| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Jul 2019 15:29:30 +0100
From: David Howells <dhowells@...hat.com>
To: Ard Biesheuvel <ard.biesheuvel@...aro.org>
Cc: dhowells@...hat.com, linux-afs@...ts.infradead.org,
Arnd Bergmann <arnd@...db.de>,
Herbert Xu <herbert@...dor.apana.org.au>,
"open list:HARDWARE RANDOM NUMBER GENERATOR CORE"
<linux-crypto@...r.kernel.org>,
"<netdev@...r.kernel.org>" <netdev@...r.kernel.org>
Subject: Re: [RFC PATCH] rxrpc: Fix -Wframe-larger-than= warnings from on-stack crypto
Ard Biesheuvel <ard.biesheuvel@...aro.org> wrote:
> Given that this part of the driver only uses synchronous crypto, and
> only using a hardcoded algo and mode [pcbc(fcrypt)], of which only a
> generic C implementation exists, may I suggest that we switch to a
> library based approach instead?
>
> That way, we can get rid of the crypto API overhead here, and IMO, we
> can drop support for this cipher from the crypto API entirely.
Ummm... I'm not entirely sure. At some point, I need to look at implementing
the rxgk security class to allow gss to be used. That can in theory support
any kerberos cipher suite (which don't include pcbc or fcrypt). I don't yet
know how much code I could theoretically share with rxkad.c.
However, since pcbc and fcrypt are only used by rxkad.c, it might make sense
to move them to net/rxrpc/ and hard code them in rxkad.c - though I'd prefer
to make an attempt on rxgk first.
David
Powered by blists - more mailing lists