| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180822062036.mdq4q5o5zdzuxh7s@gondor.apana.org.au>
Date: Wed, 22 Aug 2018 14:20:36 +0800
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Ard Biesheuvel <ard.biesheuvel@...aro.org>
Cc: Eric Biggers <ebiggers@...nel.org>,
Megha Dey <megha.dey@...ux.intel.com>,
Tim Chen <tim.c.chen@...ux.intel.com>,
"David S. Miller" <davem@...emloft.net>,
syzbot <syzbot+d5455bac3ba1ee9114e5@...kaller.appspotmail.com>,
"open list:HARDWARE RANDOM NUMBER GENERATOR CORE"
<linux-crypto@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
the arch/x86 maintainers <x86@...nel.org>
Subject: Re: KASAN: use-after-free Read in sha512_ctx_mgr_resubmit
On Tue, Aug 21, 2018 at 02:43:56PM +0200, Ard Biesheuvel wrote:
>
> I agree. The code is obviously broken in a way that would have been
> noticed if it were in wide use, and it is too complicated for mere
> mortals to fix or maintain. I suggest we simply remove it for now, and
> if anyone wants to reintroduce it, we can review the code *and* the
> justification for the approach from scratch (in which case we should
> consider factoring out the algo agnostics plumbing in a way that
> allows it to be reused by other architectures as well)
I agree too. Could one of you guys send me a patch to remove
them?
Thanks,
--
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Powered by blists - more mailing lists