lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 21 Jan 2022 21:22:59 +0100
From:   "Jason A. Donenfeld" <Jason@...c4.com>
To:     Eric Biggers <ebiggers@...nel.org>
Cc:     Miles Chen <miles.chen@...iatek.com>,
        Ard Biesheuvel <ardb@...nel.org>,
        Linux ARM <linux-arm-kernel@...ts.infradead.org>,
        Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-mediatek@...ts.infradead.org,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Sami Tolvanen <samitolvanen@...gle.com>
Subject: Re: [PATCH] lib/crypto: blake2s: avoid indirect calls to compression
 function for Clang CFI

On Fri, Jan 21, 2022 at 8:54 PM Eric Biggers <ebiggers@...nel.org> wrote:
> There are some lines over 80 columns in this patch.

I'll fix that up.

> Otherwise this looks fine.  It would be really nice to fix this in clang,
> though.

I agree. I'm wondering whether it makes sense to roll with this patch,
or to just not change anything and lean on Clang upstream to fix their
bug. Full LTO is marked as "experimental" still. On the other hand,
Android ships with it turned on, so how "experimental" can it really
be? I don't have a strong read on the Clang ecosystem to know what
makes most sense, to apply this or not. Do you have an opinion?

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ