lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 26 Oct 2018 00:53:44 +0200
From:   Andrew Lunn <andrew@...n.ch>
To:     "Jason A. Donenfeld" <Jason@...c4.com>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        Netdev <netdev@...r.kernel.org>,
        Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
        David Miller <davem@...emloft.net>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: [PATCH net-next v8 28/28] net: WireGuard secure network tunnel

> > > +static void kdf(u8 *first_dst, u8 *second_dst, u8 *third_dst, const u8 *data,
> > > +             size_t first_len, size_t second_len, size_t third_len,
> > > +             size_t data_len, const u8 chaining_key[NOISE_HASH_LEN])
> > > +{
> > > +     u8 output[BLAKE2S_HASH_SIZE + 1];
> > > +     u8 secret[BLAKE2S_HASH_SIZE];
> > > +
> > > +     WARN_ON(IS_ENABLED(DEBUG) &&
> > > +             (first_len > BLAKE2S_HASH_SIZE ||
> > > +              second_len > BLAKE2S_HASH_SIZE ||
> > > +              third_len > BLAKE2S_HASH_SIZE ||
> > > +              ((second_len || second_dst || third_len || third_dst) &&
> > > +               (!first_len || !first_dst)) ||
> > > +              ((third_len || third_dst) && (!second_len || !second_dst))));
> >
> > Maybe split this up into a number of WARN_ON()s. At the moment, if it
> > fires, you have little idea why, there are so many comparisons. Also,
> > is this on the hot path? I guess not, since this is keys, not
> > packets. Do you need to care about DEBUG here?
> 
> This is on the hot path, actually. Well, it's not on path of data
> packets, but I do consider handshake packets to be fairly "warm".

Hi Jason

So for me, hot path is something called 10 million timers per
second. How often do handshake packets happen?

> I'm not especially keen on splitting that up into multiple warn_ons,
> mostly because if that is ever hint, something is seriously wrong,
> and the whole flow would likely then need auditing anyway.

On the flip side, if you think this is so unlikely, it probably means
it is hard to reproduce. And then you will wish you knew exactly which
triggered. If you can get the disassembly and stack trace you might be
able to figure it out, but have a print could be a lot easier.

Anyway, it was just a suggestion. No worries.

	Andrew

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ