On Fri, 23 Aug 2019 at 10:10, Elon Zhang <zhangzj@xxxxxxxxxxxxxx> wrote: > > Hi Ard, > > I will try to fix this bug. Good > Furthermore, I will submit a patch to set > crypto node default disable in rk3288.dtsi. > Please don't. The ecb mode works fine, and 'fixing' the DT only helps if you use the one that ships with the kernel, which is not always the case. > On 8/20/2019 23:45, Ard Biesheuvel wrote: > > Hello all, > > > > While playing around with the fuzz tests on kernelci.org (which has a > > couple of rk3288 based boards for boot testing), I noticed that the > > rk3288 cbc mode driver is still broken (both AES and DES fail). > > > > For instance, one of the runs failed with > > > > alg: skcipher: cbc-aes-rk encryption test failed (wrong result) on > > test vector \"random: len=6848 klen=32\", cfg=\"random: may_sleep > > use_digest src_divs=[93.41%@+1655, 2.19%@+3968, 4.40%@+22]\" > > > > (but see below for the details of a few runs) > > > > However, more importantly, it looks like the driver violates the > > scatterlist API, by assuming that sg entries are always mapped and > > that sg_virt() and/or page_address(sg_page()) can always be called on > > arbitrary scatterlist entries > > > > The failures in question all occur with inputs whose size > PAGE_SIZE, > > so it looks like the PAGE_SIZE limit is interacting poorly with the > > way the next IV is obtained. > > > > Broken CBC is a recipe for disaster, and so this should really be > > fixed, or the driver disabled. > > > >