st 13. 3. 2019 o 13:37 Ondrej Mosnáček <omosnacek@xxxxxxxxx> napísal(a): > Hi, > > FYI, the p8_aes_ctr crypto driver (drivers/crypto/vmx/aes_ctr.c) seems > to be seriously broken. When I do repeated encryption using libkcapi > multiple times in a row, I sometimes get a wrong result. This happens > more often with long messages (e.g. at 16 KiB it already happens very > frequently). > > To reproduce: > 1. Install or locally build libkcapi [1] (you will need the kcapi-enc > binary in PATH) on a ppc64le system. > 2. Run the following in bash: > for i in {1..100}; do head -c $((16*1024)) /dev/zero | kcapi-enc -e -c > 'ctr(aes)' -p test -s test --pbkdfiter 1 2>/dev/null | sha256sum; done > | sort -u > > Expected result: > All invocations produce output with identical checksum. > > Actual result: > Multiple different checksums are produced. > > When I run 'rmmod vmx_crypto' before running the reproducer, I get > only one (correct) checksum, so this is definitely a bug in the > driver. Other ciphers (cbc(aes), xts(aes)) are not affected, even > though the glue code is very similar. That leads me to believe the > problem is somewhere in the assembly code. > > [1] http://github.com/smuellerDD/libkcapi > > Cheers, > Ondrej (Ah, forgot to compare email addresses with MAINTAINERS... let me try these)