lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 25 Jan 2023 15:08:36 -0800
From:   Jakub Kicinski <kuba@...nel.org>
To:     Simo Sorce <simo@...hat.com>
Cc:     Apoorv Kothari <apoorvko@...zon.com>, sd@...asysnail.net,
        borisp@...dia.com, dueno@...hat.com, fkrenzel@...hat.com,
        gal@...dia.com, netdev@...r.kernel.org, tariqt@...dia.com
Subject: Re: [PATCH net-next 0/5] tls: implement key updates for TLS1.3

On Wed, 25 Jan 2023 18:05:38 -0500 Simo Sorce wrote:
> > > If it is not guaranteed, are you blocking use of AES GCM and any other
> > > block cipher that may have very bad failure modes in a situation like
> > > this (in the case of AES GCM I am thinking of IV reuse) ?  
> > 
> > I don't know what you mean.  
> 
> The question was if there is *any* case where re-transmission can cause
> different data to be encrypted with the same key + same IV

Not in valid use cases. With zero-copy / sendfile Tx technically 
the page from the page cache can change between tx and rtx, but 
the user needs to opt in explicitly acknowledging the application 
will prevent this from happening. If they don't opt-in we'll copy 
the data.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ