lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 1 Feb 2017 13:13:05 +0100
From:   Torsten Duwe <duwe@....de>
To:     Herbert Xu <herbert@...dor.apana.org.au>
Cc:     stable@...r.kernel.org, Jiri Slaby <jslaby@...e.cz>,
        linux-kernel@...r.kernel.org
Subject: af_alg broken in 3.12

Hi Herbert,

you sent a backport of 6de62f15b581f920ade22d758f4c338311c2f0d4 to be included
in the 3.12 branch (as b2a0707817d3dec83652bb460a7775613058ae), but this leaves
af_alg broken for unkeyed hash functions:

f382cd5ac26674877143fa7d9c0ea23c6640e706 (3.12 just before your commit) :

socket(PF_ALG, SOCK_SEQPACKET, 0)       = 3
bind(3, {sa_family=AF_ALG, sa_data="hash\0\0\0\0\0\0\0\0\0\0"}, 88) = 0
accept(3, 0, NULL)                      = 4
write(4, "abc", 3)                      = 3
read(4, "\220\1P\230<\322O\260\326\226?}(\341\177r", 16) = 16

and with b2a0707817d3dec83652bb460a7775613058ae applied:

socket(PF_ALG, SOCK_SEQPACKET, 0)       = 3
bind(3, {sa_family=AF_ALG, sa_data="hash\0\0\0\0\0\0\0\0\0\0"}, 88) = 0
accept(3, 0, NULL)                      = 4
write(4, "abc", 3)                      = -1 ENOKEY (Required key not available)
read(4, 0x7ffebeba0e30, 16)             = -1 ENOKEY (Required key not available)

Mainline has meanwhile seen many fixes to this change; can you suggest an elegant
and crisp backport for these as well?

TIA,
	Torsten


View attachment "alg.c" of type "text/x-c++src" (714 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ