lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 3 May 2024 18:52:03 +0800
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Maxime MERE <maxime.mere@...s.st.com>
Cc: "David S . Miller" <davem@...emloft.net>,
	Maxime Coquelin <mcoquelin.stm32@...il.com>,
	Alexandre Torgue <alexandre.torgue@...s.st.com>,
	Uwe Kleine-König <u.kleine-koenig@...gutronix.de>,
	Rob Herring <robh@...nel.org>, linux-crypto@...r.kernel.org,
	linux-stm32@...md-mailman.stormreply.com,
	linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/3] crypto: stm32/cryp - use dma when possible.

On Tue, Apr 23, 2024 at 05:14:07PM +0200, Maxime MERE wrote:
>
> @@ -1239,12 +1758,35 @@ static int stm32_cryp_cipher_one_req(struct crypto_engine *engine, void *areq)
>  	struct stm32_cryp_ctx *ctx = crypto_skcipher_ctx(
>  			crypto_skcipher_reqtfm(req));
>  	struct stm32_cryp *cryp = ctx->cryp;
> +	int ret;
>  
>  	if (!cryp)
>  		return -ENODEV;
>  
> -	return stm32_cryp_prepare_req(req, NULL) ?:
> -	       stm32_cryp_cpu_start(cryp);
> +	ret = stm32_cryp_prepare_req(req, NULL);
> +	if (ret)
> +		return ret;
> +
> +	/* Avoid to use DMA if peripheral 32 bit counter is about to overflow with ctr(aes) */
> +	if (is_aes(cryp) && is_ctr(cryp)) {
> +		u32 iv_overflow[4];
> +
> +		memcpy(iv_overflow, req->iv, sizeof(__be32) * 4);
> +		iv_overflow[3] = 0xffffffff - be32_to_cpu((__be32)iv_overflow[3]);

This triggers a new warning:

./drivers/crypto/stm32/stm32-cryp.c:1775:47: warning: cast to restricted __be32

The logic seems to be broken as the counter counts blocks but you're
testing against bytes (req->src->length)? What's more req->src->length
isn't even the length of the request as it's clamped by req->cryptlen.

Thanks,
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ