Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp6687443imm;
        Wed, 27 Jun 2018 11:32:17 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKL62F3e5dDF14nnXYHOXfxj4BubLxuf4knet4mTKfeT2bYeKOSJNUYvpGvCGQyuTbRAVaqC
X-Received: by 2002:a65:538e:: with SMTP id x14-v6mr6072110pgq.388.1530124337021;
        Wed, 27 Jun 2018 11:32:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1530124336; cv=none;
        d=google.com; s=arc-20160816;
        b=aPMnNX+QDSdvmIAy47VemmZPdxq4BVBqMJUgdZIFHf+b0+orTHszOWTHnFu4qQVdnJ
         L7qP+6y0+slO0WwwRqOFuRXB/Yyi8CQpSxTirAQrzV6h5SeQETxoBygp0I7noXc2iM8j
         EPWPSgNLaRNsEBW0QS2p5I6qXNLlASPLhj7owO6hSKQJs+MA2o7cHjemZDi/knN1Zdrq
         ocU80jFTYp1tXsO5m21hntiyL/IoR2eHf3tX7Y1Xk+CCf2nzJ7mPi2ZyR+LnRKRTJyqI
         bcJSkpJ5Oc1s6Jzmlbwgwwo4hpAyw1urMH8vFZ15mDts3S15Bxu0PUGJ0rUv4qk6nN2W
         bs/w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=cPZBeeM5Xxq27hdOtzM48/U9LC6WYZrMtDDgtTKWEzU=;
        b=Bn4I7E4PrNo3PMSj+kBFSM+gx1AWhJ9/smmA8zxlm1aRG5Li94phCnivETmD5JJUYg
         /tkyxnDXn2IK3Dq/vpxNIjvnjS1Ka03vI/yuS3qjCafR6lEcNXFtefjht1U1DtkV+hP5
         F+adnlZDuToYMeh9Aj+47kL7cUV6XbRis+y5cVItOMjIQoMoxVKkaXj2jnfVfRdnzh2u
         yMDZGMEcnSLMagd/C/ng1P0VsKbtjhD/pjGImSQ2xgmDPvNVSrKKiywaaaPkpYh3Tc2g
         LX2SNDdKp7jdTRbSisybQYZ2je7mepBsx4xQ39Y7bI33VxKgCmgvIJDyLbsNwsdIj6z7
         k6fQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=CjUY9zuK;
       dkim=fail header.i=@chromium.org header.s=google header.b=ZyURXFzK;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id r1-v6si658124pgs.566.2018.06.27.11.32.02;
        Wed, 27 Jun 2018 11:32:16 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=CjUY9zuK;
       dkim=fail header.i=@chromium.org header.s=google header.b=ZyURXFzK;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S965884AbeF0SbN (ORCPT <rfc822;gklkml16@gmail.com> + 99 others);
        Wed, 27 Jun 2018 14:31:13 -0400
Received: from mail-yb0-f195.google.com ([209.85.213.195]:44269 "EHLO
        mail-yb0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S965852AbeF0SbL (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 27 Jun 2018 14:31:11 -0400
Received: by mail-yb0-f195.google.com with SMTP id a2-v6so1125455ybe.11
        for <linux-kernel@vger.kernel.org>; Wed, 27 Jun 2018 11:31:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=cPZBeeM5Xxq27hdOtzM48/U9LC6WYZrMtDDgtTKWEzU=;
        b=CjUY9zuKx3cszc3m13DrrRPv9JeZvCLuhv8PU31LMwSnKUF4liIU0SeiZF45lyuDip
         qUAWV+h8H2eqgnROs0ytC2bWflDaZ1jghH2kJ1vlplqetUizTCfi25E6f9jpVtuJlKRN
         dXAt3SK7SH0cGb9YRzHYJzk0k/Dttd7eqgyt/VOlyAq0E+3loAlvjT3XgqfXTxC4ZQg6
         UVyU+vtLZwhzkvF86D6nN5ymabxaQu664rkNurac6hqIHRfMGmx4cO9Tdgvk3iVurkI/
         BlwmaNtUTIhxFAba5THUCknVcISADCTPPRKmifqN/LrLnktL8KIATyjAzBM7FamSvgfk
         r4YA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=cPZBeeM5Xxq27hdOtzM48/U9LC6WYZrMtDDgtTKWEzU=;
        b=ZyURXFzKo0GKyZc9xuKhM6UnPRthE7UFhF7MT1ywc7osXLi2zANfGK5Yc0VSU/IbtO
         JxGFqw00Qo6R3KF+kgBUKgGm4ciRoYY9LAmzBoOoC0wIjJ8nRKQSW0jqYvIYSZIlvszW
         ZHvF9Y7TfthdG80SAMfn7jO24BGp39JlekvFg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=cPZBeeM5Xxq27hdOtzM48/U9LC6WYZrMtDDgtTKWEzU=;
        b=NRULN/wsnqTPh86VWpnmgmkj5kSNBJ2DYo9FhkyESk0n3qwav6JoxjsHc0UVRwY+Il
         zs5TYUpzFImf7xANXDmkvzoMKY4HTy3nYP3rhPnTWARm1JtXzECDDNpOGkTR8Ih+xuMf
         hAzaMcplYqMgD04eNwmfGpkja49NBNwOCUvcB9Qfdz6VzNrdsqAtUNWJwGtnXTuatnaO
         KVUW/6IZG120GK0k1MqZO5AsNhZ4BL4K7cNJBih1/nUNSOxFdC0ThnWHlyftiIMK0weh
         L45UHZew1TkBpBK3B5faQbdT5PejUh6D7sypi9o9oPKc4QHNusVVb8wsmc4rQwUO8OaN
         oN0w==
X-Gm-Message-State: APt69E2TTllclWHF/M2/PIO6jR4n+WzccXCU53PuQNgnF/Bp0FLSosLt
        WbXvJACaJAmSjzUtWeKYKDd+7BubmLtjn1pM7Y25rQ==
X-Received: by 2002:a25:afce:: with SMTP id d14-v6mr3461584ybj.343.1530124270622;
 Wed, 27 Jun 2018 11:31:10 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a25:5f51:0:0:0:0:0 with HTTP; Wed, 27 Jun 2018 11:31:09
 -0700 (PDT)
In-Reply-To: <20180627143622.ntksjxsymo4yw6dz@gondor.apana.org.au>
References: <20180625211026.15819-1-keescook@chromium.org> <20180625211026.15819-12-keescook@chromium.org>
 <20180626092041.mxfg4lxcvxfivzc2@gondor.apana.org.au> <CAGXu5jKYb-0NNvOcN79hzqU7O6vCFhMTBDGBL8Knuoc-YHamPg@mail.gmail.com>
 <20180627143622.ntksjxsymo4yw6dz@gondor.apana.org.au>
From:   Kees Cook <keescook@chromium.org>
Date:   Wed, 27 Jun 2018 11:31:09 -0700
X-Google-Sender-Auth: _q-jVrmLRCTBJa4-BmDes7VwqwA
Message-ID: <CAGXu5jJ2Z=YP+fNsvy+6a_BpC1ibZf6tOzZuPHk=Qx1qNVvOZw@mail.gmail.com>
Subject: Re: [PATCH v2 11/11] crypto: skcipher: Remove VLA usage for SKCIPHER_REQUEST_ON_STACK
To:     Herbert Xu <herbert@gondor.apana.org.au>
Cc:     "David S. Miller" <davem@davemloft.net>,
        linux-crypto <linux-crypto@vger.kernel.org>,
        "Gustavo A. R. Silva" <gustavo@embeddedor.com>,
        Arnd Bergmann <arnd@arndb.de>,
        Eric Biggers <ebiggers@google.com>,
        Alasdair Kergon <agk@redhat.com>,
        Giovanni Cabiddu <giovanni.cabiddu@intel.com>,
        Lars Persson <larper@axis.com>,
        Mike Snitzer <snitzer@redhat.com>,
        Rabin Vincent <rabinv@axis.com>,
        Tim Chen <tim.c.chen@linux.intel.com>, qat-linux@intel.com,
        dm-devel@redhat.com, LKML <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Jun 27, 2018 at 7:36 AM, Herbert Xu <herbert@gondor.apana.org.au> wrote:
> On Tue, Jun 26, 2018 at 09:45:09AM -0700, Kees Cook wrote:
>>
>> Which are likely to be wrapped together? Should I take this to 512 or
>> something else?
>
> The situation is similar to ahash.  While they're using the same
> skcipher interface, the underlying algorithms must all be
> synchronous.  In fact, if they're not then they're buggy.
>
> Therefore it makes no sense to use the general skcipher request
> size as a threshold.  You should look at synchronous skcipher
> algorithms only.

I might be catching on... so from this list, I should only "count" the
synchronous ones as being wrappable? The skcipher list is actually
pretty short:

crypto/cryptd.c:        crypto_skcipher_set_reqsize(
crypto/cryptd.c-                tfm, sizeof(struct
cryptd_skcipher_request_ctx));

The above is, AIUI, unwrapped, so I only need to count sizeof(struct
cryptd_skcipher_request_ctx)?

These are "simple" wrappers:

crypto/lrw.c:   crypto_skcipher_set_reqsize(tfm,
crypto_skcipher_reqsize(cipher) +
crypto/lrw.c-                                    sizeof(struct rctx));

crypto/simd.c-  reqsize = sizeof(struct skcipher_request);
crypto/simd.c-  reqsize += crypto_skcipher_reqsize(&cryptd_tfm->base);
crypto/simd.c:  crypto_skcipher_set_reqsize(tfm, reqsize);

crypto/xts.c:   crypto_skcipher_set_reqsize(tfm,
crypto_skcipher_reqsize(child) +
crypto/xts.c-                                    sizeof(struct rctx));

But what are the "legitimate" existing crypto_skcipher_reqsize() values here?

These are "complex" wrappers, with cts even adding blocksize to the mix...

crypto/ctr.c-   align = crypto_skcipher_alignmask(tfm);
crypto/ctr.c-   align &= ~(crypto_tfm_ctx_alignment() - 1);
crypto/ctr.c-   reqsize = align + sizeof(struct crypto_rfc3686_req_ctx) +
crypto/ctr.c-             crypto_skcipher_reqsize(cipher);
crypto/ctr.c:   crypto_skcipher_set_reqsize(tfm, reqsize);

crypto/cts.c-   align = crypto_skcipher_alignmask(tfm);
crypto/cts.c-   bsize = crypto_skcipher_blocksize(cipher);
crypto/cts.c-   reqsize = ALIGN(sizeof(struct crypto_cts_reqctx) +
crypto/cts.c-                   crypto_skcipher_reqsize(cipher),
crypto/cts.c-                   crypto_tfm_ctx_alignment()) +
crypto/cts.c-             (align & ~(crypto_tfm_ctx_alignment() - 1)) + bsize;
crypto/cts.c-
crypto/cts.c:   crypto_skcipher_set_reqsize(tfm, reqsize);

What values might be expected here? It seems the entire blocksize
needs to be included as well...

-Kees

-- 
Kees Cook
Pixel Security