Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp6670864imm; Wed, 27 Jun 2018 11:14:07 -0700 (PDT) X-Google-Smtp-Source: ADUXVKJ5qdXhxZvUtdbB8k420MWyf8IhAQMdLJ7FS4sYL2lg2QBkexSUGz+ZG9jPk6O4Fo0egwv6 X-Received: by 2002:a17:902:264:: with SMTP id 91-v6mr7042681plc.341.1530123247122; Wed, 27 Jun 2018 11:14:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530123247; cv=none; d=google.com; s=arc-20160816; b=dZqgw747Ioc/00J1KQe9b0oND04TRWHK46wxfQGNstEIeGtnitJUHnsF5I6/f7EDlv lrjyAnx8MWE0ZfzPZmwcR5i/bRdPUrrgfdlSKKm+BUdyxac2VSBmOHm1ZZ1v2zVkKbTP GHu7iuTQJ+/005cr1oxnLTpBPBdyXA0+sVSkw5CLJ9L3gAFZC2PKoklvHA5fkOR/d598 QCfMnhRgnFrdT9+AVIWOOIwe9n4GbH9cnBo2Fh1P6WKEaz1F1N3wRg6L8pPxMux7mQl4 PVfd7abw4M8GEidXU3SYLgU9yLohOKS0M4H8bmaUzqRrZEgbY0e/qpDcP4ggSmaI8Rom ntsg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=+3WyL1KjXAlJ0OQAvAuvefVeszKGoirfBzF+8NClxqc=; b=eOvyjncopADnb8WMiHIdce7tTLV4jW3moAwb4om/ictFKV6d2KiuLbCCP2edN7YpQ9 Kp0dv+Vms4PU1F1PVIFxcsvKMldtVFyPV+w5d9662gkawgzEyQN8EM6lK9i9HuKQK1iv rxuXWBpv9Kd9dV3aWgQpzpOsnMeoqUgRJSed4YZ1LbjMXPcMrLin/dDtnBK7tBxeanMV A7OYCqhPorSchfCfgQsQaMJcLuvX2SbCpCp8tXbw3Fg1ZvBlWvyx1hO67/2iScTLxFmB UlFp2iBddHWet1OKgEU+M9X0r4P28H4xHduNvkQALtZ3HhSF4osXRefNhOgu5Ccz1/Xu X9Jw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b="XlY/viHp"; dkim=fail header.i=@chromium.org header.s=google header.b=RAhGaqA8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u20-v6si3966422pga.279.2018.06.27.11.13.52; Wed, 27 Jun 2018 11:14:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b="XlY/viHp"; dkim=fail header.i=@chromium.org header.s=google header.b=RAhGaqA8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965589AbeF0SMP (ORCPT + 99 others); Wed, 27 Jun 2018 14:12:15 -0400 Received: from mail-yb0-f193.google.com ([209.85.213.193]:37942 "EHLO mail-yb0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754551AbeF0SMN (ORCPT ); Wed, 27 Jun 2018 14:12:13 -0400 Received: by mail-yb0-f193.google.com with SMTP id f12-v6so1111113ybp.5 for ; Wed, 27 Jun 2018 11:12:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=+3WyL1KjXAlJ0OQAvAuvefVeszKGoirfBzF+8NClxqc=; b=XlY/viHpz8wFXIL3EwyTFa7BqpgAlD8V7xmn6l4It6z39/7Aqjp+hWAIR7BX/DgSMZ gW2zGDCDL5hXiAo83ATLeOBqvypFSlxKcLQSgPiRLKQ24PodvpFAr3VSQEWpd9EJGdc6 GORd9haAbEtMPm++O4eU7q3bzHwHwrHebkUuqwwBFGxIHa20vP+tYzpHGmfOq13Nn04R spV4G1Ye/e+k7SJ/dPgGtQPCMhhjhKEroLqhQdYRqYX0+VXNlbvpD5jjtCpaBeCumHWj X5AeQzsf+7h26FurEPfjYZp/mGV/6/TLbkXnGRfkoxVK2AE/FIwOMBoHLxV5JIrP65sq 2jOA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=+3WyL1KjXAlJ0OQAvAuvefVeszKGoirfBzF+8NClxqc=; b=RAhGaqA8cbGQ0MJgcymQPf/wO0fetoldKL7c7JXUWVAuLkGCfhZbrZmRk/lo0PGM+S 1AP3DXwHpt+ZDIsVbYlYm0VzGF3KnWCpM/DeDRsruCVINx+xDKokdImAshNkVyQkwoE0 Tpbe1lb2DNJpDDbsWahWFImXxT17OmrQhfI6M= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=+3WyL1KjXAlJ0OQAvAuvefVeszKGoirfBzF+8NClxqc=; b=TAwFLwqlTlwIgj/hS/xTq7xtQDcwtlGDSqmvENTjKvsOiDcdv/3Q3kQjQ0pKSlZul+ uF2oQfIBcq+Rptt+oFV9XHnrp8ms8C44A+G0Tk/Edp3WKyD9AKW51mKwYjwB5owoavPb vwO+uuD0r72q0oUlzm0IDbdQnxfm6YZWBuWe3uvoiim0VmVZbx8V64x+lOKZiEBMxRWe zULiwRxxW8KD6v/YwT6kjoJUAlCmMRhNNKc6KrN3HnO8R8aLIzCJ5ImaxVYCtpPqStIe xP8NIw5IIRWpXPpHVjFqz+KDqchr4ojgWfqobG0umZxPavIysSvP+2zq/XEn3G6/j17I MTMA== X-Gm-Message-State: APt69E328BmSpXY+OEVCxxt7m14mWeBMdRV0+c5jiS7Ltbucz4v5zloY ZeUcFQaO+t9ia3m+dHy76QqPfNzHcXChw2NtbG7Lxg== X-Received: by 2002:a25:3445:: with SMTP id b66-v6mr3678350yba.484.1530123133000; Wed, 27 Jun 2018 11:12:13 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:5f51:0:0:0:0:0 with HTTP; Wed, 27 Jun 2018 11:12:12 -0700 (PDT) In-Reply-To: <20180627143453.gu44ghqh6jnaf4tz@gondor.apana.org.au> References: <20180625211026.15819-1-keescook@chromium.org> <20180625211026.15819-11-keescook@chromium.org> <20180625225609.GA181665@gmail.com> <20180626091958.zy3m24sjukfbn7av@gondor.apana.org.au> <20180627143453.gu44ghqh6jnaf4tz@gondor.apana.org.au> From: Kees Cook Date: Wed, 27 Jun 2018 11:12:12 -0700 X-Google-Sender-Auth: qFzPiFsxg2UhaAv8pzdmaAAetfo Message-ID: Subject: Re: [dm-devel] [PATCH v2 10/11] crypto: ahash: Remove VLA usage for AHASH_REQUEST_ON_STACK To: Herbert Xu Cc: Eric Biggers , Giovanni Cabiddu , Arnd Bergmann , Eric Biggers , Mike Snitzer , "Gustavo A. R. Silva" , qat-linux@intel.com, LKML , dm-devel@redhat.com, linux-crypto , Lars Persson , Tim Chen , "David S. Miller" , Alasdair Kergon , Rabin Vincent Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jun 27, 2018 at 7:34 AM, Herbert Xu wrote: > On Tue, Jun 26, 2018 at 10:02:31AM -0700, Kees Cook wrote: >> >> There is no SHASH_MAX_REQSIZE? >> >> As for users of AHASH_REQUEST_ON_STACK, I see: > > These users are only using the top-level ahash interface. The > underlying algorithms must all be shas. typo? "shash" you mean? I don't really understand the crypto APIs -- are you or Eric able to help me a bit more here? I don't understand that things can wrap other things, so I'm not sure the best way to reason about the maximum size to choose here. (And the same for skcipher.) -Kees -- Kees Cook Pixel Security