From: Russell King - ARM Linux <linux@armlinux.org.uk>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: noloader@gmail.com, linux-crypto@vger.kernel.org
Subject: Re: AF_ALG broken?
Date: Tue, 9 Aug 2016 08:27:17 +0100 [thread overview]
Message-ID: <20160809072717.GG1041@n2100.armlinux.org.uk> (raw)
In-Reply-To: <20160809071402.GA5466@gondor.apana.org.au>
On Tue, Aug 09, 2016 at 03:14:02PM +0800, Herbert Xu wrote:
> On Tue, Aug 09, 2016 at 08:08:59AM +0100, Russell King - ARM Linux wrote:
> >
> > I thought I gave the commands and link to your example code. The
> > openssl case is md5, though sha* also gives the same result. Your
> > example code was sha1 iirc. I guess none of these would be using
> > HMAC - the openssl cases used to give results compatible with the
> > md5sum/ sha1sum etc userspace commands.
> >
> > /proc/crypto:
> >
> > name : md5
> > driver : md5-caam
>
> Right, caam is providing a setkey function for md5, which leads the
> API to think that a key is required. We should fix it so that setkey
> is only set for the HMAC-variant.
Thanks, that works nicely again, and passes my tests.
8<====
From: Russell King <rmk+kernel@armlinux.org.uk>
Subject: [PATCH] crypto: caam - fix non-hmac hashes
Since 6de62f15b581 ("crypto: algif_hash - Require setkey before
accept(2)"), the AF_ALG interface requires userspace to provide a key
to any algorithm that has a setkey method. However, the non-HMAC
algorithms are not keyed, so setting a key is unnecessary.
Fix this by removing the setkey method from the non-keyed hash
algorithms.
Fixes: 6de62f15b581 ("crypto: algif_hash - Require setkey before accept(2)")
Cc: <stable@vger.kernel.org>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
---
drivers/crypto/caam/caamhash.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c
index ea284e3909ef..9d7fc9ec0b7e 100644
--- a/drivers/crypto/caam/caamhash.c
+++ b/drivers/crypto/caam/caamhash.c
@@ -1950,6 +1950,7 @@ caam_hash_alloc(struct caam_hash_template *template,
template->name);
snprintf(alg->cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s",
template->driver_name);
+ t_alg->ahash_alg.setkey = NULL;
}
alg->cra_module = THIS_MODULE;
alg->cra_init = caam_hash_cra_init;
--
2.1.0
--
RMK's Patch system: http://www.armlinux.org.uk/developer/patches/
FTTC broadband for 0.8mile line: currently at 9.6Mbps down 400kbps up
according to speedtest.net.
next prev parent reply other threads:[~2016-08-09 7:27 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-08 16:44 AF_ALG broken? Russell King - ARM Linux
2016-08-08 17:47 ` Jeffrey Walton
2016-08-08 18:11 ` Russell King - ARM Linux
2016-08-09 3:18 ` Herbert Xu
2016-08-09 7:08 ` Russell King - ARM Linux
2016-08-09 7:14 ` Herbert Xu
2016-08-09 7:27 ` Russell King - ARM Linux [this message]
2016-08-09 10:35 ` Herbert Xu
2016-08-08 18:18 ` Stephan Mueller
2016-08-08 18:30 ` Stephan Mueller
2016-08-08 22:58 ` Russell King - ARM Linux
2016-08-08 23:04 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160809072717.GG1041@n2100.armlinux.org.uk \
--to=linux@armlinux.org.uk \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=noloader@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.