On Fri, Dec 06, 2019 at 10:36:18AM +0800, Herbert Xu wrote: > The shash interface supports a dynamic descsize field because of > the presence of fallbacks (it's just padlock-sha actually, perhaps > we can remove it one day). As it is the API does not verify the > setting of descsize at all. It is up to the individual algorithms > to ensure that descsize does not exceed the specified maximum value > of HASH_MAX_DESCSIZE (going above would cause stack corruption). > > In order to allow the API to impose this limit directly, this patch > adds init_tfm/exit_tfm hooks to the shash_alg structure. We can > then verify the descsize setting in the API directly. > > Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> > --- > > crypto/shash.c | 25 +++++++++++++++++++++++++ > include/crypto/hash.h | 14 ++++++++++++++ > 2 files changed, 39 insertions(+) > > diff --git a/crypto/shash.c b/crypto/shash.c > index e83c5124f6eb..40628712feec 100644 > --- a/crypto/shash.c > +++ b/crypto/shash.c > @@ -386,15 +386,40 @@ int crypto_init_shash_ops_async(struct crypto_tfm *tfm) > return 0; > } > > +static void crypto_shash_exit_tfm(struct crypto_tfm *tfm) > +{ > + struct crypto_shash *hash = __crypto_shash_cast(tfm); > + struct shash_alg *alg = crypto_shash_alg(hash); > + > + alg->exit_tfm(hash); > +} > + > static int crypto_shash_init_tfm(struct crypto_tfm *tfm) > { > struct crypto_shash *hash = __crypto_shash_cast(tfm); > struct shash_alg *alg = crypto_shash_alg(hash); > + int err; > > hash->descsize = alg->descsize; > > shash_set_needkey(hash, alg); > > + if (alg->exit_tfm) > + tfm->exit = crypto_shash_exit_tfm; > + > + if (!alg->init_tfm) > + return 0; > + > + err = alg->init_tfm(hash); > + if (err) > + return err; > + > + if (hash->descsize > HASH_MAX_DESCSIZE) { Use WARN_ON_ONCE() here? If HASH_MAX_DESCSIZE is too low for some case, it's a bug that needs to be fixed. > + * @init_tfm: Initialize the cryptographic transformation object. > + * This function is used to initialize the cryptographic > + * transformation object. This function is called only > + * once at the instantiation time, right after the > + * transformation context was allocated. In case the > + * cryptographic hardware has some special requirements > + * which need to be handled by software, this function > + * shall check for the precise requirement of the > + * transformation and put any software fallbacks in place. The second sentence can be removed, since it's redundant with the first. - Eric