Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1918175rwb; Fri, 11 Nov 2022 02:17:52 -0800 (PST) X-Google-Smtp-Source: AA0mqf75TZ8DLB9qHKx/sABsC5Is6Hs3l1r4AAfdeyUEt995fH2vSwQ3fOL6PLaQ/Wr86pi14Ksx X-Received: by 2002:a17:907:765c:b0:7ad:49b8:1687 with SMTP id kj28-20020a170907765c00b007ad49b81687mr1319703ejc.407.1668161872407; Fri, 11 Nov 2022 02:17:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668161872; cv=none; d=google.com; s=arc-20160816; b=YuUVgTrvNck6hp9ygI1NNMYJr8utPdw1k8oeX4hAws2/UEDG8WjUd1qD7tsNiG9/Ep SAOCPiE9wYvDF93bcW1FBLUizyjvKEL00vm2OLl6Du5g50eKRPbneUGyXO2IO55+kCyR i1n27/DMUzzGBKM2ayKRlVIOcCjtL+X5oqNEq1qv6Bevt8lAVxjowAXFGKWVD6ntyscG RX0mxp0CLojJDeCaQz2F+fHE/WlsCRvi1HlrdibISJnsGssrA20T7XyQzmtDX7OStPZg 2oqeZBoXI9/OkqqtZlruxwpP7fwEk4C5RTgObVM4JPcWsihrtNsQDT1s80ZJrpiQrTQ3 WlGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=lknzONJ59xOfy49uUZ1JZeeoc2wZvjkUzD0b4OPCd84=; b=oPc3JVXHLxX2Fy4Ch0hBYOM/tUoKrjq0DZWdFwlz4a59MNG7h5A23rhFgTVnyQogW9 rOA1UuvwikqYBrlQ/3GyUGgGngSRE1/u5hINMdlSI3NZiq8+v9c01A+uvJMCrvqjJs4T d9oPpjP4pXG0d+zo6KFZQU1miyeuiXrTDIvPrrZReVt6sR/03pJDp/CtmJzKwoHD2SYQ T+fXByG/whKizelWYnaXoQjIhinV/LYqFjiSGoyj/e1sb004ro2nBoZ8WJa7/vfEptfQ 71AGZFUZyyLnginPaemiur+Vhg7geVIU9Nn7Vd/OgZ84pmXoVuXH5j+e7zp1RW/hgByL Ttkw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l12-20020a17090615cc00b0079b9f472d85si1339308ejd.698.2022.11.11.02.17.23; Fri, 11 Nov 2022 02:17:51 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233461AbiKKKFy (ORCPT + 99 others); Fri, 11 Nov 2022 05:05:54 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47212 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233455AbiKKKFr (ORCPT ); Fri, 11 Nov 2022 05:05:47 -0500 Received: from formenos.hmeau.com (helcar.hmeau.com [216.24.177.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 93E4F2494D for ; Fri, 11 Nov 2022 02:05:44 -0800 (PST) Received: from loth.rohan.me.apana.org.au ([192.168.167.2]) by formenos.hmeau.com with smtp (Exim 4.94.2 #2 (Debian)) id 1otQur-00CyaP-7f; Fri, 11 Nov 2022 18:05:42 +0800 Received: by loth.rohan.me.apana.org.au (sSMTP sendmail emulation); Fri, 11 Nov 2022 18:05:41 +0800 Date: Fri, 11 Nov 2022 18:05:41 +0800 From: Herbert Xu To: Taehee Yoo Cc: linux-crypto@vger.kernel.org, davem@davemloft.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com, kirill.shutemov@linux.intel.com, richard@nod.at, viro@zeniv.linux.org.uk, sathyanarayanan.kuppuswamy@linux.intel.com, jpoimboe@kernel.org, elliott@hpe.com, x86@kernel.org, jussi.kivilinna@iki.fi, Kees Cook Subject: crypto: skcipher - Allow sync algorithms with large request contexts Message-ID: References: <20221106143627.30920-1-ap420073@gmail.com> <20221106143627.30920-2-ap420073@gmail.com> <51ed3735-24f0-eef0-0ca6-908c4581d143@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Fri, Nov 11, 2022 at 05:59:17PM +0800, Herbert Xu wrote: > > cryptd is buggy as it tries to use sync_skcipher without going > through the proper sync_skcipher interface. In fact it doesn't > even need sync_skcipher since it's already a proper skcipher and > can easily access the request context instead of using something > off the stack. > > Fixes: 36b3875a97b8 ("crypto: cryptd - Remove VLA usage of skcipher") > Signed-off-by: Herbert Xu This won't be enough to allow a sync skcipher that uses more than 384 bytes of request context though as they will still show up when you allocate a sync_skcipher. So we also need this and then you can just set REQSIZE_LARGE on your algorithm and it will work correctly. ---8<--- Some sync algorithms may require a large amount of temporary space during its operations. There is no reason why they should be limited just because some legacy users want to place all temporary data on the stack. Such algorithms can now set a flag to indicate that they need extra request context, which will cause them to be invisible to users that go through the sync_skcipher interface. Signed-off-by: Herbert Xu diff --git a/crypto/skcipher.c b/crypto/skcipher.c index 418211180cee..0ecab31cfe79 100644 --- a/crypto/skcipher.c +++ b/crypto/skcipher.c @@ -763,7 +763,7 @@ struct crypto_sync_skcipher *crypto_alloc_sync_skcipher( struct crypto_skcipher *tfm; /* Only sync algorithms allowed. */ - mask |= CRYPTO_ALG_ASYNC; + mask |= CRYPTO_ALG_ASYNC | CRYPTO_ALG_SKCIPHER_REQSIZE_LARGE; tfm = crypto_alloc_tfm(alg_name, &crypto_skcipher_type, type, mask); diff --git a/include/crypto/internal/skcipher.h b/include/crypto/internal/skcipher.h index a2339f80a615..2a97540156bb 100644 --- a/include/crypto/internal/skcipher.h +++ b/include/crypto/internal/skcipher.h @@ -14,6 +14,14 @@ #include #include +/* + * Set this if your algorithm is sync but needs a reqsize larger + * than MAX_SYNC_SKCIPHER_REQSIZE. + * + * Reuse bit that is specific to hash algorithms. + */ +#define CRYPTO_ALG_SKCIPHER_REQSIZE_LARGE CRYPTO_ALG_OPTIONAL_KEY + struct aead_request; struct rtattr; -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt