lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20150616084101.GB23347@gondor.apana.org.au>
Date:	Tue, 16 Jun 2015 16:41:02 +0800
From:	Herbert Xu <herbert@...dor.apana.org.au>
To:	Tadeusz Struk <tadeusz.struk@...el.com>
Cc:	linux-kernel@...r.kernel.org, keescook@...omium.org,
	jwboyer@...hat.com, smueller@...onox.de, richard@....at,
	steved@...hat.com, qat-linux@...el.com, dhowells@...hat.com,
	linux-crypto@...r.kernel.org, james.l.morris@...cle.com,
	jkosina@...e.cz, zohar@...ux.vnet.ibm.com, davem@...emloft.net,
	vgoyal@...hat.com
Subject: Re: [PATCH RFC v6 2/3] crypto: rsa: add a new rsa generic
 implementation

On Tue, Jun 16, 2015 at 01:02:05AM -0700, Tadeusz Struk wrote:
>
> +	if (!pkey->n || !pkey->e || !req->dst_len)
> +		return -EINVAL;

You leaked m.

> +	if (*req->dst_len < mpi_get_size(pkey->n)) {
> +		*req->dst_len = mpi_get_size(pkey->n);
> +		return -EINVAL;
> +	}

This needs to be an error that's distinct from real errors.  So
perhaps pick EOVERFLOW.

> +static int rsa_init_tfm(struct crypto_tfm *_tfm)
> +{
> +	return 0;
> +}

The init function is optional.  So just drop it if there is nothing
to be done.

> +	.encrypt = rsa_enc,
> +	.decrypt = rsa_dec,
> +	.sign = rsa_sign,
> +	.verify = rsa_verify,
> +	.setkey = rsa_setkey,
> +	.base = {
> +		.cra_name = "rsa",
> +		.cra_driver_name = "rsa-generic",
> +		.cra_priority = 100,
> +		.cra_ctxsize = 0,
> +		.cra_alignmask = 0,
> +		.cra_module = THIS_MODULE,
> +		.cra_ctxsize = sizeof(struct rsa_key),

You're initialising cra_ctxsize twice.  Also please drop the
alignmask since the default is zero.

> +		.cra_init = rsa_init_tfm,
> +		.cra_exit = rsa_exit_tfm,
> +	},
> +};

Please drop cra_init/cra_exit and add type-safe init/exit functions
like I did in 5eb8ec6dc857d5027bc8cf7268a199107a583ae5

> diff --git a/crypto/rsa_helper.c b/crypto/rsa_helper.c
> new file mode 100644
> index 0000000..103dd2e
> --- /dev/null
> +++ b/crypto/rsa_helper.c
> @@ -0,0 +1,124 @@
> +/*
> + * RSA key extract helper
> + *
> + * Copyright (c) 2015, Intel Corporation
> + * Authors: Tadeusz Struk <tadeusz.struk@...el.com>
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of the GNU General Public License as published by the Free
> + * Software Foundation; either version 2 of the License, or (at your option)
> + * any later version.
> + *
> + */
> +#include <linux/fips.h>
> +#include <crypto/internal/rsa.h>
> +#include "rsakey-asn1.h"

Need export.h.

> +static void free_mpis(struct rsa_key *key)
> +{
> +	if (key->n)
> +		mpi_free(key->n);

mpi_free already checks for NULL, so you can remove the check
here.

> diff --git a/include/crypto/internal/rsa.h b/include/crypto/internal/rsa.h
> new file mode 100644
> index 0000000..018f373
> --- /dev/null
> +++ b/include/crypto/internal/rsa.h
> @@ -0,0 +1,28 @@
> +/*
> + * RSA internal helpers
> + *
> + * Copyright (c) 2015, Intel Corporation
> + * Authors: Tadeusz Struk <tadeusz.struk@...el.com>
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of the GNU General Public License as published by the Free
> + * Software Foundation; either version 2 of the License, or (at your option)
> + * any later version.
> + *
> + */
> +#ifndef _RSA_HELPER_
> +#define _RSA_HELPER_
> +#include <linux/mpi.h>
> +#include <crypto/akcipher.h>

You should drop akcipher.h since nothing in this file uses it.

Thanks,
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ