lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 1 Oct 2019 20:49:06 +0200
From:   Arnd Bergmann <arnd@...db.de>
To:     Pascal Van Leeuwen <pvanleeuwen@...imatrix.com>
Cc:     Antoine Tenart <antoine.tenart@...tlin.com>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        "David S. Miller" <davem@...emloft.net>,
        Pascal van Leeuwen <pascalvanl@...il.com>,
        Ard Biesheuvel <ard.biesheuvel@...aro.org>,
        Eric Biggers <ebiggers@...gle.com>,
        "linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 2/3] crypto: inside-secure - Reduce stack usage

On Mon, Sep 30, 2019 at 11:09 PM Pascal Van Leeuwen
<pvanleeuwen@...imatrix.com> wrote:
> > Subject: Re: [PATCH 2/3] crypto: inside-secure - Reduce stack usage
> >
> > On Mon, Sep 30, 2019 at 9:04 PM Pascal Van Leeuwen
> > <pvanleeuwen@...imatrix.com> wrote:
> >
> > > > Alternatively, it should be possible to shrink these allocations
> > > > as the extra buffers appear to be largely unnecessary, but doing
> > > > this would be a much more invasive change.
> > > >
> > > Actually, for HMAC-SHA512 you DO need all that buffer space.
> > > You could shrink it to 2 * ctx->state_sz but then your simple indexing
> > > is no longer going to fly. Not sure if that would be worth the effort.
> >
> > Stack allocations can no longer be dynamically sized in the kernel,
> > so that would not work.
> >
> I was actually referring to your kzalloc, not to the original stack
> based implementation ...

Ok, got it. For the kzalloc version, the size matters much less, as
this is not coming from a scarce resource and only takes a few more
cycles to do the initial clearing of the larger struct.

> > > And it conflicts with another change I have waiting that gets rid of
> > > aes_expandkey and that struct alltogether (since it was really just
> > > abused to do a key size check, which was very wasteful since the
> > > function actually generates all roundkeys we don't need at all ...)
> >
> > Right, this is what I noticed there. With 480 of the 484 bytes gone,
> > you are well below the warning limit even without the other change.
> >
> And by "other change" you mean the safexcel_ahash_export_state?

Yes.

> Ok, good to known, although I do like to improve that one as well,
> but preferably by not exporting the cache so I don't need the full
> struct.

Sounds good to me.

      Arnd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ