From: Stephan Mueller <smueller@chronox.de>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Tadeusz Struk <tadeusz.struk@intel.com>,
linux-crypto@vger.kernel.org,
'LKML' <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] crypto: aesni: add setkey for driver-gcm-aes-aesni
Date: Tue, 20 Jan 2015 04:35:41 +0100 [thread overview]
Message-ID: <1490816.1NddvTAE2F@tauon> (raw)
In-Reply-To: <20150120031704.GB10475@gondor.apana.org.au>
Am Dienstag, 20. Januar 2015, 14:17:04 schrieb Herbert Xu:
Hi Herbert,
>On Sun, Jan 18, 2015 at 11:56:03PM +0100, Stephan Mueller wrote:
>> The cipher registered as __driver-gcm-aes-aesni is never intended
>> to be used directly by any caller. Instead it is a service mechanism
>> to rfc4106-gcm-aesni.
>>
>> The kernel crypto API unconditionally calls the registered setkey
>> function. In case a caller erroneously uses __driver-gcm-aes-aesni a
>> call to crypto_aead_setkey will cause a NULL pointer dereference
>> without this patch.
>>
>> CC: Tadeusz Struk <tadeusz.struk@intel.com>
>> Signed-off-by: Stephan Mueller <smueller@chronox.de>
>
>Rather than adding a bogus setkey function, please fix this mess
>properly by moving the top-level setkey function into the __driver
>one where it should be. Compare with how we handle it in the
>ablk_helper which is pretty much the same thing.
That is a good suggestion. And the modification is quite limited as the
existing rfc4106_set_key could be used for the __driver with only slight
modifications.
In that case, however, we should apply the same to rfc4106_set_authsize.
This in turn would then turn the __driver implementation into a full GCM
implementation. That would mean that we should rename it from __driver
into gcm(aes) / gcm-aesni.
>
>Thanks,
Ciao
Stephan
next prev parent reply other threads:[~2015-01-20 3:35 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-18 22:56 [PATCH] crypto: aesni: add setkey for driver-gcm-aes-aesni Stephan Mueller
2015-01-18 22:58 ` Stephan Mueller
2015-01-19 14:34 ` Tadeusz Struk
2015-01-20 3:17 ` Herbert Xu
2015-01-20 3:35 ` Stephan Mueller [this message]
2015-01-20 3:37 ` Herbert Xu
2015-01-20 3:54 ` Stephan Mueller
2015-01-20 4:03 ` Herbert Xu
2015-01-21 1:25 ` Stephan Mueller
2015-01-22 18:23 ` Tadeusz Struk
2015-01-22 21:20 ` Stephan Mueller
2015-01-22 21:55 ` Tadeusz Struk
2015-01-22 22:23 ` Herbert Xu
2015-01-22 22:30 ` Tadeusz Struk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1490816.1NddvTAE2F@tauon \
--to=smueller@chronox.de \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tadeusz.struk@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.