lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Y6OXuT95MlkNanSR@sol.localdomain>
Date:   Wed, 21 Dec 2022 15:33:13 -0800
From:   Eric Biggers <ebiggers@...nel.org>
To:     Vladis Dronov <vdronov@...hat.com>
Cc:     herbert@...dor.apana.org.au, davem@...emloft.net, nstange@...e.de,
        elliott@....com, linux-crypto@...r.kernel.org,
        linux-kernel@...r.kernel.org, smueller@...onox.de
Subject: Re: [PATCH 2/6] crypto: xts - drop xts_check_key()

On Wed, Dec 21, 2022 at 11:41:07PM +0100, Vladis Dronov wrote:
> xts_check_key() is obsoleted by xts_verify_key(). Over time XTS crypto
> drivers adopted the newer xts_verify_key() variant, but xts_check_key()
> is still used by a number of drivers. Switch drivers to use the newer
> xts_verify_key() and make a couple of cleanups. This allows us to drop
> xts_check_key() completely and avoid redundancy.
> 
> Signed-off-by: Vladis Dronov <vdronov@...hat.com>
> ---
>  arch/s390/crypto/paes_s390.c                  |  2 +-
>  drivers/crypto/atmel-aes.c                    |  2 +-
>  drivers/crypto/axis/artpec6_crypto.c          |  2 +-
>  drivers/crypto/cavium/cpt/cptvf_algs.c        |  8 +++----
>  .../crypto/cavium/nitrox/nitrox_skcipher.c    |  8 +++----
>  drivers/crypto/ccree/cc_cipher.c              |  2 +-
>  .../crypto/marvell/octeontx/otx_cptvf_algs.c  |  2 +-
>  .../marvell/octeontx2/otx2_cptvf_algs.c       |  2 +-
>  include/crypto/xts.h                          | 21 +++----------------
>  9 files changed, 15 insertions(+), 34 deletions(-)

Reviewed-by: Eric Biggers <ebiggers@...gle.com>

but one comment below:

>  static inline int xts_verify_key(struct crypto_skcipher *tfm,
>  				 const u8 *key, unsigned int keylen)
>  {
> @@ -42,7 +25,9 @@ static inline int xts_verify_key(struct crypto_skcipher *tfm,
>  	if (fips_enabled && keylen != 32 && keylen != 64)
>  		return -EINVAL;
>  
> -	/* ensure that the AES and tweak key are not identical */
> +	/* ensure that the AES and tweak key are not identical
> +	 * when in FIPS mode or the FORBID_WEAK_KEYS flag is set.
> +	 */
>  	if ((fips_enabled || (crypto_skcipher_get_flags(tfm) &
>  			      CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) &&
>  	    !crypto_memneq(key, key + (keylen / 2), keylen / 2))

Please use the kernel style for block comments:

	/*
	 * Ensure that the AES and tweak key are not identical when in FIPS mode
	 * or the FORBID_WEAK_KEYS flag is set.
	 */

- Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ