Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp7013622imm; Wed, 27 Jun 2018 18:13:17 -0700 (PDT) X-Google-Smtp-Source: AAOMgpczQ+8g0ERKLqiugczLfybnbjXrZxPM/6yj4kkfPkvaHg3fseWga0gXLFe8ajHGBLA3r6S1 X-Received: by 2002:a62:3848:: with SMTP id f69-v6mr4011394pfa.10.1530148397848; Wed, 27 Jun 2018 18:13:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530148397; cv=none; d=google.com; s=arc-20160816; b=vjZqd5yYZK9mnpWtTeKN55K2iMb76v2h8jLgRkOzASKBq4/eOSCWy8QGxZsZ1z4SRY AiUJuIBYJaiYmkIsFiv1dIa3NiSHfuO3qy/RrVeGeB7tyaMkWAuqdtJ1neCfCpeKikLO Kb7TF98DGDMRxouECj/9dYM1oo/3k3XHO8361QgIJKCizFSwB9Cp9cTL+f25hpaSuedD lDyrqtOr6unb1bnaJcjBVZKOWIje7AZqNgFHgfEKKFvyl2ytg2oHMt4J7YzaMHk5scvL 9iAyYK5+WK5To0yNsR8WlBUA1Yme3/7qv92W3mGkA4dNK6ZSwBZDe0ST0JVP6p8oBBwb AAQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=ytac44Imxj1TycbJHWSQn1SDdlrwlZQjpO8QRu+K20U=; b=wtagjV83dqn0uua/NuKs52przFZ1apgtZp9Pxk6i9tByIb46IacqV9ZKU7SEXBpoF8 dZ6FdJ/nb0vDF8UK6RT2OhLqZvnZgP4Z8eCF+InRZmRMSRQuulA9zVlO461hCj+6KSRB tY+127+dieVedF0C7Il4/hF2tJBgJg3IMWkux6kynckQbJzQeNrA+Aq5vi5HHFCgTsM6 OnBy3tY5roJDdH9nJyH/YyyfEfpTbQC0wmO52YjHkQrBKbuIrwAT8OyVkLcMwhQOb82z P1sbmRNgufYOYJa1BMCsN46V0Yn3/y2AqhbxyoPJseKw7yGZk+SLyXPQVu+2upFTunzS BVeQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=qYt3ZM5L; dkim=fail header.i=@chromium.org header.s=google header.b=kUpgkB0w; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d34-v6si5101290pld.252.2018.06.27.18.13.03; Wed, 27 Jun 2018 18:13:17 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=qYt3ZM5L; dkim=fail header.i=@chromium.org header.s=google header.b=kUpgkB0w; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751700AbeF1AKI (ORCPT + 99 others); Wed, 27 Jun 2018 20:10:08 -0400 Received: from mail-yb0-f193.google.com ([209.85.213.193]:34689 "EHLO mail-yb0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751272AbeF1AKH (ORCPT ); Wed, 27 Jun 2018 20:10:07 -0400 Received: by mail-yb0-f193.google.com with SMTP id e9-v6so1455492ybq.1 for ; Wed, 27 Jun 2018 17:10:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=ytac44Imxj1TycbJHWSQn1SDdlrwlZQjpO8QRu+K20U=; b=qYt3ZM5LpaCCmHbW6+1Ux4XkrQwFGG7y0yNU0i1eth0Tv1FalC2t6u/8i9WXeFw3/q itMHG3X+U0HnI0wE8sfugLDdnSBQ48BWgh9f/UFTMjNDLf91kf9olX8SrcEShT4A8nfK kr1cOmbdYpJMmYy99UACoZ7HY50K57NR8/hgprHUgPPb/25A9cfi7yvxntfHPZBE1of1 FMZUTayh/Gqt8ftPvIjzEST2/6h0VckR0NhN8MDdn/NeegMxr0RVfmsbJPs4inrHaRRm 0tJd2spju23BLsiFtuHkmBegHzayF14OfTXrYGFO1KgI55tZAiTV+8pAJcSf9RWCB19J U0/A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=ytac44Imxj1TycbJHWSQn1SDdlrwlZQjpO8QRu+K20U=; b=kUpgkB0wbvyJz94lRezvKXbm0wLNvF69yj9/R9YMfXbZ1nIzjNKw9maN1L/2jO0Fuu qYkEnOcsBibp2dyBVpogSyTvqPhWYy5CIFZhMLmNA0K4m7/E0DYCyerJYvHLO3Wo45EA sVC+Dh2ybXdrYIjbAToOs4nd0Q1Uzw3BhOjsI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=ytac44Imxj1TycbJHWSQn1SDdlrwlZQjpO8QRu+K20U=; b=S2JLRSKZjQihhfaMkN724AAn4ZBOMWNY5tnOZRepRBAHuB/3nlbOKSsMCntpaeMc6+ 9qbpTU8bAi+LcRjUAyYcGtHPm7gTpp4HytYTbfhl9H2cow4m5fjibi3aUFVrwmDtDHF+ UWqG9dCpL6D0FN19t0rNmi/Tc8Ii73g3t1eeowxvVHm0Tv/FFPPQ9Ibad1ig2+QG/00g pMqqx3k389VqDMRJbSTdn6Z2WvW51ra1jhW45rPj+CYsyUHHajtxyiaX3UXDtz/ZbzDw d8XSUBPhEeyuhVYgs+Car6Dw+oZFgcsAtdvIlTNxMLRG4hO5fQojKE4gomUgW09UjLb+ KMlg== X-Gm-Message-State: APt69E3QpV9qMFSRbdKAQABSaHxxxbaa0sfSDKOM8dY8EjDGIFzuaH2e cYjWBPyYEPRVARrHdU9suJ6j/6bdk8cv8SeVGR9ndg== X-Received: by 2002:a25:a301:: with SMTP id d1-v6mr4297164ybi.193.1530144605997; Wed, 27 Jun 2018 17:10:05 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:5f51:0:0:0:0:0 with HTTP; Wed, 27 Jun 2018 17:10:05 -0700 (PDT) In-Reply-To: <20180627222749.xa5333caq5vaa7st@gondor.apana.org.au> References: <20180625211026.15819-1-keescook@chromium.org> <20180625211026.15819-12-keescook@chromium.org> <20180626092041.mxfg4lxcvxfivzc2@gondor.apana.org.au> <20180627143622.ntksjxsymo4yw6dz@gondor.apana.org.au> <20180627222749.xa5333caq5vaa7st@gondor.apana.org.au> From: Kees Cook Date: Wed, 27 Jun 2018 17:10:05 -0700 X-Google-Sender-Auth: 9tq98TiJOp28B6a7nfkFb83cuR8 Message-ID: Subject: Re: [PATCH v2 11/11] crypto: skcipher: Remove VLA usage for SKCIPHER_REQUEST_ON_STACK To: Herbert Xu Cc: "David S. Miller" , linux-crypto , "Gustavo A. R. Silva" , Arnd Bergmann , Eric Biggers , Alasdair Kergon , Giovanni Cabiddu , Lars Persson , Mike Snitzer , Rabin Vincent , Tim Chen , qat-linux@intel.com, dm-devel@redhat.com, LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jun 27, 2018 at 3:27 PM, Herbert Xu wrote: > On Wed, Jun 27, 2018 at 11:31:09AM -0700, Kees Cook wrote: >> crypto/lrw.c: crypto_skcipher_set_reqsize(tfm, >> crypto_skcipher_reqsize(cipher) + >> crypto/lrw.c- sizeof(struct rctx)); >> ... >> crypto/cts.c- align = crypto_skcipher_alignmask(tfm); >> crypto/cts.c- bsize = crypto_skcipher_blocksize(cipher); >> crypto/cts.c- reqsize = ALIGN(sizeof(struct crypto_cts_reqctx) + >> crypto/cts.c- crypto_skcipher_reqsize(cipher), >> crypto/cts.c- crypto_tfm_ctx_alignment()) + >> crypto/cts.c- (align & ~(crypto_tfm_ctx_alignment() - 1)) + bsize; >> crypto/cts.c- >> crypto/cts.c: crypto_skcipher_set_reqsize(tfm, reqsize); >> >> What values might be expected here? It seems the entire blocksize >> needs to be included as well... > > But otherwise yes these are the ones that count. In both cases here, what is "cipher"? i.e. what ciphers could lrw be wrapping, and what ciphers could cts be wrapping, so that I can examine the blocksizes, etc? FWIW, looking at the non-ASYNC wrappers, I see only: crypto/ctr.c crypto/cts.c crypto/lrw.c crypto/xts.c drivers/crypto/sunxi-ss/sun4i-ss-cipher.c Building in all crypto things and running tcrypt with an instrumented crypto_skcipher_set_reqsize, I see: # dmesg | grep skcipher_set_req | cut -c16- | sort -u | sort +1 -n crypto_skcipher_set_reqsize: 8 crypto_skcipher_set_reqsize: 88 crypto_skcipher_set_reqsize: 184 crypto_skcipher_set_reqsize: 256 crypto_skcipher_set_reqsize: 472 The 472 maps to lrw with its 384 struct rctx: [ 553.843884] tcrypt: testing lrw(twofish) [ 553.844479] crypto_skcipher_set_reqsize: 8 [ 553.845076] crypto_skcipher_set_reqsize: 88 [ 553.845658] crypto_skcipher_set_reqsize: 472 [ 553.860578] tcrypt: testing lrw(serpent) [ 553.861349] crypto_skcipher_set_reqsize: 8 [ 553.861960] crypto_skcipher_set_reqsize: 88 [ 553.862534] crypto_skcipher_set_reqsize: 472 [ 553.871676] tcrypt: testing lrw(aes) [ 553.872398] crypto_skcipher_set_reqsize: 8 [ 553.873002] crypto_skcipher_set_reqsize: 88 [ 553.873574] crypto_skcipher_set_reqsize: 472 [ 553.957282] tcrypt: testing lrw(cast6) [ 553.958098] crypto_skcipher_set_reqsize: 8 [ 553.958691] crypto_skcipher_set_reqsize: 88 [ 553.959311] crypto_skcipher_set_reqsize: 472 [ 553.982514] tcrypt: testing lrw(camellia) [ 553.983308] crypto_skcipher_set_reqsize: 8 [ 553.983907] crypto_skcipher_set_reqsize: 88 [ 553.984470] crypto_skcipher_set_reqsize: 472 And while I'm using tcrypt, ahash shows: 44 124 336 368 528 536 568 616 648 728 808 The largest seems to be sha512: [ 553.883440] tcrypt: testing sha512 [ 553.884179] sha512_mb: crypto_ahash_set_reqsize: 528 [ 553.884904] crypto_ahash_set_reqsize: 728 [ 553.885449] sha512_mb: crypto_ahash_set_reqsize: 808 So ... should I use 472 for skcipher and 808 for ahash? -Kees -- Kees Cook Pixel Security