Thread (27 messages) 27 messages, 5 authors, 2016-01-11

Re: [PATCH v2] crypto: algif_skcipher - Require setkey before accept(2)

From: Milan Broz <hidden>
Date: 2016-01-03 09:42:38
Also in: lkml

On 01/03/2016 02:31 AM, Herbert Xu wrote:
On Sat, Jan 02, 2016 at 09:18:30PM +0100, Milan Broz wrote:
quoted
But I cannot change thousands of cryptsetup installations that are actively using that code.
This is clear userspace breakage which should not happen this way.
I'll try to add some compatibility code for your case, assuming
your modus operandi is accept(2) followed by a single setkey before
proceeding to encryption/decryption.
Hi,

yes, basically it prepares socket()/bind()/accept() and then it calls setkey once.
(I'll try to fix in next releases to call setkey first though.)

I am doing exactly the same for AF_ALG HMAC (hmac(<hash>) key,
does this requirement for order if accept/setkey applies there as well?
(It is not enforced yet.)

Anyway, you can easily simulate that skcipher API call just with running "cryptsetup benchmark"
(with accept() patch it will print N/A for all ciphers while without patch it measures some
more-or-less magic performance numbers :)
quoted
(Moreover it still doesn't work for cipher_null that has min/max key size 0.)
Setkey works just fine on cipher_null.
Yes, it works if ALG_SET_KEY is set to zero-length key.
I just re-introduced old bug to code, sorry.

Thanks!
Milan
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help