lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 19 Sep 2018 22:37:59 +0200
From:   Johannes Berg <johannes@...solutions.net>
To:     Kees Cook <keescook@...omium.org>,
        Herbert Xu <herbert@...dor.apana.org.au>
Cc:     linux-wireless@...r.kernel.org,
        Ard Biesheuvel <ard.biesheuvel@...aro.org>,
        Eric Biggers <ebiggers@...gle.com>,
        linux-crypto <linux-crypto@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH crypto-next 03/23] lib80211: Remove VLA usage of skcipher

On Tue, 2018-09-18 at 19:10 -0700, Kees Cook wrote:
> In the quest to remove all stack VLA usage from the kernel[1], this
> replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage
> with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(),
> which uses a fixed stack size.
> 
> [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com
> 

I know this lib80211 stuff landed on my plate as the maintainer (and the
others are probably more or less copies thereof), but honestly I don't
even have a device I could test this on, and quite possibly never had
(after the old non-mac80211 b43 driver was killed.)

So basically I'll just trust you to be doing the right thing, since you
probably did the same transformation on other code that is better
tested...

johannes

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ