| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241226194914.GB4648@quark.localdomain> Date: Thu, 26 Dec 2024 11:49:14 -0800 From: Eric Biggers <ebiggers@...nel.org> To: Atharva Tiwari <evepolonium@...il.com> Cc: Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net>, linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] crypto: vmac - Handle unaligned input in vmac_update On Thu, Dec 26, 2024 at 11:05:07AM -0800, Eric Biggers wrote: > On Thu, Dec 26, 2024 at 10:30:49PM +0530, Atharva Tiwari wrote: > > The `vmac_update` function previously assumed that `p` was aligned, > > which could lead to misaligned memory accesses when processing blocks. > > This patch resolves the issue by, > > introducing a temporary buffer to ensure alignment. > > > > Changes include: > > - Allocating a temporary buffer (`__le64 *data`) to store aligned blocks. > > - Using `get_unaligned_le64` to safely read data into the temporary buffer. > > - Iteratively processing blocks with the `vhash_blocks` function. > > - Properly freeing the allocated temporary buffer after processing. > > > > Signed-off-by: Atharva Tiwari <evepolonium@...il.com> > > Are you using vmac for something? As far as I know it is unused upstream, and > we should just remove it instead. > I strongly suspect this was just to address the TODO in the source code, and this would be a good time to finally remove vmac (https://lore.kernel.org/linux-crypto/20241226194309.27733-1-ebiggers@kernel.org) from the kernel's museum of cryptographic algorithms. But let me know if you're in fact actually using it, and if so for what. Thanks! - Eric
Powered by blists - more mailing lists