diff mbox series

crypto: skcipher - Allow sync algorithms with large request contexts

Message ID Y24edaOFBxluH8Ck@gondor.apana.org.au
State Accepted
Commit e6cb02bd0a52457e486a752da5db7b67f2540c16
Headers show
Series crypto: skcipher - Allow sync algorithms with large request contexts | expand

Commit Message

Herbert Xu Nov. 11, 2022, 10:05 a.m. UTC 
On Fri, Nov 11, 2022 at 05:59:17PM +0800, Herbert Xu wrote:
>
> cryptd is buggy as it tries to use sync_skcipher without going
> through the proper sync_skcipher interface.  In fact it doesn't
> even need sync_skcipher since it's already a proper skcipher and
> can easily access the request context instead of using something
> off the stack.
> 
> Fixes: 36b3875a97b8 ("crypto: cryptd - Remove VLA usage of skcipher")
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

This won't be enough to allow a sync skcipher that uses more
than 384 bytes of request context though as they will still
show up when you allocate a sync_skcipher.  So we also need
this and then you can just set REQSIZE_LARGE on your algorithm
and it will work correctly.

---8<---
Some sync algorithms may require a large amount of temporary
space during its operations.  There is no reason why they should
be limited just because some legacy users want to place all
temporary data on the stack.

Such algorithms can now set a flag to indicate that they need
extra request context, which will cause them to be invisible
to users that go through the sync_skcipher interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
diff mbox series

Patch

diff --git a/crypto/skcipher.c b/crypto/skcipher.c
index 418211180cee..0ecab31cfe79 100644
--- a/crypto/skcipher.c
+++ b/crypto/skcipher.c
@@ -763,7 +763,7 @@  struct crypto_sync_skcipher *crypto_alloc_sync_skcipher(
 	struct crypto_skcipher *tfm;
 
 	/* Only sync algorithms allowed. */
-	mask |= CRYPTO_ALG_ASYNC;
+	mask |= CRYPTO_ALG_ASYNC | CRYPTO_ALG_SKCIPHER_REQSIZE_LARGE;
 
 	tfm = crypto_alloc_tfm(alg_name, &crypto_skcipher_type, type, mask);
 
diff --git a/include/crypto/internal/skcipher.h b/include/crypto/internal/skcipher.h
index a2339f80a615..2a97540156bb 100644
--- a/include/crypto/internal/skcipher.h
+++ b/include/crypto/internal/skcipher.h
@@ -14,6 +14,14 @@ 
 #include <linux/list.h>
 #include <linux/types.h>
 
+/*
+ * Set this if your algorithm is sync but needs a reqsize larger
+ * than MAX_SYNC_SKCIPHER_REQSIZE.
+ *
+ * Reuse bit that is specific to hash algorithms.
+ */
+#define CRYPTO_ALG_SKCIPHER_REQSIZE_LARGE CRYPTO_ALG_OPTIONAL_KEY
+
 struct aead_request;
 struct rtattr;