From: Tadeusz Struk <tadeusz.struk@intel.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: davem@davemloft.net, linux-crypto@vger.kernel.org, qat-linux@intel.com
Subject: Re: [PATCH] crypto: qat - Fix for qat_aes_cbc_hmac_sha512
Date: Tue, 13 Jan 2015 14:21:58 -0800 [thread overview]
Message-ID: <54B59A86.10803@intel.com> (raw)
In-Reply-To: <20150113212515.GA11562@gondor.apana.org.au>
Hi Herbert,
On 01/13/2015 01:25 PM, Herbert Xu wrote:
>> memcpy(ipad, buff, digest_size);
>> > memcpy(opad, buff, digest_size);
>> > + memset(ipad + digest_size, 0, block_size - digest_size);
>> > + memset(opad + digest_size, 0, block_size - digest_size);
>> > memzero_explicit(buff, sizeof(buff));
> The very first thing we do in that function is zero the whole
> auth_state. So why would we need to zero it here? The only thin
> I can think of is if auth_state is too small and we're encountering
> garbage on the stack which would be a serious bug.
Yes, it looks strange, but the issue is we don't really zero the whole
auth_state. Because struct qat_auth_state is no packed on my system
sizeof(MAX_AUTH_STATE_SIZE + 64) = 244
and sizeof(struct qat_auth_state) = 256
if instead of:
memzero_explicit(auth_state.data, MAX_AUTH_STATE_SIZE + 64);
it would be:
memzero_explicit(&auth_state, sizeof(auth_state));
then it would work as well.
I can send another patch that does the second if you like.
Thanks,
Tadeusz
next prev parent reply other threads:[~2015-01-13 22:25 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-13 20:27 [PATCH] crypto: qat - Fix for qat_aes_cbc_hmac_sha512 Tadeusz Struk
2015-01-13 21:25 ` Herbert Xu
2015-01-13 22:21 ` Tadeusz Struk [this message]
2015-01-13 22:47 ` Herbert Xu
2015-01-13 22:55 ` Tadeusz Struk
2015-01-13 23:07 ` crypto: qat - Ensure ipad and opad are zeroed Herbert Xu
2015-01-13 23:20 ` Tadeusz Struk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54B59A86.10803@intel.com \
--to=tadeusz.struk@intel.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=qat-linux@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.