On Tue, Jul 12, 2022 at 03:50:31PM +0800, GUO Zihua wrote: > A kasan error was reported during fuzzing: [...] > This patch fixes the issue by calling poly1305_init_arm64() instead of > poly1305_init_arch(). This is also the implementation for the same > algorithm on arm platform. > > Fixes: f569ca164751 ("crypto: arm64/poly1305 - incorporate OpenSSL/CRYPTOGAMS NEON implementation") > Cc: stable@xxxxxxxxxxxxxxx > Signed-off-by: GUO Zihua <guozihua@xxxxxxxxxx> > --- > arch/arm64/crypto/poly1305-glue.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) I'm not a crypto guy by any stretch of the imagination, but Ard is out at the moment and this looks like an important fix so I had a crack at reviewing it. > diff --git a/arch/arm64/crypto/poly1305-glue.c b/arch/arm64/crypto/poly1305-glue.c > index 9c3d86e397bf..1fae18ba11ed 100644 > --- a/arch/arm64/crypto/poly1305-glue.c > +++ b/arch/arm64/crypto/poly1305-glue.c > @@ -52,7 +52,7 @@ static void neon_poly1305_blocks(struct poly1305_desc_ctx *dctx, const u8 *src, > { > if (unlikely(!dctx->sset)) { > if (!dctx->rset) { > - poly1305_init_arch(dctx, src); > + poly1305_init_arm64(&dctx->h, src); > src += POLY1305_BLOCK_SIZE; > len -= POLY1305_BLOCK_SIZE; > dctx->rset = 1; With this change, we no longer initialise dctx->buflen to 0 as part of the initialisation. Looking at neon_poly1305_do_update(), I'm a bit worried that we could land in the 'if (likely(len >= POLY1305_BLOCK_SIZE))' block, end up with len == 0 and fail to set dctx->buflen. Is this a problem, or is my ignorance showing? Will