On Fri, Dec 06, 2019 at 10:36:18AM +0800, Herbert Xu wrote:
> The shash interface supports a dynamic descsize field because of
> the presence of fallbacks (it's just padlock-sha actually, perhaps
> we can remove it one day). As it is the API does not verify the
> setting of descsize at all. It is up to the individual algorithms
> to ensure that descsize does not exceed the specified maximum value
> of HASH_MAX_DESCSIZE (going above would cause stack corruption).
>
> In order to allow the API to impose this limit directly, this patch
> adds init_tfm/exit_tfm hooks to the shash_alg structure. We can
> then verify the descsize setting in the API directly.
>
> Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> ---
>
> crypto/shash.c | 25 +++++++++++++++++++++++++
> include/crypto/hash.h | 14 ++++++++++++++
> 2 files changed, 39 insertions(+)
>
> diff --git a/crypto/shash.c b/crypto/shash.c
> index e83c5124f6eb..40628712feec 100644
> --- a/crypto/shash.c
> +++ b/crypto/shash.c
> @@ -386,15 +386,40 @@ int crypto_init_shash_ops_async(struct crypto_tfm *tfm)
> return 0;
> }
>
> +static void crypto_shash_exit_tfm(struct crypto_tfm *tfm)
> +{
> + struct crypto_shash *hash = __crypto_shash_cast(tfm);
> + struct shash_alg *alg = crypto_shash_alg(hash);
> +
> + alg->exit_tfm(hash);
> +}
> +
> static int crypto_shash_init_tfm(struct crypto_tfm *tfm)
> {
> struct crypto_shash *hash = __crypto_shash_cast(tfm);
> struct shash_alg *alg = crypto_shash_alg(hash);
> + int err;
>
> hash->descsize = alg->descsize;
>
> shash_set_needkey(hash, alg);
>
> + if (alg->exit_tfm)
> + tfm->exit = crypto_shash_exit_tfm;
> +
> + if (!alg->init_tfm)
> + return 0;
> +
> + err = alg->init_tfm(hash);
> + if (err)
> + return err;
> +
> + if (hash->descsize > HASH_MAX_DESCSIZE) {
Use WARN_ON_ONCE() here? If HASH_MAX_DESCSIZE is too low for some case, it's a
bug that needs to be fixed.
> + * @init_tfm: Initialize the cryptographic transformation object.
> + * This function is used to initialize the cryptographic
> + * transformation object. This function is called only
> + * once at the instantiation time, right after the
> + * transformation context was allocated. In case the
> + * cryptographic hardware has some special requirements
> + * which need to be handled by software, this function
> + * shall check for the precise requirement of the
> + * transformation and put any software fallbacks in place.
The second sentence can be removed, since it's redundant with the first.
- Eric
