Re: [PATCH v2 2/4] crypto: skcipher - Enforce non-ASYNC for on-stack requests

From: Herbert Xu
Date: Tue Sep 11 2018 - 01:53:09 EST

Next message: Herbert Xu: "Re: [PATCH v2 2/4] crypto: skcipher - Enforce non-ASYNC for on-stack requests"
Previous message: Felipe Balbi: "Re: [PATCH 02/31] usb: usbssp: Added some decoding functions."
Next in thread: Kees Cook: "Re: [PATCH v2 2/4] crypto: skcipher - Enforce non-ASYNC for on-stack requests"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Sep 07, 2018 at 08:56:23AM +0200, Ard Biesheuvel wrote:
>
> OK, so given that all SKCIPHER_REQUEST_ON_STACK occurrences are
> updated in this series anyway, perhaps we should add
> skcipher_[en|de]crypt_onstack() flavors that encapsulate the
> additional check? Only question is how to enforce at compile time that
> those are used instead of the ordinary ones when using a stack
> allocated request. Would you mind using some macro foo here involving
> __builtin_types_compatible_p() ?

Something like a completely new type which in reality is just a
wrapper around skcipher:

struct crypto_sync_skcipher {
struct crypto_skcipher base;
} tfm;

tfm = crypto_alloc_sync_skcipher(...);

crypto_sync_skcipher_encrypt(...)
crypto_sync_skcipher_decrypt(...)

These functions would just be trivial inline functions around their
crypto_skcipher counterparts.

Cheers,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Next message: Herbert Xu: "Re: [PATCH v2 2/4] crypto: skcipher - Enforce non-ASYNC for on-stack requests"
Previous message: Felipe Balbi: "Re: [PATCH 02/31] usb: usbssp: Added some decoding functions."
Next in thread: Kees Cook: "Re: [PATCH v2 2/4] crypto: skcipher - Enforce non-ASYNC for on-stack requests"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]