On 8 November 2018 at 23:55, Ard Biesheuvel <ard.biesheu...@linaro.org> wrote:
> The simd wrapper's skcipher request context structure consists
> of a single subrequest whose size is taken from the subordinate
> skcipher. However, in simd_skcipher_init(), the reqsize that is
> retrieved is not from the subordinate skcipher but from the
> cryptd request structure, whose size is completely unrelated to
> the actual wrapped skcipher.
>
> Reported-by: Qian Cai <c...@gmx.us>
> Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org>
> ---
> crypto/simd.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/crypto/simd.c b/crypto/simd.c
> index ea7240be3001..2f3d6e897afc 100644
> --- a/crypto/simd.c
> +++ b/crypto/simd.c
> @@ -125,7 +125,7 @@ static int simd_skcipher_init(struct crypto_skcipher *tfm)
> ctx->cryptd_tfm = cryptd_tfm;
>
> reqsize = sizeof(struct skcipher_request);
> - reqsize += crypto_skcipher_reqsize(&cryptd_tfm->base);
> + reqsize += crypto_skcipher_reqsize(cryptd_skcipher_child(cryptd_tfm));
>
This should be
reqsize += max(crypto_skcipher_reqsize(&cryptd_tfm->base);
crypto_skcipher_reqsize(cryptd_skcipher_child(cryptd_tfm)));
since the cryptd path in simd still needs some space in the subreq for
the completion.
