Why are we testing an intermediate result in ahash?

Message ID	20180306054934.GA29591@gondor.apana.org.au (mailing list archive)
State	Superseded
Delegated to:	Herbert Xu
Headers	show Return-Path: <linux-crypto-owner@kernel.org> Date: Tue, 6 Mar 2018 13:49:34 +0800 From: Herbert Xu <herbert@gondor.apana.org.au> To: Gary R Hook <gary.hook@amd.com> Cc: Kamil Konieczny <k.konieczny@partner.samsung.com>, "linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>, Tom Lendacky <thomas.lendacky@amd.com>, Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com> Subject: Re: Why are we testing an intermediate result in ahash? Message-ID: <20180306054934.GA29591@gondor.apana.org.au> References: <CGME20180302211209epcas5p4835258f0cde8b8b227d00507f77a8df8@epcas5p4.samsung.com> <e272ccdb-0630-c248-7a06-6457e2b7ccb9@amd.com> <09e9b9f3-0bcf-25c7-fd4b-8297c5cffff0@partner.samsung.com> <32ad68b5-4504-2d61-69a4-1e59be788fdc@amd.com> <21fcb42e-ef38-dda1-c5dd-5c2229b850b4@partner.samsung.com> <721f034c-2878-64ab-093b-a702ad950814@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <721f034c-2878-64ab-093b-a702ad950814@amd.com> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk

Message ID

20180306054934.GA29591@gondor.apana.org.au (mailing list archive)

State

Superseded

Delegated to:

Herbert Xu

Headers

Date: Tue, 6 Mar 2018 13:49:34 +0800
From: Herbert Xu <herbert@gondor.apana.org.au>
To: Gary R Hook <gary.hook@amd.com>
Cc: Kamil Konieczny <k.konieczny@partner.samsung.com>,
	"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Subject: Re: Why are we testing an intermediate result in ahash?
Message-ID: <20180306054934.GA29591@gondor.apana.org.au>
References: <CGME20180302211209epcas5p4835258f0cde8b8b227d00507f77a8df8@epcas5p4.samsung.com>
	<e272ccdb-0630-c248-7a06-6457e2b7ccb9@amd.com>
	<09e9b9f3-0bcf-25c7-fd4b-8297c5cffff0@partner.samsung.com>
	<32ad68b5-4504-2d61-69a4-1e59be788fdc@amd.com>
	<21fcb42e-ef38-dda1-c5dd-5c2229b850b4@partner.samsung.com>
	<721f034c-2878-64ab-093b-a702ad950814@amd.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <721f034c-2878-64ab-093b-a702ad950814@amd.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk

Commit Message

Herbert Xu March 6, 2018, 5:49 a.m. UTC

On Mon, Mar 05, 2018 at 02:30:57PM -0600, Gary R Hook wrote:
>
> So a failure to communicate a newly-required behavior change, much less
> document it, is addressed by breaking drivers?  For some reason this seems
> wrong.
> 
> It's also wrong to change the documentation after the fact, and after
> surprising people. The documentation change should have gone in with the
> change to testmgr. And all that -after- doing as suggested below.

You should never touch req->result unless you're finalising the hash.
This has always been the case, it's just never been tested by the
test frame work and therefore some buggy drivers have slipped
through.

The generic implementation (e.g., crypto/sha1_generic.c) is always
the authoritative source when it comes to driver behaviour.

Anyway, rather than wasting time debating this, you could've just
spent a couple of minutes fixing your driver.

---8<---
Subject: crypto: ccp - Do not touch result buffer except on final

The req->final buffer should only be modified when writing the
final hash.  It is not meant to be used to write incomplete hashes
when performing an update operation.

Fixes: 466d7b9f6175 ("crypto: testmgr - test misuse of result in...")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
index 60fc0fa..acc8c64 100644
--- a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
+++ b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
@@ -45,8 +45,8 @@  static int ccp_aes_cmac_complete(struct crypto_async_request *async_req,
 		rctx->buf_count = 0;
 	}
 
-	/* Update result area if supplied */
-	if (req->result)
+	/* Update result area if final */
+	if (rctx->final)
 		memcpy(req->result, rctx->iv, digest_size);
 
 e_free:
diff --git a/drivers/crypto/ccp/ccp-crypto-sha.c b/drivers/crypto/ccp/ccp-crypto-sha.c
index 8b9b16d..e290836 100644
--- a/drivers/crypto/ccp/ccp-crypto-sha.c
+++ b/drivers/crypto/ccp/ccp-crypto-sha.c
@@ -46,8 +46,8 @@  static int ccp_sha_complete(struct crypto_async_request *async_req, int ret)
 		rctx->buf_count = 0;
 	}
 
-	/* Update result area if supplied */
-	if (req->result)
+	/* Update result area if final. */
+	if (rctx->final)
 		memcpy(req->result, rctx->ctx, digest_size);
 
 e_free:

Why are we testing an intermediate result in ahash?

Commit Message

Patch