On Wed, Dec 04, 2019 at 02:42:58PM +0000, Ard Biesheuvel wrote: > On Tue, 3 Dec 2019 at 12:39, Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> wrote: > > > > On Sun, 1 Dec 2019 at 21:54, Eric Biggers <ebiggers@xxxxxxxxxx> wrote: > > > > > > This series makes some more improvements to the crypto self-tests, the > > > largest of which is making the AEAD fuzz tests test inauthentic inputs, > > > i.e. cases where decryption is expected to fail due to the (ciphertext, > > > AAD) pair not being the correct result of an encryption with the key. > > > > > > It also updates the self-tests to test passing misaligned buffers to the > > > various setkey() functions, and to check that skciphers have the same > > > min_keysize as the corresponding generic implementation. > > > > > > I haven't seen any test failures from this on x86_64, arm64, or arm32. > > > But as usual I haven't tested drivers for crypto accelerators. > > > > > > For this series to apply this cleanly, my other series > > > "crypto: skcipher - simplifications due to {,a}blkcipher removal" > > > needs to be applied first, due to a conflict in skcipher.h. > > > > > > This can also be retrieved from git at > > > https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git > > > tag "crypto-self-tests_2019-12-01". > > > > > > Eric Biggers (7): > > > crypto: aead - move crypto_aead_maxauthsize() to <crypto/aead.h> > > > crypto: skcipher - add crypto_skcipher_min_keysize() > > > crypto: testmgr - don't try to decrypt uninitialized buffers > > > crypto: testmgr - check skcipher min_keysize > > > crypto: testmgr - test setting misaligned keys > > > crypto: testmgr - create struct aead_extra_tests_ctx > > > crypto: testmgr - generate inauthentic AEAD test vectors > > > > > > > I've dropped this into kernelci again, let's see if anything turns out > > to be broken. > > > > For this series, > > > > Acked-by: Ard Biesheuvel <ardb@xxxxxxxxxx> > > > > Results here: > https://kernelci.org/boot/all/job/ardb/branch/for-kernelci/kernel/v5.4-9340-g16839329da69/ > > Only the usual suspects failed (rk3288) > Great, thanks. I wouldn't be surprised if all AEAD implementations are correctly rejecting inauthentic inputs at the moment, but we should still have the test just in case. - Eric