Received: by 2002:a25:ca44:0:0:0:0:0 with SMTP id a65csp478220ybg; Tue, 28 Jul 2020 10:36:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzsqoi2MudPwTZaa/3XgmNsB+5ywJnVCUKIQBmHUBBdy8WeOjUbLbVACklHCF3dyGxe5h/U X-Received: by 2002:a17:906:5612:: with SMTP id f18mr16761431ejq.225.1595957792016; Tue, 28 Jul 2020 10:36:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595957792; cv=none; d=google.com; s=arc-20160816; b=GQnIdz+PAqG7KnX+X6YNedMnHhv3xSx/M7HXHVq7sd+pf21c0Fza6qrdgINZC5djp+ Z7jAe1CoiaCItc/xVXJe2lAfu3jgSvcH8h8ziAuQ9JAN4AB/HvIbeA0O6UCQuP19lrmp MGP36ouToG+VrRRXjYyrAA9tlGEH7laLYpJ570/aVWYpyysqAjlXF4PIaPL6jIqS45ds 3k5UE7CTx5V/ta6EjYbqMSS4N5R+Qhaa+UiXTXz+6aLLEbsM5HRc/YVVV4TJGPfAuVyL CI/GbJ4aquMse+xvqZKD1aLk2ZQ4rfLPYMjB7fmkdryPCiZGFxVYqkhmI4it89b0w5Ze 0t5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=rQGtC5JYsZgH3COFjcTQBSBbR63EvglB/yQ3YFfDLOI=; b=jpnHksSvUAkNP7ic/3g/S24X/288y5RZsUiPbaXGend4tuOa+tR7XOhui95BuGyDGW 8RbJRFZ1YwcBAhqiSVtla/DORzv1wJ5SAVEniVOpdHVWpwVgfTfODKmQi/cuq/jYG0Rf N65M4Hj/SAzdbpdlZhf6sApiafeQmLdXCYrAwIl2aATyVmqW5O/PSPkCKJ4V4Flus7Wk 66ZFjoMNGvqj/H4yAo0n9nKSYbjRbp7S5rsg9UEtchCsJrFn4El7NlIoZOdFaqrPK1pW 0+ub3E6s7BmIZSAqmqexPwqhLO9Ywu6d/lxCuWY0e8tfMsKyxTEPeUe4jmnMoR/objW8 iulw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=CtaWYfju; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gj5si7540845ejb.49.2020.07.28.10.36.07; Tue, 28 Jul 2020 10:36:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=CtaWYfju; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731779AbgG1RgF (ORCPT + 99 others); Tue, 28 Jul 2020 13:36:05 -0400 Received: from mail.kernel.org ([198.145.29.99]:47580 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731684AbgG1RgF (ORCPT ); Tue, 28 Jul 2020 13:36:05 -0400 Received: from gmail.com (unknown [104.132.1.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A7276206D7; Tue, 28 Jul 2020 17:36:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1595957764; bh=BTOCpojOCLuXUDVPp1v9NRmtj+YIHQG4pJIbRGyKLxw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=CtaWYfjummTTszmXEMD2OjkkfbQnwnyghknQzVWM39b6nbHQv3Qlw2OLarPJ0AsKk K8rtae2o3u0qxc0aC2pZlKQa0KQy8VsWIf3k1vRN7LEbukgphTK85vJjcM4TwRpHi4 Fte3WgTujMUR6OjnephSwp5Zanl5ufqTda1chlFk= Date: Tue, 28 Jul 2020 10:36:03 -0700 From: Eric Biggers To: Elena Petrova Cc: linux-crypto@vger.kernel.org, Stephan =?iso-8859-1?Q?M=FCller?= , Ard Biesheuvel , Jeffrey Vander Stoep Subject: Re: [PATCH v3] crypto: af_alg - add extra parameters for DRBG interface Message-ID: <20200728173603.GD4053562@gmail.com> References: <20200722155905.GA789@sol.localdomain> <20200728155159.2156480-1-lenaptr@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200728155159.2156480-1-lenaptr@google.com> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Tue, Jul 28, 2020 at 04:51:59PM +0100, Elena Petrova wrote: > +static int rng_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) > +{ > + int err; > + struct alg_sock *ask = alg_sk(sock->sk); > + struct rng_ctx *ctx = ask->private; > + > + lock_sock(sock->sk); > + if (len > MAXSIZE) > + len = MAXSIZE; > + > + rng_reset_addtl(ctx); > + ctx->addtl = kmalloc(len, GFP_KERNEL); > + if (!ctx->addtl) { > + err = -ENOMEM; > + goto unlock; This error code isn't actually returned. > + } > + > + err = memcpy_from_msg(ctx->addtl, msg, len); > + if (err) { > + rng_reset_addtl(ctx); > + goto unlock; Likewise. > +#ifdef CONFIG_CRYPTO_USER_API_CAVP_DRBG > +static int rng_setentropy(void *private, const u8 *entropy, unsigned int len) > +{ > + struct rng_parent_ctx *pctx = private; > + u8 *kentropy = NULL; > + > + if (!capable(CAP_SYS_ADMIN)) > + return -EPERM; This should be EACCES, not EPERM. EACCES means the operation will succeed if you acquire the needed privileges. EPERM means it will never succeed. > + if (len > MAXSIZE) > + len = MAXSIZE; Truncating the length is error prone. Shouldn't this instead return an error (EMSGSIZE?) if the length is too long, and 0 on success? Remember this is setsockopt(), not write(). - Eric