Re: [PATCH v2] crypto: algif_skcipher - Require setkey before accept(2)

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Milan Broz <gmazyland@gmail.com>
To: Stephan Mueller <smueller@chronox.de>, Milan Broz <gmazyland@gmail.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
	Dmitry Vyukov <dvyukov@google.com>,
	syzkaller@googlegroups.com, davem@davemloft.net,
	linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
	kcc@google.com, glider@google.com, edumazet@google.com,
	sasha.levin@oracle.com, keescook@google.com
Subject: Re: [PATCH v2] crypto: algif_skcipher - Require setkey before accept(2)
Date: Sat, 2 Jan 2016 21:18:30 +0100	[thread overview]
Message-ID: <56883096.1020009@gmail.com> (raw)
In-Reply-To: <1647086.cdlVYfuqk1@myon.chronox.de>

On 01/02/2016 09:03 PM, Stephan Mueller wrote:
> Am Samstag, 2. Januar 2016, 15:41:34 schrieb Milan Broz:
> 
> Hi Milan,
> 

...
>>> Hi Herbert,
>>>
>>> this patch breaks userspace in cryptsetup...
>>>
>>> We use algif_skcipher in cryptsetup (for years, even before
>>> there was Stephan's library) and with this patch applied
>>> I see fail in ALG_SET_IV call (patch from your git).
>>
>> (Obviously this was because of failing accept() call here, not set_iv.)
>>
>>> I can fix it upstream, but for thousands of installations it will
>>> be broken (for LUKS there is a fallback, cor TrueCrypt compatible devices
>>> it will be unusable. Also people who configured kernel crypto API as
>>> default backend will have non-working cryptsetup).
>>>
>>> Is it really thing for stable branch?
>>
>> Also how it is supposed to work for cipher_null, where there is no key?
>> Why it should call set_key if it is noop? (and set key length 0 is not
>> possible).
>>
>> (We are using cipher_null for testing and for offline re-encryption tool
>> to create temporary "fake" header for not-yet encrypted device...)
> 
> The change implies that any setkey or set IV operations (i.e. any operations 
> on the tfmfd) are done before the opfd(s) are created with one or more accept 
> calls.
> 
> Thus, after a bind that returns the tfmfd, the setkey and setiv operations 
> shall be called. This is followed by accept. If you change the order of 
> invocations in your code, it should work.

Hi,

I already changed it in cryptsetup upstream this way.

But I cannot change thousands of cryptsetup installations that are actively using that code.
This is clear userspace breakage which should not happen this way.

(Moreover it still doesn't work for cipher_null that has min/max key size 0.)

Milan

next prev parent reply	other threads:[~2016-01-02 20:18 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-12-17 12:59 GPF in lrw_crypt Dmitry Vyukov
2015-12-21 22:58 ` Stephan Mueller
2015-12-24  9:39 ` Herbert Xu
2015-12-24 11:03   ` Dmitry Vyukov
2015-12-25  7:40     ` [PATCH v2] crypto: algif_skcipher - Require setkey before accept(2) Herbert Xu
2015-12-28 13:39       ` Dmitry Vyukov
2015-12-29 13:24         ` Herbert Xu
2016-01-02 11:52       ` Milan Broz
2016-01-02 14:41         ` Milan Broz
2016-01-02 20:03           ` Stephan Mueller
2016-01-02 20:18             ` Milan Broz [this message]
2016-01-03  1:31               ` Herbert Xu
2016-01-03  9:42                 ` Milan Broz
2016-01-04  4:35                   ` [PATCH 1/2] crypto: af_alg - Add nokey compatibility path Herbert Xu
2016-01-04  4:36                     ` [PATCH 2/2] crypto: algif_skcipher " Herbert Xu
2016-01-04 12:33                     ` [PATCH 1/2] crypto: af_alg " Milan Broz
2016-01-08 12:48                       ` Herbert Xu
2016-01-08 18:21                         ` Milan Broz
2016-01-09  5:41                           ` Herbert Xu
2016-01-09 10:14                             ` Milan Broz
2016-01-11 13:26                               ` [PATCH 1/2] crypto: skcipher - Add crypto_skcipher_has_setkey Herbert Xu
2016-01-11 13:29                                 ` [PATCH 2/2] crypto: algif_skcipher - Add key check exception for cipher_null Herbert Xu
2016-01-11 14:59                                   ` Milan Broz
2016-01-08 13:28                       ` [PATCH 1/2] crypto: hash - Add crypto_ahash_has_setkey Herbert Xu
2016-01-08 13:31                         ` [PATCH 2/2] crypto: algif_hash - Require setkey before accept(2) Herbert Xu
2016-01-08 13:54                           ` kbuild test robot
2016-01-09 10:15                           ` Milan Broz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=56883096.1020009@gmail.com \
    --to=gmazyland@gmail.com \
    --cc=davem@davemloft.net \
    --cc=dvyukov@google.com \
    --cc=edumazet@google.com \
    --cc=glider@google.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=kcc@google.com \
    --cc=keescook@google.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=sasha.levin@oracle.com \
    --cc=smueller@chronox.de \
    --cc=syzkaller@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).