Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp6434264imm; Wed, 27 Jun 2018 07:39:38 -0700 (PDT) X-Google-Smtp-Source: ADUXVKJkY5iJIAOxv+QLaDr8HYukhRMj0FQKU59RaBqXTHO+kQAwolQNxTQ14mpi7pxvV+ejc9Mj X-Received: by 2002:a63:24f:: with SMTP id 76-v6mr5550321pgc.252.1530110378529; Wed, 27 Jun 2018 07:39:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530110378; cv=none; d=google.com; s=arc-20160816; b=hRzDc6DLmoDYp8nRS2wmq1noOrimyKbuELOd+RyouECTV9TfMSuQaWOGJuznIBmVOo QcxfSeT/HyycwdI7M+em1tdK7PKkZ9653EqE0gRpA6Ju8cyrKb6qyz1EQxqw3It+amSd WGyS9LGvx66UcC2fI0q8kX10uq1iq4e8LGA07YPjfOuI+h0FUUMnjPHuGWKg3+n8Ohba L9fiAV7Lqh+WkJ6e14PIqOuT1RUcxnnfeX03Qk+NqHrU8daYI/xEmo/W+EfsfZkjDlOw UISEOlWjDTrU7DZVMxMsMrbcS4c80O6cmVHAbpUzPFEKQsyxOHQR477/YMzJWiFi2zhF WshA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=OZwwY6867JZhqU7TosKRIoh2HXgwcxyWyOfRKPUj0eY=; b=XKadjpwZPu5thRRJXisEm5/vbXS26a3GWF0NTfrQNlWPmgD/+jaM/wQE0OQsjydDIy 3x41hixmS/en7Qv+X7y50iHMmjBIbcpSdU29hk4ALtuPq8872wxJx4amSR1jepi1LNtm S46ppgHoQufG0dydXk3uFM8fu346FiNko028TtTprg9Na7Ldtx9q7STNRXFpF8niZ8IM FSJI9sbANw4RDzOXrF849iYEVqTIC+xNugND98lqauR8ETsm8XD6hV/ApcjzoQTFXOme m7ChgP+Fbwvm/xSO8PyyrGZGdVV6Tzv8iGIiRWfjRJ+wRme6x8JLOPlqgpHGQnf8gpTS CBUA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r25-v6si4284699pff.24.2018.06.27.07.39.23; Wed, 27 Jun 2018 07:39:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934725AbeF0Ogp (ORCPT + 99 others); Wed, 27 Jun 2018 10:36:45 -0400 Received: from orcrist.hmeau.com ([104.223.48.154]:49476 "EHLO deadmen.hmeau.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932907AbeF0Ogo (ORCPT ); Wed, 27 Jun 2018 10:36:44 -0400 Received: from gondobar.mordor.me.apana.org.au ([192.168.128.4] helo=gondobar) by deadmen.hmeau.com with esmtps (Exim 4.89 #2 (Debian)) id 1fYBYW-0000I3-3P; Wed, 27 Jun 2018 22:36:24 +0800 Received: from herbert by gondobar with local (Exim 4.89) (envelope-from ) id 1fYBYU-0003eG-Ot; Wed, 27 Jun 2018 22:36:22 +0800 Date: Wed, 27 Jun 2018 22:36:22 +0800 From: Herbert Xu To: Kees Cook Cc: "David S. Miller" , linux-crypto , "Gustavo A. R. Silva" , Arnd Bergmann , Eric Biggers , Alasdair Kergon , Giovanni Cabiddu , Lars Persson , Mike Snitzer , Rabin Vincent , Tim Chen , qat-linux@intel.com, dm-devel@redhat.com, LKML Subject: Re: [PATCH v2 11/11] crypto: skcipher: Remove VLA usage for SKCIPHER_REQUEST_ON_STACK Message-ID: <20180627143622.ntksjxsymo4yw6dz@gondor.apana.org.au> References: <20180625211026.15819-1-keescook@chromium.org> <20180625211026.15819-12-keescook@chromium.org> <20180626092041.mxfg4lxcvxfivzc2@gondor.apana.org.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 26, 2018 at 09:45:09AM -0700, Kees Cook wrote: > > Which are likely to be wrapped together? Should I take this to 512 or > something else? The situation is similar to ahash. While they're using the same skcipher interface, the underlying algorithms must all be synchronous. In fact, if they're not then they're buggy. Therefore it makes no sense to use the general skcipher request size as a threshold. You should look at synchronous skcipher algorithms only. Cheers, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt