJIiq3OUu4Y70CLmijq87VLYST IV+P9888XAV5EknV4+rSU9fhEX6LmJZWYXBf+ZVxSu8+xDp4w1Z9OGdNTc/Uu2UQI3aU 2QWFbTtuhDnAZ76Oqm6wmaa5CwD0zQF8kWH5smLwLV1ma43D0zo2E4kuDFPYCu2CyAAG dpDIjOZQJZ3xa07431512nXcM7i4kId+cmj0rbNWEIRkr5IAO7mtvyZVuE/wzl+NQ6A7 OBng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=7yl4HDl5i/pteczVRL7E+ejuuOSgqCfeEaXdiVGFppA=; b=zjx2Iys/ChFvUM99voqLKn3v6CLFbDi8bDglm7yuNK187mV73rH7SWq//YVzFHbmBN /tEUT4fJxBnvHRcjNhNuqGJwvNPtB0HY995t0ELtuA8yJuhAh6aC9No/CJEKGwAQOhy0 iiWA+e8lHQEgjxnjIjgWIckrqYBLvtgOb0syvvFAbHJMWnf2EM9Ob/eeNUH8qE4VgeQz CTUEtysKv+EaDtqv/ZhJMS61bm71jezjG6BFVtsy807gdUUDAg2kNDZOEKHqS/77enZ2 URf9ehX9vljNOwS1kz3e0L2JbqU9P5wegjeOjgsz8/XahxodgeCXrSsr/wixgPFmYY2F Vlog== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=LIpzdB0t; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w71-20020a63824a000000b0040de553ebecsi528913pgd.616.2022.07.20.19.53.03; Wed, 20 Jul 2022 19:53:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=LIpzdB0t; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229743AbiGUCej (ORCPT + 99 others); Wed, 20 Jul 2022 22:34:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45408 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229436AbiGUCei (ORCPT ); Wed, 20 Jul 2022 22:34:38 -0400 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 05DBA774A7 for ; Wed, 20 Jul 2022 19:34:37 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sin.source.kernel.org (Postfix) with ESMTPS id 6688ECE2336 for ; Thu, 21 Jul 2022 02:34:36 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4219CC3411E; Thu, 21 Jul 2022 02:34:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1658370874; bh=N4b5H7bsYZVAjTDde4MhRJd56uCFvrh0A1BWavAr9yg=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=LIpzdB0t8zEEhNAyqbmng2pzWyM98VK5wlPs07qs8d13rxScwoKT4KtCSmVmMxmDS dR+AVN+7OoI5cFrh7N5OREid4nLyETaJk7mV5Gwzj0oB5ib1x80iXIFsnjkEDdIBop tMIoeHovoF17w5X2CSgPAY2PjDRwJXisHijC/jJwglkNsv2HTM8uRzokVacdop2Nhm kpXqSaqZ8qmyS5ehfaCLfvKRRk7uyVjSttSUnV2QstB/mURZviIA+CaLCwVVyNs/Ou by+SeiIj0Err73ary+4ltfMQoVwfZ2eVHF/7inkPylgeWk1AoSjyriP51alOflcRSC 3jW1OLBovLADw== Date: Wed, 20 Jul 2022 19:34:18 -0700 From: Eric Biggers To: GUO Zihua Cc: linux-crypto@vger.kernel.org, linux-arm-kernel@lists.infradead.org, herbert@gondor.apana.org.au, davem@davemloft.net, catalin.marinas@arm.com, will@kernel.org Subject: Re: [PATCH v2] arm64/crypto: poly1305 fix a read out-of-bound Message-ID: References: <20220712075031.29061-1-guozihua@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220712075031.29061-1-guozihua@huawei.com> X-Spam-Status: No, score=-7.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Tue, Jul 12, 2022 at 03:50:31PM +0800, GUO Zihua wrote: > int init(void) > { > struct crypto_shash *tfm = NULL; > struct shash_desc *desc = NULL; > char *data = NULL; > > tfm = crypto_alloc_shash("poly1305", 0, 0); > desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(tfm), GFP_KERNEL); > desc->tfm = tfm; > > data = kmalloc(POLY1305_KEY_SIZE - 1, GFP_KERNEL); > memcpy(data, test_data, POLY1305_KEY_SIZE - 1); > crypto_shash_update(desc, data, POLY1305_KEY_SIZE - 1); > crypto_shash_final(desc, data); > kfree(data); > return 0; > } This isn't actually a valid test case since it never calls crypto_shash_init(). So the behavior of this test is undefined both before and after this patch. The simplest way to write a correct test would be to use crypto_shash_tfm_digest(). Anyway, the bug is still real and this patch is still the correct fix, so it's good enough to add my reviewed-by: Reviewed-by: Eric Biggers - Eric