This small series of patches addresses oopses seen when trying to use the AF_ALG interface via openssl with openssh. This series does not address all problems, but merely stops the kernel from smashing its kernel stack and oopsing.
With these fixes in place, the kernel no longer oopses. However, with the digests enabled in openssl, openssh refuses to work, producing the following when attempting to connect to the target system: Corrupted MAC on input. Disconnecting: Packet corrupt It's been hard enough to get this far; the crypto code is not the easiest code to debug for a new-comer due to the amount of state needed to be retained to understand the code (all the inline functions masking multiple levels of containerisation and pointer dereference does not make it easy to track what is stored where, and once I've been through one bit of code, I find I'm having to revisit the same piece of code a bit later to re-understand what it's doing.) It's been difficult enough to find the engine plugin for openssl - the original git repo which hosted it is now dead (http://src.carnivore.it/users/common/af_alg/). All that seems to be left is someone's modified version on github, which seems to get some maintanence. Debian doesn't seem to carry AF_ALG openssl support, and seems to only carry one package (strongswan) which supports this interface. Hence, I'm leaving further debugging to other parties, especially as the userspace tooling for the AF_ALG seems rather lacking. (Are there any test programs, if so, can their location be documented and placed in Documentation/crypto please?) I'm not sure who the maintainer for drivers/crypto/marvell is, so I've picked Thomas. It would be nice if there was an entry in MAINTAINERS for this driver. The first patch in this series avoids kernel stack smashing if a crypto driver forgets to set the 'statesize' member, but writes to what seems to be a valid pointer passed to its export function. Of course, this won't completely stop stack smashing if the statesize member is smaller than the data which the export function writes. This patch is optional. The second patch adds the necessary statesize members to the Marvell code which were previously missing. Fixing this uncovered a further problem, which the third patch addresses. crypto/algif_hash.c | 6 +++++- drivers/crypto/marvell/hash.c | 9 +++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) -- FTTC broadband for 0.8mile line: currently at 9.6Mbps down 400kbps up according to speedtest.net. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
