lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20151108175003.GT6114@lukather>
Date:	Sun, 8 Nov 2015 09:50:03 -0800
From:	Maxime Ripard <maxime.ripard@...e-electrons.com>
To:	Herbert Xu <herbert@...dor.apana.org.au>
Cc:	LABBE Corentin <clabbe.montjoie@...il.com>, davem@...emloft.net,
	wens@...e.org, linux-crypto@...r.kernel.org,
	linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
	linux-sunxi@...glegroups.com, stable@...r.kernel.org
Subject: Re: [PATCH] crypto: sun4i-ss: add missing statesize

On Fri, Nov 06, 2015 at 12:56:39PM +0800, Herbert Xu wrote:
> On Thu, Nov 05, 2015 at 08:07:19AM -0800, Maxime Ripard wrote:
> > 
> > On Thu, Nov 05, 2015 at 08:48:57AM +0100, LABBE Corentin wrote:
> > > sun4i-ss implementaton of md5/sha1 is via ahash algorithms.
> > > A recent change make impossible to load them without giving statesize.
> > 
> > Which one?
> 
> We recently disabled ahash drivers that do not declare statesize
> because it can lead to a crash when the driver is used through
> algif.

"Recently" is relative and really doesn't help.

Having the commit ID that made this change is an absolute reference,
and really helps to identify when that behaviour changed.

> Not declaring statesize is a bug anyway but the fact that it
> is exported through algif makes it much worse.
> 
> > > This patch specifiy statesize for sha1 and md5.
> > > 
> > > Signed-off-by: LABBE Corentin <clabbe.montjoie@...il.com>
> > > Cc: stable@...r.kernel.org
> > 
> > Please also add a Fixes tag (and the stable version it applies to).
> 
> I don't see the point for a fixes tag as it would simply refer
> to the original patch-set that added the driver.

What's the problem with that?

Maxime

-- 
Maxime Ripard, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ