| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d141b2a6-6c7c-4640-a301-858c9d8d0b03@hisilicon.com>
Date: Tue, 12 Nov 2024 10:46:59 +0800
From: "linwenkai (C)" <linwenkai6@...ilicon.com>
To: Herbert Xu <herbert@...dor.apana.org.au>, Chenghai Huang
<huangchenghai2@...wei.com>
CC: <davem@...emloft.net>, <linux-kernel@...r.kernel.org>,
<linux-crypto@...r.kernel.org>, <liulongfang@...wei.com>,
<qianweili@...wei.com>, <wangzhou1@...ilicon.com>
Subject: Re: [PATCH v3 2/2] crypto: hisilicon/sec2 - fix for aead invalid
authsize
在 2024/11/10 11:36, Herbert Xu 写道:
> On Sat, Nov 02, 2024 at 10:55:59AM +0800, Chenghai Huang wrote:
>> @@ -2226,15 +2236,15 @@ static int sec_aead_spec_check(struct sec_ctx *ctx, struct sec_req *sreq)
>> struct device *dev = ctx->dev;
>> int ret;
>>
>> - if (unlikely(req->cryptlen + req->assoclen > MAX_INPUT_DATA_LEN ||
>> - req->assoclen > SEC_MAX_AAD_LEN)) {
>> - dev_err(dev, "aead input spec error!\n");
>> + /* Hardware does not handle cases where authsize is less than 4 bytes */
>> + if (unlikely(sz < MIN_MAC_LEN)) {
>> + ctx->a_ctx.fallback = true;
> This is broken. sec_aead_spec_check is a per-request function,
> called without any locking. Therefore it must not modify any
> field in the tfm context (at least not without additional locking),
> because multiple requests can be issued on the same tfm at any time.
>
> I suppose for this field in particular you could move it to
> set_authsize and there it would be safe to change the tfm context.
>
> Cheers,
Hi,
Thanks for your advice, it's better to move the setup to set_authsize, I
will send a new patchset soon.
Powered by blists - more mailing lists