The pcrypt template recursively instantiates itself because it copies
the child algorithm's cra_name directly, causing naming collisions with
the larval instance. When aead_register_instance() fails with -EEXIST,
the larval wait mechanism re-runs the lookup and finds the pcrypt instance
instead of the real child algorithm, leading to pcrypt(pcrypt(...))
recursion.

Fix by using crypto_inst_setname() instead of memcpy, ensuring pcrypt
instances are named "pcrypt(<child>)" rather than reusing the child's name.
This eliminates the naming collision that triggers the re-lookup mechanism.

Also apply the same fix to cryptd for consistency, even though it doesn't
exhibit the same recursion issue.

To reproduce:
python -c "import socket; socket.socket(socket.AF_ALG,
socket.SOCK_SEQPACKET, 0).bind(('aead', 'pcrypt(ccm(aes))'))"
...
OSError: [Errno 36] File name too long

Before the patch (/proc/crypto):
name  : ccm(aes)
driver: pcrypt(pcrypt(...(pcrypt(ccm_base(ctr-aes-aesni,cbcmac(aes-aesni))))...))
[and 9 other ccm(aes) instances.]

After the patch (/proc/crypto):
name  : pcrypt(ccm(aes))
driver: pcrypt(ccm_base(ctr-aes-aesni,cbcmac(aes-aesni)))

Fixes: 5068c7a883d1 ("crypto: pcrypt - Add pcrypt crypto parallelization wrapper")
Fixes: 4e0958d19bd8 ("crypto: cryptd - Add support for skcipher")
Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
Closes: https://lore.kernel.org/linux-crypto/4c0e7a68-254e-4f71-a903-952415c609d9@oracle.com
Signed-off-by: Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com>
---
 crypto/cryptd.c | 9 ++++-----
 crypto/pcrypt.c | 8 ++++----
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index 31d022d47f7a0..b3342cb840d15 100644
--- a/crypto/cryptd.c
+++ b/crypto/cryptd.c
@@ -210,12 +210,11 @@ static void cryptd_type_and_mask(struct crypto_attr_type *algt,
 static int cryptd_init_instance(struct crypto_instance *inst,
 				struct crypto_alg *alg)
 {
-	if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
-		     "cryptd(%s)",
-		     alg->cra_driver_name) >= CRYPTO_MAX_ALG_NAME)
-		return -ENAMETOOLONG;
+	int err;
 
-	memcpy(inst->alg.cra_name, alg->cra_name, CRYPTO_MAX_ALG_NAME);
+	err = crypto_inst_setname(inst, "cryptd", alg);
+	if (err)
+		return err;
 
 	inst->alg.cra_priority = alg->cra_priority + 50;
 	inst->alg.cra_blocksize = alg->cra_blocksize;
diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c
index 7fc79e7dce44a..78f6cdc5fb551 100644
--- a/crypto/pcrypt.c
+++ b/crypto/pcrypt.c
@@ -224,11 +224,11 @@ static void pcrypt_free(struct aead_instance *inst)
 static int pcrypt_init_instance(struct crypto_instance *inst,
 				struct crypto_alg *alg)
 {
-	if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
-		     "pcrypt(%s)", alg->cra_driver_name) >= CRYPTO_MAX_ALG_NAME)
-		return -ENAMETOOLONG;
+	int err;
 
-	memcpy(inst->alg.cra_name, alg->cra_name, CRYPTO_MAX_ALG_NAME);
+	err = crypto_inst_setname(inst, "pcrypt", alg);
+	if (err)
+		return err;
 
 	inst->alg.cra_priority = alg->cra_priority + 100;
 	inst->alg.cra_blocksize = alg->cra_blocksize;
-- 
2.50.1

On Thu, Sep 25, 2025 at 03:31:24PM -0700, Saeed Mirzamohammadi wrote:
> The pcrypt template recursively instantiates itself because it copies
> the child algorithm's cra_name directly, causing naming collisions with
> the larval instance. When aead_register_instance() fails with -EEXIST,
> the larval wait mechanism re-runs the lookup and finds the pcrypt instance
> instead of the real child algorithm, leading to pcrypt(pcrypt(...))
> recursion.
> 
> Fix by using crypto_inst_setname() instead of memcpy, ensuring pcrypt
> instances are named "pcrypt(<child>)" rather than reusing the child's name.
> This eliminates the naming collision that triggers the re-lookup mechanism.
> 
> Also apply the same fix to cryptd for consistency, even though it doesn't
> exhibit the same recursion issue.
> 
> To reproduce:
> python -c "import socket; socket.socket(socket.AF_ALG,
> socket.SOCK_SEQPACKET, 0).bind(('aead', 'pcrypt(ccm(aes))'))"
> ...
> OSError: [Errno 36] File name too long
> 
> Before the patch (/proc/crypto):
> name  : ccm(aes)
> driver: pcrypt(pcrypt(...(pcrypt(ccm_base(ctr-aes-aesni,cbcmac(aes-aesni))))...))
> [and 9 other ccm(aes) instances.]
> 
> After the patch (/proc/crypto):
> name  : pcrypt(ccm(aes))
> driver: pcrypt(ccm_base(ctr-aes-aesni,cbcmac(aes-aesni)))
> 
> Fixes: 5068c7a883d1 ("crypto: pcrypt - Add pcrypt crypto parallelization wrapper")
> Fixes: 4e0958d19bd8 ("crypto: cryptd - Add support for skcipher")
> Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
> Closes: https://lore.kernel.org/linux-crypto/4c0e7a68-254e-4f71-a903-952415c609d9@oracle.com
> Signed-off-by: Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com>
> ---
>  crypto/cryptd.c | 9 ++++-----
>  crypto/pcrypt.c | 8 ++++----
>  2 files changed, 8 insertions(+), 9 deletions(-)

The algorithm name must stay the same because the whole point of
pcrypt (and cryptd) is to wrap around the underlying algorithm
without turning it into a new algorithm.

The problem here is that the Crypto API only supports two types
of names, algorithm names and driver names.  Your python code
was using a mixture of the two, which creates a name that can
never be fulfilled by the Crypto API.  If you substituted the
name pcrypt(ccm(aes)) with pcrypt(ccm_base(ctr-aes-aesni,cbcmac(aes-aesni)))
then it should work.

Ideally we should support such mixed names so I'm happy to consider
any patches implementing that.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt