Am Dienstag, 21. April 2020, 11:19:36 CEST schrieb Stephan Mueller: Hi Herbert, could you please help us with the answer to the question below? > Am Dienstag, 21. April 2020, 10:08:14 CEST schrieb Ondrej Mosnáček: > > Hi Ondrej, > > > Hi all, > > > > the libkcapi [1] tests are failing on kernels 5.5-rc1 and above [2]. > > All encryption/decryption tests that use 'ctr(aes)' and a message size > > that is not a multiple of 16 fail due to kcapi-enc returning different > > output than expected. > > Confirmed. > > On the recent kernels, the data generated by kcapi-enc contains trailing > zero bytes for data that is a fraction of the block size. > > I think the issue is in the following kernel code in _skcipher_recvmsg: > > unsigned int bs = crypto_skcipher_chunksize(tfm); > > /* > * If more buffers are to be expected to be processed, process only > * full block size buffers. > */ > if (ctx->more || len < ctx->used) > len -= len % bs; > > > The kernel truncates the size to be processed to the chunk size. As the > chunksize returns the block size of the underlying cipher (e.g. AES -> 16), > the kernel code will not process non-aligned data. > > Herbert, could you help me identifying what exactly was the root cause for > the patch 5b0fe9552336338acb52756daf65dd7a4eeca73f ? I.e. it seems that > stream ciphers made out of a block cipher would not generate the data part > that is a fraction of the block size (e.g. CTR, CTS). > > Ciao > Stephan Ciao Stephan -- atsec information security GmbH, Steinstraße 70, 81667 München, Germany Phone: +49 89 442 49 830 - Fax: +49 89 442 49 831 Mobile DE: +49 172 216 55 78 - Mobile US: +1 737 346 1613 HRB: 129439 (Amtsgericht München) GF: Salvatore la Pietra, Staffan Persson, Manuela Gambarotto atsec it security news blog - atsec-information-security.blogspot.com