Re: [PATCH/proposal] dm-crypt: add digest-based iv generation mode

[Christophe Saout]

Am Di, den 24.02.2004 schrieb Matt Mackall um 20:11:

> > +	int tfm_size = sizeof(*cc->digest) + cc->digest->__crt_alg->cra_ctxsize;
> > +	char tfm[tfm_size];
> > [...]
> > +	memcpy(tfm, cc->digest, tfm_size);
> 
> As this stands, it's rather scary.
> 
> - it will quietly break when cryptoapi gets fiddled with

Yes, and it's already broken. When putting a lot of stress to the
filesystem data corruption pops up.

It turned out the hmac code uses an additional scratch pad which is used
in crypto_hmac_final (the "opad") which was kmalloc'ed. So it isn't even
inside the context (the one after struct tfm with length cra_ctxsize).

Why that? That kmalloc could have been avoided and the opad could store
after the tfm struct too (or on the stack of the crypto_hmac_final or is
it too large?). Yes, I know, ... but it would really be nice not to put
locks around the calls.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/