lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 25 Jun 2016 06:11:50 +0200 From: Eric Dumazet <eric.dumazet@...il.com> To: Andy Lutomirski <luto@...capital.net> Cc: Herbert Xu <herbert@...dor.apana.org.au>, Network Development <netdev@...r.kernel.org> Subject: Re: tcp md5: one more crypto-sg-on-the-stack instance On Fri, 2016-06-24 at 18:51 -0700, Andy Lutomirski wrote: > Hi all- > > tcp_md5_hash_header does crypto using an sg that points to the stack. > This will break with virtually mapped stacks. It also looks like it's > probably much slower than it deserves to be (it's trying to compute > the MD5 hash of a few tens of bytes -- going through a scatterlist is > a lot of overhead for an otherwise very fast operation). I guess nobody cares about TCP MD5 speed really. > > I don't suppose one of you could fix it or at least advise as to how > it should be fixed. Simply extend tcp_md5sig_pool to contain a copy of the TCP headers ? At most 40 bytes of extra per cpu storage is not a big problem.
Powered by blists - more mailing lists