Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp3751123imm; Tue, 17 Jul 2018 09:40:37 -0700 (PDT) X-Google-Smtp-Source: AAOMgpfdCYikuXmfJ//7ys52My3ubCw2JuVk9UK9Rt35xOkLVk2R9UlN+45tN8HFyOHOKBRBNQWX X-Received: by 2002:a63:8449:: with SMTP id k70-v6mr2276777pgd.309.1531845637268; Tue, 17 Jul 2018 09:40:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531845637; cv=none; d=google.com; s=arc-20160816; b=HD7RJWC6hxSX4xQhJHgvxAnRDFgulST/zT3OIYwbub5CuooOUxBbbEsgXK3NzMRfHO nRDfgOmbMEHvHjWM5nJ2pK42TB1lvtcnUhPOEwcqDvXHP+Xw+4I3rPj2lwusv6GeKiTN Cz89W+Nx5kBfjEi9oEogE89HArs/Fq0UEqU+jfgC9D4CpAcMHZ00mih3AtJNT7tKYc0C 2EOmOFIX6zHdYCT2gVJRqfYBONzYS7f867eRoyRYNDwpb5/DL4qRVfuwetAQ5Vz4YHOl B/9x7NxOAXQMWW3fMwJ028O7fdehPekf2gyS7ZajyAmVFUFFiWkzkbQCDLjnQWpKvAOV dHXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=ZMd2FRiR6W2pZKbshIRcfu1N2WVCxhkw80AZqiUJUMU=; b=I1hp474UcFpcqD3tQk+BxXiQdiHr3E5P1DqCx+/dzltFsU0KFNqCZ1780Gg5rJftV/ sR+5bM+IVJ7F+1idu1s1KotER4B/QVRBSPrXDQsLpkomV8VcQY6Twro4e0l+b6s8UUia qM/Ivv0bSClqFkvx1UBOdjahrdRRsBeP1RDFp8VlEZY4rizHDOWn4rX0FMuDwB75kSHZ IXyMyfhClSRcnyel9MAFhX5Ysu+O/Hz7tkv4XdDkQpdfiyGqnY1lSOGuw7hGN5UNunQJ bIpUtQgfx2VY2283bayTUunrP6IhW6SK1Pdex04T3/DRSqvcYOyO0HbfiN63KB/cXO4c r48A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=quGpYoFc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h7-v6si1284757plt.258.2018.07.17.09.40.22; Tue, 17 Jul 2018 09:40:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=quGpYoFc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729976AbeGQRNJ (ORCPT + 99 others); Tue, 17 Jul 2018 13:13:09 -0400 Received: from mail-pg1-f194.google.com ([209.85.215.194]:35815 "EHLO mail-pg1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729648AbeGQRNI (ORCPT ); Tue, 17 Jul 2018 13:13:08 -0400 Received: by mail-pg1-f194.google.com with SMTP id e6-v6so686332pgv.2; Tue, 17 Jul 2018 09:39:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=ZMd2FRiR6W2pZKbshIRcfu1N2WVCxhkw80AZqiUJUMU=; b=quGpYoFcrUS9bmTV5YOmzEIPI2gqMSMrCP+I3WLBlN8UgKq3cWK8wBf1CTmMeE6VsP xnLf/y6uFTVW9PejfBDc4cDrA56Fro7IKCgOKgKWGSvpEsx220kDjtOLwfL1zjn4KOQj TgGBMqr+Pm//UH2oM2H5TlPrlTsIFZEPQhS1DVt478dqzjJKNG4yJPJaw7hOq1YgLSNx Nt4Rbi4deje8PzKKOJifrcIdxeTCoEtFliKAaMgq7cCy2CEbchtKYO8LIMvNEy7KzXzT sauModa6R/aa1KhDyKFboTfExHDTgkQVk+LpwJGM76AMnyT+Yg1q38DoVaIcXcg2YSHw zDSw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=ZMd2FRiR6W2pZKbshIRcfu1N2WVCxhkw80AZqiUJUMU=; b=oMSGbb9nEp52IWhpQZNs/TIYms6Ua4tfIY4htTwRCUQv7UqRizFdHpU8sragJK9mPn dC02C601wWKtLPvq0zOXGNT6HXPiwi1PWikua9bwJyyC1zDDaXwDu52/pxHjv5ueh/vJ /JRtIZQGRvhloVC2sF+pgMvpJLTVffn7GgQorxEjaP6TkyVI6XhR2jXl3fwDmO4CAddF udb8W6DQgnHoItmpLlcEeKJ4Q5LyQhjPReZ29EsUaEKKeb3OsZ+ov/zrPTB1fFTdqkyG V8OJL2hDBNxxvEZ5Stk7cuWw3duBO6sNAWor49pdf8MA2VoAzhBUyRwNSZgoNXKQuPYP BysA== X-Gm-Message-State: AOUpUlG1AWV7mFSdhUq/MIIKvC6rEAwEUmUd0aYQK4KM964pbOzV98MX CLUT8lMVmstle3BWorDpaRY= X-Received: by 2002:a63:a745:: with SMTP id w5-v6mr2348729pgo.374.1531845578868; Tue, 17 Jul 2018 09:39:38 -0700 (PDT) Received: from gmail.com ([2620:15c:17:3:dc28:5c82:b905:e8a8]) by smtp.gmail.com with ESMTPSA id c19-v6sm2181884pfn.182.2018.07.17.09.39.38 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 17 Jul 2018 09:39:38 -0700 (PDT) Date: Tue, 17 Jul 2018 09:39:36 -0700 From: Eric Biggers To: Kees Cook Cc: Herbert Xu , Giovanni Cabiddu , Arnd Bergmann , "Gustavo A. R. Silva" , Mike Snitzer , Eric Biggers , qat-linux@intel.com, linux-kernel@vger.kernel.org, dm-devel@redhat.com, linux-crypto@vger.kernel.org, Lars Persson , Tim Chen , Alasdair Kergon , Rabin Vincent Subject: Re: [dm-devel] [PATCH v5 05/11] crypto: ahash: Remove VLA usage Message-ID: <20180717163936.GB75957@gmail.com> References: <20180717042150.37761-1-keescook@chromium.org> <20180717042150.37761-6-keescook@chromium.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180717042150.37761-6-keescook@chromium.org> User-Agent: Mutt/1.10+35 (c786a508) (2018-06-22) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jul 16, 2018 at 09:21:44PM -0700, Kees Cook wrote: > In the quest to remove all stack VLA usage from the kernel[1], this > introduces max size macros for ahash, as already done for shash, and > adjust the crypto user to max state size. > > [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com > > Signed-off-by: Kees Cook > --- > crypto/ahash.c | 4 ++-- > crypto/algif_hash.c | 2 +- > include/crypto/hash.h | 3 +++ > 3 files changed, 6 insertions(+), 3 deletions(-) > > diff --git a/crypto/ahash.c b/crypto/ahash.c > index a64c143165b1..6435bdbe42fd 100644 > --- a/crypto/ahash.c > +++ b/crypto/ahash.c > @@ -550,8 +550,8 @@ static int ahash_prepare_alg(struct ahash_alg *alg) > { > struct crypto_alg *base = &alg->halg.base; > > - if (alg->halg.digestsize > PAGE_SIZE / 8 || > - alg->halg.statesize > PAGE_SIZE / 8 || > + if (alg->halg.digestsize > AHASH_MAX_DIGESTSIZE || > + alg->halg.statesize > AHASH_MAX_STATESIZE || > alg->halg.statesize == 0) > return -EINVAL; > > diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c > index bfcf595fd8f9..8974ee8ebead 100644 > --- a/crypto/algif_hash.c > +++ b/crypto/algif_hash.c > @@ -239,7 +239,7 @@ static int hash_accept(struct socket *sock, struct socket *newsock, int flags, > struct alg_sock *ask = alg_sk(sk); > struct hash_ctx *ctx = ask->private; > struct ahash_request *req = &ctx->req; > - char state[crypto_ahash_statesize(crypto_ahash_reqtfm(req)) ? : 1]; > + char state[AHASH_MAX_STATESIZE]; > struct sock *sk2; > struct alg_sock *ask2; > struct hash_ctx *ctx2; > diff --git a/include/crypto/hash.h b/include/crypto/hash.h > index ae14cc0e0cdb..4fcd0e2368cd 100644 > --- a/include/crypto/hash.h > +++ b/include/crypto/hash.h > @@ -64,6 +64,9 @@ struct ahash_request { > void *__ctx[] CRYPTO_MINALIGN_ATTR; > }; > > +#define AHASH_MAX_DIGESTSIZE 512 > +#define AHASH_MAX_STATESIZE 512 > + Why is AHASH_MAX_DIGESTSIZE (512) so much larger than SHASH_MAX_DIGESTSIZE (64)? I would have expected them to be the same. - Eric