Re: [v2 PATCH] crypto: skcipher - Unmap pages after an external error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 6 Sep 2019 at 18:19, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:
>
> On Fri, Sep 06, 2019 at 05:52:56PM -0700, Ard Biesheuvel wrote:
> >
> > With this change, we still copy out the output in the
> > SKCIPHER_WALK_COPY or SKCIPHER_WALK_SLOW cases. I'd expect the failure
> > case to only do the kunmap()s, but otherwise not make any changes that
> > are visible to the caller.
>
> I don't think it matters.  After all, for the fast/common path
> whatever changes that have been made will be visible to the caller.
> I don't see the point in making the slow-path different in this
> respect.  It also makes no sense to optimise specifically for the
> uncommon error case on the slow-path.
>

The point is that doing

skcipher_walk_virt(&walk, ...);
skcipher_walk_done(&walk, -EFOO);

may clobber your data if you are executing in place (unless I am
missing something)

If skcipher_walk_done() is called with an error, it should really just
clean up after it self, but not copy back the unknown contents of
temporary buffers.



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux