| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <7531788D-2651-449B-9824-E418F773F23C@linaro.org>
Date: Fri, 14 Oct 2016 15:22:50 +0100
From: Ard Biesheuvel <ard.biesheuvel@...aro.org>
To: Johannes Berg <johannes@...solutions.net>
Cc: Andy Lutomirski <luto@...capital.net>,
Sergey Senozhatsky <sergey.senozhatsky.work@...il.com>,
"<netdev@...r.kernel.org>" <netdev@...r.kernel.org>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
"<linux-wireless@...r.kernel.org>" <linux-wireless@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Jouni Malinen <j@...fi>
Subject: Re: [PATCH] mac80211: aes_ccm: move struct aead_req off the stack
> On 14 Oct 2016, at 14:46, Johannes Berg <johannes@...solutions.net> wrote:
>
>
>>
>> Is the aad[] actually reused? I would assume it only affects the mac
>> on encryption, and the verification on decryption but I don't think
>> we actually need it back from the crypto routines.
>
> I don't think it's reused.
>
>> Exactly what you said above :-) My patch only touches CCM but as you
>> said,
>>
>> """
>> 'Also there's B_0/J_0 for CCM/GCM, and the 'zero' thing that GMAC
>> has.
>> """
>
> Ah, but we can/should do the same for the others, no?
>
Yes, but then we end up kmalloc/kfreeing chunks of 16 bytes, which is actually another problem.
I still think we are not violating the api by putting aead_req on the stack (but herbert should confirm). The aad[] issue does violate the api, so it deserves a separate fix imo
Powered by blists - more mailing lists