Hi Hebert, On Wed, Sep 28, 2016 at 08:29:35PM +0800, Herbert Xu wrote: > On Wed, Sep 28, 2016 at 03:40:51AM -0400, Jan Stancek wrote: > > > > Thanks for clearing up how this works in padlock-sha, but > > we are not exactly in same situation with p8_ghash. > > > > p8_ghash_init_tfm() already updates descsize. Problem in original report > > is that without custom export/import/statesize p8_ghash_alg.statesize > > gets initialized by shash_prepare_alg() to alg->descsize: > > Right. > > > so I think we need either: > > 1) make sure p8_ghash_alg.descsize is correct before we register shash, > > this is what Marcelo's last patch is doing > > This approach doesn't work because there is no guarantee that > you'll get the same fallback the next time you allocate a tfm. > So relying on the descsize being constant can only work if all > implementations of the fallback use the same desc struct. The patch forces ghash-generic as the fallback. And I don't think that is a big problem if we decide to go by this path. > > > 2) provide custom export/import/statesize for p8_ghash_alg > > This works for padlock-sha because every implementation of SHA > uses the same state data structure from sha.h. If we can make > all implementations of ghash agree on the exported state then > we can use the same approach. That would be nice because it would allow p8_ghash to keep using a dynamic fallback, but I'm not that is viable. What do you think? > > Otherwise we can go back to allocating just ghash-generic and > also move its data structure into an exported header file. > That would make the fix much more simple and it wouldn't require to get the fallback descsize at runtime. > Cheers, > -- > Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- Regards, Marcelo
Attachment:
signature.asc
Description: PGP signature