> On Nov 8, 2018, at 6:33 PM, Ard Biesheuvel <ard.biesheu...@linaro.org> wrote:
>
> On 8 November 2018 at 23:55, Ard Biesheuvel <ard.biesheu...@linaro.org> wrote:
>> The simd wrapper's skcipher request context structure consists
>> of a single subrequest whose size is taken from the subordinate
>> skcipher. However, in simd_skcipher_init(), the reqsize that is
>> retrieved is not from the subordinate skcipher but from the
>> cryptd request structure, whose size is completely unrelated to
>> the actual wrapped skcipher.
>>
>> Reported-by: Qian Cai <c...@gmx.us>
>> Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org>
>> ---
>> crypto/simd.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/crypto/simd.c b/crypto/simd.c
>> index ea7240be3001..2f3d6e897afc 100644
>> --- a/crypto/simd.c
>> +++ b/crypto/simd.c
>> @@ -125,7 +125,7 @@ static int simd_skcipher_init(struct crypto_skcipher
>> *tfm)
>> ctx->cryptd_tfm = cryptd_tfm;
>>
>> reqsize = sizeof(struct skcipher_request);
>> - reqsize += crypto_skcipher_reqsize(&cryptd_tfm->base);
>> + reqsize +=
>> crypto_skcipher_reqsize(cryptd_skcipher_child(cryptd_tfm));
>>
>
> This should be
>
> reqsize += max(crypto_skcipher_reqsize(&cryptd_tfm->base);
> crypto_skcipher_reqsize(cryptd_skcipher_child(cryptd_tfm)));
>
> since the cryptd path in simd still needs some space in the subreq for
> the completion.
Tested-by: Qian Cai <c...@gmx.us>