On Tue, Jun 26, 2018 at 2:20 AM, Herbert Xu <herb...@gondor.apana.org.au> wrote: > On Mon, Jun 25, 2018 at 02:10:26PM -0700, Kees Cook wrote: >> In the quest to remove all stack VLA usage from the kernel[1], this >> caps the skcipher request size similar to other limits and adds a >> sanity check at registration. In a manual review of the callers of >> crypto_skcipher_set_reqsize(), the largest was 384: >> >> 4 sun4i_cipher_req_ctx >> 6 safexcel_cipher_req >> 8 cryptd_skcipher_request_ctx >> 80 cipher_req_ctx >> 80 skcipher_request >> 96 crypto_rfc3686_req_ctx >> 104 nitrox_kcrypt_request >> 144 mv_cesa_skcipher_std_req >> 384 rctx >> >> [1] >> https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com >> >> Cc: Herbert Xu <herb...@gondor.apana.org.au> >> Cc: "David S. Miller" <da...@davemloft.net> >> Cc: linux-crypto@vger.kernel.org >> Signed-off-by: Kees Cook <keesc...@chromium.org> > > This has the same issue as the ahash reqsize patch.
Which are likely to be wrapped together? Should I take this to 512 or something else? -Kees -- Kees Cook Pixel Security
