lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250625030404.GA8962@sol>
Date: Tue, 24 Jun 2025 20:04:04 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: Herbert Xu <herbert@...dor.apana.org.au>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
	"David S. Miller" <davem@...emloft.net>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Linux Crypto Mailing List <linux-crypto@...r.kernel.org>
Subject: Re: [GIT PULL] Crypto Fixes for 6.16

On Wed, Jun 25, 2025 at 10:44:04AM +0800, Herbert Xu wrote:
> Hi Linus:
> 
> The following changes since commit df29f60369ccec0aa17d7eed7e2ae1fcdc9be6d4:
> 
>   crypto: ahash - Fix infinite recursion in ahash_def_finup (2025-06-18 17:02:02 +0800)
> 
> are available in the Git repository at:
> 
>   git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git tags/v6.16-p6
> 
> for you to fetch changes up to 20d71750cc72e80859d52548cf5c2a7513983b0d:
> 
>   crypto: wp512 - Use API partial block handling (2025-06-23 16:56:56 +0800)
> 
> ----------------------------------------------------------------
> This push fixes a regression where wp512 can no longer be used
> with hmac.
> ----------------------------------------------------------------
> 
> Herbert Xu (1):
>       crypto: wp512 - Use API partial block handling
> 

Wouldn't it make more sense to revert the "Crypto API partial block handling"
stuff?  It's been causing a huge number of problems, and it's been getting
superseded by the librarification changes anyway.

This is already the fourth 6.16 fixes pull request for regressions caused by
your partial block handling changes.  And I have another one queued in
libcrypto-fixes.  I expect there will need to be more...

Indeed, I just found that a lot of drivers in drivers/crypto/ haven't been
updated to be aware of the extra byte that comes back from
crypto_shash_export().  So there are a bunch of buffer overflows there too.
(Not like drivers/crypto/ actually matters, but apparently your changes are for
its benefit?  So it's interesting that it was actually broken by them.)

- Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ