| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180424195845.GB23575@mail.hallyn.com>
Date: Tue, 24 Apr 2018 14:58:45 -0500
From: "Serge E. Hallyn" <serge@...lyn.com>
To: Tycho Andersen <tycho@...ho.ws>
Cc: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>,
ebiggers3@...il.com, dhowells@...hat.com, keyrings@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com,
jmorris@...ei.org, serge@...lyn.com, Jason@...c4.com
Subject: Re: [PATCH 1/3] big key: get rid of stack array allocation
Quoting Tycho Andersen (tycho@...ho.ws):
> On Tue, Apr 24, 2018 at 11:46:38PM +0900, Tetsuo Handa wrote:
> > Tycho Andersen wrote:
> > > > > + if (unlikely(crypto_aead_ivsize(big_key_aead) != GCM_AES_IV_SIZE)) {
> > > > > + WARN(1, "big key algorithm changed?");
> >
> > Please avoid using WARN() WARN_ON() etc.
> > syzbot would catch it and panic() due to panic_on_warn == 1.
>
> But it is really a programming bug in this case (and it seems better
> than BUG()...). Isn't this exactly the sort of case we want to catch?
>
> Tycho
Right - is there a url to some discussion about this? Because not
using WARN when WARN should be used, because it troubles a bot, seems
the wrong solution. If this *is* what's been agreed upon, then
what is the new recommended thing to do here?
-serge
Powered by blists - more mailing lists