From: Kees Cook Subject: Re: [dm-devel] [PATCH v5 05/11] crypto: ahash: Remove VLA usage Date: Wed, 18 Jul 2018 20:14:07 -0700 Message-ID: References: <20180717042150.37761-1-keescook@chromium.org> <20180717042150.37761-6-keescook@chromium.org> <20180717163936.GB75957@gmail.com> <20180717231209.GJ75957@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Cc: Herbert Xu , Giovanni Cabiddu , Arnd Bergmann , "Gustavo A. R. Silva" , Mike Snitzer , Eric Biggers , qat-linux@intel.com, LKML , dm-devel@redhat.com, linux-crypto , Lars Persson , Tim Chen , Alasdair Kergon , Rabin Vincent To: Eric Biggers Return-path: In-Reply-To: <20180717231209.GJ75957@gmail.com> Sender: linux-kernel-owner@vger.kernel.org List-Id: linux-crypto.vger.kernel.org On Tue, Jul 17, 2018 at 4:12 PM, Eric Biggers wrote: > I just don't see why ahash algorithms would need such a huge maximum digest > size. Don't the 'ahash' algorithms all have 'shash' equivalents too? Is there > actually any hash algorithm, either shash or ahash, in the Linux kernel that has > a digest size greater than 64 bytes (512 bits)? Note that for a real > cryptographic hash there isn't really any need for a digest size larger than > that, since that already gives you 256-bit collision resistance; that's why > SHA-2 and SHA-3 max out at that size. Yup, it certainly looks that way on investigation. I'll adjust both ahash and shash to use the same #define. -Kees -- Kees Cook Pixel Security