| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1480327.kK94DiIqOk@tachyon.chronox.de> Date: Mon, 24 Nov 2014 13:29:10 +0100 From: Stephan Mueller <smueller@...onox.de> To: Steffen Klassert <steffen.klassert@...unet.com> Cc: Herbert Xu <herbert@...dor.apana.org.au>, LKML <linux-kernel@...r.kernel.org> Subject: Re: crypto: user - crypto_alg_match removal Am Montag, 24. November 2014, 08:22:46 schrieb Steffen Klassert: Hi Steffen, > Hi Stephan. > > On Sat, Nov 22, 2014 at 11:25:05PM +0100, Stephan Mueller wrote: > > Hi Steffen, Herbert, > > > > may I ask for the reasons why crypto_alg_match exists? Doesn't it > > implement crypto_alg_lookup -- and that not even complete? Is there a > > particular reason why this exact flag of crypto_alg_match is really > > needed in the context of crypto_user? > > > > Unless there is such valid reason, may I ask whether we can remove > > crypto_alg_match and simply use crypto_alg_lookup in all instances where > > crypto_alg_match is invoked using the following replacement: > > > > alg = crypto_alg_lookup(p->cru_name, p->cru_type, p->cru_mask) > > > > The only problem with this replacement is that p->cru_driver_name is not > > considered with that. > > With crypto_alg_lookup() we don't know whether the match is based on > the driver or the algorithm name. That's why we have crypto_alg_match(), > here we can ask for a driver or an algorithm match. In some situations it > is important to have an exact match on the crypto driver name. For example > if a user wants to instantiate or delete a certain inplementation of an > algorithm. In this case we need to know whether this exact algorithm > driver is registered in the system. I understand. But going with the logic of the kernel crypto API, if one needs an exact match, you pick the driver name. Otherwise the generic name. crypto_alg_lookup returns the exact algo when you supply a driver name. It returns the algo with the highest prio when you supply a generic name. I do not see a difference for the scenarios you describe. What I am worried about is that the logic of how a name versus a driver name is applied differs between the kernel crypto API and crypto_user. > > > Do you think a double invocation of > > crypto_alg_lookup should be done or that even the user space interface > > should be changed such that cru_driver_name is removed from it? > > Whatever we do, we can't remove cru_driver_name as this is exported > to userspace and tools already use it. That is definitely an issue. But the more I think about it, the more I see that we do not need to change the interface. Something like that would work in the kernel: if (p->cru_driver_name[0]) alg = crypto_alg_lookup(p->cru_driver_name, p->cru_type, p->cru_mask) else alg = crypto_alg_lookup(p->cru_name, p->cru_type, p->cru_mask) -- Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists