| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 4 Nov 2016 10:05:21 -0700
From: Eric Biggers <ebiggers@...gle.com>
To: Andy Lutomirski <luto@...capital.net>
Cc: linux-crypto@...r.kernel.org,
Herbert Xu <herbert@...dor.apana.org.au>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Andrew Lutomirski <luto@...nel.org>,
"linux-mm@...ck.org" <linux-mm@...ck.org>
Subject: Re: vmalloced stacks and scatterwalk_map_and_copy()
On Thu, Nov 03, 2016 at 08:57:49PM -0700, Andy Lutomirski wrote:
>
> The crypto request objects can live on the stack just fine. It's the
> request buffers that need to live elsewhere (or the alternative
> interfaces can be used, or the crypto core code can start using
> something other than scatterlists).
>
There are cases where a crypto operation is done on a buffer embedded in a
request object. The example I'm aware of is in the GCM implementation
(crypto/gcm.c). Basically it needs to encrypt 16 zero bytes prepended with the
actual data, so it fills a buffer in the request object
(crypto_gcm_req_priv_ctx.auth_tag) with zeroes and builds a new scatterlist
which covers both this buffer and the original data scatterlist.
Granted, GCM provides the aead interface not the skcipher interface, and
currently there is no AEAD_REQUEST_ON_STACK() macro like there is a
SKCIPHER_REQUEST_ON_STACK() macro. So maybe no one is creating aead requests on
the stack right now. But it's something to watch out for.
Eric
Powered by blists - more mailing lists